From b794643bb075c0aa5de81f2481ae1df56f674309 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Wed, 19 Sep 2018 15:36:36 +0200 Subject: [PATCH] Bug 21998: Add pattern parameter in Koha::Token Allow a pattern too in Koha::Token->generate. Only supported length. Does not affect CSRF calls. So tiny change without further impact. Test plan: Run t/Token.t Signed-off-by: Marcel de Rooy Signed-off-by: Josef Moravec Signed-off-by: Martin Renvoize Signed-off-by: Nick Clemens --- Koha/Token.pm | 5 +++-- t/Token.t | 12 +++++++++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/Koha/Token.pm b/Koha/Token.pm index d0f7a54516..7c311454bf 100644 --- a/Koha/Token.pm +++ b/Koha/Token.pm @@ -79,6 +79,7 @@ sub new { }); Generate several types of tokens. Now includes CSRF. + For non-CSRF tokens an optional pattern parameter overrides length. Room for future extension. =cut @@ -196,8 +197,8 @@ sub _gen_rand { my ( $params ) = @_; my $length = $params->{length} || 1; $length = 1 unless $length > 0; - - return String::Random::random_string( '.' x $length ); + my $pattern = $params->{pattern} // '.{'.$length.'}'; # pattern overrides length parameter + return String::Random::random_regex( $pattern ); } =head1 AUTHOR diff --git a/t/Token.t b/t/Token.t index 2314d2ebba..102579ba4d 100644 --- a/t/Token.t +++ b/t/Token.t @@ -20,7 +20,7 @@ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. use Modern::Perl; -use Test::More tests => 10; +use Test::More tests => 11; use Time::HiRes qw|usleep|; use C4::Context; use Koha::Token; @@ -89,3 +89,13 @@ subtest 'Same logged in user with another session (cookie CGISESSID)' => sub { }); is( $result, '', "CSRF token is not verified if another session is used" ); }; + +subtest 'Pattern parameter' => sub { + plan tests => 4; + my $id = $tokenizer->generate({ pattern => '\d\d', length => 8 }); + is( length($id), 2, 'Pattern overrides length' ); + ok( $id =~ /\d{2}/, 'Two digits found' ); + $id = $tokenizer->generate({ pattern => '[A-Z]{10}' }); + is( length($id), 10, 'Check length again' ); + ok( $id !~ /[^A-Z]/, 'Only uppercase letters' ); +}; -- 2.39.5