From 0d245c936cdb596e51950a988d7efded491eb4bf Mon Sep 17 00:00:00 2001
From: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Date: Fri, 23 Jun 2023 11:52:28 +0100
Subject: [PATCH] Bug 30524: Unit tests

Test plan:
Run t/Output.t
Run t/db_dependent/Auth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2918f6ceda533719ac0da53d8245ea4826f43681)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 9436074a26fe903134f71e66b0f9fcb7f6724438)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
---
 t/Output.t            | 41 +++++++++++++++++++++++++++++++++++++++--
 t/db_dependent/Auth.t |  1 +
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/t/Output.t b/t/Output.t
index 02218deadd..55ca2dc436 100755
--- a/t/Output.t
+++ b/t/Output.t
@@ -17,16 +17,23 @@
 
 use Modern::Perl;
 
-use Test::More tests => 7;
+use Test::More tests => 8;
 use Test::Warn;
+use Test::MockModule;
+
+use File::Temp qw/tempfile/;
 use CGI qw ( -utf8 );
 
+use C4::Auth qw( get_template_and_user );
+
 use t::lib::Mocks;
 
 BEGIN {
-    use_ok('C4::Output', qw( output_html_with_http_headers parametrized_url  ));
+    use_ok('C4::Output', qw( output_html_with_http_headers output_and_exit_if_error parametrized_url ));
 }
 
+our $output_module = Test::MockModule->new('C4::Output');
+
 my $query = CGI->new();
 my $cookie;
 my $output = 'foobarbaz';
@@ -93,3 +100,33 @@ subtest 'output_with_http_headers() tests' => sub {
     like($stdout, qr/Access-control-allow-origin: https:\/\/koha-community\.org/, 'Header set to https://koha-community.org');
     close STDOUT;
 };
+
+subtest 'output_and_exit_if_error() tests' => sub {
+    plan tests => 1;
+
+    $output_module->mock(
+        'output_and_exit',
+        sub {
+            my ( $query, $cookie, $template, $error ) = @_;
+            is( $error, 'wrong_csrf_token', 'Got right error message' );
+        }
+    );
+
+    t::lib::Mocks::mock_config( 'pluginsdir', [ C4::Context::temporary_directory ] );
+    my ( $fh, $fn ) = tempfile( SUFFIX => '.tt', UNLINK => 1, DIR => C4::Context::temporary_directory );
+    print $fh qq|[% blocking_error %]|;
+    close $fh;
+
+    my $query = CGI->new();
+    $query->param('csrf_token','');
+    my ( $template, $loggedinuser, $cookies ) = get_template_and_user(
+        {
+            template_name   => $fn,
+            query           => $query,
+            type            => "intranet",
+            authnotrequired => 1,
+        }
+    );
+    # Next call triggers test in the mocked sub
+    output_and_exit_if_error($query, $cookie, $template, { check => 'csrf_token' });
+};
diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t
index b63dc3e9ca..b27bd071c4 100755
--- a/t/db_dependent/Auth.t
+++ b/t/db_dependent/Auth.t
@@ -563,6 +563,7 @@ subtest 'get_template_and_user' => sub {   # Tests for the language URL paramete
     );
     is($template->{VARS}->{'opac_name'}, "multibranch-19", "Opac name was set correctly");
     is($template->{VARS}->{'opac_search_limit'}, "branch:multibranch-19", "Search limit was set correctly");
+    ok(defined($template->{VARS}->{'csrf_token'}), "CSRF token returned");
 
     delete $ENV{"HTTP_COOKIE"};
 };
-- 
2.20.1