3 # tests for Koha::Token
5 # Copyright 2016 Rijksmuseum
7 # This file is part of Koha.
9 # Koha is free software; you can redistribute it and/or modify it under the
10 # terms of the GNU General Public License as published by the Free Software
11 # Foundation; either version 3 of the License, or (at your option) any later
14 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
15 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
16 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License along
19 # with Koha; if not, write to the Free Software Foundation, Inc.,
20 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 use Test
::More tests
=> 11;
25 use Time
::HiRes qw
|usleep
|;
29 C4
::Context
->_new_userenv('DUMMY SESSION');
30 C4
::Context
->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
32 my $tokenizer = Koha
::Token
->new;
33 is
( length( $tokenizer->generate ), 1, "Generate without parameters" );
34 my $token = $tokenizer->generate({ length => 20 });
35 is
( length($token), 20, "Token $token has 20 chars" );
37 my $id = $tokenizer->generate({ length => 8 });
38 my $csrftoken = $tokenizer->generate_csrf({ session_id
=> $id });
39 isnt
( length($csrftoken), 0, "Token $csrftoken should not be empty" );
41 is
( $tokenizer->check, undef, "Check without any parameters" );
42 my $result = $tokenizer->check_csrf({
43 session_id
=> $id, token
=> $csrftoken,
45 is
( $result, 1, "CSRF token verified" );
47 $result = $tokenizer->check({
48 type
=> 'CSRF', id
=> $id, token
=> $token,
50 isnt
( $result, 1, "This token is no CSRF token" );
52 # Test MaxAge parameter
53 my $age = 1; # 1 second
54 $result = $tokenizer->check_csrf({
55 session_id
=> $id, token
=> $csrftoken, MaxAge
=> $age,
57 is
( $result, 1, "CSRF token still valid within one second" );
58 usleep
$age * 1000000 * 2; # micro (millionth) seconds + 100%
59 $result = $tokenizer->check_csrf({
60 session_id
=> $id, token
=> $csrftoken, MaxAge
=> $age,
62 isnt
( $result, 1, "CSRF token expired after one second" );
64 subtest
'Same id (cookie CGISESSID) with an other logged in user' => sub {
66 $csrftoken = $tokenizer->generate_csrf({ session_id
=> $id });
67 $result = $tokenizer->check_csrf({
68 session_id
=> $id, token
=> $csrftoken,
70 is
( $result, 1, "CSRF token verified" );
71 C4
::Context
->set_userenv(0,43,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
72 $result = $tokenizer->check_csrf({
73 session_id
=> $id, token
=> $csrftoken,
75 is
( $result, '', "CSRF token is not verified if another logged in user is using the same id" );
78 subtest
'Same logged in user with another session (cookie CGISESSID)' => sub {
80 C4
::Context
->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
81 $csrftoken = $tokenizer->generate_csrf({ session_id
=> $id });
82 $result = $tokenizer->check_csrf({
83 session_id
=> $id, token
=> $csrftoken,
85 is
( $result, 1, "CSRF token verified" );
86 # Get another session id
87 $id = $tokenizer->generate({ length => 8 });
88 $result = $tokenizer->check_csrf({
89 session_id
=> $id, token
=> $csrftoken,
91 is
( $result, '', "CSRF token is not verified if another session is used" );
94 subtest
'Pattern parameter' => sub {
96 my $id = $tokenizer->generate({ pattern
=> '\d\d', length => 8 });
97 is
( length($id), 2, 'Pattern overrides length' );
98 ok
( $id =~ /\d{2}/, 'Two digits found' );
99 $id = $tokenizer->generate({ pattern
=> '[A-Z]{10}' });
100 is
( length($id), 10, 'Check length again' );
101 ok
( $id !~ /[^A-Z]/, 'Only uppercase letters' );
102 throws_ok
( sub { $tokenizer->generate({ pattern
=> 'abc{d,e}', }) }, 'Koha::Exceptions::Token::BadPattern', 'Exception should be thrown when wrong pattern is used');
