Bug 19531: When saving patron record do not redirect to circ if not authorised
[koha.git] / t / Token.t
blob2314d2ebba76ea24d62147d7722da0b42fc348b6
1 #!/usr/bin/perl
3 # tests for Koha::Token
5 # Copyright 2016 Rijksmuseum
7 # This file is part of Koha.
9 # Koha is free software; you can redistribute it and/or modify it under the
10 # terms of the GNU General Public License as published by the Free Software
11 # Foundation; either version 3 of the License, or (at your option) any later
12 # version.
14 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
15 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
16 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License along
19 # with Koha; if not, write to the Free Software Foundation, Inc.,
20 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 use Modern::Perl;
23 use Test::More tests => 10;
24 use Time::HiRes qw|usleep|;
25 use C4::Context;
26 use Koha::Token;
28 C4::Context->_new_userenv('DUMMY SESSION');
29 C4::Context->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
31 my $tokenizer = Koha::Token->new;
32 is( length( $tokenizer->generate ), 1, "Generate without parameters" );
33 my $token = $tokenizer->generate({ length => 20 });
34 is( length($token), 20, "Token $token has 20 chars" );
36 my $id = $tokenizer->generate({ length => 8 });
37 my $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
38 isnt( length($csrftoken), 0, "Token $csrftoken should not be empty" );
40 is( $tokenizer->check, undef, "Check without any parameters" );
41 my $result = $tokenizer->check_csrf({
42 session_id => $id, token => $csrftoken,
43 });
44 is( $result, 1, "CSRF token verified" );
46 $result = $tokenizer->check({
47 type => 'CSRF', id => $id, token => $token,
48 });
49 isnt( $result, 1, "This token is no CSRF token" );
51 # Test MaxAge parameter
52 my $age = 1; # 1 second
53 $result = $tokenizer->check_csrf({
54 session_id => $id, token => $csrftoken, MaxAge => $age,
55 });
56 is( $result, 1, "CSRF token still valid within one second" );
57 usleep $age * 1000000 * 2; # micro (millionth) seconds + 100%
58 $result = $tokenizer->check_csrf({
59 session_id => $id, token => $csrftoken, MaxAge => $age,
60 });
61 isnt( $result, 1, "CSRF token expired after one second" );
63 subtest 'Same id (cookie CGISESSID) with an other logged in user' => sub {
64 plan tests => 2;
65 $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
66 $result = $tokenizer->check_csrf({
67 session_id => $id, token => $csrftoken,
68 });
69 is( $result, 1, "CSRF token verified" );
70 C4::Context->set_userenv(0,43,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
71 $result = $tokenizer->check_csrf({
72 session_id => $id, token => $csrftoken,
73 });
74 is( $result, '', "CSRF token is not verified if another logged in user is using the same id" );
77 subtest 'Same logged in user with another session (cookie CGISESSID)' => sub {
78 plan tests => 2;
79 C4::Context->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, ', ');
80 $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
81 $result = $tokenizer->check_csrf({
82 session_id => $id, token => $csrftoken,
83 });
84 is( $result, 1, "CSRF token verified" );
85 # Get another session id
86 $id = $tokenizer->generate({ length => 8 });
87 $result = $tokenizer->check_csrf({
88 session_id => $id, token => $csrftoken,
89 });
90 is( $result, '', "CSRF token is not verified if another session is used" );