Bug 26478: Display issue with buttons on the self checkout screens
[koha.git] / t / Token.t
blob89154a39fd66a6054b381b609bf766dbab552744
1 #!/usr/bin/perl
3 # tests for Koha::Token
5 # Copyright 2016 Rijksmuseum
7 # This file is part of Koha.
9 # Koha is free software; you can redistribute it and/or modify it
10 # under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
14 # Koha is distributed in the hope that it will be useful, but
15 # WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with Koha; if not, see <http://www.gnu.org/licenses>.
22 use Modern::Perl;
23 use Test::More tests => 11;
24 use Test::Exception;
25 use Time::HiRes qw|usleep|;
26 use C4::Context;
27 use Koha::Token;
29 C4::Context->_new_userenv('DUMMY SESSION');
30 C4::Context->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, '');
32 my $tokenizer = Koha::Token->new;
33 is( length( $tokenizer->generate ), 1, "Generate without parameters" );
34 my $token = $tokenizer->generate({ length => 20 });
35 is( length($token), 20, "Token $token has 20 chars" );
37 my $id = $tokenizer->generate({ length => 8 });
38 my $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
39 isnt( length($csrftoken), 0, "Token $csrftoken should not be empty" );
41 is( $tokenizer->check, undef, "Check without any parameters" );
42 my $result = $tokenizer->check_csrf({
43 session_id => $id, token => $csrftoken,
44 });
45 is( $result, 1, "CSRF token verified" );
47 $result = $tokenizer->check({
48 type => 'CSRF', id => $id, token => $token,
49 });
50 isnt( $result, 1, "This token is no CSRF token" );
52 # Test MaxAge parameter
53 my $age = 1; # 1 second
54 $result = $tokenizer->check_csrf({
55 session_id => $id, token => $csrftoken, MaxAge => $age,
56 });
57 is( $result, 1, "CSRF token still valid within one second" );
58 usleep $age * 1000000 * 2; # micro (millionth) seconds + 100%
59 $result = $tokenizer->check_csrf({
60 session_id => $id, token => $csrftoken, MaxAge => $age,
61 });
62 isnt( $result, 1, "CSRF token expired after one second" );
64 subtest 'Same id (cookie CGISESSID) with an other logged in user' => sub {
65 plan tests => 2;
66 $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
67 $result = $tokenizer->check_csrf({
68 session_id => $id, token => $csrftoken,
69 });
70 is( $result, 1, "CSRF token verified" );
71 C4::Context->set_userenv(0,43,0,'firstname','surname', 'CPL', 'Library 1', 0, '');
72 $result = $tokenizer->check_csrf({
73 session_id => $id, token => $csrftoken,
74 });
75 is( $result, '', "CSRF token is not verified if another logged in user is using the same id" );
78 subtest 'Same logged in user with another session (cookie CGISESSID)' => sub {
79 plan tests => 2;
80 C4::Context->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, '');
81 $csrftoken = $tokenizer->generate_csrf({ session_id => $id });
82 $result = $tokenizer->check_csrf({
83 session_id => $id, token => $csrftoken,
84 });
85 is( $result, 1, "CSRF token verified" );
86 # Get another session id
87 $id = $tokenizer->generate({ length => 8 });
88 $result = $tokenizer->check_csrf({
89 session_id => $id, token => $csrftoken,
90 });
91 is( $result, '', "CSRF token is not verified if another session is used" );
94 subtest 'Pattern parameter' => sub {
95 plan tests => 5;
96 my $id = $tokenizer->generate({ pattern => '\d\d', length => 8 });
97 is( length($id), 2, 'Pattern overrides length' );
98 ok( $id =~ /\d{2}/, 'Two digits found' );
99 $id = $tokenizer->generate({ pattern => '[A-Z]{10}' });
100 is( length($id), 10, 'Check length again' );
101 ok( $id !~ /[^A-Z]/, 'Only uppercase letters' );
102 throws_ok( sub { $tokenizer->generate({ pattern => 'abc{d,e}', }) }, 'Koha::Exceptions::Token::BadPattern', 'Exception should be thrown when wrong pattern is used');