X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=lib%2FWWW%2FCSRF.pm;h=95c5e8f041724443a9c12711ae12ecc4e947c0f8;hb=d5d0252d809f5faf0058dc4ed0e4a4c0a3c3f9de;hp=3876ad2be8095ce1d2e8b6e70f863269e86f5c40;hpb=67cb10642fecbd2a78996fbe3803bc00cfbde81b;p=www-csrf

diff --git a/lib/WWW/CSRF.pm b/lib/WWW/CSRF.pm
index 3876ad2..95c5e8f 100644
--- a/lib/WWW/CSRF.pm
+++ b/lib/WWW/CSRF.pm
@@ -11,15 +11,18 @@ our @EXPORT_OK = qw(generate_csrf_token check_csrf_token);
 our $VERSION = '1.00';
 
 sub generate_csrf_token {
-	my ($id, $secret) = @_;
+	my ($id, $secret, $options) = @_;
 
-	my $time = time;
+	my $time = $options->{'Time'} // time;
+	my $random = $options->{'Random'};
 
 	my $digest = Digest::HMAC_SHA1::hmac_sha1($time . "/" . $id, $secret);
 	my @digest_bytes = _to_byte_array($digest);
 
 	# Mask the token to avoid the BREACH attack.
-	my $random = Bytes::Random::Secure::random_bytes(scalar @digest_bytes);
+	if (!defined($random) || length($random) != length($digest)) {
+		$random = Bytes::Random::Secure::random_bytes(scalar @digest_bytes);
+	}
 	my @random_bytes = _to_byte_array($random);
 	
 	my $masked_token = "";
@@ -33,7 +36,7 @@ sub generate_csrf_token {
 }
 
 sub check_csrf_token {
-	my ($id, $secret, $csrf_token, $max_age) = @_;
+	my ($id, $secret, $csrf_token, $options) = @_;
 
 	if ($csrf_token !~ /^([0-9a-f]+),([0-9a-f]+),([0-9]+)$/) {
 		# Malformed token.
@@ -41,6 +44,7 @@ sub check_csrf_token {
 	}
 
 	my ($masked_token, $mask, $time) = ($1, $2, $3);
+	my $max_age = $options->{'MaxAge'};
 	if (defined($max_age) && time - $time > $max_age) {
 		# Timed out.
 		return 0;