]> git.sesse.net Git - www-csrf/blob - t/01_generate.t
projects / www-csrf / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update MANIFEST with t/02_check.t.
[www-csrf] / t / 01_generate.t
1 use Test::More tests => 6;
2
3 use WWW::CSRF qw(generate_csrf_token);
4
5 my $random = pack('H*', '112233445566778899aabbccddeeff0011223344');
6
7 like(generate_csrf_token("id", "secret"),
8      qr/^[0-9a-f]{40},[0-9a-f]{40},\d+$/,
9      "token has right format");
10
11 is(generate_csrf_token("id", "secret", { Random => $random, Time => 1234567890 }),
12    "5df5e9f17c929a45af5d33624ec052903599958f,112233445566778899aabbccddeeff0011223344,1234567890",
13    "generate simple token");
14
15 is(generate_csrf_token("id", "s3cret", { Random => $random, Time => 1234567890 }),
16    "0acb0abac254d21ce30c2e805a1bf6762e0b6a17,112233445566778899aabbccddeeff0011223344,1234567890",
17    "different secret changes token");
18
19 is(generate_csrf_token("id", "s3cret", { Random => $random, Time => 1234567891 }),
20    "8e5c2d1cd2dc0368ed2fa1facee31660a5ffa12f,112233445566778899aabbccddeeff0011223344,1234567891",
21    "different time changes token");
22
23 $random = pack('H*', '112233445566778899aabbccddeeff0011223340');
24 is(generate_csrf_token("id", "secret", { Random => $random, Time => 1234567890 }),
25    "5df5e9f17c929a45af5d33624ec052903599958b,112233445566778899aabbccddeeff0011223340,1234567890",
26    "bitflip in mask flips corresponding bit in token");
27
28 $random = pack('H*', '112233445566778899aabbccddeeff00112233');
29 eval {
30   my $ignored = generate_csrf_token("id", "secret", { Random => $random, Time => 1234567890 });
31 };
32 ok($@, "check that wrong amount of randomness causes die()");
WWW::CSRF, a Perl module to help protect against CSRF attacks.