git.sesse.net Git - www-csrf/blob - t/02_check.t

   1 use Test::More tests => 6;
   2
   3 use WWW::CSRF qw(check_csrf_token);
   4
   5 is(check_csrf_token("id", "secret",
   6                     "5df5e9f17c929a45af5d33624ec052903599958f," .
   7                     "112233445566778899aabbccddeeff0011223344," .
   8                     "1234567890"),
   9    WWW::CSRF::CSRF_OK,
  10    "check simple token");
  11
  12 is(check_csrf_token("id", "secret",
  13                     "0000000000000000000000000000000000000000," .
  14                     "112233445566778899aabbccddeeff0011223344," .
  15                     "1234567890"),
  16    WWW::CSRF::CSRF_INVALID_SIGNATURE,
  17    "check simple invalid token");
  18
  19 is(check_csrf_token("id", "secret",
  20                     "5df5e9f17c929a45af5d33624ec052903599958f," .
  21                     "112233445566778899aabbccddeeff0011223344"),
  22    WWW::CSRF::CSRF_MALFORMED_TOKEN,
  23    "check simple malformed token (missing time)");
  24
  25 is(check_csrf_token("id", "secret",
  26                     "5df5e9f17c929a45af5d33624ec052903599958f," .
  27                     "112233445566778899aabbccddeeff0011223344," .
  28                     "1234567890", {
  29                         Time => 1234567895,
  30                         MaxAge => 10
  31                     }),
  32    WWW::CSRF::CSRF_OK,
  33    "check with maxage");
  34
  35 is(check_csrf_token("id", "secret",
  36                     "5df5e9f17c929a45af5d33624ec052903599958f," .
  37                     "112233445566778899aabbccddeeff0011223344," .
  38                     "1234567890", {
  39                         Time => 1234567895,
  40                         MaxAge => 3
  41                     }),
  42    WWW::CSRF::CSRF_EXPIRED,
  43    "check expired with maxage");
  44
  45 is(check_csrf_token("id", "secret",
  46                     "5df5e9f17c929a45af5d33624ec052903599958f," .
  47                     "112233445566778899aabbccddeeff0011223344," .
  48                     "1234567894", {
  49                         Time => 1234567895,
  50                         MaxAge => 10
  51                     }),
  52    WWW::CSRF::CSRF_INVALID_SIGNATURE,
  53    "check falsified timestamp");