]> git.sesse.net Git - www-csrf/blob - t/02_check.t
projects / www-csrf / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add some unit tests for check_csrf_token.
[www-csrf] / t / 02_check.t
1 use Test::More tests => 6;
2
3 use WWW::CSRF qw(check_csrf_token);
4
5 is(check_csrf_token("id", "secret",
6                     "5df5e9f17c929a45af5d33624ec052903599958f," .
7                     "112233445566778899aabbccddeeff0011223344," .
8                     "1234567890"),
9    1,
10    "check simple token");
11
12 isnt(check_csrf_token("id", "secret",
13                       "0000000000000000000000000000000000000000," .
14                       "112233445566778899aabbccddeeff0011223344," .
15                       "1234567890"),
16      1,
17      "check simple invalid token");
18
19 isnt(check_csrf_token("id", "secret",
20                       "5df5e9f17c929a45af5d33624ec052903599958f," .
21                       "112233445566778899aabbccddeeff0011223344"),
22      1,
23      "check simple malformed token");
24
25 is(check_csrf_token("id", "secret",
26                     "5df5e9f17c929a45af5d33624ec052903599958f," .
27                     "112233445566778899aabbccddeeff0011223344," .
28                     "1234567890", {
29                         Time => 1234567895,
30                         MaxAge => 10
31                     }),
32    1,
33    "check with maxage");
34
35 isnt(check_csrf_token("id", "secret",
36                       "5df5e9f17c929a45af5d33624ec052903599958f," .
37                       "112233445566778899aabbccddeeff0011223344," .
38                       "1234567890", {
39                           Time => 1234567895,
40                           MaxAge => 3
41                       }),
42      1,
43      "check expired with maxage");
44
45 isnt(check_csrf_token("id", "secret",
46                       "5df5e9f17c929a45af5d33624ec052903599958f," .
47                       "112233445566778899aabbccddeeff0011223344," .
48                       "1234567894", {
49                           Time => 1234567895,
50                           MaxAge => 10
51                       }),
52      1,
53      "check falsified timestamp");
WWW::CSRF, a Perl module to help protect against CSRF attacks.