Allow sending in predefined masks and times.

author Steinar H. Gunderson <sgunderson@bigfoot.com>

Tue, 12 Nov 2013 19:18:36 +0000 (20:18 +0100)

committer Steinar H. Gunderson <sgunderson@bigfoot.com>

Tue, 12 Nov 2013 19:18:36 +0000 (20:18 +0100)
author Steinar H. Gunderson <sgunderson@bigfoot.com>
Tue, 12 Nov 2013 19:18:36 +0000 (20:18 +0100)
committer Steinar H. Gunderson <sgunderson@bigfoot.com>
Tue, 12 Nov 2013 19:18:36 +0000 (20:18 +0100)
diff --git a/lib/WWW/CSRF.pm b/lib/WWW/CSRF.pm

index 3876ad2be8095ce1d2e8b6e70f863269e86f5c40..202348bf671693472f8db5a0af1d4cd9e47fcea1 100644 (file)
--- a/lib/WWW/CSRF.pm
+++ b/lib/WWW/CSRF.pm
@@ -11,15 +11,17 @@ our @EXPORT_OK = qw(generate_csrf_token check_csrf_token);
  our $VERSION = '1.00';
  
  sub generate_csrf_token {
-       my ($id, $secret) = @_;
+       my ($id, $secret, $random, $time) = @_;
  
-       my $time = time;
+       $time //= time;
  
         my $digest = Digest::HMAC_SHA1::hmac_sha1($time . "/" . $id, $secret);
         my @digest_bytes = _to_byte_array($digest);
  
         # Mask the token to avoid the BREACH attack.
-       my $random = Bytes::Random::Secure::random_bytes(scalar @digest_bytes);
+       if (!defined($random) || length($random) != length($digest)) {
+               $random = Bytes::Random::Secure::random_bytes(scalar @digest_bytes);
+       }
         my @random_bytes = _to_byte_array($random);
         
         my $masked_token = "";
author	Steinar H. Gunderson <sgunderson@bigfoot.com>
	Tue, 12 Nov 2013 19:18:36 +0000 (20:18 +0100)
committer	Steinar H. Gunderson <sgunderson@bigfoot.com>
	Tue, 12 Nov 2013 19:18:36 +0000 (20:18 +0100)