our $VERSION = '1.00';
sub generate_csrf_token {
- my ($id, $secret, $random, $time) = @_;
+ my ($id, $secret, $options) = @_;
- $time //= time;
+ my $time = $options->{'Time'} // time;
+ my $random = $options->{'Random'};
my $digest = Digest::HMAC_SHA1::hmac_sha1($time . "/" . $id, $secret);
my @digest_bytes = _to_byte_array($digest);
}
sub check_csrf_token {
- my ($id, $secret, $csrf_token, $max_age) = @_;
+ my ($id, $secret, $csrf_token, $options) = @_;
if ($csrf_token !~ /^([0-9a-f]+),([0-9a-f]+),([0-9]+)$/) {
# Malformed token.
}
my ($masked_token, $mask, $time) = ($1, $2, $3);
+ my $max_age = $options->{'MaxAge'};
if (defined($max_age) && time - $time > $max_age) {
# Timed out.
return 0;
qr/^[0-9a-f]{40},[0-9a-f]{40},\d+$/,
"token has right format");
-is(generate_csrf_token("id", "secret", $random, 1234567890),
+is(generate_csrf_token("id", "secret", { Random => $random, Time => 1234567890 }),
"5df5e9f17c929a45af5d33624ec052903599958f,112233445566778899aabbccddeeff0011223344,1234567890",
"generate simple token");
-is(generate_csrf_token("id", "s3cret", $random, 1234567890),
+is(generate_csrf_token("id", "s3cret", { Random => $random, Time => 1234567890 }),
"0acb0abac254d21ce30c2e805a1bf6762e0b6a17,112233445566778899aabbccddeeff0011223344,1234567890",
"different secret changes token");
-is(generate_csrf_token("id", "s3cret", $random, 1234567891),
+is(generate_csrf_token("id", "s3cret", { Random => $random, Time => 1234567891 }),
"8e5c2d1cd2dc0368ed2fa1facee31660a5ffa12f,112233445566778899aabbccddeeff0011223344,1234567891",
"different time changes token");
$random = pack('H*', '112233445566778899aabbccddeeff0011223340');
-is(generate_csrf_token("id", "secret", $random, 1234567890),
+is(generate_csrf_token("id", "secret", { Random => $random, Time => 1234567890 }),
"5df5e9f17c929a45af5d33624ec052903599958b,112233445566778899aabbccddeeff0011223340,1234567890",
"bitflip in mask flips corresponding bit in token");
projects / www-csrf / commitdiff