From 5c5dcbfe1c8f309bbe28c15fd4942dad012c177c Mon Sep 17 00:00:00 2001
From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Date: Tue, 12 Nov 2013 20:18:36 +0100
Subject: [PATCH] Allow sending in predefined masks and times.

---
 lib/WWW/CSRF.pm | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/WWW/CSRF.pm b/lib/WWW/CSRF.pm
index 3876ad2..202348b 100644
--- a/lib/WWW/CSRF.pm
+++ b/lib/WWW/CSRF.pm
@@ -11,15 +11,17 @@ our @EXPORT_OK = qw(generate_csrf_token check_csrf_token);
 our $VERSION = '1.00';
 
 sub generate_csrf_token {
-	my ($id, $secret) = @_;
+	my ($id, $secret, $random, $time) = @_;
 
-	my $time = time;
+	$time //= time;
 
 	my $digest = Digest::HMAC_SHA1::hmac_sha1($time . "/" . $id, $secret);
 	my @digest_bytes = _to_byte_array($digest);
 
 	# Mask the token to avoid the BREACH attack.
-	my $random = Bytes::Random::Secure::random_bytes(scalar @digest_bytes);
+	if (!defined($random) || length($random) != length($digest)) {
+		$random = Bytes::Random::Secure::random_bytes(scalar @digest_bytes);
+	}
 	my @random_bytes = _to_byte_array($random);
 	
 	my $masked_token = "";
-- 
2.39.2