From 671987bf531599f0f25c110cb90c8f8cb14d08f9 Mon Sep 17 00:00:00 2001
From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Date: Tue, 12 Nov 2013 22:01:54 +0100
Subject: [PATCH] Add some unit tests for check_csrf_token.

---
 lib/WWW/CSRF.pm |  4 +++-
 t/02_check.t    | 53 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 t/02_check.t

diff --git a/lib/WWW/CSRF.pm b/lib/WWW/CSRF.pm
index 95c5e8f..9197a6e 100644
--- a/lib/WWW/CSRF.pm
+++ b/lib/WWW/CSRF.pm
@@ -43,9 +43,11 @@ sub check_csrf_token {
 		return 0;
 	}
 
+	my $ref_time = $options->{'Time'} // time;
+
 	my ($masked_token, $mask, $time) = ($1, $2, $3);
 	my $max_age = $options->{'MaxAge'};
-	if (defined($max_age) && time - $time > $max_age) {
+	if (defined($max_age) && $ref_time - $time > $max_age) {
 		# Timed out.
 		return 0;
 	}
diff --git a/t/02_check.t b/t/02_check.t
new file mode 100644
index 0000000..edbbda4
--- /dev/null
+++ b/t/02_check.t
@@ -0,0 +1,53 @@
+use Test::More tests => 6;
+
+use WWW::CSRF qw(check_csrf_token);
+
+is(check_csrf_token("id", "secret",
+                    "5df5e9f17c929a45af5d33624ec052903599958f," .
+                    "112233445566778899aabbccddeeff0011223344," .
+                    "1234567890"),
+   1,
+   "check simple token");
+
+isnt(check_csrf_token("id", "secret",
+                      "0000000000000000000000000000000000000000," .
+                      "112233445566778899aabbccddeeff0011223344," .
+                      "1234567890"),
+     1,
+     "check simple invalid token");
+
+isnt(check_csrf_token("id", "secret",
+                      "5df5e9f17c929a45af5d33624ec052903599958f," .
+                      "112233445566778899aabbccddeeff0011223344"),
+     1,
+     "check simple malformed token");
+
+is(check_csrf_token("id", "secret",
+                    "5df5e9f17c929a45af5d33624ec052903599958f," .
+                    "112233445566778899aabbccddeeff0011223344," .
+                    "1234567890", {
+                        Time => 1234567895,
+                        MaxAge => 10
+                    }),
+   1,
+   "check with maxage");
+
+isnt(check_csrf_token("id", "secret",
+                      "5df5e9f17c929a45af5d33624ec052903599958f," .
+                      "112233445566778899aabbccddeeff0011223344," .
+                      "1234567890", {
+                          Time => 1234567895,
+                          MaxAge => 3
+                      }),
+     1,
+     "check expired with maxage");
+
+isnt(check_csrf_token("id", "secret",
+                      "5df5e9f17c929a45af5d33624ec052903599958f," .
+                      "112233445566778899aabbccddeeff0011223344," .
+                      "1234567894", {
+                          Time => 1234567895,
+                          MaxAge => 10
+                      }),
+     1,
+     "check falsified timestamp");
-- 
2.39.5