die() if the wrong amount of randomness comes in.

[www-csrf] / t / 01_generate.t

diff --git a/t/01_generate.t b/t/01_generate.t
index 3e97a6f9632eb4229904133b063a2081dce917f4..a2147de1e3948f107478dd66af0a00d76304f1b3 100644 (file)
--- a/t/01_generate.t
+++ b/t/01_generate.t
@@ -1,4 +1,4 @@
-use Test::More tests => 5;
+use Test::More tests => 6;
 
 use WWW::CSRF qw(generate_csrf_token);
 
@@ -24,3 +24,9 @@ $random = pack('H*', '112233445566778899aabbccddeeff0011223340');
 is(generate_csrf_token("id", "secret", { Random => $random, Time => 1234567890 }),
    "5df5e9f17c929a45af5d33624ec052903599958b,112233445566778899aabbccddeeff0011223340,1234567890",
    "bitflip in mask flips corresponding bit in token");
+
+$random = pack('H*', '112233445566778899aabbccddeeff00112233');
+eval {
+  my $ignored = generate_csrf_token("id", "secret", { Random => $random, Time => 1234567890 });
+};
+ok($@, "check that wrong amount of randomness causes die()");