--- /dev/null
+use Test::More tests => 6;
+
+use WWW::CSRF qw(check_csrf_token);
+
+is(check_csrf_token("id", "secret",
+ "5df5e9f17c929a45af5d33624ec052903599958f," .
+ "112233445566778899aabbccddeeff0011223344," .
+ "1234567890"),
+ 1,
+ "check simple token");
+
+isnt(check_csrf_token("id", "secret",
+ "0000000000000000000000000000000000000000," .
+ "112233445566778899aabbccddeeff0011223344," .
+ "1234567890"),
+ 1,
+ "check simple invalid token");
+
+isnt(check_csrf_token("id", "secret",
+ "5df5e9f17c929a45af5d33624ec052903599958f," .
+ "112233445566778899aabbccddeeff0011223344"),
+ 1,
+ "check simple malformed token");
+
+is(check_csrf_token("id", "secret",
+ "5df5e9f17c929a45af5d33624ec052903599958f," .
+ "112233445566778899aabbccddeeff0011223344," .
+ "1234567890", {
+ Time => 1234567895,
+ MaxAge => 10
+ }),
+ 1,
+ "check with maxage");
+
+isnt(check_csrf_token("id", "secret",
+ "5df5e9f17c929a45af5d33624ec052903599958f," .
+ "112233445566778899aabbccddeeff0011223344," .
+ "1234567890", {
+ Time => 1234567895,
+ MaxAge => 3
+ }),
+ 1,
+ "check expired with maxage");
+
+isnt(check_csrf_token("id", "secret",
+ "5df5e9f17c929a45af5d33624ec052903599958f," .
+ "112233445566778899aabbccddeeff0011223344," .
+ "1234567894", {
+ Time => 1234567895,
+ MaxAge => 10
+ }),
+ 1,
+ "check falsified timestamp");