HTTP::Request results from the CPAN

HTTP::Request

Amon2-Plugin-Web-CSRFDefender

view release on metacpan or search on metacpan

t/009_csrf_defender.t view on Meta::CPAN

        is $mech->response->code, 302;
        is $COMMIT, 1;
    };

    $COMMIT = 0;
    subtest 'deny' => sub {
        test_psgi
            app => $app,
            client => sub {
                my $cb = shift;
                my $res = $cb->(HTTP::Request->new(POST => 'http://localhost/do'));
                is $res->code, '403';
                is $COMMIT, 0;
            };
    };

    subtest 'get_csrf_defender_token' => sub {
        test_psgi
            app => $app,
            client => sub {
                my $cb = shift;
                my $res = $cb->(HTTP::Request->new(GET => 'http://localhost/get_csrf_defender_token'));
                is $res->code, '200';
                ::like $res->content(), qr{^[a-zA-Z0-9_-]{40}$};
            };
    };
};

done_testing;

t/011_csrf_defender_manual.t view on Meta::CPAN

    is $mech->base, 'http://localhost/finished';
    is $COMMIT, 1;
};

subtest 'there is no validation' => sub {
    local $COMMIT = 0;
    test_psgi
        app => $app,
        client => sub {
            my $cb = shift;
            my $res = $cb->(HTTP::Request->new(POST => 'http://localhost/do'));
            is $res->code, '302';
            is $COMMIT, 1;
        };
};

subtest 'but you can validate manually' => sub {
    local $COMMIT = 0;
    test_psgi
        app => $app,
        client => sub {
            my $cb = shift;
            my $res = $cb->(HTTP::Request->new(POST => 'http://localhost/do2'));
            is $res->code, '403';
            is $COMMIT, 0;
        };
};

subtest 'get_csrf_defender_token' => sub {
    test_psgi
        app => $app,
        client => sub {
            my $cb = shift;
            my $res = $cb->(HTTP::Request->new(GET => 'http://localhost/get_csrf_defender_token'));
            is $res->code, '200';
            ::like $res->content(), qr{^[a-zA-Z0-9_-]{40}$};
        };
};

done_testing;

package MyApp::Web;
__DATA__

t/014_csrf_defender_post_only.t view on Meta::CPAN

    is $mech->base, 'http://localhost/finished';
    is $COMMIT, 1;
};

subtest 'deny' => sub {
    local $COMMIT = 0;
    test_psgi
        app => $app,
        client => sub {
            my $cb = shift;
            my $res = $cb->(HTTP::Request->new(POST => 'http://localhost/do'));
            is $res->code, '403';
            is $COMMIT, 0;
        };
};

subtest 'get method' => sub {
    local $COMMIT = 0;
    my $mech = Test::WWW::Mechanize::PSGI->new( app => $app, );
    $mech->get_ok('http://localhost/form_get');
    $mech->content_unlike(

( run in 0.560 second using v1.01-cache-2.11-cpan-de7293f3b23 )