Ark
view release on metacpan or search on metacpan
lib/Ark/Plugin/CSRFDefender.pm view on Meta::CPAN
}
}
sub _is_csrf_validation_needed {
my $c = shift;
my $method = $c->req->method;
return () if !$method;
return
$method eq 'POST' ? 1 :
$method eq 'PUT' ? 1 :
$method eq 'DELETE' ? 1 : ();
}
sub html_filter_for_csrf {
my ($c, $html) = @_;
my $reg = qr/<form\s*.*?\s*method=['"]?post['"]?\s*.*?>/i;
$html =~ s!($reg)!$1\n<input type="hidden" name="@{[$c->csrf_defender_param_name]}" value="@{[$c->csrf_token]}" />!isg;
$html;
t/plugin_csrf_defender.t view on Meta::CPAN
subtest 'token_fix' => sub {
my $c = ctx_get '/test_set';
is length $c->csrf_token, 36;
is $c->res->body, 'OK';
$c = ctx_get '/test_get';
is length $c->csrf_token, 5;
};
subtest 'validate_ok' => sub {
for my $method (qw(GET POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/test_get?csrf_token=dummy');
is $c->validate_csrf_token, 1;
}
};
subtest 'validate NG' => sub {
for my $method (qw(POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/test_get?csrf_token=fuga');
ok !$c->validate_csrf_token;
is $c->res->content, $c->csrf_defender_error_output;
is $c->res->code, 403;
}
my $c = ctx_get '/test_get?csrf_token=fuga';
is $c->res->code, 200;
};
t/plugin_csrf_defender_error_action.t view on Meta::CPAN
$c->res->body('OK');
}
}
use Ark::Test 'TestApp',
components => [qw/Controller::Root/],
reuse_connection => 1;
ctx_get '/test_set';
subtest 'validate_ok' => sub {
for my $method (qw(GET POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/test_get?csrf_token=dummy');
is $c->validate_csrf_token, 1;
}
};
subtest 'validate NG' => sub {
for my $method (qw(POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/test_get?csrf_token=fuga');
ok !$c->validate_csrf_token;
is $c->res->code, 403;
is $c->res->body, 'wryyy';
}
my $c = ctx_get '/test_get';
is $c->res->code, 200;
is $c->res->content, 'OK';
};
t/plugin_csrf_defender_filter_form.t view on Meta::CPAN
subtest 'token_fix' => sub {
my $c = ctx_get '/test_set';
is length $c->csrf_token, 36;
is $c->res->body, 'OK';
$c = ctx_get '/test_get';
is length $c->csrf_token, 5;
};
subtest 'validate_ok' => sub {
for my $method (qw(GET POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/test_get?csrf_token=dummy');
is $c->validate_csrf_token, 1;
}
};
subtest 'validate NG' => sub {
for my $method (qw(POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/test_get?csrf_token=fuga');
ok !$c->validate_csrf_token;
is $c->res->content, $c->csrf_defender_error_output;
is $c->res->code, 403;
}
my $c = ctx_get '/test_get?csrf_token=fuga';
is $c->res->code, 200;
};
t/plugin_csrf_defender_with_options.t view on Meta::CPAN
}
use Ark::Test 'TestApp',
components => [qw/Controller::Root/],
reuse_connection => 1;
# set dummy token
ctx_get '/test_set';
subtest 'validate_ok' => sub {
for my $method (qw(GET POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/test_set?csrf_token=dummy');
is $c->validate_csrf_token, 1;
}
};
subtest 'validate NG' => sub {
for my $method (qw(POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/test_set?csrf_token=fuga');
ok !$c->validate_csrf_token;
is $c->res->code, 200;
}
for my $method (qw(POST PUT DELETE)) {
my ($res, $c) = ctx_request($method => '/raise_error?csrf_token=fuga');
ok !$c->validate_csrf_token;
is $c->res->content, 'ERROR!';
is $c->res->code, 400;
}
my $c = ctx_get '/raise_error';
is $c->res->code, 200;
is $c->res->content, 'OK';
};
( run in 0.324 second using v1.01-cache-2.11-cpan-4e96b696675 )