| Commit | Line | Data |
|---|
| 73d1f3a2 |
1 | #!/usr/bin/perl |
| 2 | |
| 3 | use strict; |
| 4 | use warnings; |
| 5 | |
| 6 | use Test::More; |
| e108bc2c |
7 | use Data::Dumper; |
| 73d1f3a2 |
8 | |
| 9 | BEGIN { |
| 10 | eval { require Catalyst::Plugin::Session::State::Cookie; Catalyst::Plugin::Session::State::Cookie->VERSION(0.03) } |
| 11 | or plan skip_all => |
| 12 | "Catalyst::Plugin::Session::State::Cookie 0.03 or higher is required for this test"; |
| 13 | |
| f8f81744 |
14 | eval { |
| 15 | require Test::WWW::Mechanize::Catalyst; |
| 16 | Test::WWW::Mechanize::Catalyst->VERSION(0.51); |
| 17 | } |
| 18 | or plan skip_all => |
| 19 | 'Test::WWW::Mechanize::Catalyst >= 0.51 is required for this test'; |
| 73d1f3a2 |
20 | |
| 0ade68bd |
21 | plan tests => 10; |
| 73d1f3a2 |
22 | } |
| 23 | |
| 24 | use lib "t/lib"; |
| 25 | use Test::WWW::Mechanize::Catalyst "SessionTestApp"; |
| 26 | |
| e108bc2c |
27 | #try completely random cookie unknown for our application; should be rejected |
| 73d1f3a2 |
28 | my $injected_cookie = "sessiontestapp_session=89c3a019866af6f5a305e10189fbb23df3f4772c"; |
| 29 | |
| 30 | my $ua1 = Test::WWW::Mechanize::Catalyst->new; |
| 31 | $ua1->add_header('Cookie' => $injected_cookie); |
| 32 | |
| 33 | my $res = $ua1->get( "http://localhost/login" ); |
| e108bc2c |
34 | my $cookie1 = $res->header('Set-Cookie'); |
| 73d1f3a2 |
35 | |
| e108bc2c |
36 | ok $cookie1, "Set-Cookie 1"; |
| 37 | isnt $cookie1, qr/$injected_cookie/, "Logging in generates us a new cookie"; |
| 73d1f3a2 |
38 | |
| e108bc2c |
39 | $ua1->get( "http://localhost/get_sessid" ); |
| 40 | my $sid1 = $ua1->content; |
| 41 | |
| 42 | #set session variable var1 before session id change |
| 43 | $ua1->get( "http://localhost/set_session_variable/var1/set_before_change"); |
| 44 | $ua1->get( "http://localhost/get_session_variable/var1"); |
| 45 | $ua1->content_is("VAR_var1=set_before_change"); |
| 46 | |
| 47 | #just diagnostic dump |
| 48 | $ua1->get( "http://localhost/dump_session" ); |
| 49 | #diag "Before-change:".$ua1->content; |
| 50 | |
| 51 | #change session id; all session data should be kept; old session id invalidated |
| 52 | my $res2 = $ua1->get( "http://localhost/change_sessid" ); |
| 53 | my $cookie2 = $res2->header('Set-Cookie'); |
| 54 | |
| 55 | ok $cookie2, "Set-Cookie 2"; |
| 56 | isnt $cookie2, $cookie1, "Cookie changed"; |
| 57 | |
| 58 | $ua1->get( "http://localhost/get_sessid" ); |
| 59 | my $sid2 = $ua1->content; |
| 60 | isnt $sid2, $sid1, 'SID changed'; |
| 61 | |
| 62 | #just diagnostic dump |
| 63 | $ua1->get( "http://localhost/dump_session" ); |
| 64 | #diag "After-change:".$ua1->content; |
| 65 | |
| 66 | #set session variable var2 after session id change |
| 67 | $ua1->get( "http://localhost/set_session_variable/var2/set_after_change"); |
| 68 | |
| 69 | #check if var1 and var2 contain expected values |
| 70 | $ua1->get( "http://localhost/get_session_variable/var1"); |
| 71 | $ua1->content_is("VAR_var1=set_before_change"); |
| 72 | $ua1->get( "http://localhost/get_session_variable/var2"); |
| 73 | $ua1->content_is("VAR_var2=set_after_change"); |
| 74 | |
| 75 | #just diagnostic dump |
| 76 | $ua1->get( "http://localhost/dump_session" ); |
| 77 | #diag "End1:".$ua1->content; |
| 78 | |
| 79 | #try to use old cookie value (before session_id_change) |
| 80 | my $ua2 = Test::WWW::Mechanize::Catalyst->new; |
| 81 | $ua2->add_header('Cookie' => $cookie1); |
| 82 | |
| 83 | #if we take old cookie we should not be able to get any old session data |
| 84 | $ua2->get( "http://localhost/get_session_variable/var1"); |
| 85 | $ua2->content_is("VAR_var1=n.a."); |
| 86 | $ua2->get( "http://localhost/get_session_variable/var2"); |
| 87 | $ua2->content_is("VAR_var2=n.a."); |
| 88 | |
| 89 | #just diagnostic dump |
| 90 | $ua2->get( "http://localhost/dump_session" ); |
| 91 | #diag "End2:".$ua2->content; |
projects / catagits/Catalyst-Plugin-Session.git / blame