Commit | Line | Data |
73d1f3a2 |
1 | #!/usr/bin/perl |
2 | |
3 | use strict; |
4 | use warnings; |
5 | |
6 | use Test::More; |
e108bc2c |
7 | use Data::Dumper; |
73d1f3a2 |
8 | |
9 | BEGIN { |
10 | eval { require Catalyst::Plugin::Session::State::Cookie; Catalyst::Plugin::Session::State::Cookie->VERSION(0.03) } |
11 | or plan skip_all => |
12 | "Catalyst::Plugin::Session::State::Cookie 0.03 or higher is required for this test"; |
13 | |
f8f81744 |
14 | eval { |
15 | require Test::WWW::Mechanize::Catalyst; |
16 | Test::WWW::Mechanize::Catalyst->VERSION(0.51); |
17 | } |
18 | or plan skip_all => |
19 | 'Test::WWW::Mechanize::Catalyst >= 0.51 is required for this test'; |
73d1f3a2 |
20 | |
0ade68bd |
21 | plan tests => 10; |
73d1f3a2 |
22 | } |
23 | |
24 | use lib "t/lib"; |
25 | use Test::WWW::Mechanize::Catalyst "SessionTestApp"; |
26 | |
e108bc2c |
27 | #try completely random cookie unknown for our application; should be rejected |
836b0a11 |
28 | my $cookie_name = 'sessiontestapp_session'; |
29 | my $cookie_value = '89c3a019866af6f5a305e10189fbb23df3f4772c'; |
30 | my ( @injected_cookie ) = ( 1, $cookie_name , $cookie_value ,'/', undef, 0, undef, undef, undef, {} ); |
31 | my $injected_cookie_str = "${cookie_name}=${cookie_value}"; |
73d1f3a2 |
32 | |
33 | my $ua1 = Test::WWW::Mechanize::Catalyst->new; |
836b0a11 |
34 | $ua1->cookie_jar->set_cookie( @injected_cookie ); |
73d1f3a2 |
35 | |
36 | my $res = $ua1->get( "http://localhost/login" ); |
e108bc2c |
37 | my $cookie1 = $res->header('Set-Cookie'); |
73d1f3a2 |
38 | |
e108bc2c |
39 | ok $cookie1, "Set-Cookie 1"; |
836b0a11 |
40 | isnt $cookie1, qr/$injected_cookie_str/, "Logging in generates us a new cookie"; |
73d1f3a2 |
41 | |
e108bc2c |
42 | $ua1->get( "http://localhost/get_sessid" ); |
43 | my $sid1 = $ua1->content; |
44 | |
45 | #set session variable var1 before session id change |
46 | $ua1->get( "http://localhost/set_session_variable/var1/set_before_change"); |
47 | $ua1->get( "http://localhost/get_session_variable/var1"); |
48 | $ua1->content_is("VAR_var1=set_before_change"); |
49 | |
50 | #just diagnostic dump |
51 | $ua1->get( "http://localhost/dump_session" ); |
52 | #diag "Before-change:".$ua1->content; |
53 | |
54 | #change session id; all session data should be kept; old session id invalidated |
55 | my $res2 = $ua1->get( "http://localhost/change_sessid" ); |
56 | my $cookie2 = $res2->header('Set-Cookie'); |
57 | |
58 | ok $cookie2, "Set-Cookie 2"; |
59 | isnt $cookie2, $cookie1, "Cookie changed"; |
60 | |
61 | $ua1->get( "http://localhost/get_sessid" ); |
62 | my $sid2 = $ua1->content; |
63 | isnt $sid2, $sid1, 'SID changed'; |
64 | |
65 | #just diagnostic dump |
66 | $ua1->get( "http://localhost/dump_session" ); |
67 | #diag "After-change:".$ua1->content; |
68 | |
69 | #set session variable var2 after session id change |
70 | $ua1->get( "http://localhost/set_session_variable/var2/set_after_change"); |
71 | |
72 | #check if var1 and var2 contain expected values |
73 | $ua1->get( "http://localhost/get_session_variable/var1"); |
74 | $ua1->content_is("VAR_var1=set_before_change"); |
75 | $ua1->get( "http://localhost/get_session_variable/var2"); |
76 | $ua1->content_is("VAR_var2=set_after_change"); |
77 | |
78 | #just diagnostic dump |
79 | $ua1->get( "http://localhost/dump_session" ); |
80 | #diag "End1:".$ua1->content; |
81 | |
82 | #try to use old cookie value (before session_id_change) |
83 | my $ua2 = Test::WWW::Mechanize::Catalyst->new; |
836b0a11 |
84 | $ua2->cookie_jar->set_cookie( @injected_cookie ); |
e108bc2c |
85 | |
86 | #if we take old cookie we should not be able to get any old session data |
87 | $ua2->get( "http://localhost/get_session_variable/var1"); |
88 | $ua2->content_is("VAR_var1=n.a."); |
89 | $ua2->get( "http://localhost/get_session_variable/var2"); |
90 | $ua2->content_is("VAR_var2=n.a."); |
91 | |
92 | #just diagnostic dump |
93 | $ua2->get( "http://localhost/dump_session" ); |
94 | #diag "End2:".$ua2->content; |