go/echo
1
0
Fork 0
mirror of https://github.com/labstack/echo.git synced 2025-07-03 00:56:59 +02:00
Code Issues Releases Activity

First commit to v3, #665

Browse Source 
Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
Vishal Rana
2016-09-22 22:53:44 -07:00
parent 04f45046b1
commit 2aec0353f5
66 changed files with 656 additions and 3264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
middleware/csrf_test.go
View File

@ -2,20 +2,20 @@ package middleware
import (
"net/http"
"net/http/httptest"
"net/url"
"strings"
"testing"
"github.com/labstack/echo"
"github.com/labstack/echo/test"
"github.com/labstack/gommon/random"
"github.com/stretchr/testify/assert"
)
func TestCSRF(t *testing.T) {
e := echo.New()
req := test.NewRequest(echo.GET, "/", nil)
rec := test.NewResponseRecorder()
req, _ := http.NewRequest(echo.GET, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
csrf := CSRFWithConfig(CSRFConfig{
TokenLength: 16,
@ -29,24 +29,24 @@ func TestCSRF(t *testing.T) {
assert.Contains(t, rec.Header().Get(echo.HeaderSetCookie), "_csrf")
// Without CSRF cookie
req = test.NewRequest(echo.POST, "/", nil)
rec = test.NewResponseRecorder()
req, _ = http.NewRequest(echo.POST, "/", nil)
rec = httptest.NewRecorder()
c = e.NewContext(req, rec)
assert.Error(t, h(c))
// Empty/invalid CSRF token
req = test.NewRequest(echo.POST, "/", nil)
rec = test.NewResponseRecorder()
req, _ = http.NewRequest(echo.POST, "/", nil)
rec = httptest.NewRecorder()
c = e.NewContext(req, rec)
req.Header().Set(echo.HeaderXCSRFToken, "")
req.Header.Set(echo.HeaderXCSRFToken, "")
assert.Error(t, h(c))
// Valid CSRF token
token := random.String(16)
req.Header().Set(echo.HeaderCookie, "_csrf="+token)
req.Header().Set(echo.HeaderXCSRFToken, token)
req.Header.Set(echo.HeaderCookie, "_csrf="+token)
req.Header.Set(echo.HeaderXCSRFToken, token)
if assert.NoError(t, h(c)) {
assert.Equal(t, http.StatusOK, rec.Status())
assert.Equal(t, http.StatusOK, rec.Code)
}
}
@ -54,8 +54,8 @@ func TestCSRFTokenFromForm(t *testing.T) {
f := make(url.Values)
f.Set("csrf", "token")
e := echo.New()
req := test.NewRequest(echo.POST, "/", strings.NewReader(f.Encode()))
req.Header().Add(echo.HeaderContentType, echo.MIMEApplicationForm)
req, _ := http.NewRequest(echo.POST, "/", strings.NewReader(f.Encode()))
req.Header.Add(echo.HeaderContentType, echo.MIMEApplicationForm)
c := e.NewContext(req, nil)
token, err := csrfTokenFromForm("csrf")(c)
if assert.NoError(t, err) {
@ -69,8 +69,8 @@ func TestCSRFTokenFromQuery(t *testing.T) {
q := make(url.Values)
q.Set("csrf", "token")
e := echo.New()
req := test.NewRequest(echo.GET, "/?"+q.Encode(), nil)
req.Header().Add(echo.HeaderContentType, echo.MIMEApplicationForm)
req, _ := http.NewRequest(echo.GET, "/?"+q.Encode(), nil)
req.Header.Add(echo.HeaderContentType, echo.MIMEApplicationForm)
c := e.NewContext(req, nil)
token, err := csrfTokenFromQuery("csrf")(c)
if assert.NoError(t, err) {