More coverage and better response adapter for standard/response

Signed-off-by: Vishal Rana <vr@labstack.com>
2025-07-05 00:58:47 +02:00 · 2016-06-06 22:27:36 -07:00
parent 8fbe719636
commit c654c422c4
7 changed files with 139 additions and 47 deletions
--- a/middleware/csrf_test.go
+++ b/middleware/csrf_test.go
@ -2,6 +2,8 @@ package middleware

 import (
 	"net/http"
+	"net/url"
+	"strings"
 	"testing"

 	"github.com/labstack/echo"
@ -14,11 +16,20 @@ func TestCSRF(t *testing.T) {
 	req := test.NewRequest(echo.GET, "/", nil)
 	rec := test.NewResponseRecorder()
 	c := e.NewContext(req, rec)
-	csrf := CSRF([]byte("secret"))
+	csrf := CSRFWithConfig(CSRFConfig{
+		Secret:       []byte("secret"),
+		CookiePath:   "/",
+		CookieDomain: "labstack.com",
+	})
 	h := csrf(func(c echo.Context) error {
 		return c.String(http.StatusOK, "test")
 	})

+	// No secret
+	assert.Panics(t, func() {
+		CSRF(nil)
+	})
+
 	// Generate CSRF token
 	h(c)
 	assert.Contains(t, rec.Header().Get(echo.HeaderSetCookie), "csrf")
@ -35,6 +46,38 @@ func TestCSRF(t *testing.T) {
 	salt, _ := generateSalt(8)
 	token := generateCSRFToken([]byte("secret"), salt)
 	req.Header().Set(echo.HeaderXCSRFToken, token)
-	h(c)
-	assert.Equal(t, http.StatusOK, rec.Status())
+	if assert.NoError(t, h(c)) {
+		assert.Equal(t, http.StatusOK, rec.Status())
+	}
+}
+
+func TestCSRFTokenFromForm(t *testing.T) {
+	f := make(url.Values)
+	f.Set("csrf", "token")
+	e := echo.New()
+	req := test.NewRequest(echo.POST, "/", strings.NewReader(f.Encode()))
+	req.Header().Add(echo.HeaderContentType, echo.MIMEApplicationForm)
+	c := e.NewContext(req, nil)
+	token, err := csrfTokenFromForm("csrf")(c)
+	if assert.NoError(t, err) {
+		assert.Equal(t, "token", token)
+	}
+	token, err = csrfTokenFromForm("invalid")(c)
+	assert.Error(t, err)
+}
+
+func TestCSRFTokenFromQuery(t *testing.T) {
+	q := make(url.Values)
+	q.Set("csrf", "token")
+	e := echo.New()
+	req := test.NewRequest(echo.GET, "/?"+q.Encode(), nil)
+	req.Header().Add(echo.HeaderContentType, echo.MIMEApplicationForm)
+	c := e.NewContext(req, nil)
+	token, err := csrfTokenFromQuery("csrf")(c)
+	if assert.NoError(t, err) {
+		assert.Equal(t, "token", token)
+	}
+	token, err = csrfTokenFromQuery("invalid")(c)
+	assert.Error(t, err)
+	csrfTokenFromQuery("csrf")
 }