github.com/jacobsoderblom/buffalo@v0.11.0/middleware/csrf/csrf_test.go

github.com/jacobsoderblom/buffalo@v0.11.0/middleware/csrf/csrf_test.go (about)

     1  package csrf_test
     2  
     3  import (
     4  	"os"
     5  	"testing"
     6  
     7  	"github.com/gobuffalo/buffalo"
     8  	"github.com/gobuffalo/buffalo/middleware/csrf"
     9  	"github.com/gobuffalo/buffalo/render"
    10  	"github.com/gobuffalo/envy"
    11  	"github.com/markbates/willie"
    12  	"github.com/stretchr/testify/require"
    13  )
    14  
    15  func TestMain(m *testing.M) {
    16  	env := envy.Get("GO_ENV", "development")
    17  	envy.Set("GO_ENV", "development")
    18  	defer envy.Set("GO_ENV", env)
    19  	os.Exit(m.Run())
    20  }
    21  
    22  type csrfForm struct {
    23  	AuthenticityToken string `form:"authenticity_token"`
    24  }
    25  
    26  func ctCSRFApp() *buffalo.App {
    27  	h := func(c buffalo.Context) error {
    28  		if at := c.Value("authenticity_token"); at != nil {
    29  			return c.Render(200, render.String(at.(string)))
    30  		}
    31  		return c.Render(420, nil)
    32  	}
    33  	a := buffalo.New(buffalo.Options{})
    34  	a.Use(csrf.New)
    35  	a.GET("/csrf", h)
    36  	a.POST("/csrf", h)
    37  	return a
    38  }
    39  
    40  func Test_CSRFOnIdempotentAction(t *testing.T) {
    41  	r := require.New(t)
    42  
    43  	w := willie.New(ctCSRFApp())
    44  	res := w.Request("/csrf").Get()
    45  	r.Equal(200, res.Code)
    46  }
    47  
    48  func Test_CSRFOnJSONRequest(t *testing.T) {
    49  	r := require.New(t)
    50  
    51  	w := willie.New(ctCSRFApp())
    52  
    53  	// Test missing token case
    54  	res := w.Request("/csrf").Post("")
    55  	r.Equal(500, res.Code)
    56  	r.Contains(res.Body.String(), "CSRF token not found in request")
    57  
    58  	rs := w.JSON("/csrf").Post("")
    59  	r.Equal(420, rs.Code)
    60  }
    61  
    62  func Test_CSRFOnEditingAction(t *testing.T) {
    63  	r := require.New(t)
    64  
    65  	w := willie.New(ctCSRFApp())
    66  
    67  	// Test missing token case
    68  	res := w.Request("/csrf").Post("")
    69  	r.Equal(500, res.Code)
    70  	r.Contains(res.Body.String(), "CSRF token not found in request")
    71  
    72  	// Test provided bad token through Header case
    73  	req := w.Request("/csrf")
    74  	req.Headers["X-CSRF-Token"] = "test-token"
    75  	res = req.Post("")
    76  	r.Equal(500, res.Code)
    77  	r.Contains(res.Body.String(), "CSRF token not found in request")
    78  
    79  	// Test provided good token through Header case
    80  	res = w.Request("/csrf").Get()
    81  	r.Equal(200, res.Code)
    82  	token := res.Body.String()
    83  
    84  	req = w.Request("/csrf")
    85  	req.Headers["X-CSRF-Token"] = token
    86  	res = req.Post("")
    87  	r.Equal(200, res.Code)
    88  
    89  	// Test provided good token through form case
    90  	res = w.Request("/csrf").Get()
    91  	r.Equal(200, res.Code)
    92  	token = res.Body.String()
    93  
    94  	req = w.Request("/csrf")
    95  	res = req.Post(csrfForm{AuthenticityToken: token})
    96  	r.Equal(200, res.Code)
    97  }