github.com/mayra-cabrera/buffalo@v0.9.4-0.20170814145312-66d2e7772f11/middleware/csrf/csrf_test.go

github.com/mayra-cabrera/buffalo@v0.9.4-0.20170814145312-66d2e7772f11/middleware/csrf/csrf_test.go (about)

     1  package csrf_test
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/gobuffalo/buffalo"
     7  	"github.com/gobuffalo/buffalo/middleware"
     8  	"github.com/gobuffalo/buffalo/render"
     9  	"github.com/markbates/willie"
    10  	"github.com/stretchr/testify/require"
    11  )
    12  
    13  type csrfForm struct {
    14  	AuthenticityToken string `form:"authenticity_token"`
    15  }
    16  
    17  func ctCSRFApp() *buffalo.App {
    18  	h := func(c buffalo.Context) error {
    19  		if at := c.Value("authenticity_token"); at != nil {
    20  			return c.Render(200, render.String(at.(string)))
    21  		}
    22  		return c.Render(420, nil)
    23  	}
    24  	a := buffalo.Automatic(buffalo.Options{})
    25  	a.Use(middleware.CSRF)
    26  	a.GET("/csrf", h)
    27  	a.POST("/csrf", h)
    28  	return a
    29  }
    30  
    31  func Test_CSRFOnIdempotentAction(t *testing.T) {
    32  	r := require.New(t)
    33  
    34  	w := willie.New(ctCSRFApp())
    35  	res := w.Request("/csrf").Get()
    36  	r.Equal(200, res.Code)
    37  }
    38  
    39  func Test_CSRFOnJSONRequest(t *testing.T) {
    40  	r := require.New(t)
    41  
    42  	w := willie.New(ctCSRFApp())
    43  
    44  	// Test missing token case
    45  	res := w.Request("/csrf").Post("")
    46  	r.Equal(500, res.Code)
    47  	r.Contains(res.Body.String(), "CSRF token not found in request")
    48  
    49  	rs := w.JSON("/csrf").Post("")
    50  	r.Equal(420, rs.Code)
    51  }
    52  
    53  func Test_CSRFOnEditingAction(t *testing.T) {
    54  	r := require.New(t)
    55  
    56  	w := willie.New(ctCSRFApp())
    57  
    58  	// Test missing token case
    59  	res := w.Request("/csrf").Post("")
    60  	r.Equal(500, res.Code)
    61  	r.Contains(res.Body.String(), "CSRF token not found in request")
    62  
    63  	// Test provided bad token through Header case
    64  	req := w.Request("/csrf")
    65  	req.Headers["X-CSRF-Token"] = "test-token"
    66  	res = req.Post("")
    67  	r.Equal(500, res.Code)
    68  	r.Contains(res.Body.String(), "CSRF token not found in request")
    69  
    70  	// Test provided good token through Header case
    71  	res = w.Request("/csrf").Get()
    72  	r.Equal(200, res.Code)
    73  	token := res.Body.String()
    74  
    75  	req = w.Request("/csrf")
    76  	req.Headers["X-CSRF-Token"] = token
    77  	res = req.Post("")
    78  	r.Equal(200, res.Code)
    79  
    80  	// Test provided good token through form case
    81  	res = w.Request("/csrf").Get()
    82  	r.Equal(200, res.Code)
    83  	token = res.Body.String()
    84  
    85  	req = w.Request("/csrf")
    86  	res = req.Post(csrfForm{AuthenticityToken: token})
    87  	r.Equal(200, res.Code)
    88  }