(t *testing.T)
| 228 | } |
| 229 | |
| 230 | func TestCSRFWithConfig(t *testing.T) { |
| 231 | token := randomString(16) |
| 232 | |
| 233 | var testCases = []struct { |
| 234 | name string |
| 235 | givenConfig *CSRFConfig |
| 236 | whenMethod string |
| 237 | whenHeaders map[string]string |
| 238 | expectEmptyBody bool |
| 239 | expectMWError string |
| 240 | expectCookieContains string |
| 241 | expectTokenInContext string |
| 242 | expectErr string |
| 243 | }{ |
| 244 | { |
| 245 | name: "ok, GET", |
| 246 | whenMethod: http.MethodGet, |
| 247 | expectCookieContains: "_csrf", |
| 248 | expectTokenInContext: "TESTTOKEN", |
| 249 | }, |
| 250 | { |
| 251 | name: "ok, POST valid token", |
| 252 | whenHeaders: map[string]string{ |
| 253 | echo.HeaderCookie: "_csrf=" + token, |
| 254 | echo.HeaderXCSRFToken: token, |
| 255 | }, |
| 256 | whenMethod: http.MethodPost, |
| 257 | expectCookieContains: "_csrf", |
| 258 | expectTokenInContext: token, |
| 259 | }, |
| 260 | { |
| 261 | name: "nok, POST without token", |
| 262 | whenMethod: http.MethodPost, |
| 263 | expectEmptyBody: true, |
| 264 | expectErr: `code=400, message=Bad Request, err=missing value in request header`, |
| 265 | }, |
| 266 | { |
| 267 | name: "nok, POST empty token", |
| 268 | whenHeaders: map[string]string{echo.HeaderXCSRFToken: ""}, |
| 269 | whenMethod: http.MethodPost, |
| 270 | expectEmptyBody: true, |
| 271 | expectErr: `code=403, message=invalid csrf token`, |
| 272 | }, |
| 273 | { |
| 274 | name: "nok, invalid trusted origin in Config", |
| 275 | givenConfig: &CSRFConfig{ |
| 276 | TrustedOrigins: []string{"http://example.com", "invalid"}, |
| 277 | }, |
| 278 | expectMWError: `trusted origin is missing scheme or host: invalid`, |
| 279 | }, |
| 280 | { |
| 281 | name: "ok, TokenLength", |
| 282 | givenConfig: &CSRFConfig{ |
| 283 | TokenLength: 16, |
| 284 | }, |
| 285 | whenMethod: http.MethodGet, |
| 286 | expectCookieContains: "_csrf", |
| 287 | expectTokenInContext: "TESTTOKEN", |
nothing calls this directly
no test coverage detected
searching dependent graphs…