(t *testing.T)
| 2275 | } |
| 2276 | |
| 2277 | func Test_CSRF_Chain_Extractor_SingleExtractor(t *testing.T) { |
| 2278 | t.Parallel() |
| 2279 | app := fiber.New() |
| 2280 | |
| 2281 | // Chain with single extractor (should behave like the single extractor) |
| 2282 | singleChain := extractors.Chain(extractors.FromHeader("X-Csrf-Token")) |
| 2283 | |
| 2284 | app.Use(New(Config{Extractor: singleChain})) |
| 2285 | |
| 2286 | app.Post("/", func(c fiber.Ctx) error { |
| 2287 | return c.SendStatus(fiber.StatusOK) |
| 2288 | }) |
| 2289 | |
| 2290 | h := app.Handler() |
| 2291 | ctx := &fasthttp.RequestCtx{} |
| 2292 | |
| 2293 | // Generate CSRF token |
| 2294 | ctx.Request.Header.SetMethod(fiber.MethodGet) |
| 2295 | h(ctx) |
| 2296 | token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie)) |
| 2297 | token = strings.Split(strings.Split(token, ";")[0], "=")[1] |
| 2298 | |
| 2299 | // Test valid token in header |
| 2300 | ctx.Request.Reset() |
| 2301 | ctx.Response.Reset() |
| 2302 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 2303 | ctx.Request.Header.Set("X-Csrf-Token", token) |
| 2304 | ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token) |
| 2305 | h(ctx) |
| 2306 | require.Equal(t, 200, ctx.Response.StatusCode()) |
| 2307 | |
| 2308 | // Test no token |
| 2309 | ctx.Request.Reset() |
| 2310 | ctx.Response.Reset() |
| 2311 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 2312 | ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token) |
| 2313 | h(ctx) |
| 2314 | require.Equal(t, 403, ctx.Response.StatusCode()) |
| 2315 | } |
| 2316 | |
| 2317 | func Test_CSRF_All_Extractors(t *testing.T) { |
| 2318 | t.Parallel() |
nothing calls this directly
no test coverage detected