(t *testing.T)
| 1606 | } |
| 1607 | |
| 1608 | func Test_CSRF_DeleteToken(t *testing.T) { |
| 1609 | t.Parallel() |
| 1610 | app := fiber.New() |
| 1611 | |
| 1612 | config := ConfigDefault |
| 1613 | |
| 1614 | app.Use(New(config)) |
| 1615 | |
| 1616 | app.Post("/", func(c fiber.Ctx) error { |
| 1617 | return c.SendStatus(fiber.StatusOK) |
| 1618 | }) |
| 1619 | |
| 1620 | h := app.Handler() |
| 1621 | ctx := &fasthttp.RequestCtx{} |
| 1622 | |
| 1623 | // DeleteToken after token generation and remove the cookie |
| 1624 | ctx.Request.Header.Reset() |
| 1625 | ctx.Request.ResetBody() |
| 1626 | ctx.Response.Reset() |
| 1627 | ctx.Request.Header.Set(HeaderName, "") |
| 1628 | handler := HandlerFromContext(app.AcquireCtx(ctx)) |
| 1629 | if handler != nil { |
| 1630 | ctx.Request.Header.DelAllCookies() |
| 1631 | err := handler.DeleteToken(app.AcquireCtx(ctx)) |
| 1632 | require.ErrorIs(t, err, ErrTokenNotFound) |
| 1633 | } |
| 1634 | h(ctx) |
| 1635 | |
| 1636 | // Generate CSRF token |
| 1637 | ctx.Request.Header.SetMethod(fiber.MethodGet) |
| 1638 | h(ctx) |
| 1639 | token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie)) |
| 1640 | token = strings.Split(strings.Split(token, ";")[0], "=")[1] |
| 1641 | |
| 1642 | // Delete the CSRF token |
| 1643 | ctx.Request.Header.Reset() |
| 1644 | ctx.Request.ResetBody() |
| 1645 | ctx.Response.Reset() |
| 1646 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 1647 | ctx.Request.Header.Set(HeaderName, token) |
| 1648 | ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token) |
| 1649 | handler = HandlerFromContext(app.AcquireCtx(ctx)) |
| 1650 | if handler != nil { |
| 1651 | if err := handler.DeleteToken(app.AcquireCtx(ctx)); err != nil { |
| 1652 | t.Fatal(err) |
| 1653 | } |
| 1654 | } |
| 1655 | h(ctx) |
| 1656 | |
| 1657 | ctx.Request.Header.Reset() |
| 1658 | ctx.Request.ResetBody() |
| 1659 | ctx.Response.Reset() |
| 1660 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 1661 | ctx.Request.Header.Set(HeaderName, token) |
| 1662 | ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token) |
| 1663 | h(ctx) |
| 1664 | require.Equal(t, 403, ctx.Response.StatusCode()) |
| 1665 | } |
nothing calls this directly
no test coverage detected