(t *testing.T)
| 1665 | } |
| 1666 | |
| 1667 | func Test_CSRF_DeleteToken_WithSession(t *testing.T) { |
| 1668 | t.Parallel() |
| 1669 | |
| 1670 | // session store |
| 1671 | store := session.NewStore(session.Config{ |
| 1672 | Extractor: extractors.FromCookie("_session"), |
| 1673 | }) |
| 1674 | |
| 1675 | // fiber instance |
| 1676 | app := fiber.New() |
| 1677 | |
| 1678 | // fiber context |
| 1679 | ctx := &fasthttp.RequestCtx{} |
| 1680 | |
| 1681 | // get session |
| 1682 | sess, err := store.Get(app.AcquireCtx(ctx)) |
| 1683 | require.NoError(t, err) |
| 1684 | require.True(t, sess.Fresh()) |
| 1685 | |
| 1686 | // the session string is no longer be 123 |
| 1687 | newSessionIDString := sess.ID() |
| 1688 | require.NoError(t, sess.Save()) |
| 1689 | |
| 1690 | app.AcquireCtx(ctx).Request().Header.SetCookie("_session", newSessionIDString) |
| 1691 | |
| 1692 | // middleware config |
| 1693 | config := Config{ |
| 1694 | Session: store, |
| 1695 | } |
| 1696 | |
| 1697 | // middleware |
| 1698 | app.Use(New(config)) |
| 1699 | |
| 1700 | app.Post("/", func(c fiber.Ctx) error { |
| 1701 | return c.SendStatus(fiber.StatusOK) |
| 1702 | }) |
| 1703 | |
| 1704 | h := app.Handler() |
| 1705 | |
| 1706 | // Generate CSRF token |
| 1707 | ctx.Request.Header.SetMethod(fiber.MethodGet) |
| 1708 | ctx.Request.Header.SetCookie("_session", newSessionIDString) |
| 1709 | h(ctx) |
| 1710 | token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie)) |
| 1711 | token = strings.Split(strings.Split(token, ";")[0], "=")[1] |
| 1712 | |
| 1713 | // Delete the CSRF token |
| 1714 | ctx.Request.Reset() |
| 1715 | ctx.Response.Reset() |
| 1716 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 1717 | ctx.Request.Header.Set(HeaderName, token) |
| 1718 | ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token) |
| 1719 | handler := HandlerFromContext(app.AcquireCtx(ctx)) |
| 1720 | if handler != nil { |
| 1721 | if err := handler.DeleteToken(app.AcquireCtx(ctx)); err != nil { |
| 1722 | t.Fatal(err) |
| 1723 | } |
| 1724 | } |
nothing calls this directly
no test coverage detected