(t *testing.T)
| 683 | } |
| 684 | |
| 685 | func Test_CSRF_From_Form(t *testing.T) { |
| 686 | t.Parallel() |
| 687 | app := fiber.New() |
| 688 | |
| 689 | app.Use(New(Config{Extractor: extractors.FromForm("_csrf")})) |
| 690 | |
| 691 | app.Post("/", func(c fiber.Ctx) error { |
| 692 | return c.SendStatus(fiber.StatusOK) |
| 693 | }) |
| 694 | |
| 695 | h := app.Handler() |
| 696 | ctx := &fasthttp.RequestCtx{} |
| 697 | |
| 698 | // Invalid CSRF token |
| 699 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 700 | ctx.Request.Header.Set(fiber.HeaderContentType, fiber.MIMEApplicationForm) |
| 701 | h(ctx) |
| 702 | require.Equal(t, 403, ctx.Response.StatusCode()) |
| 703 | |
| 704 | // Generate CSRF token |
| 705 | ctx.Request.Reset() |
| 706 | ctx.Response.Reset() |
| 707 | ctx.Request.Header.SetMethod(fiber.MethodGet) |
| 708 | h(ctx) |
| 709 | token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie)) |
| 710 | token = strings.Split(strings.Split(token, ";")[0], "=")[1] |
| 711 | |
| 712 | ctx.Request.Reset() |
| 713 | ctx.Response.Reset() |
| 714 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 715 | ctx.Request.Header.Set(fiber.HeaderContentType, fiber.MIMEApplicationForm) |
| 716 | ctx.Request.SetBodyString("_csrf=" + token) |
| 717 | ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token) |
| 718 | h(ctx) |
| 719 | require.Equal(t, 200, ctx.Response.StatusCode()) |
| 720 | } |
| 721 | |
| 722 | func Test_CSRF_From_Query(t *testing.T) { |
| 723 | t.Parallel() |
nothing calls this directly
no test coverage detected