(t *testing.T)
| 720 | } |
| 721 | |
| 722 | func Test_CSRF_From_Query(t *testing.T) { |
| 723 | t.Parallel() |
| 724 | app := fiber.New() |
| 725 | |
| 726 | app.Use(New(Config{Extractor: extractors.FromQuery("_csrf")})) |
| 727 | |
| 728 | app.Post("/", func(c fiber.Ctx) error { |
| 729 | return c.SendStatus(fiber.StatusOK) |
| 730 | }) |
| 731 | |
| 732 | h := app.Handler() |
| 733 | ctx := &fasthttp.RequestCtx{} |
| 734 | |
| 735 | // Invalid CSRF token |
| 736 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 737 | ctx.Request.SetRequestURI("/?_csrf=" + utils.UUIDv4()) |
| 738 | h(ctx) |
| 739 | require.Equal(t, 403, ctx.Response.StatusCode()) |
| 740 | |
| 741 | // Generate CSRF token |
| 742 | ctx.Request.Reset() |
| 743 | ctx.Response.Reset() |
| 744 | ctx.Request.Header.SetMethod(fiber.MethodGet) |
| 745 | ctx.Request.SetRequestURI("/") |
| 746 | h(ctx) |
| 747 | token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie)) |
| 748 | token = strings.Split(strings.Split(token, ";")[0], "=")[1] |
| 749 | |
| 750 | ctx.Request.Reset() |
| 751 | ctx.Response.Reset() |
| 752 | ctx.Request.SetRequestURI("/?_csrf=" + token) |
| 753 | ctx.Request.Header.SetMethod(fiber.MethodPost) |
| 754 | ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token) |
| 755 | h(ctx) |
| 756 | require.Equal(t, 200, ctx.Response.StatusCode()) |
| 757 | require.Equal(t, "OK", string(ctx.Response.Body())) |
| 758 | } |
| 759 | |
| 760 | func Test_CSRF_From_Param(t *testing.T) { |
| 761 | t.Parallel() |
nothing calls this directly
no test coverage detected