MCPcopy
hub / github.com/labstack/echo / TestCSRFWithConfig

Function TestCSRFWithConfig

middleware/csrf_test.go:230–368  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

228}
229
230func TestCSRFWithConfig(t *testing.T) {
231 token := randomString(16)
232
233 var testCases = []struct {
234 name string
235 givenConfig *CSRFConfig
236 whenMethod string
237 whenHeaders map[string]string
238 expectEmptyBody bool
239 expectMWError string
240 expectCookieContains string
241 expectTokenInContext string
242 expectErr string
243 }{
244 {
245 name: "ok, GET",
246 whenMethod: http.MethodGet,
247 expectCookieContains: "_csrf",
248 expectTokenInContext: "TESTTOKEN",
249 },
250 {
251 name: "ok, POST valid token",
252 whenHeaders: map[string]string{
253 echo.HeaderCookie: "_csrf=" + token,
254 echo.HeaderXCSRFToken: token,
255 },
256 whenMethod: http.MethodPost,
257 expectCookieContains: "_csrf",
258 expectTokenInContext: token,
259 },
260 {
261 name: "nok, POST without token",
262 whenMethod: http.MethodPost,
263 expectEmptyBody: true,
264 expectErr: `code=400, message=Bad Request, err=missing value in request header`,
265 },
266 {
267 name: "nok, POST empty token",
268 whenHeaders: map[string]string{echo.HeaderXCSRFToken: ""},
269 whenMethod: http.MethodPost,
270 expectEmptyBody: true,
271 expectErr: `code=403, message=invalid csrf token`,
272 },
273 {
274 name: "nok, invalid trusted origin in Config",
275 givenConfig: &CSRFConfig{
276 TrustedOrigins: []string{"http://example.com", "invalid"},
277 },
278 expectMWError: `trusted origin is missing scheme or host: invalid`,
279 },
280 {
281 name: "ok, TokenLength",
282 givenConfig: &CSRFConfig{
283 TokenLength: 16,
284 },
285 whenMethod: http.MethodGet,
286 expectCookieContains: "_csrf",
287 expectTokenInContext: "TESTTOKEN",

Callers

nothing calls this directly

Calls 7

ToMiddlewareMethod · 0.95
GetMethod · 0.95
StringMethod · 0.95
randomStringFunction · 0.85
NewContextMethod · 0.80
SetMethod · 0.80
HeaderMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…