MCPcopy
hub / github.com/labstack/echo / TestCSRF_tokenExtractors

Function TestCSRF_tokenExtractors

middleware/csrf_test.go:18–228  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

16)
17
18func TestCSRF_tokenExtractors(t *testing.T) {
19 var testCases = []struct {
20 name string
21 whenTokenLookup string
22 whenCookieName string
23 givenCSRFCookie string
24 givenMethod string
25 givenQueryTokens map[string][]string
26 givenFormTokens map[string][]string
27 givenHeaderTokens map[string][]string
28 expectError string
29 expectToMiddlewareError string
30 }{
31 {
32 name: "ok, multiple token lookups sources, succeeds on last one",
33 whenTokenLookup: "header:X-CSRF-Token,form:csrf",
34 givenCSRFCookie: "token",
35 givenMethod: http.MethodPost,
36 givenHeaderTokens: map[string][]string{
37 echo.HeaderXCSRFToken: {"invalid_token"},
38 },
39 givenFormTokens: map[string][]string{
40 "csrf": {"token"},
41 },
42 },
43 {
44 name: "ok, token from POST form",
45 whenTokenLookup: "form:csrf",
46 givenCSRFCookie: "token",
47 givenMethod: http.MethodPost,
48 givenFormTokens: map[string][]string{
49 "csrf": {"token"},
50 },
51 },
52 {
53 name: "ok, token from POST form, second token passes",
54 whenTokenLookup: "form:csrf",
55 givenCSRFCookie: "token",
56 givenMethod: http.MethodPost,
57 givenFormTokens: map[string][]string{
58 "csrf": {"invalid", "token"},
59 },
60 expectError: "code=403, message=invalid csrf token",
61 },
62 {
63 name: "nok, invalid token from POST form",
64 whenTokenLookup: "form:csrf",
65 givenCSRFCookie: "token",
66 givenMethod: http.MethodPost,
67 givenFormTokens: map[string][]string{
68 "csrf": {"invalid_token"},
69 },
70 expectError: "code=403, message=invalid csrf token",
71 },
72 {
73 name: "nok, missing token from POST form",
74 whenTokenLookup: "form:csrf",
75 givenCSRFCookie: "token",

Callers

nothing calls this directly

Calls 5

ToMiddlewareMethod · 0.95
StringMethod · 0.95
SetMethod · 0.80
NewContextMethod · 0.80
AddMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…