Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

馃敡 fix(middleware/csrf): unmatched token returns nil error #1667

Merged
merged 4 commits into from Dec 29, 2021

Conversation

sixcolors
Copy link
Contributor

@sixcolors sixcolors commented Dec 23, 2021

This PR closes #1666

when the following is true

if manager.getRaw(token) == nil

err will be nil otherwise it would have returned on line 40.

So we must set the error before calling cfg.ErrorHandler(c, err)

@ReneWerner87
Copy link
Member

ReneWerner87 commented Dec 28, 2021

thx,

could you(@sixcolors ) please provide a unittest for this

@sixcolors
Copy link
Contributor Author

sixcolors commented Dec 28, 2021

The current unit tests work unchanged as the error handler was still called, but just had a nil err value. The default err handler still returned 403 as it did not check the err value.

Do you have a suggestion of what unit test change you鈥檇 like for a non nil error?

@ReneWerner87
Copy link
Member

ReneWerner87 commented Dec 28, 2021

since you have made an adjustment, the expectation should also change, otherwise the unittests that passed before are incomplete, if despite the change the external parameters do not change

i'm for extending the test to check the error text, because that's what you expect, if the token doesn't match, you want to be informed about that too

@sixcolors
Copy link
Contributor Author

sixcolors commented Dec 28, 2021

since you have made an adjustment, the expectation should also change, otherwise the unittests that passed before are incomplete, if despite the change the external parameters do not change

i'm for extending the test to check the error text, because that's what you expect, if the token doesn't match, you want to be informed about that too

ack. The error handlers in test did not check the return err before, simply that the errorhandler was called. I have added checks in the errorhandler tests.

@ReneWerner87 ReneWerner87 merged commit 59e4bf6 into gofiber:master Dec 29, 2021
14 checks passed
@sixcolors sixcolors deleted the csrf-token-error branch Dec 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants