Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Add tests for csrf middleware #736

Merged
merged 1 commit into from

2 participants

@gmethvin

No description provided.

@tj tj merged commit 7f2fae4 into senchalabs:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 22, 2013
  1. @gmethvin
This page is out of date. Refresh to see the latest.
Showing with 79 additions and 0 deletions.
  1. +79 −0 test/csrf.js
View
79 test/csrf.js
@@ -0,0 +1,79 @@
+var connect = require('../');
+
+describe('csrf', function(){
+ it('works with valid token', function(done){
+ var app = connect();
+
+ app.use(connect.cookieParser())
+ app.use(connect.session({ secret: 'greg' }));
+ app.use(connect.bodyParser());
+ app.use(connect.csrf());
+ app.use(function(req, res){
+ res.end(req.session._csrf || 'none');
+ });
+
+ app.request()
+ .get('/')
+ .end(function(res){
+ var token = res.body;
+
+ app.request()
+ .post('/')
+ .set('Cookie', res.headers['set-cookie'][0])
+ .set('X-CSRF-Token', token)
+ .end(function(res){
+ res.statusCode.should.equal(200)
+ done();
+ });
+ });
+ });
+
+ it('fails with invalid token', function(done){
+ var app = connect();
+
+ app.use(connect.cookieParser());
+ app.use(connect.session({ secret: 'greg' }));
+ app.use(connect.bodyParser());
+ app.use(connect.csrf());
+ app.use(function(req, res){
+ res.end(req.session._csrf || 'none');
+ });
+
+ app.request()
+ .get('/')
+ .end(function(res){
+ app.request()
+ .post('/')
+ .set('Cookie', res.headers['set-cookie'][0])
+ .set('X-CSRF-Token', '42')
+ .end(function(res){
+ res.statusCode.should.equal(403)
+ done();
+ });
+ });
+ });
+
+ it('fails with no token', function(done){
+ var app = connect();
+
+ app.use(connect.cookieParser());
+ app.use(connect.session({ secret: 'greg' }));
+ app.use(connect.bodyParser());
+ app.use(connect.csrf());
+ app.use(function(req, res){
+ res.end(req.session._csrf || 'none');
+ });
+
+ app.request()
+ .get('/')
+ .end(function(res){
+ app.request()
+ .set('Cookie', res.headers['set-cookie'][0])
+ .post('/')
+ .end(function(res){
+ res.statusCode.should.equal(403);
+ done();
+ });
+ });
+ });
+});
Something went wrong with that request. Please try again.