archive-gh-me/egg
1
0
Fork 0
mirror of https://github.com/eggjs/egg.git synced 2024-12-04 07:14:30 +00:00
Code Issues Projects Releases Wiki Activity
egg/test/lib/plugins/security.test.js
fengmk2 13b7c19531 test: node 8 (#976)
2017-06-10 22:03:55 +08:00

98 lines
2.3 KiB
JavaScript
Raw Blame History

'use strict';
const mm = require('egg-mock');
const utils = require('../../utils');
describe('test/lib/plugins/security.test.js', () => {
afterEach(mm.restore);
describe('security.csrf = false', () => {
let app;
before(() => {
app = utils.app('apps/csrf-disable');
return app.ready();
});
after(() => app.close());
it('should not check csrf', () => {
return app.httpRequest()
.post('/api/user')
.send({ name: 'fengmk2' })
.expect(200)
.expect({
url: '/api/user',
name: 'fengmk2',
});
});
});
describe('security.csrf = true', () => {
let app;
before(() => {
app = utils.app('apps/csrf-enable');
return app.ready();
});
after(() => app.close());
it('should check csrf', () => {
return app.httpRequest()
.post('/api/user')
.send({ name: 'fengmk2' })
.expect(403)
.expect(/missing csrf token/);
});
});
describe('security.csrfIgnore', () => {
let app;
before(() => {
app = utils.app('apps/csrf-ignore');
return app.ready();
});
after(() => app.close());
it('should not check csrf on /api/*', () => {
return app.httpRequest()
.post('/api/user')
.send({ name: 'fengmk2' })
.expect(200)
.expect({
url: '/api/user',
name: 'fengmk2',
});
});
it('should not check csrf on /api/*.json', () => {
return app.httpRequest()
.post('/api/user.json')
.send({ name: 'fengmk2' })
.expect(200)
.expect({
url: '/api/user.json',
name: 'fengmk2',
});
});
it('should check csrf on other.json', () => {
// use prod env to ignore extends properties like frames
mm(app.config, 'env', 'prod');
return app.httpRequest()
.post('/apiuser.json')
.set('accept', 'application/json')
.send({ name: 'fengmk2' })
.expect({
message: 'missing csrf token',
})
.expect(403);
});
it('should check csrf on other', () => {
return app.httpRequest()
.post('/apiuser')
.send({ name: 'fengmk2' })
.expect(/missing csrf token/)
.expect(403);
});
});
});
Reference in New Issue View Git Blame Copy Permalink