archive-gh-me/thinkjs
1
0
Fork 0
mirror of https://github.com/thinkjs/thinkjs.git synced 2026-01-18 14:26:56 +00:00
Code Issues Projects Releases Wiki Activity
thinkjs/test/middleware/check_csrf.js
lichengyin 1e1545fbc5 rename check_csrf to csrf
2016-01-08 13:45:32 +08:00

145 lines
4.0 KiB
JavaScript
Raw Blame History

var assert = require('assert');
var _http = require('../_http.js');
function execMiddleware(middleware, mockHttp, returnHttp) {
var req = think.extend({}, _http.req);
var res = think.extend({}, _http.res);
return think.http(req, res).then(function(http) {
if (mockHttp) {
mockHttp(http);
}
return returnHttp ? think.middleware(middleware, http).then(function() {
return Promise.resolve(http);
}) : think.middleware(middleware, http);
});
}
describe('middleware/check_csrf', function() {
before(function() {
var Index = require('../../lib/index.js');
var instance = new Index();
instance.load();
});
// it('csrf off', function(done) {
// execMiddleware('check_csrf').then(function() {
// done();
// });
// });
it('csrf on', function(done) {
think.config('csrf.on', true);
var uuid = think.uuid;
think.uuid = function() {
return '12345678901234567890123456789000';
};
execMiddleware('check_csrf', null, true).then(function(http) {
assert.equal(http.view().tVar[think.config('csrf.session_name')], '12345678901234567890123456789000');
think.uuid = uuid;
done();
});
});
it('csrf on, check session', function(done) {
think.config('csrf.on', true);
execMiddleware('check_csrf', function(http) {
think.session(http);
http._session.get = function() {
return '12345678901234567890123456789000';
};
http.post(think.config('csrf.form_name'), '12345678901234567890123456789000');
}).then(function() {
done();
});
});
it('csrf on, ajax', function(done) {
think.config('csrf.on', true);
execMiddleware('check_csrf', function(http) {
think.session(http);
http._session.get = function() {
return '12345678901234567890123456789000';
};
http.isGet = function() {
return true;
};
http.isPost = function() {
return false;
};
http.isAjax = function() {
return true;
};
http.post(think.config('csrf.form_name'), '12345678901234567890123456789000');
}).then(function() {
done();
});
});
it('csrf on, jsonp', function(done) {
think.config('csrf.on', true);
execMiddleware('check_csrf', function(http) {
think.session(http);
http._session.get = function() {
return '12345678901234567890123456789000';
};
http.isGet = function() {
return true;
};
http.isPost = function() {
return false;
};
http.isJsonp = function() {
return true;
};
http.post(think.config('csrf.form_name'), '12345678901234567890123456789000');
}).then(function() {
done();
});
});
it('csrf on, session is empty', function(done) {
think.config('csrf.on', true);
think.config('csrf.errno', 400);
think.config('csrf.errmsg', 'token error');
execMiddleware('check_csrf', function(http) {
think.session(http);
http._session.get = function() {
return '12345678901234567890123456789000';
};
http.isGet = function() {
return false;
};
http.isPost = function() {
return true;
};
http.fail = function(errno, errmsg) {
assert.equal(errno, 400);
assert.equal(errmsg, 'token error');
};
}).then(function() {
done();
});
});
it('csrf on, other method', function(done) {
think.config('csrf.on', true);
think.config('csrf.errno', 400);
think.config('csrf.errmsg', 'token error');
execMiddleware('check_csrf', function(http) {
think.session(http);
http._session.get = function() {
return '12345678901234567890123456789000';
};
http.isGet = function() {
return false;
};
http.isPost = function() {
return false;
};
http.fail = function(errno, errmsg) {
assert.equal(errno, 400);
assert.equal(errmsg, 'token error');
};
}).then(function() {
done();
});
});
after(function() {
think.config('csrf.on', false);
});
});
Reference in New Issue View Git Blame Copy Permalink