swaf/test/CsrfProtectionComponent.test.ts

import supertest from "supertest";

import CsrfProtectionComponent from "../src/components/CsrfProtectionComponent.js";
import Controller from "../src/Controller.js";
import TestApp from "../src/TestApp.js";
import useApp from "./_app.js";

let app: TestApp;
useApp(async (addr, port) => {
    return app = new class extends TestApp {
        protected async init(): Promise<void> {
            this.use(new class extends Controller {
                public routes(): void {
                    this.get('/', (req, res) => {
                        res.send(this.getApp().as(CsrfProtectionComponent).getSessionCsrfToken(req.getSession()));
                    }, 'csrf_test');

                    this.post('/', (req, res) => {
                        res.json({
                            status: 'ok',
                        });
                    }, 'csrf_test');
                }
            }());

            await super.init();
        }
    }('test', addr, port, true, false);
});

describe('Test CSRF protection', () => {
    let cookies: string[];
    let csrf: string;

    test('no csrf token should be in session at first', (done) => {
        const agent = supertest(app.getExpressApp());
        agent.post('/')
            .accept('json')
            .expect(401)
            .then(res => {
                expect(res.text).toContain(`You weren't assigned any CSRF token.`);
                cookies = res.get('Set-Cookie');

                agent.get('/')
                    .set('Cookie', cookies)
                    .expect(200)
                    .then(res => {
                        csrf = res.text;
                        done();
                    }).catch(done.fail);
            }).catch(done.fail);
    });

    test('sending no csrf token should fail', (done) => {
        expect(cookies).toBeDefined();

        const agent = supertest(app.getExpressApp());
        agent.post('/')
            .accept('json')
            .set('Cookie', cookies)
            .expect(401)
            .then((res) => {
                expect(res.text).toContain(`You didn't provide any CSRF token.`);
                done();
            }).catch(done.fail);
    });

    test('sending an invalid csrf token should fail', (done) => {
        expect(cookies).toBeDefined();

        const agent = supertest(app.getExpressApp());
        agent.post('/')
            .accept('json')
            .set('Cookie', cookies)
            .set('Content-Type', 'application/json')
            .send({csrf: 'not_a_valid_csrf'})
            .expect(401)
            .then(res => {
                expect(res.text).toContain(`Tokens don't match.`);
                done();
            }).catch(done.fail);
    });

    test('sending a valid csrf token should success', (done) => {
        expect(cookies).toBeDefined();

        const agent = supertest(app.getExpressApp());
        agent.post('/')
            .set('Cookie', cookies)
            .set('Content-Type', 'application/json')
            .send({csrf: csrf})
            .expect(200)
            .then(() => done())
            .catch(done.fail);
    });
});
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`import supertest from "supertest";`
Switch to esm and add import auto format 2021-05-03 19:29:22 +02:00
			`import CsrfProtectionComponent from "../src/components/CsrfProtectionComponent.js";`
			`import Controller from "../src/Controller.js";`
			`import TestApp from "../src/TestApp.js";`
			`import useApp from "./_app.js";`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`let app: TestApp;`
Add authentication tests for username registration 2020-11-14 18:16:58 +01:00			`useApp(async (addr, port) => {`
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`return app = new class extends TestApp {`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`protected async init(): Promise<void> {`
			`this.use(new class extends Controller {`
Add many eslint rules and fix all linting issues 2020-09-25 23:42:15 +02:00			`public routes(): void {`
			`this.get('/', (req, res) => {`
front/SvelteViewEngine: pre-compile ssr on demand, refactor globals into proper locals and lazy locals 2021-11-24 22:08:38 +01:00			`res.send(this.getApp().as(CsrfProtectionComponent).getSessionCsrfToken(req.getSession()));`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`}, 'csrf_test');`

Add many eslint rules and fix all linting issues 2020-09-25 23:42:15 +02:00			`this.post('/', (req, res) => {`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`res.json({`
			`status: 'ok',`
			`});`
			`}, 'csrf_test');`
			`}`
			`}());`

			`await super.init();`
			`}`
Upgrade dependencies 2021-11-08 00:52:33 +01:00			`}('test', addr, port, true, false);`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`});`

			`describe('Test CSRF protection', () => {`
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`let cookies: string[];`
			`let csrf: string;`

			`test('no csrf token should be in session at first', (done) => {`
			`const agent = supertest(app.getExpressApp());`
			`agent.post('/')`
Add formatViewData to response object to fix tests and prepare for async navigation 2021-11-28 21:26:45 +01:00			`.accept('json')`
eslint: add no-floating-promises 2020-10-01 14:01:35 +02:00			`.expect(401)`
			`.then(res => {`
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			expect(res.text).toContain(`You weren't assigned any CSRF token.`);
			`cookies = res.get('Set-Cookie');`

			`agent.get('/')`
			`.set('Cookie', cookies)`
eslint: add no-floating-promises 2020-10-01 14:01:35 +02:00			`.expect(200)`
			`.then(res => {`
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`csrf = res.text;`
			`done();`
eslint: add no-floating-promises 2020-10-01 14:01:35 +02:00			`}).catch(done.fail);`
			`}).catch(done.fail);`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`});`

Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`test('sending no csrf token should fail', (done) => {`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`expect(cookies).toBeDefined();`

Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`const agent = supertest(app.getExpressApp());`
			`agent.post('/')`
Add formatViewData to response object to fix tests and prepare for async navigation 2021-11-28 21:26:45 +01:00			`.accept('json')`
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`.set('Cookie', cookies)`
			`.expect(401)`
eslint: add no-floating-promises 2020-10-01 14:01:35 +02:00			`.then((res) => {`
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			expect(res.text).toContain(`You didn't provide any CSRF token.`);
			`done();`
eslint: add no-floating-promises 2020-10-01 14:01:35 +02:00			`}).catch(done.fail);`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`});`

Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`test('sending an invalid csrf token should fail', (done) => {`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`expect(cookies).toBeDefined();`

Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`const agent = supertest(app.getExpressApp());`
			`agent.post('/')`
Add formatViewData to response object to fix tests and prepare for async navigation 2021-11-28 21:26:45 +01:00			`.accept('json')`
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`.set('Cookie', cookies)`
			`.set('Content-Type', 'application/json')`
			`.send({csrf: 'not_a_valid_csrf'})`
eslint: add no-floating-promises 2020-10-01 14:01:35 +02:00			`.expect(401)`
			`.then(res => {`
Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			expect(res.text).toContain(`Tokens don't match.`);
			`done();`
eslint: add no-floating-promises 2020-10-01 14:01:35 +02:00			`}).catch(done.fail);`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`});`

Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`test('sending a valid csrf token should success', (done) => {`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`expect(cookies).toBeDefined();`

Csrf protection test: migrate to supertest 2020-08-05 12:05:52 +02:00			`const agent = supertest(app.getExpressApp());`
			`agent.post('/')`
			`.set('Cookie', cookies)`
			`.set('Content-Type', 'application/json')`
			`.send({csrf: csrf})`
eslint: add no-floating-promises 2020-10-01 14:01:35 +02:00			`.expect(200)`
			`.then(() => done())`
			`.catch(done.fail);`
Add CsrfProtectionComponent tests and fix missing promise await 2020-07-08 10:49:29 +02:00			`});`
Add many eslint rules and fix all linting issues 2020-09-25 23:42:15 +02:00			`});`