swaf/test/CsrfProtectionComponent.test.ts

100 lines
3.0 KiB
TypeScript

import useApp, {TestApp} from "./_app";
import Controller from "../src/Controller";
import CsrfProtectionComponent from "../src/components/CsrfProtectionComponent";
import supertest from "supertest";
let app: TestApp;
useApp(port => {
return app = new class extends TestApp {
protected async init(): Promise<void> {
this.use(new class extends Controller {
routes(): void {
this.get('/', (req, res, next) => {
res.render('test/csrf.njk');
}, 'csrf_test');
this.post('/', (req, res, next) => {
res.json({
status: 'ok',
});
}, 'csrf_test');
}
}());
await super.init();
}
protected registerComponents() {
super.registerComponents();
this.use(new CsrfProtectionComponent());
}
}(port);
});
describe('Test CSRF protection', () => {
let cookies: string[];
let csrf: string;
test('no csrf token should be in session at first', (done) => {
const agent = supertest(app.getExpressApp());
agent.post('/')
.expect(401, (err, res) => {
if (err) return done(err);
expect(res.text).toContain(`You weren't assigned any CSRF token.`);
cookies = res.get('Set-Cookie');
agent.get('/')
.set('Cookie', cookies)
.expect(200, (err, res) => {
if (err) return done(err);
csrf = res.text;
done();
});
});
});
test('sending no csrf token should fail', (done) => {
expect(cookies).toBeDefined();
const agent = supertest(app.getExpressApp());
agent.post('/')
.set('Cookie', cookies)
.expect(401)
.end((err, res) => {
if (err) return done(err);
expect(res.text).toContain(`You didn't provide any CSRF token.`);
done();
});
});
test('sending an invalid csrf token should fail', (done) => {
expect(cookies).toBeDefined();
const agent = supertest(app.getExpressApp());
agent.post('/')
.set('Cookie', cookies)
.set('Content-Type', 'application/json')
.send({csrf: 'not_a_valid_csrf'})
.expect(401, (err, res) => {
if (err) return done(err);
expect(res.text).toContain(`Tokens don't match.`);
done();
});
});
test('sending a valid csrf token should success', (done) => {
expect(cookies).toBeDefined();
const agent = supertest(app.getExpressApp());
agent.post('/')
.set('Cookie', cookies)
.set('Content-Type', 'application/json')
.send({csrf: csrf})
.expect(200, done);
});
});