fiber Architecture Docs
Home / Function/ Test_CSRF_DeleteToken_WithSession() — fiber Function Reference

Test_CSRF_DeleteToken_WithSession() — fiber Function Reference

Architecture documentation for the Test_CSRF_DeleteToken_WithSession() function in csrf_test.go from the fiber codebase.

Function go FiberMiddleware Security

Entity Profile

Dependency Diagram

graph TD
  674a0e87_85e2_986f_e25b_3e94b0600284["Test_CSRF_DeleteToken_WithSession()"]
  306a0c68_f5a5_b368_f37a_1419425a8fea["csrf_test.go"]
  674a0e87_85e2_986f_e25b_3e94b0600284 -->|defined in| 306a0c68_f5a5_b368_f37a_1419425a8fea
  style 674a0e87_85e2_986f_e25b_3e94b0600284 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/csrf/csrf_test.go lines 1583–1651

func Test_CSRF_DeleteToken_WithSession(t *testing.T) {
	t.Parallel()

	// session store
	store := session.NewStore(session.Config{
		Extractor: extractors.FromCookie("_session"),
	})

	// fiber instance
	app := fiber.New()

	// fiber context
	ctx := &fasthttp.RequestCtx{}

	// get session
	sess, err := store.Get(app.AcquireCtx(ctx))
	require.NoError(t, err)
	require.True(t, sess.Fresh())

	// the session string is no longer be 123
	newSessionIDString := sess.ID()
	require.NoError(t, sess.Save())

	app.AcquireCtx(ctx).Request().Header.SetCookie("_session", newSessionIDString)

	// middleware config
	config := Config{
		Session: store,
	}

	// middleware
	app.Use(New(config))

	app.Post("/", func(c fiber.Ctx) error {
		return c.SendStatus(fiber.StatusOK)
	})

	h := app.Handler()

	// Generate CSRF token
	ctx.Request.Header.SetMethod(fiber.MethodGet)
	ctx.Request.Header.SetCookie("_session", newSessionIDString)
	h(ctx)
	token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie))
	token = strings.Split(strings.Split(token, ";")[0], "=")[1]

	// Delete the CSRF token
	ctx.Request.Reset()
	ctx.Response.Reset()
	ctx.Request.Header.SetMethod(fiber.MethodPost)
	ctx.Request.Header.Set(HeaderName, token)
	ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
	handler := HandlerFromContext(app.AcquireCtx(ctx))
	if handler != nil {
		if err := handler.DeleteToken(app.AcquireCtx(ctx)); err != nil {
			t.Fatal(err)
		}
	}
	h(ctx)

	ctx.Request.Reset()
	ctx.Response.Reset()
	ctx.Request.Header.SetMethod(fiber.MethodPost)
	ctx.Request.Header.Set(HeaderName, token)
	ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
	ctx.Request.Header.SetCookie("_session", newSessionIDString)
	h(ctx)
	require.Equal(t, 403, ctx.Response.StatusCode())
}

Domain

Subdomains

Defined In

Source

Frequently Asked Questions

What does Test_CSRF_DeleteToken_WithSession() do?
Test_CSRF_DeleteToken_WithSession() is a function in the fiber codebase, defined in middleware/csrf/csrf_test.go.
Where is Test_CSRF_DeleteToken_WithSession() defined?
Test_CSRF_DeleteToken_WithSession() is defined in middleware/csrf/csrf_test.go at line 1583.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free