fiber Architecture Docs
Home / Function/ Test_CSRF_ExpiredToken_WithSession() — fiber Function Reference

Test_CSRF_ExpiredToken_WithSession() — fiber Function Reference

Architecture documentation for the Test_CSRF_ExpiredToken_WithSession() function in csrf_test.go from the fiber codebase.

Function go FiberMiddleware Security

Entity Profile

Dependency Diagram

graph TD
  a996e2a9_114f_e756_6ee6_397dd8751bdc["Test_CSRF_ExpiredToken_WithSession()"]
  306a0c68_f5a5_b368_f37a_1419425a8fea["csrf_test.go"]
  a996e2a9_114f_e756_6ee6_397dd8751bdc -->|defined in| 306a0c68_f5a5_b368_f37a_1419425a8fea
  style a996e2a9_114f_e756_6ee6_397dd8751bdc fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/csrf/csrf_test.go lines 451–526

func Test_CSRF_ExpiredToken_WithSession(t *testing.T) {
	t.Parallel()

	// session store
	store := session.NewStore(session.Config{
		Extractor: extractors.FromCookie("_session"),
	})

	// fiber instance
	app := fiber.New()

	// fiber context
	ctx := &fasthttp.RequestCtx{}
	defer app.ReleaseCtx(app.AcquireCtx(ctx))

	// get session
	sess, err := store.Get(app.AcquireCtx(ctx))
	require.NoError(t, err)
	require.True(t, sess.Fresh())

	// get session id
	newSessionIDString := sess.ID()
	require.NoError(t, sess.Save())

	app.AcquireCtx(ctx).Request().Header.SetCookie("_session", newSessionIDString)

	// middleware config
	config := Config{
		Session:     store,
		IdleTimeout: 1 * time.Second,
	}

	// middleware
	app.Use(New(config))

	app.Post("/", func(c fiber.Ctx) error {
		return c.SendStatus(fiber.StatusOK)
	})

	h := app.Handler()

	// Generate CSRF token
	ctx.Request.Header.SetMethod(fiber.MethodGet)
	ctx.Request.Header.SetCookie("_session", newSessionIDString)
	h(ctx)
	token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie))
	for header := range strings.SplitSeq(token, ";") {
		if strings.Split(utils.TrimSpace(header), "=")[0] == ConfigDefault.CookieName {
			token = strings.Split(header, "=")[1]
			break
		}
	}

	// Use the CSRF token
	ctx.Request.Reset()
	ctx.Response.Reset()
	ctx.Request.Header.SetMethod(fiber.MethodPost)
	ctx.Request.Header.Set(HeaderName, token)
	ctx.Request.Header.SetCookie("_session", newSessionIDString)
	ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
	h(ctx)
	require.Equal(t, 200, ctx.Response.StatusCode())

	// Wait for the token to expire
	time.Sleep(1*time.Second + 100*time.Millisecond)

	// Expired CSRF token
	ctx.Request.Reset()
	ctx.Response.Reset()
	ctx.Request.Header.SetMethod(fiber.MethodPost)
	ctx.Request.Header.Set(HeaderName, token)
	ctx.Request.Header.SetCookie("_session", newSessionIDString)
	ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
	h(ctx)
	require.Equal(t, 403, ctx.Response.StatusCode())
}

Domain

Subdomains

Defined In

Source

Frequently Asked Questions

What does Test_CSRF_ExpiredToken_WithSession() do?
Test_CSRF_ExpiredToken_WithSession() is a function in the fiber codebase, defined in middleware/csrf/csrf_test.go.
Where is Test_CSRF_ExpiredToken_WithSession() defined?
Test_CSRF_ExpiredToken_WithSession() is defined in middleware/csrf/csrf_test.go at line 451.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free