Test_CSRF_WithSession_Middleware() — fiber Function Reference

Architecture documentation for the Test_CSRF_WithSession_Middleware() function in csrf_test.go from the fiber codebase.

Function go FiberMiddleware Security

Entity Profile

FiberMiddleware→ Security→ Test_CSRF_WithSession_Middleware() — fiber Function Reference

Dependency Diagram

graph TD
  684185f4_c042_0167_3305_6d5aa35a7777["Test_CSRF_WithSession_Middleware()"]
  306a0c68_f5a5_b368_f37a_1419425a8fea["csrf_test.go"]
  684185f4_c042_0167_3305_6d5aa35a7777 -->|defined in| 306a0c68_f5a5_b368_f37a_1419425a8fea
  style 684185f4_c042_0167_3305_6d5aa35a7777 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/csrf/csrf_test.go lines 344–404

func Test_CSRF_WithSession_Middleware(t *testing.T) {
	t.Parallel()
	app := fiber.New()

	// session mw
	smh, sstore := session.NewWithStore()

	// csrf mw
	cmh := New(Config{
		Session: sstore,
	})

	app.Use(smh)

	app.Use(cmh)

	app.Get("/", func(c fiber.Ctx) error {
		sess := session.FromContext(c)
		sess.Set("hello", "world")
		return c.SendStatus(fiber.StatusOK)
	})

	app.Post("/", func(c fiber.Ctx) error {
		sess := session.FromContext(c)
		if sess.Get("hello") != "world" {
			return c.SendStatus(fiber.StatusInternalServerError)
		}
		return c.SendStatus(fiber.StatusOK)
	})

	h := app.Handler()
	ctx := &fasthttp.RequestCtx{}

	// Generate CSRF token and session_id
	ctx.Request.Header.SetMethod(fiber.MethodGet)
	h(ctx)

	csrfCookie := fasthttp.AcquireCookie()
	csrfCookie.SetKey(ConfigDefault.CookieName)
	require.True(t, ctx.Response.Header.Cookie(csrfCookie))
	csrfToken := string(csrfCookie.Value())
	require.NotEmpty(t, csrfToken)
	fasthttp.ReleaseCookie(csrfCookie)

	sessionCookie := fasthttp.AcquireCookie()
	sessionCookie.SetKey("session_id")
	require.True(t, ctx.Response.Header.Cookie(sessionCookie))
	sessionID := string(sessionCookie.Value())
	require.NotEmpty(t, sessionID)
	fasthttp.ReleaseCookie(sessionCookie)

	// Use the CSRF token and session_id
	ctx.Request.Reset()
	ctx.Response.Reset()
	ctx.Request.Header.SetMethod(fiber.MethodPost)
	ctx.Request.Header.Set(HeaderName, csrfToken)
	ctx.Request.Header.SetCookie(ConfigDefault.CookieName, csrfToken)
	ctx.Request.Header.SetCookie("session_id", sessionID)
	h(ctx)
	require.Equal(t, 200, ctx.Response.StatusCode())
}