arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
xtablo-source/backend/internal/auth/csrf_test.go
Arthur Belleville ae2d356f87
test(02-07): add failing CSRF tests (RED gate) 
- TestLoadCSRFKey_* in internal/auth for env key loading
- TestCSRF_*MissingToken / TestCSRF_*ValidToken for all three POST routes
- TestForms_ContainCSRFField for hidden _csrf input in rendered HTML
- TestRouter_CSRFMountedAfterResolveSession for middleware order (D-24)
- TestCSRF_HeaderFallback for X-CSRF-Token header support
- Add gorilla/csrf v1.7.3 dependency
2026-05-14 22:45:36 +02:00

43 lines
1.2 KiB
Go
Raw Permalink Blame History

package auth
import (
"os"
"testing"
)
func TestLoadCSRFKey_Missing(t *testing.T) {
os.Unsetenv("SESSION_SECRET")
_, err := LoadKeyFromEnv()
if err == nil {
t.Fatal("expected error when SESSION_SECRET is unset; got nil")
}
}
func TestLoadCSRFKey_WrongLength(t *testing.T) {
// 31 bytes hex-encoded = 62 hex chars — one byte short.
t.Setenv("SESSION_SECRET", "aabbccddeeff00112233445566778899aabbccddeeff001122334455667788")
_, err := LoadKeyFromEnv()
if err == nil {
t.Fatal("expected error when SESSION_SECRET decodes to != 32 bytes; got nil")
}
}
func TestLoadCSRFKey_Valid(t *testing.T) {
// 32 bytes = 64 hex chars.
t.Setenv("SESSION_SECRET", "aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899")
key, err := LoadKeyFromEnv()
if err != nil {
t.Fatalf("unexpected error with valid 32-byte key: %v", err)
}
if len(key) != 32 {
t.Errorf("key length = %d; want 32", len(key))
}
}
func TestLoadCSRFKey_InvalidHex(t *testing.T) {
t.Setenv("SESSION_SECRET", "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ")
_, err := LoadKeyFromEnv()
if err == nil {
t.Fatal("expected error with invalid hex string; got nil")
}
}
Reference in a new issue View git blame Copy permalink