ae2d356f87
- TestLoadCSRFKey_* in internal/auth for env key loading - TestCSRF_*MissingToken / TestCSRF_*ValidToken for all three POST routes - TestForms_ContainCSRFField for hidden _csrf input in rendered HTML - TestRouter_CSRFMountedAfterResolveSession for middleware order (D-24) - TestCSRF_HeaderFallback for X-CSRF-Token header support - Add gorilla/csrf v1.7.3 dependency
43 lines
1.2 KiB
Go
43 lines
1.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
)
|
|
|
|
func TestLoadCSRFKey_Missing(t *testing.T) {
|
|
os.Unsetenv("SESSION_SECRET")
|
|
_, err := LoadKeyFromEnv()
|
|
if err == nil {
|
|
t.Fatal("expected error when SESSION_SECRET is unset; got nil")
|
|
}
|
|
}
|
|
|
|
func TestLoadCSRFKey_WrongLength(t *testing.T) {
|
|
// 31 bytes hex-encoded = 62 hex chars — one byte short.
|
|
t.Setenv("SESSION_SECRET", "aabbccddeeff00112233445566778899aabbccddeeff001122334455667788")
|
|
_, err := LoadKeyFromEnv()
|
|
if err == nil {
|
|
t.Fatal("expected error when SESSION_SECRET decodes to != 32 bytes; got nil")
|
|
}
|
|
}
|
|
|
|
func TestLoadCSRFKey_Valid(t *testing.T) {
|
|
// 32 bytes = 64 hex chars.
|
|
t.Setenv("SESSION_SECRET", "aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899")
|
|
key, err := LoadKeyFromEnv()
|
|
if err != nil {
|
|
t.Fatalf("unexpected error with valid 32-byte key: %v", err)
|
|
}
|
|
if len(key) != 32 {
|
|
t.Errorf("key length = %d; want 32", len(key))
|
|
}
|
|
}
|
|
|
|
func TestLoadCSRFKey_InvalidHex(t *testing.T) {
|
|
t.Setenv("SESSION_SECRET", "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ")
|
|
_, err := LoadKeyFromEnv()
|
|
if err == nil {
|
|
t.Fatal("expected error with invalid hex string; got nil")
|
|
}
|
|
}
|