UNPKG

csrf-validator

Version:

CSRF Validator for Node.js

github.com/ohawks-js/csrf-validator/blob/master/README.md

ohawks-js/csrf-validator

88 lines (77 loc) 3.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
process.env.NODE_ENV = 'test'; import {CSRFValidator} from "../index"; import {CSRFValidatorOptions} from "../model/csrf-validator-options.model"; const request = require('supertest'); const expect = require('expect'); const cookie_secret_key = '98h4nj1nn45j21n4567i224in19sa'; const cookie_session_keys = ['732mbv52v3ik5n6bu32m6j32voi5n', '2n455kn32k6no232bjn6n2jb3jn64']; const csrf_secret_key = '6njh32h4v2ij32ij676n23ij6n23i'; const createServerApp = (app) => { app.get('/*', (req, res) => {res.sendStatus(200);}); return app; } it('should throw error "Token secret key missing"', function (done) { expect(() => { CSRFValidator.instance( new CSRFValidatorOptions(null, null, null, null) ).configure(); }).toThrowError('Token secret key missing'); done(); }); it('should throw error "Cookie secret key missing"', function (done) { expect(() => { let app = require('express')(); CSRFValidator.instance( new CSRFValidatorOptions(null, null, null, null) ).configureApp(app); }).toThrowError('Cookie secret key missing'); done(); }); it('should throw error "Cookie session keys missing"', function (done) { expect(() => { let app = require('express')(); CSRFValidator.instance( new CSRFValidatorOptions(null, null, null, null, null, cookie_secret_key) ).configureApp(app); }).toThrowError('Cookie session keys missing'); done(); }); it('should throw error "Token secret key missing"', function (done) { expect(() => { let app = require('express')(); CSRFValidator.instance( new CSRFValidatorOptions(null, null, null, null, null, cookie_secret_key, cookie_session_keys) ).configureApp(app); }).toThrowError('Token secret key missing'); done(); }); it('should get 403 FORBIDDEN, as the /login is not set as ignored route', function (done) { let app = require('express')(); CSRFValidator.instance( new CSRFValidatorOptions(csrf_secret_key, null, null, null, null, cookie_secret_key, cookie_session_keys) ).configureApp(app); app = createServerApp(app); request(app) .get('/login') .expect(403, done); }); it('should get 200 OK, as the GET method is set as ignored method', function (done) { let app = require('express')(); CSRFValidator.instance( new CSRFValidatorOptions(csrf_secret_key, ['GET'], null, null, null, cookie_secret_key, cookie_session_keys) ).configureApp(app); app = createServerApp(app); request(app) .get('/login') .expect(200, done); }); it('should get 200 OK, as the /login route is set as ignored route', function (done) { let app = require('express')(); CSRFValidator.instance( new CSRFValidatorOptions(csrf_secret_key, null, ['/login'], null, null, cookie_secret_key, cookie_session_keys) ).configureApp(app); app = createServerApp(app); request(app) .get('/login') .expect(200, done); });