UNPKG

csrfimmunity

Version:

Protection against Cross Site Request Forgery attacks. This module provides multiple variation of protection.

github.com/ppattanayak/CSRFImmunity

ppattanayak/CSRFImmunity

44 lines (37 loc) 1.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
var Assert = require('assert'); var csrfimmunity = require('../index').setKeyForEncryption("password123"); var options = {}; describe(__filename, function() { before(function(next) { // process.chdir(__dirname + '/test/app'); options.formname = 'loginform'; options.actionurl = 'http://www.weekendsecurity.org/login'; options = JSON.stringify(options); next(); }); it('should match with the CSRF token with timestamp', function(next){ csrfimmunity.generateTimeBasedToken(options, function(token){ var result = csrfimmunity.verifyTimeBasedToken(token, options); Assert.equal(result, true); next(); }); }); it('should match with the CSRF token without timestamp', function(next){ csrfimmunity.generateToken(options, function(token){ var result = csrfimmunity.verifyToken(token, options); Assert.equal(result, true); next(); }); }); it('should fail the CSRF token check after time expires', function(done){ var newoptions = JSON.parse(options); newoptions.milliseconds = 1; csrfimmunity.generateTimeBasedToken(options, function(token){ setTimeout(function(){ var result = csrfimmunity.verifyTimeBasedToken(token, JSON.stringify(newoptions)); Assert.equal(result, false); done(); }, 3000); }); }); });