Skip to content

Commit

Permalink
[Task] #50, added test case for csrf, repaired integration
Browse files Browse the repository at this point in the history
  • Loading branch information
@Type-Style
Type-Style committed Mar 26, 2024
1 parent 283e8e5 commit b5cebab
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 6 deletions.
1 change: 0 additions & 1 deletion src/scripts/token.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ export function createCSRF(res: Response, next: NextFunction): string {
}

export function validateCSRF(token: string): boolean {
console.log(csrfTokens, token);
const currentTime = Date.now();
let valid: boolean = false;
for (const entry of csrfTokens) {
Expand Down
21 changes: 18 additions & 3 deletions src/tests/integration.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,10 +231,25 @@ describe('API calls', () => {

describe('read and login', () => {
let token = "";
const testData = qs.stringify({
const testData = {
user: "TEST",
password: "test",
});
csrfToken: ""
}

it('form available / get Token', async () => {

Check warning on line 240 in src/tests/integration.test.ts

View workflow job for this annotation

GitHub Actions / eslint 

Test has no assertions
let response = {data:""};
try {
response = await axios.get('http://localhost:80/login');

Check notice

Code scanning / devskim

Accessing localhost could indicate debug code, or could hinder scaling. Note test

Do not leave debug code in production
} catch (error) {
console.error(error);
}

const regex = /name="csrfToken" value="([^"]*)"/;
const match = response.data.match(regex);
testData.csrfToken = match ? match[1] : '-';
})

test(`redirect without logged in`, async () => {
try {
await axios.get("http://localhost:80/read/");
Expand All @@ -249,7 +264,7 @@ describe('read and login', () => {
});

it('test user can login', async () => {
const response = await axios.post('http://localhost:80/login', testData);
const response = await axios.post('http://localhost:80/login', qs.stringify(testData));

Check notice

Code scanning / devskim

Accessing localhost could indicate debug code, or could hinder scaling. Note test

Do not leave debug code in production

expect(response.status).toBe(200);
expect(response.headers['content-type']).toEqual(expect.stringContaining('application/json'));
Expand Down
4 changes: 2 additions & 2 deletions src/tests/login.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ const userDataWithToken = {

describe('Login', () => {
it('form available', async () => {
let serverStatus;
let serverStatus = {};
let response = { data: "", status: "" };
try {
response = await axios.get('http://localhost:80/login');
Expand Down Expand Up @@ -71,7 +71,7 @@ describe('Login', () => {

it('test invalid credentials to return error', async () => {
try {
userDataWithToken.csrfToken = csrfToken;
userDataWithToken.csrfToken = csrfToken
await axios.post('http://localhost:80/login', qs.stringify(userDataWithToken));

Check notice

Code scanning / devskim

Accessing localhost could indicate debug code, or could hinder scaling. Note test

Do not leave debug code in production
} catch (error) {
const axiosError = error as AxiosError;
Expand Down

0 comments on commit b5cebab

Please sign in to comment.