Go csrf测试桩法
我正在尝试写一个测试方法来注册我的revel应用程序。请看下面的代码Go csrf测试桩法,go,csrf-protection,revel,Go,Csrf Protection,Revel,我正在尝试写一个测试方法来注册我的revel应用程序。请看下面的代码 package tests import "github.com/revel/revel" import "github.com/PuerkitoBio/goquery" import "bytes" import "net/url" //import "net/http" var csrf string type AccountTest struct { revel.TestSuite } func (se
package tests
import "github.com/revel/revel"
import "github.com/PuerkitoBio/goquery"
import "bytes"
import "net/url"
//import "net/http"
var csrf string
type AccountTest struct {
revel.TestSuite
}
func (self *AccountTest) Before() {
//println("Set up")
}
func (self *AccountTest) TestGetSignUp() {
self.Get("/signup")
site := bytes.NewBuffer(self.ResponseBody)
doc, _ := goquery.NewDocumentFromReader(site)
doc.Find("input").Each(func(i int, s *goquery.Selection) {
name, exists := s.Attr("name")
if name == "csrf_token" && exists {
csrf, _ = s.Attr("value")
}
})
self.AssertOk()
self.AssertContains("Sign Up")
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) TestPostSignUp() {
self.PostForm("/signup", url.Values{
"name": {"cormier"},
"email": {"cormisample.com"},
"emailConfirm": {"cormier@sample.com"},
"password": {"Test!1234"},
"termof": {"true"},
"csrf_token": {csrf},
})
self.AssertOk()
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) After() {
//println("Tear down")
}
测试没有通过TestPostSignUp函数,看起来请求是通过我实现的csrf中间件被拒绝的。如上所示,我读取了csrf令牌并将其保存到变量(csrf)中。通过Postform请求,我传递了变量,但不起作用
我的问题是,如何通过csrf保护的post请求进行测试。我解决了以下问题:
package tests
import "github.com/revel/revel"
import "github.com/PuerkitoBio/goquery"
import "bytes"
import "net/url"
//import "net/http"
var csrf string
type AccountTest struct {
revel.TestSuite
}
func (self *AccountTest) Before() {
self.Get("/signup")
site := bytes.NewBuffer(self.ResponseBody)
doc, _ := goquery.NewDocumentFromReader(site)
doc.Find("input").Each(func(i int, s *goquery.Selection) {
name, exists := s.Attr("name")
if name == "csrf_token" && exists {
csrf, _ = s.Attr("value")
}
})
}
func (self *AccountTest) TestSignUp() {
self.PostForm("/signup", url.Values{
"name": {"cormier"},
"email": {"cormier@sample.com"},
"emailConfirm": {"cormier@sample.com"},
"password": {"Test!1234"},
"termof": {"true"},
"csrf_token": {csrf},
})
self.AssertOk()
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) After() {
}
如果您能就新的内置CSRF功能向我们提供一些反馈,那就太好了: