Go csrf测试桩法_Go_Csrf Protection_Revel

Go csrf测试桩法

Go csrf测试桩法,go,csrf-protection,revel,Go,Csrf Protection,Revel,我正在尝试写一个测试方法来注册我的revel应用程序。请看下面的代码 package tests import "github.com/revel/revel" import "github.com/PuerkitoBio/goquery" import "bytes" import "net/url" //import "net/http" var csrf string type AccountTest struct { revel.TestSuite } func (se

我正在尝试写一个测试方法来注册我的revel应用程序。请看下面的代码

package tests

import "github.com/revel/revel"
import "github.com/PuerkitoBio/goquery"
import "bytes"
import "net/url"

//import "net/http"

var csrf string

type AccountTest struct {
    revel.TestSuite
}

func (self *AccountTest) Before() {
    //println("Set up")
}

func (self *AccountTest) TestGetSignUp() {
    self.Get("/signup")
    site := bytes.NewBuffer(self.ResponseBody)
    doc, _ := goquery.NewDocumentFromReader(site)
    doc.Find("input").Each(func(i int, s *goquery.Selection) {
        name, exists := s.Attr("name")
        if name == "csrf_token" && exists {
            csrf, _ = s.Attr("value")
        }
    })
    self.AssertOk()
    self.AssertContains("Sign Up")
    self.AssertContentType("text/html; charset=utf-8")
}

func (self *AccountTest) TestPostSignUp() {
    self.PostForm("/signup", url.Values{
        "name":         {"cormier"},
        "email":        {"cormisample.com"},
        "emailConfirm": {"cormier@sample.com"},
        "password":     {"Test!1234"},
        "termof":       {"true"},
        "csrf_token":   {csrf},
    })
    self.AssertOk()
    self.AssertContentType("text/html; charset=utf-8")
}

func (self *AccountTest) After() {
    //println("Tear down")
}

测试没有通过TestPostSignUp函数，看起来请求是通过我实现的csrf中间件被拒绝的。如上所示，我读取了csrf令牌并将其保存到变量（csrf）中。通过Postform请求，我传递了变量，但不起作用

我的问题是，如何通过csrf保护的post请求进行测试。

我解决了以下问题：

package tests

    import "github.com/revel/revel"
    import "github.com/PuerkitoBio/goquery"
    import "bytes"
    import "net/url"

    //import "net/http"

    var csrf string

    type AccountTest struct {
        revel.TestSuite
    }

    func (self *AccountTest) Before() {

        self.Get("/signup")
        site := bytes.NewBuffer(self.ResponseBody)
        doc, _ := goquery.NewDocumentFromReader(site)
        doc.Find("input").Each(func(i int, s *goquery.Selection) {
            name, exists := s.Attr("name")
            if name == "csrf_token" && exists {
                csrf, _ = s.Attr("value")
            }
        })

    }

    func (self *AccountTest) TestSignUp() {

        self.PostForm("/signup", url.Values{
            "name":         {"cormier"},
            "email":        {"cormier@sample.com"},
            "emailConfirm": {"cormier@sample.com"},
            "password":     {"Test!1234"},
            "termof":       {"true"},
            "csrf_token":   {csrf},
        })
        self.AssertOk()
        self.AssertContentType("text/html; charset=utf-8")
    }

    func (self *AccountTest) After() {
    }

如果您能就新的内置CSRF功能向我们提供一些反馈，那就太好了：