func TestCSRFTarget(w http.ResponseWriter, r *http.Request) {
token, token_err := validation.MakeFormToken(r, CSRF_FORM_TARGET)
if token_err != nil {
http.Error(w, token_err.Error(), http.StatusInternalServerError)
return
}
submit_token := r.FormValue(env.TOKEN_FORM_KEY)
if submit_token == "" {
http.Error(w, "token not found in form", http.StatusBadRequest)
return
}
if submit_token != token {
http.Error(w, "token mismatch", http.StatusBadRequest)
return
}
m := fmt.Sprintf("calculated:%v\nsubmitted:%v\n", token, submit_token)
fmt.Fprintf(w, m)
}
func TestCSRFHandler(w http.ResponseWriter, r *http.Request) {
templates_dir, dir_err := env.GetQindTemplatesDir()
if dir_err != nil {
http.Error(w, dir_err.Error(), http.StatusInternalServerError)
return
}
token, token_err := validation.MakeFormToken(r, CSRF_FORM_TARGET)
if token_err != nil {
http.Error(w, token_err.Error(), http.StatusInternalServerError)
return
}
t, t_err := template.ParseFiles(templates_dir + string(filepath.Separator) +
"test" + string(filepath.Separator) + "csrf_test.html")
if t_err != nil {
http.Error(w, t_err.Error(), http.StatusInternalServerError)
return
}
t.Execute(w, struct{ TokenFormKey, FormToken, FormTarget string }{env.TOKEN_FORM_KEY, token, CSRF_FORM_TARGET})
}