Exemple #1
0
func TestCSRFTarget(w http.ResponseWriter, r *http.Request) {
	token, token_err := validation.MakeFormToken(r, CSRF_FORM_TARGET)
	if token_err != nil {
		http.Error(w, token_err.Error(), http.StatusInternalServerError)
		return
	}
	submit_token := r.FormValue(env.TOKEN_FORM_KEY)
	if submit_token == "" {
		http.Error(w, "token not found in form", http.StatusBadRequest)
		return
	}
	if submit_token != token {
		http.Error(w, "token mismatch", http.StatusBadRequest)
		return
	}
	m := fmt.Sprintf("calculated:%v\nsubmitted:%v\n", token, submit_token)
	fmt.Fprintf(w, m)
}
Exemple #2
0
func TestCSRFHandler(w http.ResponseWriter, r *http.Request) {
	templates_dir, dir_err := env.GetQindTemplatesDir()
	if dir_err != nil {
		http.Error(w, dir_err.Error(), http.StatusInternalServerError)
		return
	}
	token, token_err := validation.MakeFormToken(r, CSRF_FORM_TARGET)
	if token_err != nil {
		http.Error(w, token_err.Error(), http.StatusInternalServerError)
		return
	}
	t, t_err := template.ParseFiles(templates_dir + string(filepath.Separator) +
		"test" + string(filepath.Separator) + "csrf_test.html")
	if t_err != nil {
		http.Error(w, t_err.Error(), http.StatusInternalServerError)
		return
	}
	t.Execute(w, struct{ TokenFormKey, FormToken, FormTarget string }{env.TOKEN_FORM_KEY, token, CSRF_FORM_TARGET})
}