func TestSession(t *testing.T) { a := New() store := cookie.NewCookieStore() a.Use(Session(store, nil)) a.GET("/", func(c *C) { session := c.Sessions("test") session.Set("test1", "123") session.Set("test2", 123) c.String(200, "") }) a.GET("/test", func(c *C) { session := c.Sessions("test") test1 := session.GetString("test1", "") test2 := session.GetInt("test2", 0) assert.Equal(t, "123", test1) assert.Equal(t, 123, test2) c.String(200, "") }) req, _ := http.NewRequest("GET", "/", nil) w := httptest.NewRecorder() a.ServeHTTP(w, req) cookie := w.Header().Get("Set-Cookie") req, _ = http.NewRequest("GET", "/test", nil) req.Header.Set("Cookie", cookie) w = httptest.NewRecorder() a.ServeHTTP(w, req) }
func TestCSRFForm(t *testing.T) { assert := assert.New(t) token := "" a := ace.New() a.Session(cookie.NewCookieStore(), nil) CSRF(nil) a.GET("/", func(c *ace.C) { token = Token(c) c.JSON(200, nil) }) a.POST("/", Validate, func(c *ace.C) { c.String(200, "passed") }) r, _ := http.NewRequest("GET", "/", nil) w := httptest.NewRecorder() a.ServeHTTP(w, r) assert.NotEmpty(token) cookie := w.Header().Get("Set-Cookie") r, _ = http.NewRequest("POST", "/", nil) r.Header.Set("Cookie", cookie) r.ParseForm() r.PostForm.Set("csrf_token", token) w = httptest.NewRecorder() a.ServeHTTP(w, r) assert.Equal(200, w.Code) assert.Equal("passed", w.Body.String()) cookie = w.Header().Get("Set-Cookie") r, _ = http.NewRequest("POST", "/", nil) r.Header.Set("Cookie", cookie) r.ParseForm() r.PostForm.Set("csrf_token", token) w = httptest.NewRecorder() a.ServeHTTP(w, r) assert.Equal(500, w.Code) assert.Equal("Invalid CSRF Token", w.Body.String()) }