aboutsummaryrefslogtreecommitdiffstats
path: root/modules/context/xsrf_test.go
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2022-04-08 13:21:05 +0800
committerGitHub <noreply@github.com>2022-04-08 13:21:05 +0800
commit84ceaa98bd731431c7d3a7f65e59e7ad076a540f (patch)
treefc2743a69cde4e46c3a55796e2ab1541269b6c65 /modules/context/xsrf_test.go
parent3c3d49899f0f7206e190bdeecdc4da248cc7e686 (diff)
downloadgitea-84ceaa98bd731431c7d3a7f65e59e7ad076a540f.tar.gz
gitea-84ceaa98bd731431c7d3a7f65e59e7ad076a540f.zip
Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
Do a refactoring to the CSRF related code, remove most unnecessary functions. Parse the generated token's issue time, regenerate the token every a few minutes.
Diffstat (limited to 'modules/context/xsrf_test.go')
-rw-r--r--modules/context/xsrf_test.go20
1 files changed, 10 insertions, 10 deletions
diff --git a/modules/context/xsrf_test.go b/modules/context/xsrf_test.go
index c0c711bf07..ef42d61d5a 100644
--- a/modules/context/xsrf_test.go
+++ b/modules/context/xsrf_test.go
@@ -37,18 +37,18 @@ var (
func Test_ValidToken(t *testing.T) {
t.Run("Validate token", func(t *testing.T) {
- tok := generateTokenAtTime(key, userID, actionID, now)
- assert.True(t, validTokenAtTime(tok, key, userID, actionID, oneMinuteFromNow))
- assert.True(t, validTokenAtTime(tok, key, userID, actionID, now.Add(Timeout-1*time.Nanosecond)))
- assert.True(t, validTokenAtTime(tok, key, userID, actionID, now.Add(-1*time.Minute)))
+ tok := GenerateCsrfToken(key, userID, actionID, now)
+ assert.True(t, ValidCsrfToken(tok, key, userID, actionID, oneMinuteFromNow))
+ assert.True(t, ValidCsrfToken(tok, key, userID, actionID, now.Add(CsrfTokenTimeout-1*time.Nanosecond)))
+ assert.True(t, ValidCsrfToken(tok, key, userID, actionID, now.Add(-1*time.Minute)))
})
}
// Test_SeparatorReplacement tests that separators are being correctly substituted
func Test_SeparatorReplacement(t *testing.T) {
t.Run("Test two separator replacements", func(t *testing.T) {
- assert.NotEqual(t, generateTokenAtTime("foo:bar", "baz", "wah", now),
- generateTokenAtTime("foo", "bar:baz", "wah", now))
+ assert.NotEqual(t, GenerateCsrfToken("foo:bar", "baz", "wah", now),
+ GenerateCsrfToken("foo", "bar:baz", "wah", now))
})
}
@@ -61,13 +61,13 @@ func Test_InvalidToken(t *testing.T) {
{"Bad key", "foobar", userID, actionID, oneMinuteFromNow},
{"Bad userID", key, "foobar", actionID, oneMinuteFromNow},
{"Bad actionID", key, userID, "foobar", oneMinuteFromNow},
- {"Expired", key, userID, actionID, now.Add(Timeout)},
+ {"Expired", key, userID, actionID, now.Add(CsrfTokenTimeout)},
{"More than 1 minute from the future", key, userID, actionID, now.Add(-1*time.Nanosecond - 1*time.Minute)},
}
- tok := generateTokenAtTime(key, userID, actionID, now)
+ tok := GenerateCsrfToken(key, userID, actionID, now)
for _, itt := range invalidTokenTests {
- assert.False(t, validTokenAtTime(tok, itt.key, itt.userID, itt.actionID, itt.t))
+ assert.False(t, ValidCsrfToken(tok, itt.key, itt.userID, itt.actionID, itt.t))
}
})
}
@@ -84,7 +84,7 @@ func Test_ValidateBadData(t *testing.T) {
}
for _, bdt := range badDataTests {
- assert.False(t, validTokenAtTime(bdt.tok, key, userID, actionID, oneMinuteFromNow))
+ assert.False(t, ValidCsrfToken(bdt.tok, key, userID, actionID, oneMinuteFromNow))
}
})
}