英文:
Testing post method with csrf
问题
我正在尝试为我的 Revel 应用程序编写一个注册测试方法。请看以下代码:
package tests
import "github.com/revel/revel"
import "github.com/PuerkitoBio/goquery"
import "bytes"
import "net/url"
//import "net/http"
var csrf string
type AccountTest struct {
revel.TestSuite
}
func (self *AccountTest) Before() {
//println("Set up")
}
func (self *AccountTest) TestGetSignUp() {
self.Get("/signup")
site := bytes.NewBuffer(self.ResponseBody)
doc, _ := goquery.NewDocumentFromReader(site)
doc.Find("input").Each(func(i int, s *goquery.Selection) {
name, exists := s.Attr("name")
if name == "csrf_token" && exists {
csrf, _ = s.Attr("value")
}
})
self.AssertOk()
self.AssertContains("Sign Up")
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) TestPostSignUp() {
self.PostForm("/signup", url.Values{
"name": {"cormier"},
"email": {"cormisample.com"},
"emailConfirm": {"cormier@sample.com"},
"password": {"Test!1234"},
"termof": {"true"},
"csrf_token": {csrf},
})
self.AssertOk()
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) After() {
//println("Tear down")
}
测试未通过 TestPostSignUp 函数,似乎是因为请求被我实现的 csrf 中间件 revel-csrf 拒绝了。如上所示,我读取了 csrf 令牌并保存到变量 csrf 中。通过 PostForm 请求我传递了该变量,但是没有起作用。
我的问题是,如何进行一个带有 post 请求的测试,以通过 csrf 保护。
英文:
I am trying to write a test method for sign up on my revel application. Look at the following code
package tests
import "github.com/revel/revel"
import "github.com/PuerkitoBio/goquery"
import "bytes"
import "net/url"
//import "net/http"
var csrf string
type AccountTest struct {
revel.TestSuite
}
func (self *AccountTest) Before() {
//println("Set up")
}
func (self *AccountTest) TestGetSignUp() {
self.Get("/signup")
site := bytes.NewBuffer(self.ResponseBody)
doc, _ := goquery.NewDocumentFromReader(site)
doc.Find("input").Each(func(i int, s *goquery.Selection) {
name, exists := s.Attr("name")
if name == "csrf_token" && exists {
csrf, _ = s.Attr("value")
}
})
self.AssertOk()
self.AssertContains("Sign Up")
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) TestPostSignUp() {
self.PostForm("/signup", url.Values{
"name": {"cormier"},
"email": {"cormisample.com"},
"emailConfirm": {"cormier@sample.com"},
"password": {"Test!1234"},
"termof": {"true"},
"csrf_token": {csrf},
})
self.AssertOk()
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) After() {
//println("Tear down")
}
The test does not pass by TestPostSignUp function, it seems like, that the request is rejected through csrf middleware that I implemented revel-csrf. As you can see above, I read csrf token and save into variable(csrf). By Postform request I passed the variable, but does not work.
My question is, how to make a test with post request that will pass csrf protection.
答案1
得分: 5
我按照以下方式解决了这个问题:
package tests
import "github.com/revel/revel"
import "github.com/PuerkitoBio/goquery"
import "bytes"
import "net/url"
//import "net/http"
var csrf string
type AccountTest struct {
revel.TestSuite
}
func (self *AccountTest) Before() {
self.Get("/signup")
site := bytes.NewBuffer(self.ResponseBody)
doc, _ := goquery.NewDocumentFromReader(site)
doc.Find("input").Each(func(i int, s *goquery.Selection) {
name, exists := s.Attr("name")
if name == "csrf_token" && exists {
csrf, _ = s.Attr("value")
}
})
}
func (self *AccountTest) TestSignUp() {
self.PostForm("/signup", url.Values{
"name": {"cormier"},
"email": {"cormier@sample.com"},
"emailConfirm": {"cormier@sample.com"},
"password": {"Test!1234"},
"termof": {"true"},
"csrf_token": {csrf},
})
self.AssertOk()
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) After() {
}
英文:
I solve the problem following:
package tests
import "github.com/revel/revel"
import "github.com/PuerkitoBio/goquery"
import "bytes"
import "net/url"
//import "net/http"
var csrf string
type AccountTest struct {
revel.TestSuite
}
func (self *AccountTest) Before() {
self.Get("/signup")
site := bytes.NewBuffer(self.ResponseBody)
doc, _ := goquery.NewDocumentFromReader(site)
doc.Find("input").Each(func(i int, s *goquery.Selection) {
name, exists := s.Attr("name")
if name == "csrf_token" && exists {
csrf, _ = s.Attr("value")
}
})
}
func (self *AccountTest) TestSignUp() {
self.PostForm("/signup", url.Values{
"name": {"cormier"},
"email": {"cormier@sample.com"},
"emailConfirm": {"cormier@sample.com"},
"password": {"Test!1234"},
"termof": {"true"},
"csrf_token": {csrf},
})
self.AssertOk()
self.AssertContentType("text/html; charset=utf-8")
}
func (self *AccountTest) After() {
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论