| 1 |
use crate::harness::TestHarness; |
| 2 |
|
| 3 |
#[tokio::test] |
| 4 |
async fn post_without_token_returns_403() { |
| 5 |
let mut h = TestHarness::new().await; |
| 6 |
let user_id = h.login_as("alice").await; |
| 7 |
let comm_id = h.create_community("Test", "test").await; |
| 8 |
let _cat_id = h.create_category(comm_id, "General", "general").await; |
| 9 |
h.add_membership(user_id, comm_id, "member").await; |
| 10 |
|
| 11 |
let resp = h |
| 12 |
.client |
| 13 |
.post_form_no_csrf( |
| 14 |
"/p/test/general/new", |
| 15 |
"title=Hello&body=World", |
| 16 |
) |
| 17 |
.await; |
| 18 |
|
| 19 |
assert_eq!(resp.status.as_u16(), 403); |
| 20 |
} |
| 21 |
|
| 22 |
#[tokio::test] |
| 23 |
async fn post_with_valid_token_succeeds() { |
| 24 |
let mut h = TestHarness::new().await; |
| 25 |
let user_id = h.login_as("bob").await; |
| 26 |
let comm_id = h.create_community("Test", "test").await; |
| 27 |
let _cat_id = h.create_category(comm_id, "General", "general").await; |
| 28 |
h.add_membership(user_id, comm_id, "member").await; |
| 29 |
|
| 30 |
|
| 31 |
h.client.get("/p/test/general/new").await; |
| 32 |
|
| 33 |
|
| 34 |
let resp = h |
| 35 |
.client |
| 36 |
.post_form("/p/test/general/new", "title=Hello&body=World") |
| 37 |
.await; |
| 38 |
|
| 39 |
|
| 40 |
assert!( |
| 41 |
resp.status.is_redirection() || resp.status.is_success(), |
| 42 |
"Expected success/redirect, got {}", |
| 43 |
resp.status |
| 44 |
); |
| 45 |
} |
| 46 |
|
| 47 |
#[tokio::test] |
| 48 |
async fn post_with_wrong_token_returns_403() { |
| 49 |
let mut h = TestHarness::new().await; |
| 50 |
let user_id = h.login_as("carol").await; |
| 51 |
let comm_id = h.create_community("Test", "test").await; |
| 52 |
let _cat_id = h.create_category(comm_id, "General", "general").await; |
| 53 |
h.add_membership(user_id, comm_id, "member").await; |
| 54 |
|
| 55 |
|
| 56 |
h.client.get("/p/test/general/new").await; |
| 57 |
|
| 58 |
let resp = h |
| 59 |
.client |
| 60 |
.post_form_with_token( |
| 61 |
"/p/test/general/new", |
| 62 |
"title=Hello&body=World", |
| 63 |
"totally-wrong-token", |
| 64 |
) |
| 65 |
.await; |
| 66 |
|
| 67 |
assert_eq!(resp.status.as_u16(), 403); |
| 68 |
} |
| 69 |
|
| 70 |
#[tokio::test] |
| 71 |
async fn csrf_token_stable_across_requests() { |
| 72 |
let mut h = TestHarness::new().await; |
| 73 |
h.login_as("dave").await; |
| 74 |
|
| 75 |
h.client.get("/").await; |
| 76 |
let token1 = h.client.csrf_token().unwrap().to_string(); |
| 77 |
|
| 78 |
h.client.get("/").await; |
| 79 |
let token2 = h.client.csrf_token().unwrap().to_string(); |
| 80 |
|
| 81 |
assert_eq!(token1, token2); |
| 82 |
} |
| 83 |
|