Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-08 14:35:45 +01:00
Code Issues Packages Projects Releases Activity

implement client side xsrf protection

Browse Source
This commit is contained in:
Sebastian Sdorra
2019-11-18 11:45:48 +01:00
parent 234d98aee7
commit 2c85a137a5
2 changed files with 54 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
scm-ui/ui-components/src/apiclient.test.ts
View File

@@ -1,4 +1,4 @@
import { apiClient, createUrl } from "./apiclient";
import { apiClient, createUrl, extractXsrfToken, extractXsrfTokenFromCookie } from "./apiclient";
import fetchMock from "fetch-mock";
import { BackendError } from "./errors";
@@ -70,3 +70,22 @@ describe("error handling tests", () => {
});
});
});
describe("extract xsrf token", () => {
it("should return undefined if no cookie exists", () => {
const token = extractXsrfTokenFromCookie(undefined);
expect(token).toBeUndefined();
});
it("should return undefined without X-Bearer-Token exists", () => {
const token = extractXsrfTokenFromCookie("a=b; c=d; e=f");
expect(token).toBeUndefined();
});
it("should return xsrf token", () => {
const cookie =
"a=b; X-Bearer-Token=eyJhbGciOiJIUzI1NiJ9.eyJ4c3JmIjoiYjE0NDRmNWEtOWI5Mi00ZDA0LWFkMzMtMTAxYjY3MWQ1YTc0Iiwic3ViIjoic2NtYWRtaW4iLCJqdGkiOiI2RFJpQVphNWwxIiwiaWF0IjoxNTc0MDcyNDQ4LCJleHAiOjE1NzQwNzYwNDgsInNjbS1tYW5hZ2VyLnJlZnJlc2hFeHBpcmF0aW9uIjoxNTc0MTE1NjQ4OTU5LCJzY20tbWFuYWdlci5wYXJlbnRUb2tlbklkIjoiNkRSaUFaYTVsMSJ9.VUJtKeWUn3xtHCEbG51r7ceXZ8CF3cmN8J-eb9EDY_U; c=d";
const token = extractXsrfTokenFromCookie(cookie);
expect(token).toBe("b1444f5a-9b92-4d04-ad33-101b671d5a74");
});
});