Closed cesarandreu closed 9 years ago
It's passing tests locally... Is there any way to have travis retry?
~/D/csrf git:session-check ❯❯❯ npm run test test
> koa-csrf@2.1.3 test /Users/cesarandreu/Developer/csrf
> NODE_ENV=test mocha --harmony-generators --reporter spec --require should test
CSRF Token
should create
✓ a token
✓ a single token per request
✓ a new token per request
should assert
✓ when no token is supplied
should not assert when the token is supplied via
✓ json body
✓ querystring
✓ x-csrf-token
✓ x-xsrf-token
.assertCSRF()
✓ should support a string value
CSRF Token Middleware
should create
✓ a token
✓ a single token per request
✓ a new token per request
✓ a null token when session is invalid
should assert
✓ when no token is supplied
should not assert when the token is supplied via
✓ json body
✓ querystring
✓ querystring with body
✓ x-csrf-token
✓ x-xsrf-token
19 passing (111ms)
~/D/csrf git:session-check ❯❯❯ npm run test-cov
> koa-csrf@2.1.3 test-cov /Users/cesarandreu/Developer/csrf
> NODE_ENV=test node --harmony-generators node_modules/.bin/istanbul cover ./node_modules/.bin/_mocha -- --reporter dot --require should
․․․․․․․․․․․․․․․․․․․
19 passing (104ms)
=============================================================================
Writing coverage object [/Users/cesarandreu/Developer/csrf/coverage/coverage.json]
Writing coverage reports at [/Users/cesarandreu/Developer/csrf/coverage]
=============================================================================
=============================== Coverage summary ===============================
Statements : 90.91% ( 40/44 )
Branches : 97.37% ( 37/38 )
Functions : 77.78% ( 7/9 )
Lines : 92.5% ( 37/40 )
================================================================================
i haven't looked at this PR yet, but can you rebase
I rebased and it passed, awesome :D. Thanks.
thanks 8f48e14a18cd8ae5594c0b23a699beefe7c6734f
This PR adds a session check. If the session is invalid, it returns null. Currently it'll throw an error if you have a null session.
This is a problem because I log out my users by setting
this.session = null
, but I also have the following middleware:This is needed so my client-side app can read the cookie and set the
X-XSRF-TOKEN
header on every request.My current workaround is to add a conditional before setting the cookie: