[chrome/csrf] added tests to verify jQuery and angular injectors

2025-04-24 09:48:58 -04:00 · 2015-11-09 22:30:16 -06:00 · 2015-11-09 22:30:16 -06:00 · 6892b4acc9
commit 6892b4acc9
parent 8c1a709a07
1 changed files with 111 additions and 0 deletions
--- a/src/ui/public/chrome/api/tests/xsrf.js
+++ b/src/ui/public/chrome/api/tests/xsrf.js
@ -0,0 +1,111 @@
+import $ from 'jquery';
+import expect from 'expect.js';
+import { stub } from 'auto-release-sinon';
+import ngMock from 'ngMock';
+
+import xsrfChromeApi from '../xsrf';
+
+const xsrfHeader = 'kbn-xsrf-header';
+const xsrfToken = 'xsrfToken';
+
+describe('chrome xsrf apis', function () {
+  context('jQuery support', function () {
+    it('adds a global jQuery prefilter', function () {
+      stub($, 'ajaxPrefilter');
+      xsrfChromeApi({}, {});
+      expect($.ajaxPrefilter.callCount).to.be(1);
+    });
+
+    context('jQuery prefilter', function () {
+      let prefilter;
+      const xsrfToken = 'xsrfToken';
+
+      beforeEach(function () {
+        stub($, 'ajaxPrefilter');
+        xsrfChromeApi({}, { xsrfToken });
+        prefilter = $.ajaxPrefilter.args[0][0];
+      });
+
+      it('sets the kbn-xsrf-token header', function () {
+        const setHeader = stub();
+        prefilter({}, {}, { setRequestHeader: setHeader });
+
+        expect(setHeader.callCount).to.be(1);
+        expect(setHeader.args[0]).to.eql([
+          xsrfHeader,
+          xsrfToken
+        ]);
+      });
+
+      it('can be canceled by setting the kbnXsrfToken option', function () {
+        const setHeader = stub();
+        prefilter({}, {}, { setRequestHeader: setHeader });
+
+        expect(setHeader.callCount).to.be(1);
+        expect(setHeader.args[0]).to.eql([
+          xsrfHeader,
+          xsrfToken
+        ]);
+      });
+    });
+
+    context('Angular support', function () {
+
+      let $http;
+      let $httpBackend;
+
+      beforeEach(function () {
+        stub($, 'ajaxPrefilter');
+        const chrome = {};
+        xsrfChromeApi(chrome, { xsrfToken });
+        ngMock.module(chrome.$setupCsrfRequestInterceptor);
+      });
+
+      beforeEach(ngMock.inject(function ($injector) {
+        $http = $injector.get('$http');
+        $httpBackend = $injector.get('$httpBackend');
+
+        $httpBackend
+          .when('POST', '/api/test')
+          .respond('ok');
+      }));
+
+      afterEach(function () {
+        $httpBackend.verifyNoOutstandingExpectation();
+        $httpBackend.verifyNoOutstandingRequest();
+      });
+
+      it('injects a kbn-xsrf-token header on every request', function () {
+        $httpBackend.expectPOST('/api/test', undefined, function (headers) {
+          return headers[xsrfHeader] === xsrfToken;
+        }).respond(200, '');
+
+        $http.post('/api/test');
+        $httpBackend.flush();
+      });
+
+      it('skips requests with the kbnCsrfToken set falsey', function () {
+        $httpBackend.expectPOST('/api/test', undefined, function (headers) {
+          return !(xsrfHeader in headers);
+        }).respond(200, '');
+
+        $http.post({
+          url: '/api/test',
+          xsrfHeader: 0
+        });
+
+        $http.post({
+          url: '/api/test',
+          xsrfHeader: ''
+        });
+
+        $http.post({
+          url: '/api/test',
+          xsrfHeader: false
+        });
+
+        $httpBackend.flush();
+      });
+    });
+  });
+});