Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expected "Location" header field #8

Open
Exegetech opened this issue Nov 17, 2015 · 2 comments
Open

Expected "Location" header field #8

Exegetech opened this issue Nov 17, 2015 · 2 comments

Comments

@Exegetech
Copy link

I am at 10-authentication, trying to get past the test that says "POST /login should 303 with good auth details"

/**
 * If successful, the logged in user should be redirected to `/`.
 */

app.use(function* login(next) {
  if (this.request.path !== '/login') return yield* next;
  if (this.request.method === 'GET') return this.response.body = form.replace('{{csrf}}', this.csrf);

  if (this.request.method === 'POST') {
    var body = yield parse.json(this);

    if (body.username !== 'username' || body.password !== 'password') {
      return this.response.status = 400;
    }
    if (body._csrf !== this.csrf) {
      return this.response.status = 403;
    }

    if (body.username === 'username' && body.password === 'password' && body._csrf === this.csrf) {
      this.response.status = 303;
      this.response.set('Location', '/');
    }
  }
})

here is the test result

  1) Authentication logging in POST /login should 303 with good auth details:
     Error: expected "Location" header field
      at Test.assert (/Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:190:35)
      at assert (/Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:132:12)
      at /Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:129:5
      at Test.Request.callback (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:746:30)
      at Test.<anonymous> (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:135:10)
      at IncomingMessage.<anonymous> (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:938:12)
      at endReadableNT (_stream_readable.js:893:12)

Can you point me in the right direction?
@e-kulikov
Copy link

I have the same error. I think it could be a mistake in tests.
CSRF token is generated with each request (because we use csrf(app);) regardless of it type (GET or POST or whatever). But test gets csrf only once with GET request to /login page and supposes it as valid in each next POST request to /login.

@HQidea
Copy link

HQidea commented Feb 4, 2016

Please read the koa-csrf document. this.csrf creates a new CSRF token, so it will never equal to body._csrf. Use this.assertCSRF() instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@e-kulikov @HQidea @Exegetech