Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
B
beego
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
beego
Commits
9c400778
Commit
9c400778
authored
Apr 12, 2016
by
astaxie
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #1863 from JessonChan/xsrf_fix
Xsrf fix
parents
f6ad2cf8
53d680a4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
91 additions
and
14 deletions
+91
-14
context.go
context/context.go
+1
-0
context_test.go
context/context_test.go
+47
-0
rand.go
utils/rand.go
+10
-14
rand_test.go
utils/rand_test.go
+33
-0
No files found.
context/context.go
View file @
9c400778
...
...
@@ -65,6 +65,7 @@ func (ctx *Context) Reset(rw http.ResponseWriter, r *http.Request) {
ctx
.
ResponseWriter
.
reset
(
rw
)
ctx
.
Input
.
Reset
(
ctx
)
ctx
.
Output
.
Reset
(
ctx
)
ctx
.
_xsrfToken
=
""
}
// Redirect does redirection to localurl with http header status code.
...
...
context/context_test.go
0 → 100644
View file @
9c400778
// Copyright 2016 beego Author. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package
context
import
(
"net/http"
"net/http/httptest"
"testing"
)
func
TestXsrfReset_01
(
t
*
testing
.
T
)
{
r
:=
&
http
.
Request
{}
c
:=
NewContext
()
c
.
Request
=
r
c
.
ResponseWriter
=
&
Response
{}
c
.
ResponseWriter
.
reset
(
httptest
.
NewRecorder
())
c
.
Output
.
Reset
(
c
)
c
.
Input
.
Reset
(
c
)
c
.
XSRFToken
(
"key"
,
16
)
if
c
.
_xsrfToken
==
""
{
t
.
FailNow
()
}
token
:=
c
.
_xsrfToken
c
.
Reset
(
&
Response
{
ResponseWriter
:
httptest
.
NewRecorder
()},
r
)
if
c
.
_xsrfToken
!=
""
{
t
.
FailNow
()
}
c
.
XSRFToken
(
"key"
,
16
)
if
c
.
_xsrfToken
==
""
{
t
.
FailNow
()
}
if
token
==
c
.
_xsrfToken
{
t
.
FailNow
()
}
}
utils/rand.go
View file @
9c400778
...
...
@@ -20,28 +20,24 @@ import (
"time"
)
var
alphaNum
=
[]
byte
(
`0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz`
)
// RandomCreateBytes generate random []byte by specify chars.
func
RandomCreateBytes
(
n
int
,
alphabets
...
byte
)
[]
byte
{
const
alphanum
=
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
if
len
(
alphabets
)
==
0
{
alphabets
=
alphaNum
}
var
bytes
=
make
([]
byte
,
n
)
var
rand
b
y
bool
var
rand
B
y
bool
if
num
,
err
:=
rand
.
Read
(
bytes
);
num
!=
n
||
err
!=
nil
{
r
.
Seed
(
time
.
Now
()
.
UnixNano
())
rand
b
y
=
true
rand
B
y
=
true
}
for
i
,
b
:=
range
bytes
{
if
len
(
alphabets
)
==
0
{
if
randby
{
bytes
[
i
]
=
alphanum
[
r
.
Intn
(
len
(
alphanum
))]
}
else
{
bytes
[
i
]
=
alphanum
[
b
%
byte
(
len
(
alphanum
))]
}
if
randBy
{
bytes
[
i
]
=
alphabets
[
r
.
Intn
(
len
(
alphabets
))]
}
else
{
if
randby
{
bytes
[
i
]
=
alphabets
[
r
.
Intn
(
len
(
alphabets
))]
}
else
{
bytes
[
i
]
=
alphabets
[
b
%
byte
(
len
(
alphabets
))]
}
bytes
[
i
]
=
alphabets
[
b
%
byte
(
len
(
alphabets
))]
}
}
return
bytes
...
...
utils/rand_test.go
0 → 100644
View file @
9c400778
// Copyright 2016 beego Author. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package
utils
import
"testing"
func
TestRand_01
(
t
*
testing
.
T
)
{
bs0
:=
RandomCreateBytes
(
16
)
bs1
:=
RandomCreateBytes
(
16
)
t
.
Log
(
string
(
bs0
),
string
(
bs1
))
if
string
(
bs0
)
==
string
(
bs1
)
{
t
.
FailNow
()
}
bs0
=
RandomCreateBytes
(
4
,
[]
byte
(
`a`
)
...
)
if
string
(
bs0
)
!=
"aaaa"
{
t
.
FailNow
()
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment