angular-cn/packages/common/http/test/xsrf_spec.ts

/**
 * @license
 * Copyright Google LLC All Rights Reserved.
 *
 * Use of this source code is governed by an MIT-style license that can be
 * found in the LICENSE file at https://angular.io/license
 */

import {HttpHeaders} from '@angular/common/http/src/headers';
import {HttpRequest} from '@angular/common/http/src/request';
import {HttpXsrfCookieExtractor, HttpXsrfInterceptor, HttpXsrfTokenExtractor} from '@angular/common/http/src/xsrf';

import {HttpClientTestingBackend} from '@angular/common/http/testing/src/backend';

class SampleTokenExtractor extends HttpXsrfTokenExtractor {
  constructor(private token: string|null) {
    super();
  }

  getToken(): string|null {
    return this.token;
  }
}

{
  describe('HttpXsrfInterceptor', () => {
    let backend: HttpClientTestingBackend;
    const interceptor = new HttpXsrfInterceptor(new SampleTokenExtractor('test'), 'X-XSRF-TOKEN');
    beforeEach(() => {
      backend = new HttpClientTestingBackend();
    });
    it('applies XSRF protection to outgoing requests', () => {
      interceptor.intercept(new HttpRequest('POST', '/test', {}), backend).subscribe();
      const req = backend.expectOne('/test');
      expect(req.request.headers.get('X-XSRF-TOKEN')).toEqual('test');
      req.flush({});
    });
    it('does not apply XSRF protection when request is a GET', () => {
      interceptor.intercept(new HttpRequest('GET', '/test'), backend).subscribe();
      const req = backend.expectOne('/test');
      expect(req.request.headers.has('X-XSRF-TOKEN')).toEqual(false);
      req.flush({});
    });
    it('does not apply XSRF protection when request is a HEAD', () => {
      interceptor.intercept(new HttpRequest('HEAD', '/test'), backend).subscribe();
      const req = backend.expectOne('/test');
      expect(req.request.headers.has('X-XSRF-TOKEN')).toEqual(false);
      req.flush({});
    });
    it('does not overwrite existing header', () => {
      interceptor
          .intercept(
              new HttpRequest(
                  'POST', '/test', {}, {headers: new HttpHeaders().set('X-XSRF-TOKEN', 'blah')}),
              backend)
          .subscribe();
      const req = backend.expectOne('/test');
      expect(req.request.headers.get('X-XSRF-TOKEN')).toEqual('blah');
      req.flush({});
    });
    it('does not set the header for a null token', () => {
      const interceptor = new HttpXsrfInterceptor(new SampleTokenExtractor(null), 'X-XSRF-TOKEN');
      interceptor.intercept(new HttpRequest('POST', '/test', {}), backend).subscribe();
      const req = backend.expectOne('/test');
      expect(req.request.headers.has('X-XSRF-TOKEN')).toEqual(false);
      req.flush({});
    });
    afterEach(() => {
      backend.verify();
    });
  });
  describe('HttpXsrfCookieExtractor', () => {
    let document: {[key: string]: string};
    let extractor: HttpXsrfCookieExtractor;
    beforeEach(() => {
      document = {
        cookie: 'XSRF-TOKEN=test',
      };
      extractor = new HttpXsrfCookieExtractor(document, 'browser', 'XSRF-TOKEN');
    });
    it('parses the cookie from document.cookie', () => {
      expect(extractor.getToken()).toEqual('test');
    });
    it('does not re-parse if document.cookie has not changed', () => {
      expect(extractor.getToken()).toEqual('test');
      expect(extractor.getToken()).toEqual('test');
      expect(getParseCount(extractor)).toEqual(1);
    });
    it('re-parses if document.cookie changes', () => {
      expect(extractor.getToken()).toEqual('test');
      document['cookie'] = 'XSRF-TOKEN=blah';
      expect(extractor.getToken()).toEqual('blah');
      expect(getParseCount(extractor)).toEqual(2);
    });
  });
}

function getParseCount(extractor: HttpXsrfCookieExtractor): number {
  return (extractor as any).parseCount;
}
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`/**`
			`* @license`
build: update license headers to reference Google LLC (#37205) Update the license headers throughout the repository to reference Google LLC rather than Google Inc, for the required license headers. PR Close #37205 2020-05-19 12:08:49 -07:00			`* Copyright Google LLC All Rights Reserved.`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`*`
			`* Use of this source code is governed by an MIT-style license that can be`
			`* found in the LICENSE file at https://angular.io/license`
			`*/`

test(ivy): fix paths for http tests to work with ivy (#27121) PR Close #27121 2018-11-15 11:35:08 -08:00			`import {HttpHeaders} from '@angular/common/http/src/headers';`
			`import {HttpRequest} from '@angular/common/http/src/request';`
			`import {HttpXsrfCookieExtractor, HttpXsrfInterceptor, HttpXsrfTokenExtractor} from '@angular/common/http/src/xsrf';`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00
test(ivy): fix paths for http tests to work with ivy (#27121) PR Close #27121 2018-11-15 11:35:08 -08:00			`import {HttpClientTestingBackend} from '@angular/common/http/testing/src/backend';`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00
test(common): TokenExtractor should extend HttpXsrfTokenExtractor in xsrf spec (#24649) PR Close #24649 2018-06-24 21:22:22 -04:00			`class SampleTokenExtractor extends HttpXsrfTokenExtractor {`
build: reformat repo to new clang@1.4.0 (#36613) PR Close #36613 2020-04-13 16:40:21 -07:00			`constructor(private token: string\|null) {`
			`super();`
			`}`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00
build: reformat repo to new clang@1.4.0 (#36613) PR Close #36613 2020-04-13 16:40:21 -07:00			`getToken(): string\|null {`
			`return this.token;`
			`}`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`}`

build: remove `main()` from specs (#21053) PR Close #21053 2017-12-16 14:42:55 -08:00			`{`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`describe('HttpXsrfInterceptor', () => {`
			`let backend: HttpClientTestingBackend;`
			`const interceptor = new HttpXsrfInterceptor(new SampleTokenExtractor('test'), 'X-XSRF-TOKEN');`
build: reformat repo to new clang@1.4.0 (#36613) PR Close #36613 2020-04-13 16:40:21 -07:00			`beforeEach(() => {`
			`backend = new HttpClientTestingBackend();`
			`});`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`it('applies XSRF protection to outgoing requests', () => {`
			`interceptor.intercept(new HttpRequest('POST', '/test', {}), backend).subscribe();`
			`const req = backend.expectOne('/test');`
			`expect(req.request.headers.get('X-XSRF-TOKEN')).toEqual('test');`
			`req.flush({});`
			`});`
			`it('does not apply XSRF protection when request is a GET', () => {`
			`interceptor.intercept(new HttpRequest('GET', '/test'), backend).subscribe();`
			`const req = backend.expectOne('/test');`
			`expect(req.request.headers.has('X-XSRF-TOKEN')).toEqual(false);`
			`req.flush({});`
			`});`
			`it('does not apply XSRF protection when request is a HEAD', () => {`
			`interceptor.intercept(new HttpRequest('HEAD', '/test'), backend).subscribe();`
			`const req = backend.expectOne('/test');`
			`expect(req.request.headers.has('X-XSRF-TOKEN')).toEqual(false);`
			`req.flush({});`
			`});`
			`it('does not overwrite existing header', () => {`
			`interceptor`
			`.intercept(`
			`new HttpRequest(`
			`'POST', '/test', {}, {headers: new HttpHeaders().set('X-XSRF-TOKEN', 'blah')}),`
			`backend)`
			`.subscribe();`
			`const req = backend.expectOne('/test');`
			`expect(req.request.headers.get('X-XSRF-TOKEN')).toEqual('blah');`
			`req.flush({});`
			`});`
			`it('does not set the header for a null token', () => {`
			`const interceptor = new HttpXsrfInterceptor(new SampleTokenExtractor(null), 'X-XSRF-TOKEN');`
			`interceptor.intercept(new HttpRequest('POST', '/test', {}), backend).subscribe();`
			`const req = backend.expectOne('/test');`
			`expect(req.request.headers.has('X-XSRF-TOKEN')).toEqual(false);`
			`req.flush({});`
			`});`
build: reformat repo to new clang@1.4.0 (#36613) PR Close #36613 2020-04-13 16:40:21 -07:00			`afterEach(() => {`
			`backend.verify();`
			`});`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`});`
			`describe('HttpXsrfCookieExtractor', () => {`
			`let document: {[key: string]: string};`
build: enable TSLint on the packages folder 2017-07-27 16:13:16 -07:00			`let extractor: HttpXsrfCookieExtractor;`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`beforeEach(() => {`
			`document = {`
			`cookie: 'XSRF-TOKEN=test',`
			`};`
			`extractor = new HttpXsrfCookieExtractor(document, 'browser', 'XSRF-TOKEN');`
			`});`
build: reformat repo to new clang@1.4.0 (#36613) PR Close #36613 2020-04-13 16:40:21 -07:00			`it('parses the cookie from document.cookie', () => {`
			`expect(extractor.getToken()).toEqual('test');`
			`});`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`it('does not re-parse if document.cookie has not changed', () => {`
			`expect(extractor.getToken()).toEqual('test');`
			`expect(extractor.getToken()).toEqual('test');`
test(common): run common/http tests with Bazel (#24738) @angular/common/http had tests which were not executed in Bazel. This commit adds a BUILD.bazel file and ensures the tests pass. PR Close #24738 2018-06-29 11:55:55 -07:00			`expect(getParseCount(extractor)).toEqual(1);`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`});`
			`it('re-parses if document.cookie changes', () => {`
			`expect(extractor.getToken()).toEqual('test');`
			`document['cookie'] = 'XSRF-TOKEN=blah';`
			`expect(extractor.getToken()).toEqual('blah');`
test(common): run common/http tests with Bazel (#24738) @angular/common/http had tests which were not executed in Bazel. This commit adds a BUILD.bazel file and ensures the tests pass. PR Close #24738 2018-06-29 11:55:55 -07:00			`expect(getParseCount(extractor)).toEqual(2);`
feat(common): on-by-default XSRF support in HttpClient (#18108) Fixes #18100 2017-07-13 17:22:02 -07:00			`});`
			`});`
			`}`
test(common): run common/http tests with Bazel (#24738) @angular/common/http had tests which were not executed in Bazel. This commit adds a BUILD.bazel file and ensures the tests pass. PR Close #24738 2018-06-29 11:55:55 -07:00
			`function getParseCount(extractor: HttpXsrfCookieExtractor): number {`
			`return (extractor as any).parseCount;`
test(ivy): fix paths for http tests to work with ivy (#27121) PR Close #27121 2018-11-15 11:35:08 -08:00			`}`