From 2f203bf2d90a5ae9c91e70d0029a932ec602bb39 Mon Sep 17 00:00:00 2001 From: rcourtman Date: Tue, 2 Dec 2025 13:51:27 +0000 Subject: [PATCH] test: Add CheckCSRF valid token test for 100% coverage Test the success path where a valid CSRF token is provided with a matching session. This covers the final branch in CheckCSRF. --- internal/api/security_test.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/internal/api/security_test.go b/internal/api/security_test.go index 0332ae2..6134c42 100644 --- a/internal/api/security_test.go +++ b/internal/api/security_test.go @@ -1333,6 +1333,32 @@ func TestCheckCSRF_InvalidCSRFToken(t *testing.T) { } } +func TestCheckCSRF_ValidCSRFToken(t *testing.T) { + // Initialize stores with temp directory + dir := t.TempDir() + InitCSRFStore(dir) + + // Create a session ID + sessionID := "valid-session-id-12345678" + + // Generate a valid CSRF token for this session + validToken := generateCSRFToken(sessionID) + + w := httptest.NewRecorder() + req := httptest.NewRequest("POST", "/api/test", nil) + req.AddCookie(&http.Cookie{ + Name: "pulse_session", + Value: sessionID, + }) + req.Header.Set("X-CSRF-Token", validToken) + + // Valid CSRF token should pass + result := CheckCSRF(w, req) + if !result { + t.Error("CheckCSRF should return true when CSRF token is valid") + } +} + func TestCheckCSRF_CSRFTokenFromFormValue(t *testing.T) { w := httptest.NewRecorder() req := httptest.NewRequest("POST", "/api/test?csrf_token=form-token-value", nil)