诀窍是您需要将POST测试包装在GET中,并从cookie中解析必要的CSRF令牌。首先,假设您创建了一个与Angular兼容的CSRF
cookie,如下所示:
.use(express.csrf()).use(function (req, res, next) { res.cookie('XSRF-TOKEN', req.session._csrf); res.locals.csrftoken = req.session._csrf; next();})然后,您的测试可能如下所示:
describe('Authenticated Jade tests', function () { this.timeout(5000); before(function (done) { [Set up an authenticated user here] }); var validPaths = ['/help', '/products']; async.each(validPaths, function (path, callback) { it('should confirm that ' + path + ' serves HTML and is only available when logged in', function (done) { request.get('https://127.0.0.1:' + process.env.PORT + path, function (err, res, body) { expect(res.statusCode).to.be(302); expect(res.headers.location).to.be('/login'); expect(body).to.be('Moved Temporarily. Redirecting to /login'); var csrftoken = unescape(/XSRF-TOKEN=(.*?);/.exec(res.headers['set-cookie'])[1]); var authAttributes = { _csrf: csrftoken, email: userAttributes.email, password: 'password' }; request.post('https://127.0.0.1:' + process.env.PORT + '/login', { body: authAttributes, json: true }, function (err, res) { expect(res.statusCode).to.be(303); request.get('https://127.0.0.1:' + process.env.PORT + path, function (err, res, body) { expect(res.statusCode).to.be(200); expect(body.toString().substr(-14)).to.be('</body></html>'); request.get('https://127.0.0.1:' + process.env.PORT + '/bye', function () { done(); }); }); }); }); }); callback(); });});这个想法是实际登录并使用您从cookie获得的CSRF令牌。请注意,您需要在mocha测试文件的顶部执行以下操作:
var request = require('request').defaults({jar: true, followRedirect: false});
