🔧 fix(middleware/csrf): unmatched token returns nil error (#1667)

* Update csrf.go * Update csrf_test.go * fix(middleware/csrf): missing token return and unit test * Update csrf_test.go
2025-02-21 19:32:58 +00:00 · 2021-12-28 21:13:20 -04:00 · 2021-12-28 21:13:20 -04:00 · 59e4bf6cc5
commit 59e4bf6cc5
parent f04ddd41ff
2 changed files with 8 additions and 1 deletions
--- a/middleware/csrf/csrf.go
+++ b/middleware/csrf/csrf.go
@ -1,11 +1,16 @@
 package csrf

 import (
+	"errors"
 	"time"

 	"github.com/gofiber/fiber/v2"
 )

+var (
+	errTokenNotFound = errors.New("csrf token not found")
+)
+
 // New creates a new middleware handler
 func New(config ...Config) fiber.Handler {
 	// Set default config
@ -51,7 +56,7 @@ func New(config ...Config) fiber.Handler {
 					HTTPOnly: cfg.CookieHTTPOnly,
 					SameSite: cfg.CookieSameSite,
 				})
-				return cfg.ErrorHandler(c, err)
+				return cfg.ErrorHandler(c, errTokenNotFound)
 			}
 		}

--- a/middleware/csrf/csrf_test.go
+++ b/middleware/csrf/csrf_test.go
@ -240,6 +240,7 @@ func Test_CSRF_ErrorHandler_InvalidToken(t *testing.T) {
 	app := fiber.New()

 	errHandler := func(ctx *fiber.Ctx, err error) error {
+		utils.AssertEqual(t, errTokenNotFound, err)
 		return ctx.Status(419).Send([]byte("invalid CSRF token"))
 	}

@ -270,6 +271,7 @@ func Test_CSRF_ErrorHandler_EmptyToken(t *testing.T) {
 	app := fiber.New()

 	errHandler := func(ctx *fiber.Ctx, err error) error {
+		utils.AssertEqual(t, errMissingHeader, err)
 		return ctx.Status(419).Send([]byte("empty CSRF token"))
 	}