frontend: disabled button while processing password reset

2025-02-28 08:51:35 +01:00
parent 8137f121ed
commit 9c9430ca9c
92 changed files with 37 additions and 17 deletions
--- a/go-backend/internal/middlewares/csp_test.go
+++ b/go-backend/internal/middlewares/csp_test.go
@@ -0,0 +1,81 @@
+package middlewares
+
+import (
+	"GoMembership/internal/config"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCSPMiddleware(t *testing.T) {
+	// Save the current environment and restore it after the test
+	originalEnv := config.Env
+
+	tests := []struct {
+		name           string
+		environment    string
+		expectedHeader string
+		expectedPolicy string
+	}{
+		{
+			name:           "Development Environment",
+			environment:    "development",
+			expectedHeader: "Content-Security-Policy-Report-Only",
+			expectedPolicy: "default-src 'self'; " +
+				"script-src 'self' 'unsafe-inline'" +
+				"style-src 'self' 'unsafe-inline'" +
+				"img-src 'self'" +
+				"font-src 'self'" +
+				"connect-src 'self'; " +
+				"frame-ancestors 'none'; " +
+				"form-action 'self'; " +
+				"base-uri 'self'; " +
+				"upgrade-insecure-requests; report-uri /csp-report;",
+		},
+		{
+			name:           "Production Environment",
+			environment:    "production",
+			expectedHeader: "Content-Security-Policy",
+			expectedPolicy: "default-src 'self'; " +
+				"script-src 'self' 'unsafe-inline'" +
+				"style-src 'self' 'unsafe-inline'" +
+				"img-src 'self'" +
+				"font-src 'self'" +
+				"connect-src 'self'; " +
+				"frame-ancestors 'none'; " +
+				"form-action 'self'; " +
+				"base-uri 'self'; " +
+				"upgrade-insecure-requests;",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Set up the test environment
+			config.Env = tt.environment
+
+			// Create a new Gin router with the middleware
+			gin.SetMode(gin.TestMode)
+			router := gin.New()
+			router.Use(CSPMiddleware())
+			router.GET("/test", func(c *gin.Context) {
+				c.String(http.StatusOK, "test")
+			})
+
+			// Create a test request
+			req, _ := http.NewRequest("GET", "/test", nil)
+			w := httptest.NewRecorder()
+
+			// Serve the request
+			router.ServeHTTP(w, req)
+
+			// Check the response
+			assert.Equal(t, http.StatusOK, w.Code)
+			assert.Equal(t, tt.expectedPolicy, w.Header().Get(tt.expectedHeader))
+		})
+	}
+	config.Env = originalEnv
+}