cbaines/safsaf
cbaines/safsaf
1
Fork 0
Code Issues Pull requests Projects Releases Activity Actions

Initial commit
All checks were successful
/ test (push) Successful in 9s
Details

Browse source 
Safsaf is a Guile web framework, written using Claude Code running
Claude Opus 4.6, based off of the Guix Data Service, Nar Herder and
Guix Build Coordinator codebases.
This commit is contained in:
Christopher Baines 2026-04-13 14:24:19 +03:00
commit 5b0e6397dc
53 changed files with 7427 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

65
tests/test-csrf-validation.scm Normal file
View file

@ -0,0 +1,65 @@
;; Safsaf, a Guile web framework
;; Copyright (C) 2026 Christopher Baines <mail@cbaines.net>
;; This program is free software: you can redistribute it and/or
;; modify it under the terms of the GNU Lesser General Public License
;; as published by the Free Software Foundation, either version 3 of
;; the License, or (at your option) any later version.
;;
;; This program is distributed in the hope that it will be useful, but
;; WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
;; Lesser General Public License for more details.
;;
;; You should have received a copy of the GNU Lesser General Public
;; License along with this program. If not, see
;; <https://www.gnu.org/licenses/>.
;;; test-csrf-validation.scm — Tests for CSRF integration in (safsaf params)
;;; and (safsaf handler-wrappers csrf)
(use-modules (tests support)
(safsaf params)
(safsaf handler-wrappers csrf))
(define-suite csrf-validation-tests
(suite "csrf"
(test "csrf-token-field produces sxml"
(parameterize ((current-csrf-token "abc123"))
(let ((field (csrf-token-field)))
(is (pair? field))
(is (eq? 'input (car field))))))
(test "parse-form-params checks csrf"
(parameterize ((current-csrf-token "tok123"))
(let ((result (parse-form-params '()
'(("csrf-token" . "tok123")))))
(is (not (any-invalid-params? result))))
(let ((result (parse-form-params '()
'(("csrf-token" . "wrong")))))
(is (any-invalid-params? result)))))
(test "parse-form-params csrf missing"
(parameterize ((current-csrf-token "tok123"))
(let ((result (parse-form-params '() '())))
(is (any-invalid-params? result)))))
(test "parse-form-params validates other fields too"
(parameterize ((current-csrf-token "tok123"))
(let ((result (parse-form-params
`((name ,as-string #:required))
'(("csrf-token" . "tok123") ("name" . "Alice")))))
(is (not (any-invalid-params? result)))
(is (equal? "Alice" (assq-ref result 'name))))))
(test "parse-form-params field errors with valid csrf"
(parameterize ((current-csrf-token "tok123"))
(let ((result (parse-form-params
`((name ,as-string #:required))
'(("csrf-token" . "tok123")))))
(is (any-invalid-params? result))
(is (invalid-param? (assq-ref result 'name))))))))
(run-tests csrf-validation-tests)