chore(auth): #331 add tests for delete account

2024-12-22 23:07:15 +01:00
parent 6a551929c5
commit fb6cc0acda
3 changed files with 164 additions and 3 deletions
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -262,7 +262,7 @@ func (handler AuthImpl) handleDeleteAccountComp() http.HandlerFunc {
 		err := handler.service.DeleteAccount(user, password)
 		if err != nil {
 			if err == service.ErrInvalidCredentials {
-				utils.TriggerToast(w, r, "error", "Password not correct", http.StatusUnauthorized)
+				utils.TriggerToast(w, r, "error", "Password not correct", http.StatusBadRequest)
 			} else {
 				utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
 			}
--- a/handler/middleware/cross_site_request_forgery.go
+++ b/handler/middleware/cross_site_request_forgery.go
@@ -56,8 +56,8 @@ func CrossSiteRequestForgery(auth service.Auth) func(http.Handler) http.Handler
 				if csrfToken == "" {
 					csrfToken = r.Header.Get("csrf-token")
 				}
-				if csrfToken == "" || !auth.IsCsrfTokenValid(csrfToken, session.Id) {
-					http.Error(w, "", http.StatusForbidden)
+				if session == nil || csrfToken == "" || !auth.IsCsrfTokenValid(csrfToken, session.Id) {
+					http.Error(w, "CSRF-Token not correct", http.StatusBadRequest)
 					return
 				}
 			}