summaryrefslogtreecommitdiffstats
path: root/model
diff options
context:
space:
mode:
Diffstat (limited to 'model')
-rw-r--r--model/session.go14
-rw-r--r--model/session_test.go15
2 files changed, 29 insertions, 0 deletions
diff --git a/model/session.go b/model/session.go
index 7c6bbe06d..d59e9b183 100644
--- a/model/session.go
+++ b/model/session.go
@@ -135,6 +135,20 @@ func (me *Session) GetUserRoles() []string {
return strings.Fields(me.Roles)
}
+func (me *Session) GenerateCSRF() string {
+ token := NewId()
+ me.AddProp("csrf", token)
+ return token
+}
+
+func (me *Session) GetCSRF() string {
+ if me.Props == nil {
+ return ""
+ }
+
+ return me.Props["csrf"]
+}
+
func SessionsToJson(o []*Session) string {
if b, err := json.Marshal(o); err != nil {
return "[]"
diff --git a/model/session_test.go b/model/session_test.go
index 5f4a4730d..bf32d2f09 100644
--- a/model/session_test.go
+++ b/model/session_test.go
@@ -63,3 +63,18 @@ func TestSessionJson(t *testing.T) {
session.SetExpireInDays(10)
}
+
+func TestSessionCSRF(t *testing.T) {
+ s := Session{}
+ token := s.GetCSRF()
+ assert.Empty(t, token)
+
+ token = s.GenerateCSRF()
+ assert.NotEmpty(t, token)
+
+ token2 := s.GetCSRF()
+ assert.NotEmpty(t, token2)
+ assert.Equal(t, token, token2)
+}
+
+