{csrf} = require '../../src'

module.exports =
    'error if session is missing': (test) ->
        test.throws -> csrf() {}
        test.done()

    'ignore get': (test) ->
        csrf() {session: {}, method: 'get'}, {}, -> test.done()

    'ignore head': (test) ->
        csrf() {session: {}, method: 'head'}, {}, -> test.done()

    'post with correct csrf': (test) ->
        req =
            session: {csrfToken: 'csrf_token'}
            method: 'post'
            body: {csrf_token: 'csrf_token'}
        csrf() req, {}, -> test.done()

    'post with wrong csrf': (test) ->
        req =
            session: {csrfToken: 'token'}
            method: 'post'
            body: {csrf_token: 'wrong_token'}

        onFail = (req, res) -> test.done()
        csrf(onFail) req, {}