From e665732f822d302f4b14da4626395c3032049c24 Mon Sep 17 00:00:00 2001
From: Peter Makowski <peter.makowski@canonical.com>
Date: Wed, 26 Jun 2024 11:39:50 +0200
Subject: [PATCH] test: add invalid CSRF token test case (#5488)

Signed-off-by: Peter Makowski <peter.makowski@canonical.com>
---
 src/app/api/base.test.ts | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/app/api/base.test.ts b/src/app/api/base.test.ts
index d665931764..64367c33d0 100644
--- a/src/app/api/base.test.ts
+++ b/src/app/api/base.test.ts
@@ -42,3 +42,19 @@ it("should handle errors", async () => {
     .mockResolvedValue({ ok: false, statusText: "Bad Request" });
   await expect(fetchWithAuth(url)).rejects.toThrow("Bad Request");
 });
+
+it("should handle invalid CSRF token", async () => {
+  (getCookie as Mock).mockReturnValue(null);
+
+  const mockResponse = {
+    ok: false,
+    status: 403,
+    statusText: "Forbidden",
+  };
+  global.fetch = vi.fn().mockResolvedValue(mockResponse);
+
+  await expect(fetchWithAuth(url)).rejects.toThrow("Forbidden");
+  expect(fetch).toHaveBeenCalledWith(url, {
+    headers: { ...DEFAULT_HEADERS, "X-CSRFToken": "" },
+  });
+});