Sha256: 088f18ec32d1c03288674536a5ce5b7f8b64bb9e2c4b97398d46735929d9dba8
Contents?: true
Size: 1.47 KB
Versions: 4
Compression:
Stored size: 1.47 KB
Contents
require File.expand_path("spec_helper", File.dirname(File.dirname(__FILE__)))
begin
require 'rack/csrf'
rescue LoadError
warn "rack_csrf not installed, skipping csrf plugin test"
else
describe "csrf plugin" do
it "adds csrf protection and csrf helper methods" do
app(:bare) do
use Rack::Session::Cookie, :secret=>'1'
plugin :csrf, :skip=>['POST:/foo']
route do |r|
r.get do
response['TAG'] = csrf_tag
response['METATAG'] = csrf_metatag
response['TOKEN'] = csrf_token
response['FIELD'] = csrf_field
response['HEADER'] = csrf_header
'g'
end
r.post 'foo' do
'bar'
end
r.post do
'p'
end
end
end
io = StringIO.new
status('REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 403
body('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'bar'
env = proc{|h| h['Set-Cookie'] ? {'HTTP_COOKIE'=>h['Set-Cookie'].sub("; path=/; HttpOnly", '')} : {}}
s, h, b = req
s.must_equal 200
field = h['FIELD']
token = Regexp.escape(h['TOKEN'])
h['TAG'].must_match(/\A<input type="hidden" name="#{field}" value="#{token}" \/>\z/)
h['METATAG'].must_match(/\A<meta name="#{field}" content="#{token}" \/>\z/)
b.must_equal ['g']
s, _, b = req('/', env[h].merge('REQUEST_METHOD'=>'POST', 'rack.input'=>io, "HTTP_#{h['HEADER']}"=>h['TOKEN']))
s.must_equal 200
b.must_equal ['p']
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems
| Version | Path |
|---|---|
| roda-2.5.1 | spec/plugin/csrf_spec.rb |
| roda-2.5.0 | spec/plugin/csrf_spec.rb |
| roda-2.4.0 | spec/plugin/csrf_spec.rb |
| roda-2.3.0 | spec/plugin/csrf_spec.rb |