Sha256: 186bcd3945b13b0e15f1b81c9056ab94726c686f9038005b606f9f338534d942
Contents?: true
Size: 1.24 KB
Versions: 3
Compression:
Stored size: 1.24 KB
Contents
require 'spec_helper'
class ForgeriesController < ActionController::Base
include Clearance::Authentication
protect_from_forgery
before_filter :authorize
# This is off in test by default, but we need it for this test
self.allow_forgery_protection = true
def create
redirect_to :action => 'index'
end
end
describe ForgeriesController do
context "signed in user" do
before do
Rails.application.routes.draw do
resources :forgeries
match 'sign_in' => 'clearance/sessions#new', :as => 'sign_in'
end
@user = Factory(:user)
@user.update_attribute(:remember_token, "old-token")
@request.cookies["remember_token"] = "old-token"
@request.session[:_csrf_token] = "golden-ticket"
end
after do
Rails.application.reload_routes!
end
it "succeeds with authentic token" do
post :create, :authenticity_token => "golden-ticket"
subject.should redirect_to(:action => 'index')
end
it "redirects to sign_in with invalid token" do
post :create, :authenticity_token => "hax0r"
subject.should redirect_to(sign_in_url)
end
it "redirects to sign_in with no token" do
post :create
subject.should redirect_to(sign_in_url)
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems