Sha256: 311cabca19a8d88e7b21e774db340457217eecd8271d5e1b47ceb26e50c75fb7
Contents?: true
Size: 1.18 KB
Versions: 2
Compression:
Stored size: 1.18 KB
Contents
require 'spec_helper'
class ForgeriesController < ActionController::Base
include Clearance::Controller
protect_from_forgery
before_filter :authorize
# This is off in test by default, but we need it for this test
self.allow_forgery_protection = true
def create
redirect_to action: 'index'
end
end
describe ForgeriesController do
context 'signed in user' do
before do
Rails.application.routes.draw do
resources :forgeries
get '/sign_in' => 'clearance/sessions#new', as: 'sign_in'
end
@user = create(:user)
@user.update_attribute(:remember_token, 'old-token')
@request.cookies['remember_token'] = 'old-token'
@request.session[:_csrf_token] = 'golden-ticket'
end
after do
Rails.application.reload_routes!
end
it 'succeeds with authentic token' do
post :create, authenticity_token: 'golden-ticket'
expect(subject).to redirect_to(action: 'index')
end
it 'fails with invalid token' do
post :create, authenticity_token: 'hax0r'
expect(subject).to deny_access
end
it 'fails with no token' do
post :create
expect(subject).to deny_access
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| clearance-1.5.1 | spec/controllers/forgeries_controller_spec.rb |
| clearance-1.5.0 | spec/controllers/forgeries_controller_spec.rb |