Sha256: 5dd709612758e411fe099a42e3da1358722548f9101350af989415a8a3f3b949
Contents?: true
Size: 1.46 KB
Versions: 2
Compression:
Stored size: 1.46 KB
Contents
require 'test_helper'
require 'linkedin_sign_in/redirect_protector'
class LinkedinSignIn::RedirectProtectorTest < ActiveSupport::TestCase
test "disallows URL target with different host than source" do
assert_raises LinkedinSignIn::RedirectProtector::Violation do
LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://malicious.example.com', 'https://genezys.net'
end
end
test "disallows URL target with different port than source" do
assert_raises LinkedinSignIn::RedirectProtector::Violation do
LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://genezys.net:10443', 'https://genezys.net'
end
end
test "disallows URL target with different protocol than source" do
assert_raises LinkedinSignIn::RedirectProtector::Violation do
LinkedinSignIn::RedirectProtector.ensure_same_origin 'http://genezys.net', 'https://genezys.net'
end
end
test "disallows empty URL target" do
assert_raises LinkedinSignIn::RedirectProtector::Violation do
LinkedinSignIn::RedirectProtector.ensure_same_origin nil, 'http://genezys.net'
end
end
test "allows URL target with same origin as source" do
assert_nothing_raised do
LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://genezys.net', 'https://genezys.net'
end
end
test "allows path target" do
assert_nothing_raised do
LinkedinSignIn::RedirectProtector.ensure_same_origin '/callback', 'https://genezys.net'
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| linkedin_sign_in-0.6.0 | test/models/redirect_protector_test.rb |
| linkedin_sign_in-0.5.0 | test/models/redirect_protector_test.rb |