Sha256: 690398027cfb510d9fecb1b07f131710ad5f1ee9285e877f87f19277470d8969

Contents?: true

Size: 1.19 KB

Versions: 6

Compression:

Stored size: 1.19 KB

Contents

require 'spec_helper'

class ForgeriesController < ActionController::Base
  include Clearance::Authentication
  protect_from_forgery
  before_filter :authorize

  # This is off in test by default, but we need it for this test
  self.allow_forgery_protection = true

  def create
    redirect_to :action => 'index'
  end
end

describe ForgeriesController do
  context "signed in user" do
    before do
      Rails.application.routes.draw do
        resources :forgeries
        match 'sign_in'  => 'clearance/sessions#new', :as => 'sign_in'
      end

      @user = Factory(:user)
      @user.update_attribute(:remember_token, "old-token")
      @request.cookies["remember_token"] = "old-token"
      @request.session[:_csrf_token] = "golden-ticket"
    end

    after do
      Rails.application.reload_routes!
    end

    it "succeeds with authentic token" do
      post :create, :authenticity_token => "golden-ticket"
      subject.should redirect_to(:action => 'index')
    end

    it "fails with invalid token" do
      post :create, :authenticity_token => "hax0r"
      subject.should deny_access
    end

    it "fails with no token" do
      post :create
      subject.should deny_access
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
clearance-0.16.0 spec/controllers/forgeries_controller_spec.rb
clearance-0.15.0 spec/controllers/forgeries_controller_spec.rb
clearance-0.14.0 spec/controllers/forgeries_controller_spec.rb
clearance-0.13.2 spec/controllers/forgeries_controller_spec.rb
clearance-0.13.0 spec/controllers/forgeries_controller_spec.rb
clearance-0.12.0 spec/controllers/forgeries_controller_spec.rb