Sha256: 9967b521865547a8340602dd65a83ba849b460df57138bc5fe853f3cedc6bb66
Contents?: true
Size: 1.86 KB
Versions: 2
Compression:
Stored size: 1.86 KB
Contents
require File.expand_path('../../../../spec/helper', __FILE__) require 'ramaze/helper/csrf' class SpecHelperCSRF < Ramaze::Controller engine :none helper :csrf before_all do csrf_protection :check_post, :protect_me do respond("The specified CSRF token is incorrect.", 401) end end def index generate_csrf_token end def get return get_csrf_token end def regenerate $token_sess = session[:_csrf][:token] $token_method = get_csrf_token end def check_ttl generate_csrf_token :ttl => 3 $old_token = get_csrf_token sleep 4 $new_token = get_csrf_token end def check_post "POST allowed." end def get_token get_csrf_token end end describe Ramaze::Helper::CSRF do behaves_like :rack_test it 'generate a new csrf token' do got = get '/' got.status.should.equal 200 got.body.should.equal '' end it 'retrieve the current CSRF token' do got = get '/get' got.status.should.equal 200 got.body.length.should.equal 128 end it 'generate a new token if the previous one is valid' do got = get '/regenerate' got.status.should.equal 200 $token_sess.should.not.equal $token_method end it 'expire token after 3 seconds' do got = get '/check_ttl' got.status.should.equal 200 $old_token.should.not.equal $new_token end it 'validate all HTTP requests' do methods = [:get, :post, :put, :delete] methods.each do |method| token = get('/get_token').body got_invalid = self.send(method, '/check_post', :name => "Yorick Peterse") got_valid = self.send(method, '/check_post', :csrf_token => token) got_invalid.status.should.equal 401 got_invalid.body.should.equal "The specified CSRF token is incorrect." got_valid.status.should.equal 200 got_valid.body.should.equal "POST allowed." end end end
Version data entries
2 entries across 2 versions & 1 rubygems
Version | Path |
---|---|
ramaze-2012.04.14 | spec/ramaze/helper/csrf.rb |
ramaze-2012.03.07 | spec/ramaze/helper/csrf.rb |