Sha256: 9967b521865547a8340602dd65a83ba849b460df57138bc5fe853f3cedc6bb66

Contents?: true

Size: 1.86 KB

Versions: 2

Compression:

Stored size: 1.86 KB

Contents

require File.expand_path('../../../../spec/helper', __FILE__)
require 'ramaze/helper/csrf'

class SpecHelperCSRF < Ramaze::Controller

  engine :none
  helper :csrf

  before_all do
    csrf_protection :check_post, :protect_me do
      respond("The specified CSRF token is incorrect.", 401)
    end
  end

  def index
    generate_csrf_token
  end

  def get
    return get_csrf_token
  end

  def regenerate
    $token_sess   = session[:_csrf][:token]
    $token_method = get_csrf_token
  end

  def check_ttl
    generate_csrf_token :ttl => 3
    $old_token = get_csrf_token
    sleep 4
    $new_token = get_csrf_token
  end

  def check_post
    "POST allowed."
  end

  def get_token
    get_csrf_token
  end
end

describe Ramaze::Helper::CSRF do
  behaves_like :rack_test

  it 'generate a new csrf token' do
    got = get '/'

    got.status.should.equal 200
    got.body.should.equal ''
  end

  it 'retrieve the current CSRF token' do
    got = get '/get'

    got.status.should.equal 200
    got.body.length.should.equal 128
  end

  it 'generate a new token if the previous one is valid' do
    got = get '/regenerate'

    got.status.should.equal      200
    $token_sess.should.not.equal $token_method
  end

  it 'expire token after 3 seconds' do
    got = get '/check_ttl'

    got.status.should.equal 200
    $old_token.should.not.equal $new_token
  end

  it 'validate all HTTP requests' do
    methods = [:get, :post, :put, :delete]

    methods.each do |method|
      token       = get('/get_token').body
      got_invalid = self.send(method, '/check_post', :name => "Yorick Peterse")
      got_valid   = self.send(method, '/check_post', :csrf_token => token)

      got_invalid.status.should.equal 401
      got_invalid.body.should.equal "The specified CSRF token is incorrect."

      got_valid.status.should.equal 200
      got_valid.body.should.equal "POST allowed."
    end
  end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version Path
ramaze-2012.04.14 spec/ramaze/helper/csrf.rb
ramaze-2012.03.07 spec/ramaze/helper/csrf.rb