Sha256: a82d7193e8f27d20195931478171adf8c9b53c8ff6a242e1d3a63bc9c7dc629b
Contents?: true
Size: 1.26 KB
Versions: 4
Compression:
Stored size: 1.26 KB
Contents
require File.expand_path(File.dirname(__FILE__) + '/spec_helper') describe "ActionController::RequestForgeryProtection" do include ActionController::RequestForgeryProtection let(:request) { double('request') } let(:session) { {} } before(:each) do request.stub(:subdomain).and_return('pets') request.stub_chain(:session_options, :[]).and_return('abc') end describe "#form_authenticity_token" do context "when XSRF_TOKEN_SECRET is blank" do it "should raise an exception" do XSRF_TOKEN_SECRET = '' lambda { form_authenticity_token }.should raise_error end end context "when the user has a session" do it "should be generated from the XSRF_TOKEN_SECRET salted with the session id and the subdomain" do request.stub_chain(:session_options, :[]).and_return('abc') XSRF_TOKEN_SECRET = 'xyz' form_authenticity_token.should == Digest::SHA1.hexdigest('xyzabcpets') end end context "when there is no session id" do it "should call the original form_authenticity_token" do request.stub_chain(:session_options, :[]).and_return(nil) self.should_receive(:original_form_authenticity_token) form_authenticity_token end end end end
Version data entries
4 entries across 4 versions & 1 rubygems