Sha256: a82d7193e8f27d20195931478171adf8c9b53c8ff6a242e1d3a63bc9c7dc629b

Contents?: true

Size: 1.26 KB

Versions: 4

Compression:

Stored size: 1.26 KB

Contents

require File.expand_path(File.dirname(__FILE__) + '/spec_helper')

describe "ActionController::RequestForgeryProtection" do
  include ActionController::RequestForgeryProtection
  let(:request) { double('request') }
  let(:session) { {} }

  before(:each) do
    request.stub(:subdomain).and_return('pets')
    request.stub_chain(:session_options, :[]).and_return('abc')
  end

  describe "#form_authenticity_token" do

    context "when XSRF_TOKEN_SECRET is blank" do
      it "should raise an exception" do
        XSRF_TOKEN_SECRET = ''
        lambda {
          form_authenticity_token
        }.should raise_error
      end
    end

    context "when the user has a session" do

      it "should be generated from the XSRF_TOKEN_SECRET salted with the session id and the subdomain" do
        request.stub_chain(:session_options, :[]).and_return('abc')
        XSRF_TOKEN_SECRET = 'xyz'
        form_authenticity_token.should == Digest::SHA1.hexdigest('xyzabcpets')
      end

    end

    context "when there is no session id" do
      it "should call the original form_authenticity_token" do
        request.stub_chain(:session_options, :[]).and_return(nil)
        self.should_receive(:original_form_authenticity_token)
        form_authenticity_token
      end
    end

  end

end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
subdomainbox-0.3.5 spec/secure_xsrf_token_spec.rb
subdomainbox-0.3.4 spec/secure_xsrf_token_spec.rb
subdomainbox-0.3.3 spec/secure_xsrf_token_spec.rb
subdomainbox-0.2.0 spec/secure_xsrf_token_spec.rb