Sha256: a82d7193e8f27d20195931478171adf8c9b53c8ff6a242e1d3a63bc9c7dc629b
Contents?: true
Size: 1.26 KB
Versions: 4
Compression:
Stored size: 1.26 KB
Contents
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
describe "ActionController::RequestForgeryProtection" do
include ActionController::RequestForgeryProtection
let(:request) { double('request') }
let(:session) { {} }
before(:each) do
request.stub(:subdomain).and_return('pets')
request.stub_chain(:session_options, :[]).and_return('abc')
end
describe "#form_authenticity_token" do
context "when XSRF_TOKEN_SECRET is blank" do
it "should raise an exception" do
XSRF_TOKEN_SECRET = ''
lambda {
form_authenticity_token
}.should raise_error
end
end
context "when the user has a session" do
it "should be generated from the XSRF_TOKEN_SECRET salted with the session id and the subdomain" do
request.stub_chain(:session_options, :[]).and_return('abc')
XSRF_TOKEN_SECRET = 'xyz'
form_authenticity_token.should == Digest::SHA1.hexdigest('xyzabcpets')
end
end
context "when there is no session id" do
it "should call the original form_authenticity_token" do
request.stub_chain(:session_options, :[]).and_return(nil)
self.should_receive(:original_form_authenticity_token)
form_authenticity_token
end
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems