RubygemsResearch

Sha256: ac379d33a6845fd464e2c0b73bc682bb55f2f0ce50b464c4a80805762128d138

Contents?: true

Size: 1.57 KB

Versions: 20

Compression:

Stored size: 1.57 KB

require File.expand_path("spec_helper", File.dirname(File.dirname(__FILE__)))

begin
  require 'rack/csrf'
rescue LoadError
  warn "rack_csrf not installed, skipping csrf plugin test"  
else
describe "csrf plugin" do 
  it "adds csrf protection and csrf helper methods" do
    app(:bare) do
      use Rack::Session::Cookie, :secret=>'1'
      plugin :csrf, :skip=>['POST:/foo']

      route do |r|
        r.get do
          response['TAG'] = csrf_tag
          response['METATAG'] = csrf_metatag
          response['TOKEN'] = csrf_token
          response['FIELD'] = csrf_field
          response['HEADER'] = csrf_header
          'g'
        end
        r.post 'foo' do
          'bar'
        end
        r.post do
          'p'
        end
      end
    end

    io = StringIO.new
    status('REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 403
    body('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'bar'

    env = proc{|h| h['Set-Cookie'] ? {'HTTP_COOKIE'=>h['Set-Cookie'].sub("; path=/; HttpOnly", '')} : {}}
    s, h, b = req
    s.must_equal 200
    field = h['FIELD']
    token = Regexp.escape(h['TOKEN'])
    h['TAG'].must_match(/\A<input type="hidden" name="#{field}" value="#{token}" \/>\z/)
    h['METATAG'].must_match(/\A<meta name="#{field}" content="#{token}" \/>\z/)
    b.must_equal ['g']
    s, _, b = req('/', env[h].merge('REQUEST_METHOD'=>'POST', 'rack.input'=>io, "HTTP_#{h['HEADER']}"=>h['TOKEN']))
    s.must_equal 200
    b.must_equal ['p']

    app.plugin :csrf
    body('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'bar'
  end
end
end

Version data entries

20 entries across 20 versions & 1 rubygems

Version	Path
roda-2.25.0	spec/plugin/csrf_spec.rb
roda-2.24.0	spec/plugin/csrf_spec.rb
roda-2.23.0	spec/plugin/csrf_spec.rb
roda-2.22.0	spec/plugin/csrf_spec.rb
roda-2.21.0	spec/plugin/csrf_spec.rb
roda-2.20.0	spec/plugin/csrf_spec.rb
roda-2.19.0	spec/plugin/csrf_spec.rb
roda-2.18.0	spec/plugin/csrf_spec.rb
roda-2.17.0	spec/plugin/csrf_spec.rb
roda-2.16.0	spec/plugin/csrf_spec.rb
roda-2.15.0	spec/plugin/csrf_spec.rb
roda-2.14.0	spec/plugin/csrf_spec.rb
roda-2.13.0	spec/plugin/csrf_spec.rb
roda-2.12.0	spec/plugin/csrf_spec.rb
roda-2.11.0	spec/plugin/csrf_spec.rb
roda-2.10.0	spec/plugin/csrf_spec.rb
roda-2.9.0	spec/plugin/csrf_spec.rb
roda-2.8.0	spec/plugin/csrf_spec.rb
roda-2.7.0	spec/plugin/csrf_spec.rb
roda-2.6.0	spec/plugin/csrf_spec.rb