Sha256: b21f0842f9168d553638b4421c1235e69cf3fa3e83d465bca8a16c1dca96e8ca
Contents?: true
Size: 1.25 KB
Versions: 3
Compression:
Stored size: 1.25 KB
Contents
require 'test_helper'
require 'linkedin_sign_in/redirect_protector'
class LinkedinSignIn::RedirectProtectorTest < ActiveSupport::TestCase
test "disallows URL target with different host than source" do
assert_raises LinkedinSignIn::RedirectProtector::Violation do
LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://malicious.example.com', 'https://genezys.net'
end
end
test "disallows URL target with different port than source" do
assert_raises LinkedinSignIn::RedirectProtector::Violation do
LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://genezys.net:10443', 'https://genezys.net'
end
end
test "disallows URL target with different protocol than source" do
assert_raises LinkedinSignIn::RedirectProtector::Violation do
LinkedinSignIn::RedirectProtector.ensure_same_origin 'http://genezys.net', 'https://genezys.net'
end
end
test "allows URL target with same origin as source" do
assert_nothing_raised do
LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://genezys.net', 'https://genezys.net'
end
end
test "allows path target" do
assert_nothing_raised do
LinkedinSignIn::RedirectProtector.ensure_same_origin '/callback', 'https://genezys.net'
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| linkedin_sign_in-0.4.0 | test/models/redirect_protector_test.rb |
| linkedin_sign_in-0.3.1 | test/models/redirect_protector_test.rb |
| linkedin_sign_in-0.3 | test/models/redirect_protector_test.rb |