Contents

require 'spec_helper'

describe 'Picture renderung security', :js => true do

  let(:picture) { Alchemy::Picture.create(:image_file => File.new(File.expand_path('../../fixtures/image.png', __FILE__))) }

  # Prevent the signup view from being rendered.
  before { allow(Alchemy.user_class).to receive(:count).and_return 1 }

  context "passing no security token" do

    it 'should return a bad request (400)' do
      visit "/pictures/#{picture.id}/show/image.png"
      expect(page.status_code).to eq(400)
    end

  end

  context "passing correct security token" do

    before do
      visit "/pictures/#{picture.id}/show/image.png?sh=#{picture.security_token}"
    end

    it 'should return image' do
      expect(page.body).to match(/img/)
    end

    it 'should return status ok (200)' do
      expect(page.status_code).to eq(200)
    end

  end

end

Version data entries

11 entries across 11 versions & 1 rubygems

Version	Path
alchemy_cms-3.1.1	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.rc3	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.rc2	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.rc1	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.beta6	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.beta5	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.beta4	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.beta3	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.beta2	spec/features/picture_security_spec.rb
alchemy_cms-3.1.0.beta1	spec/features/picture_security_spec.rb