Sha256: c30306265b45dd40a593f5d51331e9936e8a665181edaf05d02a4fc27e600378

Contents?: true

Size: 1.24 KB

Versions: 6

Compression:

Stored size: 1.24 KB

Contents

require 'test_helper'
require 'google_sign_in/redirect_protector'

class GoogleSignIn::RedirectProtectorTest < ActiveSupport::TestCase
  test "disallows URL target with different host than source" do
    assert_raises GoogleSignIn::RedirectProtector::Violation do
      GoogleSignIn::RedirectProtector.ensure_same_origin 'https://malicious.example.com', 'https://basecamp.com'
    end
  end

  test "disallows URL target with different port than source" do
    assert_raises GoogleSignIn::RedirectProtector::Violation do
      GoogleSignIn::RedirectProtector.ensure_same_origin 'https://basecamp.com:10443', 'https://basecamp.com'
    end
  end

  test "disallows URL target with different protocol than source" do
    assert_raises GoogleSignIn::RedirectProtector::Violation do
      GoogleSignIn::RedirectProtector.ensure_same_origin 'http://basecamp.com', 'https://basecamp.com'
    end
  end

  test "allows URL target with same origin as source" do
    assert_nothing_raised do
      GoogleSignIn::RedirectProtector.ensure_same_origin 'https://basecamp.com', 'https://basecamp.com'
    end
  end

  test "allows path target" do
    assert_nothing_raised do
      GoogleSignIn::RedirectProtector.ensure_same_origin '/callback', 'https://basecamp.com'
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
google_sign_in-1.1.2 test/models/redirect_protector_test.rb
google_sign_in-1.1.1 test/models/redirect_protector_test.rb
google_sign_in-1.1.0 test/models/redirect_protector_test.rb
google_sign_in-1.0.2 test/models/redirect_protector_test.rb
google_sign_in-1.0.1 test/models/redirect_protector_test.rb
google_sign_in-1.0.0 test/models/redirect_protector_test.rb