Sha256: c7dc10180c442193e352b478325fab64018073b4f0572312cc1782fe13a7f5d6
Contents?: true
Size: 1.37 KB
Versions: 17
Compression:
Stored size: 1.37 KB
Contents
# frozen_string_literal: true
RSpec.describe "App action / CSRF protection", :app_integration do
before do
module TestApp
class App < Hanami::App
end
end
Hanami.app.instance_eval(&app_hook) if respond_to?(:app_hook)
Hanami.app.register_slice :main
Hanami.app.prepare
module TestApp
class Action < Hanami::Action
end
end
end
subject(:action_class) { TestApp::Action }
context "app sessions enabled" do
context "CSRF protection not explicitly configured" do
let(:app_hook) {
proc do
config.actions.sessions = :cookie, {secret: "abc123"}
end
}
it "has CSRF protection enabled" do
expect(action_class.ancestors).to include Hanami::Action::CSRFProtection
end
end
context "CSRF protection explicitly disabled" do
let(:app_hook) {
proc do
config.actions.sessions = :cookie, {secret: "abc123"}
config.actions.csrf_protection = false
end
}
it "does not have CSRF protection enabled" do
expect(action_class.ancestors.map(&:to_s)).not_to include "Hanami::Action::CSRFProtection"
end
end
end
context "app sessions not enabled" do
it "does not have CSRF protection enabled" do
expect(action_class.ancestors.map(&:to_s)).not_to include "Hanami::Action::CSRFProtection"
end
end
end
Version data entries
17 entries across 17 versions & 1 rubygems