Sha256: da170b7a1f41c812d5b453532a141f51cee57bd3a5e3461038199f6a2548b962

Contents?: true

Size: 1.38 KB

Versions: 3

Compression:

Stored size: 1.38 KB

Contents

# frozen_string_literal: true

RSpec.describe "CSRF protection", type: :integration do
  it "protects POST endpoints from invalid token" do
    with_project do
      generate "action web books#create --url=/books --method=POST"
      replace "apps/web/app.rb", "# sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']", "sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']"

      server do
        post "/books", title: "TDD", _csrf_token: "invalid"

        expect(last_response.status).to eq(500)
      end
    end
  end

  it "protects PATCH endpoints from invalid token" do
    with_project do
      generate "action web books#update --url=/books/:id --method=PATCH"
      replace "apps/web/app.rb", "# sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']", "sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']"

      server do
        patch "/books/1", title: "Foo", _csrf_token: "invalid"

        expect(last_response.status).to eq(500)
      end
    end
  end

  it "protects DELETE endpoints from invalid token" do
    with_project do
      generate "action web books#destroy --url=/books/:id --method=DELETE"
      replace "apps/web/app.rb", "# sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']", "sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']"

      server do
        delete "/books/1", _csrf_token: "invalid"

        expect(last_response.status).to eq(500)
      end
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
hanami-2.0.0.beta2 spec/integration/security/csrf_protection_spec.rb
hanami-2.0.0.beta1.1 spec/integration/security/csrf_protection_spec.rb
hanami-2.0.0.beta1 spec/integration/security/csrf_protection_spec.rb