Sha256: db356821f78f7d9ce31a02203fe583d22fa3569238f8b28d200a8dbd03b2f0e9
Contents?: true
Size: 1.44 KB
Versions: 2
Compression:
Stored size: 1.44 KB
Contents
require 'test_helper'
require 'google_sign_in/redirect_protector'
class GoogleSignIn::RedirectProtectorTest < ActiveSupport::TestCase
test "disallows URL target with different host than source" do
assert_raises GoogleSignIn::RedirectProtector::Violation do
GoogleSignIn::RedirectProtector.ensure_same_origin 'https://malicious.example.com', 'https://basecamp.com'
end
end
test "disallows URL target with different port than source" do
assert_raises GoogleSignIn::RedirectProtector::Violation do
GoogleSignIn::RedirectProtector.ensure_same_origin 'https://basecamp.com:10443', 'https://basecamp.com'
end
end
test "disallows URL target with different protocol than source" do
assert_raises GoogleSignIn::RedirectProtector::Violation do
GoogleSignIn::RedirectProtector.ensure_same_origin 'http://basecamp.com', 'https://basecamp.com'
end
end
test "disallows empty URL target" do
assert_raises GoogleSignIn::RedirectProtector::Violation do
GoogleSignIn::RedirectProtector.ensure_same_origin nil, 'https://basecamp.com'
end
end
test "allows URL target with same origin as source" do
assert_nothing_raised do
GoogleSignIn::RedirectProtector.ensure_same_origin 'https://basecamp.com', 'https://basecamp.com'
end
end
test "allows path target" do
assert_nothing_raised do
GoogleSignIn::RedirectProtector.ensure_same_origin '/callback', 'https://basecamp.com'
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| google_sign_in-1.2.1 | test/models/redirect_protector_test.rb |
| google_sign_in-1.2.0 | test/models/redirect_protector_test.rb |