Sha256: e6737b083f3b60d916945312f4e07f78bdc08a7c2f7f6aa7bcf48b8bd004d3b5

Contents?: true

Size: 854 Bytes

Versions: 4

Compression:

Stored size: 854 Bytes

Contents

require "spec_helper"

describe "CSRF Rotation" do
  around do |example|
    ActionController::Base.allow_forgery_protection = true
    example.run
    ActionController::Base.allow_forgery_protection = false
  end

  context "Clearance is configured to rotate CSRF token on sign in" do
    describe "sign in" do
      it "rotates the CSRF token" do
        Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
        get sign_in_path
        user = create(:user, password: "password")
        original_token = csrf_token

        post session_path, params: {
          authenticity_token: csrf_token, session: { email: user.email, password: "password" }
        }

        expect(csrf_token).not_to eq original_token
        expect(csrf_token).to be_present
      end
    end
  end

  def csrf_token
    session[:_csrf_token]
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
clearance-2.9.3 spec/requests/csrf_rotation_spec.rb
clearance-2.9.2 spec/requests/csrf_rotation_spec.rb
clearance-2.9.1 spec/requests/csrf_rotation_spec.rb
clearance-2.9.0 spec/requests/csrf_rotation_spec.rb