spec/rack/webconsole/repl_spec.rb in rack-webconsole-0.0.4 vs spec/rack/webconsole/repl_spec.rb in rack-webconsole-0.0.5
- old
+ new
@@ -13,11 +13,12 @@
describe "#call" do
it 'evaluates the :query param in a sandbox and returns the result' do
@app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['hello world']] }
env = {}
- request = OpenStruct.new(:params => {'query' => 'a = 4; a * 2'})
+ Webconsole::Repl.stubs(:token).returns('abc')
+ request = OpenStruct.new(:params => {'query' => 'a = 4; a * 2', 'token' => 'abc'}, :post? => true)
Rack::Request.stubs(:new).returns request
@repl = Webconsole::Repl.new(@app)
response = @repl.call(env).last.first
@@ -26,17 +27,18 @@
end
it 'maintains local state in subsequent calls thanks to an evil global variable' do
@app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['hello world']] }
env = {}
- request = OpenStruct.new(:params => {'query' => 'a = 4'})
+ Webconsole::Repl.stubs(:token).returns('abc')
+ request = OpenStruct.new(:params => {'query' => 'a = 4', 'token' => 'abc'}, :post? => true)
Rack::Request.stubs(:new).returns request
@repl = Webconsole::Repl.new(@app)
@repl.call(env) # call 1 sets a to 4
- request = OpenStruct.new(:params => {'query' => 'a * 8'})
+ request = OpenStruct.new(:params => {'query' => 'a * 8', 'token' => 'abc'}, :post? => true)
Rack::Request.stubs(:new).returns request
response = @repl.call(env).last.first # call 2 retrieves a and multiplies it by 8
JSON.parse(response)['result'].must_equal "32"
@@ -44,16 +46,52 @@
end
it "returns any found errors prepended with 'Error:'" do
@app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['hello world']] }
env = {}
- request = OpenStruct.new(:params => {'query' => 'unknown_method'})
+ Webconsole::Repl.stubs(:token).returns('abc')
+ request = OpenStruct.new(:params => {'query' => 'unknown_method', 'token' => 'abc'}, :post? => true)
Rack::Request.stubs(:new).returns request
@repl = Webconsole::Repl.new(@app)
response = @repl.call(env).last.first
JSON.parse(response)['result'].must_match /Error:/
+ end
+
+ it 'rejects non-post requests' do
+ @app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['hello world']] }
+ env = {}
+ Webconsole::Repl.stubs(:token).returns('abc')
+ request = OpenStruct.new(:params => {'query' => 'unknown_method', 'token' => 'abc'}, :post? => false)
+ Rack::Request.stubs(:new).returns request
+ @repl = Webconsole::Repl.new(@app)
+
+ $sandbox.expects(:instance_eval).never
+
+ @repl.call(env).must_equal @app.call(env)
+ end
+
+ it 'rejects requests with invalid token' do
+ @app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['hello world']] }
+ env = {}
+ Webconsole::Repl.stubs(:token).returns('abc')
+ request = OpenStruct.new(:params => {'query' => 'unknown_method', 'token' => 'cba'}, :post? => true)
+ Rack::Request.stubs(:new).returns request
+ @repl = Webconsole::Repl.new(@app)
+
+ $sandbox.expects(:instance_eval).never
+
+ @repl.call(env).must_equal @app.call(env)
+ end
+ end
+
+ describe 'class methods' do
+ describe '#reset_token and #token' do
+ it 'returns the security token' do
+ Webconsole::Repl.reset_token
+ Webconsole::Repl.token.must_be_kind_of String
+ end
end
end
end
end