test/test_parse.rb in rest-graph-1.2.1 vs test/test_parse.rb in rest-graph-1.3.0
- old
+ new
@@ -19,11 +19,11 @@
secret = app_id.reverse
sig = '398262caea8442bd8801e8fba7c55c8a'
fbs = "access_token=#{CGI.escape(access_token)}&expires=0&" \
"secret=abc&session_key=def-456&sig=#{sig}&uid=3"
- check = lambda{ |token|
+ check = lambda{ |token, fbs|
http_cookie =
"__utma=123; __utmz=456.utmcsr=(d)|utmccn=(d)|utmcmd=(n); " \
"fbs_#{app_id}=#{fbs}"
rg = RestGraph.new(:app_id => app_id, :secret => secret)
@@ -40,13 +40,14 @@
rg.parse_fbs!(fbs).
should.kind_of?(token ? Hash : NilClass)
rg.access_token.should == token
}
- check.call(access_token)
- fbs.chop!
- fbs += '&inject=evil"'
- check.call(nil)
+ check.call(access_token, fbs)
+ check.call(access_token, "\"#{fbs}\"")
+ fbs << '&inject=evil"'
+ check.call(nil, fbs)
+ check.call(nil, "\"#{fbs}\"")
end
it 'would not pass if there is no secret, prevent from forgery' do
rg = RestGraph.new
rg.parse_fbs!('"feed=me&sig=bddd192cf27f22c05f61c8bea24fa4b7"').