mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Merge pull request #506 from dlee/custom_csrf_token_tests
Test csrf token param name customization
This commit is contained in:
commit
a792ad6db9
2 changed files with 33 additions and 9 deletions
|
@ -81,22 +81,25 @@ module RequestForgeryProtectionTests
|
|||
@token = "cf50faa3fe97702ca1ae"
|
||||
|
||||
ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
|
||||
ActionController::Base.request_forgery_protection_token = :authenticity_token
|
||||
ActionController::Base.request_forgery_protection_token = :custom_authenticity_token
|
||||
end
|
||||
|
||||
def teardown
|
||||
ActionController::Base.request_forgery_protection_token = nil
|
||||
end
|
||||
|
||||
def test_should_render_form_with_token_tag
|
||||
assert_not_blocked do
|
||||
get :index
|
||||
end
|
||||
assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
|
||||
assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
|
||||
end
|
||||
|
||||
def test_should_render_button_to_with_token_tag
|
||||
assert_not_blocked do
|
||||
get :show_button
|
||||
end
|
||||
assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
|
||||
assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
|
||||
end
|
||||
|
||||
def test_should_allow_get
|
||||
|
@ -128,15 +131,15 @@ module RequestForgeryProtectionTests
|
|||
end
|
||||
|
||||
def test_should_allow_post_with_token
|
||||
assert_not_blocked { post :index, :authenticity_token => @token }
|
||||
assert_not_blocked { post :index, :custom_authenticity_token => @token }
|
||||
end
|
||||
|
||||
def test_should_allow_put_with_token
|
||||
assert_not_blocked { put :index, :authenticity_token => @token }
|
||||
assert_not_blocked { put :index, :custom_authenticity_token => @token }
|
||||
end
|
||||
|
||||
def test_should_allow_delete_with_token
|
||||
assert_not_blocked { delete :index, :authenticity_token => @token }
|
||||
assert_not_blocked { delete :index, :custom_authenticity_token => @token }
|
||||
end
|
||||
|
||||
def test_should_allow_post_with_token_in_header
|
||||
|
@ -172,10 +175,18 @@ end
|
|||
class RequestForgeryProtectionControllerTest < ActionController::TestCase
|
||||
include RequestForgeryProtectionTests
|
||||
|
||||
setup do
|
||||
ActionController::Base.request_forgery_protection_token = :custom_authenticity_token
|
||||
end
|
||||
|
||||
teardown do
|
||||
ActionController::Base.request_forgery_protection_token = nil
|
||||
end
|
||||
|
||||
test 'should emit a csrf-param meta tag and a csrf-token meta tag' do
|
||||
ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?')
|
||||
get :meta
|
||||
assert_select 'meta[name=?][content=?]', 'csrf-param', 'authenticity_token'
|
||||
assert_select 'meta[name=?][content=?]', 'csrf-param', 'custom_authenticity_token'
|
||||
assert_select 'meta[name=?][content=?]', 'csrf-token', 'cf50faa3fe97702ca1ae<=?'
|
||||
end
|
||||
end
|
||||
|
|
|
@ -225,8 +225,6 @@ module ApplicationTests
|
|||
make_basic_app
|
||||
|
||||
class ::OmgController < ActionController::Base
|
||||
protect_from_forgery
|
||||
|
||||
def index
|
||||
render :inline => "<%= csrf_meta_tags %>"
|
||||
end
|
||||
|
@ -236,6 +234,21 @@ module ApplicationTests
|
|||
assert last_response.body =~ /csrf\-param/
|
||||
end
|
||||
|
||||
test "request forgery token param can be changed" do
|
||||
make_basic_app do
|
||||
app.config.action_controller.request_forgery_protection_token = '_xsrf_token_here'
|
||||
end
|
||||
|
||||
class ::OmgController < ActionController::Base
|
||||
def index
|
||||
render :inline => "<%= csrf_meta_tags %>"
|
||||
end
|
||||
end
|
||||
|
||||
get "/"
|
||||
assert last_response.body =~ /_xsrf_token_here/
|
||||
end
|
||||
|
||||
test "config.action_controller.perform_caching = true" do
|
||||
make_basic_app do |app|
|
||||
app.config.action_controller.perform_caching = true
|
||||
|
|
Loading…
Reference in a new issue