kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

pending specs for remote token

Browse source
This commit is contained in:
Konstantin Haase 2011-06-20 15:47:43 +02:00
parent bc8a20bd4e
commit e109c4bbfd
1 changed files with 37 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
rack-protection/spec/remote_token_spec.rb
View file

@ -2,11 +2,41 @@ require File.expand_path('../spec_helper.rb', __FILE__)
describe Rack::Protection::RemoteToken do
it_behaves_like "any rack application"
it "accepts post requests with no referrer"
it "accepts post requests with a local referrer"
it "denies post requests with a remote referrer and no token"
it "accepts post requests with a remote referrer and correct X-CSRF-Token header"
it "denies post requests with a remote referrer and wrong X-CSRF-Token header"
it "accepts post form requests with a remote referrer and correct authenticity_token field"
it "denies post form requests with a remote referrer and wrong authenticity_token field"
it "accepts post requests with no referrer" do
post('/').should be_ok
end
it "accepts post requests with a local referrer" do
post('/', {}, 'HTTP_REFERER' => '/').should be_ok
end
it "denies post requests with a remote referrer and no token" do
post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org')
last_response.should_not be_ok
end
it "accepts post requests with a remote referrer and correct X-CSRF-Token header" do
post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org',
'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a")
last_response.should be_ok
end
it "denies post requests with a remote referrer and wrong X-CSRF-Token header" do
post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org',
'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b")
last_response.should_not be_ok
end
it "accepts post form requests with a remote referrer and correct authenticity_token field" do
post('/', {"authenticity_token" => "a"}, 'HTTP_REFERER' => 'http://example.com/foo',
'HTTP_HOST' => 'example.org', 'rack.session' => {:csrf => "a"})
last_response.should be_ok
end
it "denies post form requests with a remote referrer and wrong authenticity_token field" do
post('/', {"authenticity_token" => "a"}, 'HTTP_REFERER' => 'http://example.com/foo',
'HTTP_HOST' => 'example.org', 'rack.session' => {:csrf => "b"})
last_response.should_not be_ok
end
end