48 lines
1.8 KiB
Ruby
48 lines
1.8 KiB
Ruby
require "spec_helper"
|
|
|
|
describe ApplicationController, type: :request do
|
|
describe "csrf token validation" do
|
|
context "without a current user" do
|
|
before do
|
|
@user = alice
|
|
@user.password = "evankorth"
|
|
@user.password_confirmation = "evankorth"
|
|
@user.save
|
|
end
|
|
|
|
it "redirects to the new session page on validation fails" do
|
|
expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(false)
|
|
post "/users/sign_in", user: {remember_me: 0, username: @user.username, password: "evankorth"}
|
|
expect(response).to redirect_to new_user_session_path
|
|
expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail"))
|
|
end
|
|
|
|
it "doesn't redirect to the new session page if the validation succeeded" do
|
|
expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(true)
|
|
post "/users/sign_in", user: {remember_me: 0, username: @user.username, password: "evankorth"}
|
|
expect(response).to redirect_to stream_path
|
|
expect(flash[:error]).to be_blank
|
|
end
|
|
end
|
|
|
|
context "with a current user" do
|
|
before do
|
|
sign_in alice
|
|
end
|
|
|
|
it "signs out users if a wrong token was given" do
|
|
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false)
|
|
put edit_user_path, user: {language: "en"}
|
|
expect(response).to redirect_to new_user_session_path
|
|
expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail"))
|
|
end
|
|
|
|
it "doesn't sign out users if the token was correct" do
|
|
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(true)
|
|
put edit_user_path, user: {language: "en"}
|
|
expect(response).not_to be_redirect
|
|
expect(flash[:error]).to be_blank
|
|
end
|
|
end
|
|
end
|
|
end
|