nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/spec/integration/application_spec.rb
Steffen van Bergerem c3de77e0fc
Send notification mails on CSRF fails 
closes #7050
2016-09-04 03:26:42 +02:00

54 lines
2.2 KiB
Ruby
Raw Blame History

require "spec_helper"
describe ApplicationController, type: :request do
describe "csrf token validation" do
context "without a current user" do
before do
@user = alice
@user.password = "evankorth"
@user.password_confirmation = "evankorth"
@user.save
end
it "redirects to the new session page on validation fails" do
expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(false)
post "/users/sign_in", user: {remember_me: 0, username: @user.username, password: "evankorth"}
expect(response).to redirect_to new_user_session_path
expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail"))
end
it "doesn't redirect to the new session page if the validation succeeded" do
expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(true)
post "/users/sign_in", user: {remember_me: 0, username: @user.username, password: "evankorth"}
expect(response).to redirect_to stream_path
expect(flash[:error]).to be_blank
end
end
context "with a current user" do
before do
sign_in alice
end
it "signs out users if a wrong token was given" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false)
put edit_user_path, user: {language: "en"}
expect(response).to redirect_to new_user_session_path
expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail"))
end
it "sends an email to the current user if the token validation failed" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false)
expect(Workers::Mail::CsrfTokenFail).to receive(:perform_async).with(alice.id)
put edit_user_path, user: {language: "en"}
end
it "doesn't sign out users if the token was correct" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(true)
put edit_user_path, user: {language: "en"}
expect(response).not_to be_redirect
expect(flash[:error]).to be_blank
end
end
end
end
Reference in a new issue View git blame Copy permalink