Permalink
Browse files

Merge pull request #506 from dlee/custom_csrf_token_tests

Test csrf token param name customization
  • Loading branch information...
2 parents af88dae + 8366cab commit a792ad6db946d0f4b6b75938b76a6389863fb23a @josevalim josevalim committed May 11, 2011
@@ -81,22 +81,25 @@ def setup
@token = "cf50faa3fe97702ca1ae"
ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
- ActionController::Base.request_forgery_protection_token = :authenticity_token
+ ActionController::Base.request_forgery_protection_token = :custom_authenticity_token
end
+ def teardown
+ ActionController::Base.request_forgery_protection_token = nil
+ end
def test_should_render_form_with_token_tag
assert_not_blocked do
get :index
end
- assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
+ assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
end
def test_should_render_button_to_with_token_tag
assert_not_blocked do
get :show_button
end
- assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
+ assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
end
def test_should_allow_get
@@ -128,15 +131,15 @@ def test_should_not_allow_xhr_post_without_token
end
def test_should_allow_post_with_token
- assert_not_blocked { post :index, :authenticity_token => @token }
+ assert_not_blocked { post :index, :custom_authenticity_token => @token }
end
def test_should_allow_put_with_token
- assert_not_blocked { put :index, :authenticity_token => @token }
+ assert_not_blocked { put :index, :custom_authenticity_token => @token }
end
def test_should_allow_delete_with_token
- assert_not_blocked { delete :index, :authenticity_token => @token }
+ assert_not_blocked { delete :index, :custom_authenticity_token => @token }
end
def test_should_allow_post_with_token_in_header
@@ -172,10 +175,18 @@ def assert_not_blocked
class RequestForgeryProtectionControllerTest < ActionController::TestCase
include RequestForgeryProtectionTests
+ setup do
+ ActionController::Base.request_forgery_protection_token = :custom_authenticity_token
+ end
+
+ teardown do
+ ActionController::Base.request_forgery_protection_token = nil
+ end
+
test 'should emit a csrf-param meta tag and a csrf-token meta tag' do
ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?')
get :meta
- assert_select 'meta[name=?][content=?]', 'csrf-param', 'authenticity_token'
+ assert_select 'meta[name=?][content=?]', 'csrf-param', 'custom_authenticity_token'
assert_select 'meta[name=?][content=?]', 'csrf-token', 'cf50faa3fe97702ca1ae&lt;=?'
end
end
@@ -225,8 +225,6 @@ def index
make_basic_app
class ::OmgController < ActionController::Base
- protect_from_forgery
-
def index
render :inline => "<%= csrf_meta_tags %>"
end
@@ -236,6 +234,21 @@ def index
assert last_response.body =~ /csrf\-param/
end
+ test "request forgery token param can be changed" do
+ make_basic_app do
+ app.config.action_controller.request_forgery_protection_token = '_xsrf_token_here'
+ end
+
+ class ::OmgController < ActionController::Base
+ def index
+ render :inline => "<%= csrf_meta_tags %>"
+ end
+ end
+
+ get "/"
+ assert last_response.body =~ /_xsrf_token_here/
+ end
+
test "config.action_controller.perform_caching = true" do
make_basic_app do |app|
app.config.action_controller.perform_caching = true

0 comments on commit a792ad6

Please sign in to comment.