Merge pull request #18917 from lautis/non-string-csrf-token

Handle non-string authenticity tokens
author: Rafael Mendonça França <rafaelmfranca@gmail.com> 2015-02-18 19:37:24 -0200
committer: Rafael Mendonça França <rafaelmfranca@gmail.com> 2015-02-18 19:37:24 -0200
commit: fb876b8a2c9445dc989742a8ea64f8fdcbc7705e (patch)
tree: 039d86b6d23cdec5feefc532c23b4b9cbf798a92 /actionpack/test/controller
parent: 4ffe46f5fe957cb39eb93fc9120fab2dc951b384 (diff)
parent: bf067b41e58409240a0370993069eb8820ca12a6 (diff)
download: rails-fb876b8a2c9445dc989742a8ea64f8fdcbc7705e.tar.gz
rails-fb876b8a2c9445dc989742a8ea64f8fdcbc7705e.tar.bz2
rails-fb876b8a2c9445dc989742a8ea64f8fdcbc7705e.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 88155bb404..8887f291cf 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -374,6 +374,13 @@ module RequestForgeryProtectionTests
     end
   end
 
+  def test_should_not_raise_error_if_token_is_not_a_string
+    @controller.unstub(:valid_authenticity_token?)
+    assert_blocked do
+      patch :index, params: { custom_authenticity_token: { foo: 'bar' } }
+    end
+  end
+
   def assert_blocked
     session[:something_like_user_id] = 1
     yield
author	Rafael Mendonça França <rafaelmfranca@gmail.com>	2015-02-18 19:37:24 -0200
committer	Rafael Mendonça França <rafaelmfranca@gmail.com>	2015-02-18 19:37:24 -0200
commit	fb876b8a2c9445dc989742a8ea64f8fdcbc7705e (patch)
tree	039d86b6d23cdec5feefc532c23b4b9cbf798a92 /actionpack/test/controller
parent	4ffe46f5fe957cb39eb93fc9120fab2dc951b384 (diff)
parent	bf067b41e58409240a0370993069eb8820ca12a6 (diff)
download	rails-fb876b8a2c9445dc989742a8ea64f8fdcbc7705e.tar.gz rails-fb876b8a2c9445dc989742a8ea64f8fdcbc7705e.tar.bz2 rails-fb876b8a2c9445dc989742a8ea64f8fdcbc7705e.zip