Merge pull request #14945 from tomkadwill/form_authenticity_param_refactor

Moved 'params[request_forgery_protection_token]' into its own method and...
author: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-05-06 14:30:21 -0300
committer: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-05-06 14:30:21 -0300
commit: 2bb008a6cfa5ddfc4442fe7ec979e4861c9f4e09 (patch)
tree: 0cc6b4666fa6635b03da195b46b9d0764de3a888 /actionpack/test
parent: bdcd5f94b2efdf661f201917d63476c245aa7c09 (diff)
parent: 7d5a858e5ce54d449066ad0a00917248475fa7f0 (diff)
download: rails-2bb008a6cfa5ddfc4442fe7ec979e4861c9f4e09.tar.gz
rails-2bb008a6cfa5ddfc4442fe7ec979e4861c9f4e09.tar.bz2
rails-2bb008a6cfa5ddfc4442fe7ec979e4861c9f4e09.zip
1 files changed, 26 insertions, 5 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 5ab5141966..07c2115832 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -462,16 +462,37 @@ end
 class CustomAuthenticityParamControllerTest < ActionController::TestCase
   def setup
     super
-    ActionController::Base.request_forgery_protection_token = :custom_token_name
+    @old_logger = ActionController::Base.logger
+    @logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new
+    @token = "foobar"
+    ActionController::Base.request_forgery_protection_token = @token
   end
 
   def teardown
-    ActionController::Base.request_forgery_protection_token = :authenticity_token
+    ActionController::Base.request_forgery_protection_token = nil
     super
   end
 
-  def test_should_allow_custom_token
-    post :index, :custom_token_name => 'foobar'
-    assert_response :ok
+  def test_should_not_warn_if_form_authenticity_param_matches_form_authenticity_token
+    ActionController::Base.logger = @logger
+    SecureRandom.stubs(:base64).returns(@token)
+
+    begin
+      post :index, :custom_token_name => 'foobar'
+      assert_equal 0, @logger.logged(:warn).size
+    ensure
+      ActionController::Base.logger = @old_logger
+    end
+  end
+
+  def test_should_warn_if_form_authenticity_param_does_not_match_form_authenticity_token
+    ActionController::Base.logger = @logger
+
+    begin
+      post :index, :custom_token_name => 'bazqux'
+      assert_equal 1, @logger.logged(:warn).size
+    ensure
+      ActionController::Base.logger = @old_logger
+    end
   end
 end
author	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-05-06 14:30:21 -0300
committer	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-05-06 14:30:21 -0300
commit	2bb008a6cfa5ddfc4442fe7ec979e4861c9f4e09 (patch)
tree	0cc6b4666fa6635b03da195b46b9d0764de3a888 /actionpack/test
parent	bdcd5f94b2efdf661f201917d63476c245aa7c09 (diff)
parent	7d5a858e5ce54d449066ad0a00917248475fa7f0 (diff)
download	rails-2bb008a6cfa5ddfc4442fe7ec979e4861c9f4e09.tar.gz rails-2bb008a6cfa5ddfc4442fe7ec979e4861c9f4e09.tar.bz2 rails-2bb008a6cfa5ddfc4442fe7ec979e4861c9f4e09.zip