diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2011-09-10 10:45:47 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2011-09-10 10:45:47 -0700 |
| commit | d0946fdd57125872efb6ece8257dccedfe3bef01 (patch) | |
| tree | b443e652beaeefe54bc0858ada6fa056c71ff634 /actionpack/test | |
| parent | e8e1911738ce990b55d068e603124572535baf5d (diff) | |
| parent | e7e6515146322c4e5feba61c8365458df4b9fd67 (diff) | |
| download | rails-d0946fdd57125872efb6ece8257dccedfe3bef01.tar.gz rails-d0946fdd57125872efb6ece8257dccedfe3bef01.tar.bz2 rails-d0946fdd57125872efb6ece8257dccedfe3bef01.zip | |
Merge pull request #2972 from md5/master
Use log.warn instead of debug for CSRF token warning
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index d94db7f5fb..7a0b724387 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -1,6 +1,7 @@ require 'abstract_unit' require 'digest/sha1' require 'active_support/core_ext/string/strip' +require "active_support/log_subscriber/test_helper" # common controller actions module RequestForgeryProtectionActions @@ -157,6 +158,21 @@ module RequestForgeryProtectionTests assert_not_blocked { put :index } end + def test_should_warn_on_missing_csrf_token + old_logger = ActionController::Base.logger + logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new + ActionController::Base.logger = logger + + begin + assert_blocked { post :index } + + assert_equal 1, logger.logged(:warn).size + assert_match(/CSRF token authenticity/, logger.logged(:warn).last) + rescue + ActionController::Base.logger = old_logger + end + end + def assert_blocked session[:something_like_user_id] = 1 yield |