diff options
| author | David Lee <davidomundo@gmail.com> | 2011-05-09 16:17:38 -0700 |
|---|---|---|
| committer | David Lee <davidomundo@gmail.com> | 2011-05-10 18:24:14 -0700 |
| commit | 8366cabd652a5fbb56fc0942614fbc965e7e45ed (patch) | |
| tree | 6708194625e59b73d58580ed43682ea3e07c0e53 /actionpack | |
| parent | fa187ec77867ac732b08fd2d5cb4d98712fc3313 (diff) | |
| download | rails-8366cabd652a5fbb56fc0942614fbc965e7e45ed.tar.gz rails-8366cabd652a5fbb56fc0942614fbc965e7e45ed.tar.bz2 rails-8366cabd652a5fbb56fc0942614fbc965e7e45ed.zip | |
Test csrf token param name customization
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 31f4bf3a76..dea80ed887 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -81,22 +81,25 @@ module RequestForgeryProtectionTests @token = "cf50faa3fe97702ca1ae" ActiveSupport::SecureRandom.stubs(:base64).returns(@token) - ActionController::Base.request_forgery_protection_token = :authenticity_token + ActionController::Base.request_forgery_protection_token = :custom_authenticity_token end + def teardown + ActionController::Base.request_forgery_protection_token = nil + end def test_should_render_form_with_token_tag assert_not_blocked do get :index end - assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token + assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token end def test_should_render_button_to_with_token_tag assert_not_blocked do get :show_button end - assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token + assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token end def test_should_allow_get @@ -128,15 +131,15 @@ module RequestForgeryProtectionTests end def test_should_allow_post_with_token - assert_not_blocked { post :index, :authenticity_token => @token } + assert_not_blocked { post :index, :custom_authenticity_token => @token } end def test_should_allow_put_with_token - assert_not_blocked { put :index, :authenticity_token => @token } + assert_not_blocked { put :index, :custom_authenticity_token => @token } end def test_should_allow_delete_with_token - assert_not_blocked { delete :index, :authenticity_token => @token } + assert_not_blocked { delete :index, :custom_authenticity_token => @token } end def test_should_allow_post_with_token_in_header @@ -172,10 +175,18 @@ end class RequestForgeryProtectionControllerTest < ActionController::TestCase include RequestForgeryProtectionTests + setup do + ActionController::Base.request_forgery_protection_token = :custom_authenticity_token + end + + teardown do + ActionController::Base.request_forgery_protection_token = nil + end + test 'should emit a csrf-param meta tag and a csrf-token meta tag' do ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?') get :meta - assert_select 'meta[name=?][content=?]', 'csrf-param', 'authenticity_token' + assert_select 'meta[name=?][content=?]', 'csrf-param', 'custom_authenticity_token' assert_select 'meta[name=?][content=?]', 'csrf-token', 'cf50faa3fe97702ca1ae<=?' end end |