diff options
Diffstat (limited to 'actionpack/test/controller/request_forgery_protection_test.rb')
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index dea80ed887..fd5a41a0bb 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -1,6 +1,7 @@ require 'abstract_unit' require 'digest/sha1' require 'active_support/core_ext/string/strip' +require "active_support/log_subscriber/test_helper" # common controller actions module RequestForgeryProtectionActions @@ -80,7 +81,7 @@ module RequestForgeryProtectionTests def setup @token = "cf50faa3fe97702ca1ae" - ActiveSupport::SecureRandom.stubs(:base64).returns(@token) + SecureRandom.stubs(:base64).returns(@token) ActionController::Base.request_forgery_protection_token = :custom_authenticity_token end @@ -157,6 +158,21 @@ module RequestForgeryProtectionTests assert_not_blocked { put :index } end + def test_should_warn_on_missing_csrf_token + old_logger = ActionController::Base.logger + logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new + ActionController::Base.logger = logger + + begin + assert_blocked { post :index } + + assert_equal 1, logger.logged(:warn).size + assert_match(/CSRF token authenticity/, logger.logged(:warn).last) + ensure + ActionController::Base.logger = old_logger + end + end + def assert_blocked session[:something_like_user_id] = 1 yield @@ -184,7 +200,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase end test 'should emit a csrf-param meta tag and a csrf-token meta tag' do - ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?') + SecureRandom.stubs(:base64).returns(@token + '<=?') get :meta assert_select 'meta[name=?][content=?]', 'csrf-param', 'custom_authenticity_token' assert_select 'meta[name=?][content=?]', 'csrf-token', 'cf50faa3fe97702ca1ae<=?' @@ -207,7 +223,7 @@ class FreeCookieControllerTest < ActionController::TestCase @response = ActionController::TestResponse.new @token = "cf50faa3fe97702ca1ae" - ActiveSupport::SecureRandom.stubs(:base64).returns(@token) + SecureRandom.stubs(:base64).returns(@token) end def test_should_not_render_form_with_token_tag |