aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/test
diff options
context:
space:
mode:
Diffstat (limited to 'actionview/test')
-rw-r--r--actionview/test/template/csrf_helper_test.rb46
-rw-r--r--actionview/test/template/url_helper_test.rb10
2 files changed, 56 insertions, 0 deletions
diff --git a/actionview/test/template/csrf_helper_test.rb b/actionview/test/template/csrf_helper_test.rb
new file mode 100644
index 0000000000..dd9821eb6c
--- /dev/null
+++ b/actionview/test/template/csrf_helper_test.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "abstract_unit"
+
+class CsrfHelperTest < ActiveSupport::TestCase
+ cattr_accessor :request_forgery, default: false
+
+ include ActionView::Helpers::CsrfHelper
+ include ActionView::Helpers::TagHelper
+ include Rails::Dom::Testing::Assertions::DomAssertions
+
+ def test_csrf_meta_tags_without_request_forgery_protection
+ assert_dom_equal "", csrf_meta_tags
+ end
+
+ def test_csrf_meta_tags_with_request_forgery_protection
+ self.request_forgery = true
+
+ assert_dom_equal <<~DOM.chomp, csrf_meta_tags
+ <meta name="csrf-param" content="form_token" />
+ <meta name="csrf-token" content="secret" />
+ DOM
+ ensure
+ self.request_forgery = false
+ end
+
+ def test_csrf_meta_tags_without_protect_against_forgery_method
+ self.class.undef_method(:protect_against_forgery?)
+
+ assert_dom_equal "", csrf_meta_tags
+ ensure
+ self.class.define_method(:protect_against_forgery?) { request_forgery }
+ end
+
+ def protect_against_forgery?
+ request_forgery
+ end
+
+ def form_authenticity_token(*args)
+ "secret"
+ end
+
+ def request_forgery_protection_token
+ "form_token"
+ end
+end
diff --git a/actionview/test/template/url_helper_test.rb b/actionview/test/template/url_helper_test.rb
index 1ab28e4749..632b32f09f 100644
--- a/actionview/test/template/url_helper_test.rb
+++ b/actionview/test/template/url_helper_test.rb
@@ -119,6 +119,16 @@ class UrlHelperTest < ActiveSupport::TestCase
)
end
+ def test_button_to_without_protect_against_forgery_method
+ self.class.undef_method(:protect_against_forgery?)
+ assert_dom_equal(
+ %{<form method="post" action="http://www.example.com" class="button_to"><input type="submit" value="Hello" /></form>},
+ button_to("Hello", "http://www.example.com")
+ )
+ ensure
+ self.class.define_method(:protect_against_forgery?) { request_forgery }
+ end
+
def test_button_to_with_straight_url
assert_dom_equal %{<form method="post" action="http://www.example.com" class="button_to"><input type="submit" value="Hello" /></form>}, button_to("Hello", "http://www.example.com")
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-28 21:59:03 +0000