From 538fb18dead05760e76587fd53f04ae03dd2ab63 Mon Sep 17 00:00:00 2001
From: Mike Dillon <mike@embody.org>
Date: Sat, 10 Sep 2011 09:51:55 -0700
Subject: Add test for warning and CHANGELOG entry

---
 .../test/controller/request_forgery_protection_test.rb   | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'actionpack/test/controller')

diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index d94db7f5fb..7a0b724387 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -1,6 +1,7 @@
 require 'abstract_unit'
 require 'digest/sha1'
 require 'active_support/core_ext/string/strip'
+require "active_support/log_subscriber/test_helper"
 
 # common controller actions
 module RequestForgeryProtectionActions
@@ -157,6 +158,21 @@ module RequestForgeryProtectionTests
     assert_not_blocked { put :index }
   end
 
+  def test_should_warn_on_missing_csrf_token
+    old_logger = ActionController::Base.logger
+    logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new
+    ActionController::Base.logger = logger
+
+    begin
+      assert_blocked { post :index }
+
+      assert_equal 1, logger.logged(:warn).size
+      assert_match(/CSRF token authenticity/, logger.logged(:warn).last)
+    rescue
+      ActionController::Base.logger = old_logger
+    end
+  end
+
   def assert_blocked
     session[:something_like_user_id] = 1
     yield
-- 
cgit v1.2.3