From bf067b41e58409240a0370993069eb8820ca12a6 Mon Sep 17 00:00:00 2001
From: Ville Lautanala <lautis@gmail.com>
Date: Thu, 12 Feb 2015 22:24:45 +0200
Subject: Handle non-string authenticity tokens

Non-string authenticity tokens raised NoMethodError when decoding the
masked token.
---
 actionpack/test/controller/request_forgery_protection_test.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'actionpack/test')

diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 88155bb404..8887f291cf 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -374,6 +374,13 @@ module RequestForgeryProtectionTests
     end
   end
 
+  def test_should_not_raise_error_if_token_is_not_a_string
+    @controller.unstub(:valid_authenticity_token?)
+    assert_blocked do
+      patch :index, params: { custom_authenticity_token: { foo: 'bar' } }
+    end
+  end
+
   def assert_blocked
     session[:something_like_user_id] = 1
     yield
-- 
cgit v1.2.3