Merge pull request #506 from dlee/custom_csrf_token_tests

Test csrf token param name customization

actionpack/test/controller/request_forgery_protection_test.rb

@@ -81,22 +81,25 @@ def setup
     @token      = "cf50faa3fe97702ca1ae"
 
     ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
-    ActionController::Base.request_forgery_protection_token = :authenticity_token
+    ActionController::Base.request_forgery_protection_token = :custom_authenticity_token
   end
 
+  def teardown
+    ActionController::Base.request_forgery_protection_token = nil
+  end
 
   def test_should_render_form_with_token_tag
     assert_not_blocked do
       get :index
     end
-    assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
+    assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
   end
 
   def test_should_render_button_to_with_token_tag
     assert_not_blocked do
       get :show_button
     end
-    assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
+    assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
   end
 
   def test_should_allow_get
@@ -128,15 +131,15 @@ def test_should_not_allow_xhr_post_without_token
   end
 
   def test_should_allow_post_with_token
-    assert_not_blocked { post :index, :authenticity_token => @token }
+    assert_not_blocked { post :index, :custom_authenticity_token => @token }
   end
 
   def test_should_allow_put_with_token
-    assert_not_blocked { put :index, :authenticity_token => @token }
+    assert_not_blocked { put :index, :custom_authenticity_token => @token }
   end
 
   def test_should_allow_delete_with_token
-    assert_not_blocked { delete :index, :authenticity_token => @token }
+    assert_not_blocked { delete :index, :custom_authenticity_token => @token }
   end
 
   def test_should_allow_post_with_token_in_header
@@ -172,10 +175,18 @@ def assert_not_blocked
 class RequestForgeryProtectionControllerTest < ActionController::TestCase
   include RequestForgeryProtectionTests
 
+  setup do
+    ActionController::Base.request_forgery_protection_token = :custom_authenticity_token
+  end
+
+  teardown do
+    ActionController::Base.request_forgery_protection_token = nil
+  end
+
   test 'should emit a csrf-param meta tag and a csrf-token meta tag' do
     ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?')
     get :meta
-    assert_select 'meta[name=?][content=?]', 'csrf-param', 'authenticity_token'
+    assert_select 'meta[name=?][content=?]', 'csrf-param', 'custom_authenticity_token'
     assert_select 'meta[name=?][content=?]', 'csrf-token', 'cf50faa3fe97702ca1ae&lt;=?'
   end
 end

railties/test/application/configuration_test.rb

@@ -225,8 +225,6 @@ def index
       make_basic_app
 
       class ::OmgController < ActionController::Base
-        protect_from_forgery
-
         def index
           render :inline => "<%= csrf_meta_tags %>"
         end
@@ -236,6 +234,21 @@ def index
       assert last_response.body =~ /csrf\-param/
     end
 
+    test "request forgery token param can be changed" do
+      make_basic_app do
+        app.config.action_controller.request_forgery_protection_token = '_xsrf_token_here'
+      end
+
+      class ::OmgController < ActionController::Base
+        def index
+          render :inline => "<%= csrf_meta_tags %>"
+        end
+      end
+
+      get "/"
+      assert last_response.body =~ /_xsrf_token_here/
+    end
+
     test "config.action_controller.perform_caching = true" do
       make_basic_app do |app|
         app.config.action_controller.perform_caching = true