Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
a792ad6d
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a792ad6d
编写于
5月 10, 2011
作者:
J
José Valim
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #506 from dlee/custom_csrf_token_tests
Test csrf token param name customization
上级
af88daef
8366cabd
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
33 addition
and
9 deletion
+33
-9
actionpack/test/controller/request_forgery_protection_test.rb
...onpack/test/controller/request_forgery_protection_test.rb
+18
-7
railties/test/application/configuration_test.rb
railties/test/application/configuration_test.rb
+15
-2
未找到文件。
actionpack/test/controller/request_forgery_protection_test.rb
浏览文件 @
a792ad6d
...
...
@@ -81,22 +81,25 @@ def setup
@token
=
"cf50faa3fe97702ca1ae"
ActiveSupport
::
SecureRandom
.
stubs
(
:base64
).
returns
(
@token
)
ActionController
::
Base
.
request_forgery_protection_token
=
:authenticity_token
ActionController
::
Base
.
request_forgery_protection_token
=
:
custom_
authenticity_token
end
def
teardown
ActionController
::
Base
.
request_forgery_protection_token
=
nil
end
def
test_should_render_form_with_token_tag
assert_not_blocked
do
get
:index
end
assert_select
'form>div>input[name=?][value=?]'
,
'authenticity_token'
,
@token
assert_select
'form>div>input[name=?][value=?]'
,
'
custom_
authenticity_token'
,
@token
end
def
test_should_render_button_to_with_token_tag
assert_not_blocked
do
get
:show_button
end
assert_select
'form>div>input[name=?][value=?]'
,
'authenticity_token'
,
@token
assert_select
'form>div>input[name=?][value=?]'
,
'
custom_
authenticity_token'
,
@token
end
def
test_should_allow_get
...
...
@@ -128,15 +131,15 @@ def test_should_not_allow_xhr_post_without_token
end
def
test_should_allow_post_with_token
assert_not_blocked
{
post
:index
,
:authenticity_token
=>
@token
}
assert_not_blocked
{
post
:index
,
:
custom_
authenticity_token
=>
@token
}
end
def
test_should_allow_put_with_token
assert_not_blocked
{
put
:index
,
:authenticity_token
=>
@token
}
assert_not_blocked
{
put
:index
,
:
custom_
authenticity_token
=>
@token
}
end
def
test_should_allow_delete_with_token
assert_not_blocked
{
delete
:index
,
:authenticity_token
=>
@token
}
assert_not_blocked
{
delete
:index
,
:
custom_
authenticity_token
=>
@token
}
end
def
test_should_allow_post_with_token_in_header
...
...
@@ -172,10 +175,18 @@ def assert_not_blocked
class
RequestForgeryProtectionControllerTest
<
ActionController
::
TestCase
include
RequestForgeryProtectionTests
setup
do
ActionController
::
Base
.
request_forgery_protection_token
=
:custom_authenticity_token
end
teardown
do
ActionController
::
Base
.
request_forgery_protection_token
=
nil
end
test
'should emit a csrf-param meta tag and a csrf-token meta tag'
do
ActiveSupport
::
SecureRandom
.
stubs
(
:base64
).
returns
(
@token
+
'<=?'
)
get
:meta
assert_select
'meta[name=?][content=?]'
,
'csrf-param'
,
'authenticity_token'
assert_select
'meta[name=?][content=?]'
,
'csrf-param'
,
'
custom_
authenticity_token'
assert_select
'meta[name=?][content=?]'
,
'csrf-token'
,
'cf50faa3fe97702ca1ae<=?'
end
end
...
...
railties/test/application/configuration_test.rb
浏览文件 @
a792ad6d
...
...
@@ -225,8 +225,6 @@ def index
make_basic_app
class
::
OmgController
<
ActionController
::
Base
protect_from_forgery
def
index
render
:inline
=>
"<%= csrf_meta_tags %>"
end
...
...
@@ -236,6 +234,21 @@ def index
assert
last_response
.
body
=~
/csrf\-param/
end
test
"request forgery token param can be changed"
do
make_basic_app
do
app
.
config
.
action_controller
.
request_forgery_protection_token
=
'_xsrf_token_here'
end
class
::
OmgController
<
ActionController
::
Base
def
index
render
:inline
=>
"<%= csrf_meta_tags %>"
end
end
get
"/"
assert
last_response
.
body
=~
/_xsrf_token_here/
end
test
"config.action_controller.perform_caching = true"
do
make_basic_app
do
|
app
|
app
.
config
.
action_controller
.
perform_caching
=
true
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录