From 9bb17aefe27810c42bcad5c6651e0dd6b3316179 Mon Sep 17 00:00:00 2001 From: Tiago Macedo Date: Fri, 23 May 2008 16:24:44 +0100 Subject: [PATCH] allowing form_authenticity_token in tests --- .../request_forgery_protection.rb | 2 ++ .../controller/request_forgery_protection_test.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 0 deletions(-) diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb index 02c9d59..a3c93f1 100644 --- a/actionpack/lib/action_controller/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/request_forgery_protection.rb @@ -111,6 +111,8 @@ module ActionController #:nodoc: authenticity_token_from_session_id elsif session.respond_to?(:dbman) && session.dbman.respond_to?(:generate_digest) authenticity_token_from_cookie_session + elsif !protect_against_forgery? + '' else raise InvalidAuthenticityToken, "No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store)." end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index f7adaa7..14f1c46 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -30,6 +30,10 @@ module RequestForgeryProtectionActions render :text => 'pwn' end + def template_token + render :inline => "<%= form_authenticity_token %>" + end + def rescue_action(e) raise e end end @@ -294,6 +298,12 @@ class FreeCookieControllerTest < Test::Unit::TestCase assert_nothing_raised { send(method, :index)} end end + + def test_shouldnt_break_on_form_authenticity_token + [:post, :put, :delete].each do |method| + assert_nothing_raised { send(method, :template_token)} + end + end end class SessionOffControllerTest < Test::Unit::TestCase -- 1.5.4.5