From f0bd5fcee497df84c6694b83ee376dcc027c6a9c Mon Sep 17 00:00:00 2001 From: Dan Pickett Date: Fri, 18 Dec 2009 19:40:41 -0500 Subject: [PATCH] failing test case for rescue_from and bad AuthToken --- .../controller/request_forgery_protection_test.rb | 26 ++++++++++++++++++++ 1 files changed, 26 insertions(+), 0 deletions(-) diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index c6ad4b9..0d51eb2 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -32,6 +32,13 @@ class RequestForgeryProtectionController < ActionController::Base protect_from_forgery :only => :index end +class HandleForgeryProtectionController < RequestForgeryProtectionController + protect_from_forgery + rescue_from "ActionController::InvalidAuthenticityToken" do |exception| + render :text => "handled" + end +end + class FreeCookieController < RequestForgeryProtectionController self.allow_forgery_protection = false @@ -226,6 +233,25 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase end end +class HandleForgeryProtectionControllerTest < ActionController::TestCase + def setup + @controller = HandleForgeryProtectionController.new + @request = ActionController::TestRequest.new + @request.format = :html + @response = ActionController::TestResponse.new + @token = "cf50faa3fe97702ca1ae" + + ActiveSupport::SecureRandom.stubs(:base64).returns(@token) + ActionController::Base.request_forgery_protection_token = :authenticity_token + end + + def test_should_handle_bad_token + @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s + post :index, :authenticity_token => 'foobar' + assert_match /handled/, @response.body + end +end + class FreeCookieControllerTest < ActionController::TestCase def setup @controller = FreeCookieController.new -- 1.6.4.2