diff options
author | blackst0ne <blackst0ne.ru@gmail.com> | 2017-06-22 16:20:50 +1100 |
---|---|---|
committer | blackst0ne <blackst0ne.ru@gmail.com> | 2017-06-26 18:06:50 +1100 |
commit | 8f4e0a6c2184f9e6019a8c1e3b8c6b830e2694f1 (patch) | |
tree | 2fa2d23954ddb73e0de3aff5dd83b31a561e4742 | |
parent | 88c2c812370d793cb782aceb49a2fec82ebc3380 (diff) | |
download | gitlab-ce-33601-add-csrf-token-verification-to-api.tar.gz |
Remove spec/lib/api/helpers/csrf_tokens_spec.rb33601-add-csrf-token-verification-to-api
-rw-r--r-- | spec/lib/api/helpers/csrf_tokens_spec.rb | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/spec/lib/api/helpers/csrf_tokens_spec.rb b/spec/lib/api/helpers/csrf_tokens_spec.rb deleted file mode 100644 index d16db6c9064..00000000000 --- a/spec/lib/api/helpers/csrf_tokens_spec.rb +++ /dev/null @@ -1,42 +0,0 @@ -require 'spec_helper' - -describe API::Helpers do - subject do - Class.new.include(described_class).new - end - - let(:header_token) { 'WblCcheb1qQLHFVhlMtwOhxJr5613vUT05vCvToRvfJ68UPT7+eV5xpaY9CjubnF3VGbTfIhQYkZWmWTfvZAWQ==' } - let(:session_token) { 'I0gBofh8Q0MRRjaxN3LJ/8EYNNNH/7SaysGnLkTn/as=' } - - before do - class Request - attr_reader :headers - attr_reader :session - - def initialize(header_token = nil, session_token = nil) - @headers = { 'X-Csrf-Token' => header_token } - @session = { '_csrf_token' => session_token } - end - end - end - - it 'should return false if header token is invalid' do - request = Request.new(nil, session_token) - expect(subject.send(:csrf_tokens_valid?, request)).to be false - end - - it 'should return false if session_token token is invalid' do - request = Request.new(header_token, nil) - expect(subject.send(:csrf_tokens_valid?, request)).to be false - end - - it 'should return false if header_token is not 64 symbols long' do - request = Request.new(header_token[0..16], session_token) - expect(subject.send(:csrf_tokens_valid?, request)).to be false - end - - it 'should return true if both header_token and session_token are correct' do - request = Request.new(header_token, session_token) - expect(subject.send(:csrf_tokens_valid?, request)).to be true - end -end |