summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorblackst0ne <blackst0ne.ru@gmail.com>2017-06-22 16:20:50 +1100
committerblackst0ne <blackst0ne.ru@gmail.com>2017-06-26 18:06:50 +1100
commit8f4e0a6c2184f9e6019a8c1e3b8c6b830e2694f1 (patch)
tree2fa2d23954ddb73e0de3aff5dd83b31a561e4742
parent88c2c812370d793cb782aceb49a2fec82ebc3380 (diff)
downloadgitlab-ce-33601-add-csrf-token-verification-to-api.tar.gz
Remove spec/lib/api/helpers/csrf_tokens_spec.rb33601-add-csrf-token-verification-to-api
-rw-r--r--spec/lib/api/helpers/csrf_tokens_spec.rb42
1 files changed, 0 insertions, 42 deletions
diff --git a/spec/lib/api/helpers/csrf_tokens_spec.rb b/spec/lib/api/helpers/csrf_tokens_spec.rb
deleted file mode 100644
index d16db6c9064..00000000000
--- a/spec/lib/api/helpers/csrf_tokens_spec.rb
+++ /dev/null
@@ -1,42 +0,0 @@
-require 'spec_helper'
-
-describe API::Helpers do
- subject do
- Class.new.include(described_class).new
- end
-
- let(:header_token) { 'WblCcheb1qQLHFVhlMtwOhxJr5613vUT05vCvToRvfJ68UPT7+eV5xpaY9CjubnF3VGbTfIhQYkZWmWTfvZAWQ==' }
- let(:session_token) { 'I0gBofh8Q0MRRjaxN3LJ/8EYNNNH/7SaysGnLkTn/as=' }
-
- before do
- class Request
- attr_reader :headers
- attr_reader :session
-
- def initialize(header_token = nil, session_token = nil)
- @headers = { 'X-Csrf-Token' => header_token }
- @session = { '_csrf_token' => session_token }
- end
- end
- end
-
- it 'should return false if header token is invalid' do
- request = Request.new(nil, session_token)
- expect(subject.send(:csrf_tokens_valid?, request)).to be false
- end
-
- it 'should return false if session_token token is invalid' do
- request = Request.new(header_token, nil)
- expect(subject.send(:csrf_tokens_valid?, request)).to be false
- end
-
- it 'should return false if header_token is not 64 symbols long' do
- request = Request.new(header_token[0..16], session_token)
- expect(subject.send(:csrf_tokens_valid?, request)).to be false
- end
-
- it 'should return true if both header_token and session_token are correct' do
- request = Request.new(header_token, session_token)
- expect(subject.send(:csrf_tokens_valid?, request)).to be true
- end
-end