Don't give an error to users with an invalid postredirect token. Closes #334.

author: Seb Bacon <seb.bacon@gmail.com> 2012-01-11 09:11:18 +0000
committer: Seb Bacon <seb.bacon@gmail.com> 2012-01-11 09:11:18 +0000
commit: 4e8307fe7bd88b6cdd9840a94f8275354aae0bd8 (patch)
tree: fbe8ee2316ebd1f9c88158d18b761e3d7a85d25f /spec/controllers/user_controller_spec.rb
parent: 65694bc2759aecd1ce59d1064a51004472ce4654 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index c13d7c9fc..2560b48c7 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -109,6 +109,19 @@ describe UserController, "when signing in" do
         response.should_not send_email
     end
 
+    it "should not log you in if you use an invalid PostRedirect token, and shouldn't give 500 error either" do
+        ActionController::Routing::Routes.filters.clear
+        get :signin, :r => "/list"
+        response.should render_template('sign')
+        post_redirect = "something invalid"
+        lambda {
+            post :signin, { :user_signin => { :email => 'bob@localhost', :password => 'jonespassword' },
+                :token => post_redirect
+            }
+        }.should_not raise_error(NoMethodError)
+        response.should render_template('sign')
+    end
+
 # No idea how to test this in the test framework :(
 #    it "should have set a long lived cookie if they picked remember me, session cookie if they didn't" do
 #        get :signin, :r => "/list"
author	Seb Bacon <seb.bacon@gmail.com>	2012-01-11 09:11:18 +0000
committer	Seb Bacon <seb.bacon@gmail.com>	2012-01-11 09:11:18 +0000
commit	4e8307fe7bd88b6cdd9840a94f8275354aae0bd8 (patch)
tree	fbe8ee2316ebd1f9c88158d18b761e3d7a85d25f /spec/controllers/user_controller_spec.rb
parent	65694bc2759aecd1ce59d1064a51004472ce4654 (diff)