Merge branch 'release/0.5' into develop

author: Robin Houston <robin.houston@gmail.com> 2012-01-11 17:16:13 +0000
committer: Robin Houston <robin.houston@gmail.com> 2012-01-11 17:16:13 +0000
commit: 883a720e0efbf44e198dffd8efcf65f8d219b08e (patch)
tree: ac18d2ab593fa91dfa1708fa290bb1a2662bdc8e /spec/controllers/user_controller_spec.rb
parent: d734493ce3bcade2c6a819fc98f9b60c860c3fa7 (diff)
parent: f098a984efacc9cb486991e9ea2da206cf853c6e (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index c13d7c9fc..2560b48c7 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -109,6 +109,19 @@ describe UserController, "when signing in" do
         response.should_not send_email
     end
 
+    it "should not log you in if you use an invalid PostRedirect token, and shouldn't give 500 error either" do
+        ActionController::Routing::Routes.filters.clear
+        get :signin, :r => "/list"
+        response.should render_template('sign')
+        post_redirect = "something invalid"
+        lambda {
+            post :signin, { :user_signin => { :email => 'bob@localhost', :password => 'jonespassword' },
+                :token => post_redirect
+            }
+        }.should_not raise_error(NoMethodError)
+        response.should render_template('sign')
+    end
+
 # No idea how to test this in the test framework :(
 #    it "should have set a long lived cookie if they picked remember me, session cookie if they didn't" do
 #        get :signin, :r => "/list"
author	Robin Houston <robin.houston@gmail.com>	2012-01-11 17:16:13 +0000
committer	Robin Houston <robin.houston@gmail.com>	2012-01-11 17:16:13 +0000
commit	883a720e0efbf44e198dffd8efcf65f8d219b08e (patch)
tree	ac18d2ab593fa91dfa1708fa290bb1a2662bdc8e /spec/controllers/user_controller_spec.rb
parent	d734493ce3bcade2c6a819fc98f9b60c860c3fa7 (diff)
parent	f098a984efacc9cb486991e9ea2da206cf853c6e (diff)