diff options
| author | Robin Houston <robin.houston@gmail.com> | 2012-01-12 13:52:36 +0000 |
|---|---|---|
| committer | Robin Houston <robin.houston@gmail.com> | 2012-01-12 13:52:36 +0000 |
| commit | d84353a0dbff7c4543c7f4423d7b63728c7041c3 (patch) | |
| tree | 2bcfaa2b7cbe0eedccad518c8c2d064203a2143c /spec/controllers/user_controller_spec.rb | |
| parent | 2d0524b90108004d67b5ee7f21b7b69ebf8eb3df (diff) | |
| parent | 21ee1ca03faa722119a3c7e587a843b960783096 (diff) | |
Merge branch 'release/0.5' of github.com:sebbacon/alaveteli into release/0.5
Diffstat (limited to 'spec/controllers/user_controller_spec.rb')
| -rw-r--r-- | spec/controllers/user_controller_spec.rb | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index cf50bcc7a..30ad61706 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -32,10 +32,10 @@ describe UserController, "when showing a user" do session[:user_id] = users(:bob_smith_user).id get :show, :url_name => "bob_smith", :view => 'requests' response.body.should_not include("Change your password") - response.body.should include("Freedom of Information requests") + response.body.should match(/Your [0-9]+ Freedom of Information requests/) get :show, :url_name => "bob_smith", :view => 'profile' response.body.should include("Change your password") - response.body.should_not include("Freedom of Information requests") + response.body.should_not match(/Your [0-9]+ Freedom of Information requests/) end it "should assign the user" do @@ -109,6 +109,20 @@ describe UserController, "when signing in" do response.should_not send_email end + it "should not log you in if you use an invalid PostRedirect token, and shouldn't give 500 error either" do + ActionController::Routing::Routes.filters.clear + post_redirect = "something invalid" + lambda { + post :signin, { :user_signin => { :email => 'bob@localhost', :password => 'jonespassword' }, + :token => post_redirect + } + }.should_not raise_error(NoMethodError) + post :signin, { :user_signin => { :email => 'bob@localhost', :password => 'jonespassword' }, + :token => post_redirect } + response.should render_template('sign') + assigns[:post_redirect].should == nil + end + # No idea how to test this in the test framework :( # it "should have set a long lived cookie if they picked remember me, session cookie if they didn't" do # get :signin, :r => "/list" |