diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-10-02 18:31:46 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-10-02 18:31:46 +0100 |
| commit | 0ce3891bfd26d9ec3580f67a5ec5e904b5151962 (patch) | |
| tree | b0d4da98093cba4f6aa6c1285a3f26c3ffbfb2dc /spec/controllers | |
| parent | b597d3528ac71d17c57d3ddca9950a4430f75039 (diff) | |
Don't allow redirects to another host.
Diffstat (limited to 'spec/controllers')
| -rw-r--r-- | spec/controllers/track_controller_spec.rb | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/spec/controllers/track_controller_spec.rb b/spec/controllers/track_controller_spec.rb index a16024828..57d084f6b 100644 --- a/spec/controllers/track_controller_spec.rb +++ b/spec/controllers/track_controller_spec.rb @@ -55,6 +55,39 @@ describe TrackController, "when making a new track on a request" do end +describe TrackController, "when unsubscribing from a track" do + + before do + @track_thing = FactoryGirl.create(:track_thing) + end + + it 'should destroy the track thing' do + get :update, {:track_id => @track_thing.id, + :track_medium => 'delete', + :r => 'http://example.com'}, + {:user_id => @track_thing.tracking_user.id} + TrackThing.find(:first, :conditions => ['id = ? ', @track_thing.id]).should == nil + end + + it 'should redirect to a URL on the site' do + get :update, {:track_id => @track_thing.id, + :track_medium => 'delete', + :r => '/'}, + {:user_id => @track_thing.tracking_user.id} + response.should redirect_to('/') + end + + it 'should not redirect to a url on another site' do + track_thing = FactoryGirl.create(:track_thing) + get :update, {:track_id => @track_thing.id, + :track_medium => 'delete', + :r => 'http://example.com/'}, + {:user_id => @track_thing.tracking_user.id} + response.should redirect_to('/') + end + +end + describe TrackController, "when sending alerts for a track" do render_views |