diff options
| author | David Cabo <david@calibea.com> | 2011-07-26 02:39:57 +0200 |
|---|---|---|
| committer | David Cabo <david@calibea.com> | 2011-07-26 02:39:57 +0200 |
| commit | 058a65ae0d079729b10a2954c472c336dce43245 (patch) | |
| tree | 91543599b6db6538ceb2cdb36aaa9057ffe066fc /spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb | |
| parent | 1ac1e5df9e1b8e670fbab1d2c65de6ce28232602 (diff) | |
| parent | 04927e448f99f67bbfde88dd466f03fb23373b28 (diff) | |
Merge branch 'master' of github.com:sebbacon/alaveteli into asktheeu
Diffstat (limited to 'spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb')
| -rw-r--r-- | spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb new file mode 100644 index 000000000..cbe1feea6 --- /dev/null +++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper' +describe WhatDoTheyKnow::StripEmptySessions do + + def make_response(session_data, response_headers) + app = lambda do |env| + env['rack.session'] = session_data + return [200, response_headers, ['content']] + end + strip_empty_sessions = WhatDoTheyKnow::StripEmptySessions + app = strip_empty_sessions.new(app, {:key => 'mykey', :path => '', :httponly => true}) + response = Rack::MockRequest.new(app).get('/', 'HTTP_ACCEPT' => 'text/html') + end + + + it 'should not prevent a cookie being set if there is data in the session' do + session_data = { :some_real_data => 'important', + :session_id => 'my_session_id', + :_csrf_token => 'hi_there' } + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} + response = make_response(session_data, application_response_headers) + response.headers['Set-Cookie'].should == 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly' + end + + describe 'if there is no meaningful data in the session' do + + before do + @session_data = { :session_id => 'my_session_id', + :_csrf_token => 'hi_there' } + end + + it 'should not strip any other header' do + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} + response = make_response(@session_data, application_response_headers) + response.headers['Content-Type'].should == 'text/html' + end + + it 'should strip the session cookie setting header ' do + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} + response = make_response(@session_data, application_response_headers) + response.headers['Set-Cookie'].should == "" + end + + it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly', + 'other=mydata']} + response = make_response(@session_data, application_response_headers) + response.headers['Set-Cookie'].should == ['other=mydata'] + end + + end +end |