1 files changed, 16 insertions, 2 deletions

diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index cf50bcc7a..30ad61706 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -32,10 +32,10 @@ describe UserController, "when showing a user" do
         session[:user_id] = users(:bob_smith_user).id
         get :show, :url_name => "bob_smith", :view => 'requests'
         response.body.should_not include("Change your password")
-        response.body.should include("Freedom of Information requests")
+        response.body.should match(/Your [0-9]+ Freedom of Information requests/)
         get :show, :url_name => "bob_smith", :view => 'profile'
         response.body.should include("Change your password")
-        response.body.should_not include("Freedom of Information requests")
+        response.body.should_not match(/Your [0-9]+ Freedom of Information requests/)
     end
 
     it "should assign the user" do
@@ -109,6 +109,20 @@ describe UserController, "when signing in" do
         response.should_not send_email
     end
 
+    it "should not log you in if you use an invalid PostRedirect token, and shouldn't give 500 error either" do
+        ActionController::Routing::Routes.filters.clear
+        post_redirect = "something invalid"
+        lambda {
+            post :signin, { :user_signin => { :email => 'bob@localhost', :password => 'jonespassword' },
+                :token => post_redirect
+            }
+        }.should_not raise_error(NoMethodError)
+        post :signin, { :user_signin => { :email => 'bob@localhost', :password => 'jonespassword' },
+            :token => post_redirect }
+        response.should render_template('sign')
+        assigns[:post_redirect].should == nil
+    end
+
 # No idea how to test this in the test framework :(
 #    it "should have set a long lived cookie if they picked remember me, session cookie if they didn't" do
 #        get :signin, :r => "/list"