1 files changed, 55 insertions, 0 deletions

diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
new file mode 100644
index 000000000..cbe1feea6
--- /dev/null
+++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
@@ -0,0 +1,55 @@
+require 'spec_helper'
+describe WhatDoTheyKnow::StripEmptySessions do
+  
+  def make_response(session_data, response_headers)
+    app = lambda do |env|
+      env['rack.session'] = session_data
+      return [200, response_headers, ['content']] 
+    end
+    strip_empty_sessions = WhatDoTheyKnow::StripEmptySessions
+    app = strip_empty_sessions.new(app, {:key => 'mykey', :path => '', :httponly => true})
+    response = Rack::MockRequest.new(app).get('/', 'HTTP_ACCEPT' => 'text/html')
+  end
+
+  
+  it 'should not prevent a cookie being set if there is data in the session' do 
+    session_data = { :some_real_data => 'important', 
+                     :session_id => 'my_session_id', 
+                     :_csrf_token => 'hi_there' }
+    application_response_headers = { 'Content-Type' => 'text/html', 
+                                     'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+    response = make_response(session_data, application_response_headers)
+    response.headers['Set-Cookie'].should == 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'
+  end
+
+  describe 'if there is no meaningful data in the session' do 
+
+    before do 
+      @session_data = { :session_id => 'my_session_id', 
+                       :_csrf_token => 'hi_there' }
+    end
+    
+    it 'should not strip any other header' do 
+      application_response_headers = { 'Content-Type' => 'text/html',
+                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Content-Type'].should == 'text/html'
+    end
+    
+    it 'should strip the session cookie setting header ' do 
+      application_response_headers = { 'Content-Type' => 'text/html', 
+                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Set-Cookie'].should == ""
+    end
+  
+    it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do 
+      application_response_headers = { 'Content-Type' => 'text/html', 
+                                       'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly',
+                                                        'other=mydata']}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Set-Cookie'].should == ['other=mydata']
+    end
+    
+  end
+end