3 files changed, 39 insertions, 3 deletions

diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index cb622dabd..6b88fe39d 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -42,21 +42,27 @@ describe AdminPublicBodyController, "when administering public bodies" do
         pb.name.should == "Renamed"
     end
 
-    it "destroy a public body" do
+    it "destroys a public body" do
         PublicBody.count.should == 2
         post :destroy, { :id => 3 }
         PublicBody.count.should == 1
     end
 
-    it "don't allow non-authenticated users to do anything" do
+    it "sets a using_admin flag" do
+        get :show, :id => 2
+        session[:using_admin].should == 1
+    end
+
+    it "disallows non-authenticated users to do anything" do
         @request.env["HTTP_AUTHORIZATION"] = ""
         PublicBody.count.should == 2
         post :destroy, { :id => 3 }
         response.code.should == "401"
         PublicBody.count.should == 2
+        session[:using_admin].should == nil
     end
 
-    it "when no username/password set, skip admin authorisation" do
+    it "skips admin authorisation when no username/password set" do
         config = MySociety::Config.load_default()
         config['ADMIN_USERNAME'] = ''
         config['ADMIN_PASSWORD'] = ''
@@ -64,6 +70,17 @@ describe AdminPublicBodyController, "when administering public bodies" do
         PublicBody.count.should == 2
         post :destroy, { :id => 3 }
         PublicBody.count.should == 1
+        session[:using_admin].should == 1
+    end
+    it "skips admin authorisation when no username set" do
+        config = MySociety::Config.load_default()
+        config['ADMIN_USERNAME'] = ''
+        config['ADMIN_PASSWORD'] = 'fuz'
+        @request.env["HTTP_AUTHORIZATION"] = ""
+        PublicBody.count.should == 2
+        post :destroy, { :id => 3 }
+        PublicBody.count.should == 1
+        session[:using_admin].should == 1
     end
 
 
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index e2febacd7..33a6d0486 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -363,6 +363,9 @@ describe RequestController, "when creating a new request" do
         mail.body.should =~ /This is a silly letter. It is too short to be interesting./
 
         response.should redirect_to(:action => 'show', :url_title => ir.url_title)
+        # This test uses an explicit path because it's relied in
+        # Google Analytics goals:
+        response.redirected_to.should == "/en/request/why_is_your_quango_called_gerald/new"
     end
 
     it "should give an error if the same request is submitted twice" do
diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
index cbe1feea6..1cf5e3d25 100644
--- a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
+++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
@@ -43,6 +43,22 @@ describe WhatDoTheyKnow::StripEmptySessions do
       response.headers['Set-Cookie'].should == ""
     end
   
+    it 'should strip the session cookie setting header even with a locale' do 
+      @session_data[:locale] = 'en'
+      application_response_headers = { 'Content-Type' => 'text/html', 
+                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Set-Cookie'].should == ""
+    end
+
+    it 'should not strip the session cookie setting for admins' do 
+      @session_data[:using_admin] = 1
+      application_response_headers = { 'Content-Type' => 'text/html', 
+                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Set-Cookie'].should == "mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly"
+    end
+  
     it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do 
       application_response_headers = { 'Content-Type' => 'text/html', 
                                        'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly',