From d76c2e82328ed2a00add7bdfb528ed4393e640b7 Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Fri, 21 Nov 2014 14:54:26 +0000
Subject: Enforce a lifetime on session cookies

Problem described in http://seclists.org/fulldisclosure/2013/Sep/145

Pattern taken from https://www.coffeepowered.net/2013/09/26/rails-session-cookies/
---
 spec/controllers/general_controller_spec.rb | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'spec/controllers/general_controller_spec.rb')

diff --git a/spec/controllers/general_controller_spec.rb b/spec/controllers/general_controller_spec.rb
index c0a9d57d3..4a7a0bb48 100644
--- a/spec/controllers/general_controller_spec.rb
+++ b/spec/controllers/general_controller_spec.rb
@@ -126,6 +126,35 @@ describe GeneralController, "when showing the frontpage" do
 
     end
 
+    describe 'when handling logged-in users' do
+
+        before do
+            @user = FactoryGirl.create(:user)
+            session[:user_id] = @user.id
+        end
+
+        it 'should set a time to live on a non "remember me" session' do
+            get :frontpage
+            response.body.should match @user.name
+            session[:ttl].should be_within(1).of(Time.now)
+        end
+
+        it 'should not set a time to live on a "remember me" session' do
+            session[:remember_me] = true
+            get :frontpage
+            response.body.should match @user.name
+            session[:ttl].should be_nil
+        end
+
+        it 'should end a logged-in session whose ttl has expired' do
+            session[:ttl] = Time.now - 4.hours
+            get :frontpage
+            response.should redirect_to signin_path
+            session[:user_id].should be_nil
+        end
+
+    end
+
 end
 
 
-- 
cgit v1.2.3


From 1d98372f04b9a0dd2c92e8807f29f64432312be6 Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Thu, 19 Mar 2015 10:22:50 +0000
Subject: Add an autodetect feed for the frontpage list of requests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes Â#434.
---
 spec/controllers/general_controller_spec.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'spec/controllers/general_controller_spec.rb')

diff --git a/spec/controllers/general_controller_spec.rb b/spec/controllers/general_controller_spec.rb
index 128a42556..ae8d4f256 100644
--- a/spec/controllers/general_controller_spec.rb
+++ b/spec/controllers/general_controller_spec.rb
@@ -102,6 +102,14 @@ describe GeneralController, "when showing the frontpage" do
         end
     end
 
+    it 'should generate a feed URL for successful requests' do
+        get :frontpage
+        assigns[:feed_autodetect].size.should == 1
+        successful_request_feed = assigns[:feed_autodetect].first
+        successful_request_feed[:title].should == 'Successful requests'
+    end
+
+
     it "should render the front page with default language and ignore the browser setting" do
         config = MySociety::Config.load_default()
         config['USE_DEFAULT_BROWSER_LANGUAGE'] = false
-- 
cgit v1.2.3