From 30bba84b72bf8c40c149dea8f8895b182ede16ae Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Fri, 22 Jul 2011 12:49:00 +0100 Subject: Add FixMyTransport's strip_empty_sessions to not send a cookie if there's nothing in the session. --- .../whatdotheyknow/strip_empty_sessions_spec.rb | 55 ++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb (limited to 'spec/lib') diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb new file mode 100644 index 000000000..cbe1feea6 --- /dev/null +++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper' +describe WhatDoTheyKnow::StripEmptySessions do + + def make_response(session_data, response_headers) + app = lambda do |env| + env['rack.session'] = session_data + return [200, response_headers, ['content']] + end + strip_empty_sessions = WhatDoTheyKnow::StripEmptySessions + app = strip_empty_sessions.new(app, {:key => 'mykey', :path => '', :httponly => true}) + response = Rack::MockRequest.new(app).get('/', 'HTTP_ACCEPT' => 'text/html') + end + + + it 'should not prevent a cookie being set if there is data in the session' do + session_data = { :some_real_data => 'important', + :session_id => 'my_session_id', + :_csrf_token => 'hi_there' } + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} + response = make_response(session_data, application_response_headers) + response.headers['Set-Cookie'].should == 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly' + end + + describe 'if there is no meaningful data in the session' do + + before do + @session_data = { :session_id => 'my_session_id', + :_csrf_token => 'hi_there' } + end + + it 'should not strip any other header' do + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} + response = make_response(@session_data, application_response_headers) + response.headers['Content-Type'].should == 'text/html' + end + + it 'should strip the session cookie setting header ' do + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} + response = make_response(@session_data, application_response_headers) + response.headers['Set-Cookie'].should == "" + end + + it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly', + 'other=mydata']} + response = make_response(@session_data, application_response_headers) + response.headers['Set-Cookie'].should == ['other=mydata'] + end + + end +end -- cgit v1.2.3 From cace286e2d92ad50c4253c5765055e9da4da3871 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Tue, 26 Jul 2011 17:33:18 +0100 Subject: include "locale" in list of session data keys that are used to decide if a rails session cookie is redundant for the purposes of this request. Fixes #91 --- spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'spec/lib') diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb index cbe1feea6..1d71d680f 100644 --- a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb +++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb @@ -43,6 +43,14 @@ describe WhatDoTheyKnow::StripEmptySessions do response.headers['Set-Cookie'].should == "" end + it 'should strip the session cookie setting header even with a locale' do + @session_data[:locale] = 'en' + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} + response = make_response(@session_data, application_response_headers) + response.headers['Set-Cookie'].should == "" + end + it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do application_response_headers = { 'Content-Type' => 'text/html', 'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly', -- cgit v1.2.3 From 44ffca31030651ca9d816cfd7d0784d0652c4ee5 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Wed, 27 Jul 2011 15:27:22 +0100 Subject: Don't treat CSRF tokens as optional session data for administrators (they're needed to allow them to edit anything! Fixes #95 (Also change wording of test namess to match usual rspec convention) --- spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'spec/lib') diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb index 1d71d680f..1cf5e3d25 100644 --- a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb +++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb @@ -50,6 +50,14 @@ describe WhatDoTheyKnow::StripEmptySessions do response = make_response(@session_data, application_response_headers) response.headers['Set-Cookie'].should == "" end + + it 'should not strip the session cookie setting for admins' do + @session_data[:using_admin] = 1 + application_response_headers = { 'Content-Type' => 'text/html', + 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} + response = make_response(@session_data, application_response_headers) + response.headers['Set-Cookie'].should == "mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly" + end it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do application_response_headers = { 'Content-Type' => 'text/html', -- cgit v1.2.3 From f6516d55f75752bf1eb7773f0a09cc6200bc9fad Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Mon, 15 Aug 2011 12:12:43 +0100 Subject: Internationalise the salution, making sure it's OK to miss out the public body name as they might in French. Fixes #134. --- spec/lib/i18n_interpolation.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 spec/lib/i18n_interpolation.rb (limited to 'spec/lib') diff --git a/spec/lib/i18n_interpolation.rb b/spec/lib/i18n_interpolation.rb new file mode 100644 index 000000000..8c86413ad --- /dev/null +++ b/spec/lib/i18n_interpolation.rb @@ -0,0 +1,15 @@ +# This is a test of the set_content_type monkey patch in +# lib/tmail_extensions.rb + +require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') + +describe "when using i18n" do + + it "should not complain if we're missing variables from the string" do + result = _('Hello', :dip => 'hummus') + result.should == 'Hello' + result = _('Hello {{dip}}', :dip => 'hummus') + result.should == 'Hello hummus' + end +end + -- cgit v1.2.3