From 30bba84b72bf8c40c149dea8f8895b182ede16ae Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@dracos.co.uk>
Date: Fri, 22 Jul 2011 12:49:00 +0100
Subject: Add FixMyTransport's strip_empty_sessions to not send a cookie if
 there's nothing in the session.

---
 .../whatdotheyknow/strip_empty_sessions_spec.rb    | 55 ++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb

(limited to 'spec/lib')

diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
new file mode 100644
index 000000000..cbe1feea6
--- /dev/null
+++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
@@ -0,0 +1,55 @@
+require 'spec_helper'
+describe WhatDoTheyKnow::StripEmptySessions do
+  
+  def make_response(session_data, response_headers)
+    app = lambda do |env|
+      env['rack.session'] = session_data
+      return [200, response_headers, ['content']] 
+    end
+    strip_empty_sessions = WhatDoTheyKnow::StripEmptySessions
+    app = strip_empty_sessions.new(app, {:key => 'mykey', :path => '', :httponly => true})
+    response = Rack::MockRequest.new(app).get('/', 'HTTP_ACCEPT' => 'text/html')
+  end
+
+  
+  it 'should not prevent a cookie being set if there is data in the session' do 
+    session_data = { :some_real_data => 'important', 
+                     :session_id => 'my_session_id', 
+                     :_csrf_token => 'hi_there' }
+    application_response_headers = { 'Content-Type' => 'text/html', 
+                                     'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+    response = make_response(session_data, application_response_headers)
+    response.headers['Set-Cookie'].should == 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'
+  end
+
+  describe 'if there is no meaningful data in the session' do 
+
+    before do 
+      @session_data = { :session_id => 'my_session_id', 
+                       :_csrf_token => 'hi_there' }
+    end
+    
+    it 'should not strip any other header' do 
+      application_response_headers = { 'Content-Type' => 'text/html',
+                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Content-Type'].should == 'text/html'
+    end
+    
+    it 'should strip the session cookie setting header ' do 
+      application_response_headers = { 'Content-Type' => 'text/html', 
+                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Set-Cookie'].should == ""
+    end
+  
+    it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do 
+      application_response_headers = { 'Content-Type' => 'text/html', 
+                                       'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly',
+                                                        'other=mydata']}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Set-Cookie'].should == ['other=mydata']
+    end
+    
+  end
+end
-- 
cgit v1.2.3


From cace286e2d92ad50c4253c5765055e9da4da3871 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Tue, 26 Jul 2011 17:33:18 +0100
Subject: include "locale" in list of session data keys that are used to decide
 if a rails session cookie is redundant for the purposes of this request. 
 Fixes #91

---
 spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'spec/lib')

diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
index cbe1feea6..1d71d680f 100644
--- a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
+++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
@@ -43,6 +43,14 @@ describe WhatDoTheyKnow::StripEmptySessions do
       response.headers['Set-Cookie'].should == ""
     end
   
+    it 'should strip the session cookie setting header even with a locale' do 
+      @session_data[:locale] = 'en'
+      application_response_headers = { 'Content-Type' => 'text/html', 
+                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Set-Cookie'].should == ""
+    end
+  
     it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do 
       application_response_headers = { 'Content-Type' => 'text/html', 
                                        'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly',
-- 
cgit v1.2.3


From 44ffca31030651ca9d816cfd7d0784d0652c4ee5 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Wed, 27 Jul 2011 15:27:22 +0100
Subject: Don't treat CSRF tokens as optional session data for administrators
 (they're needed to allow them to edit anything! Fixes #95

(Also change wording of test namess to match usual rspec convention)
---
 spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'spec/lib')

diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
index 1d71d680f..1cf5e3d25 100644
--- a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
+++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb
@@ -50,6 +50,14 @@ describe WhatDoTheyKnow::StripEmptySessions do
       response = make_response(@session_data, application_response_headers)
       response.headers['Set-Cookie'].should == ""
     end
+
+    it 'should not strip the session cookie setting for admins' do 
+      @session_data[:using_admin] = 1
+      application_response_headers = { 'Content-Type' => 'text/html', 
+                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}
+      response = make_response(@session_data, application_response_headers)
+      response.headers['Set-Cookie'].should == "mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly"
+    end
   
     it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do 
       application_response_headers = { 'Content-Type' => 'text/html', 
-- 
cgit v1.2.3


From f6516d55f75752bf1eb7773f0a09cc6200bc9fad Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Mon, 15 Aug 2011 12:12:43 +0100
Subject: Internationalise the salution, making sure it's OK to miss out the
 public body name as they might in French.  Fixes #134.

---
 spec/lib/i18n_interpolation.rb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 spec/lib/i18n_interpolation.rb

(limited to 'spec/lib')

diff --git a/spec/lib/i18n_interpolation.rb b/spec/lib/i18n_interpolation.rb
new file mode 100644
index 000000000..8c86413ad
--- /dev/null
+++ b/spec/lib/i18n_interpolation.rb
@@ -0,0 +1,15 @@
+# This is a test of the set_content_type monkey patch in
+# lib/tmail_extensions.rb
+
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe "when using i18n" do
+
+    it "should not complain if we're missing variables from the string" do
+        result = _('Hello', :dip => 'hummus')
+        result.should == 'Hello'
+        result = _('Hello {{dip}}', :dip => 'hummus')
+        result.should == 'Hello hummus'
+    end
+end
+
-- 
cgit v1.2.3