rack_csrf 2.3.0 → 2.4.0

data/spec/csrf_spec.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), 'spec_helper.rb')
+require 'spec_helper'
 
 describe Rack::Csrf do
   describe 'key' do
@@ -7,8 +7,7 @@ describe Rack::Csrf do
     end
 
     it "should be the value of the :key option" do
-      fakeapp = lambda {|env| [200, {}, []]}
-      Rack::Csrf.new fakeapp, :key => 'whatever'
+      Rack::Csrf.new nil, :key => 'whatever'
       Rack::Csrf.key.should == 'whatever'
     end
   end
@@ -25,8 +24,7 @@ describe Rack::Csrf do
     end
 
     it "should be the value of :field option" do
-      fakeapp = lambda {|env| [200, {}, []]}
-      Rack::Csrf.new fakeapp, :field => 'whatever'
+      Rack::Csrf.new nil, :field => 'whatever'
       Rack::Csrf.field.should == 'whatever'
     end
   end
@@ -37,6 +35,22 @@ describe Rack::Csrf do
     end
   end
 
+  describe 'header' do
+    subject { Rack::Csrf.header }
+    it      { should == 'X_CSRF_TOKEN' }
+
+    context "when set to something" do
+      before  { Rack::Csrf.new nil, :header => 'something' }
+      subject { Rack::Csrf.header }
+      it      { should == 'something' }
+    end
+  end
+
+  describe 'csrf_header' do
+    subject { Rack::Csrf.method(:csrf_header) }
+    it      { should == Rack::Csrf.method(:header) }
+  end
+
   describe 'token(env)' do
     let(:env) { {'rack.session' => {}} }
 
@@ -44,8 +58,7 @@ describe Rack::Csrf do
 
     context 'when accessing/manipulating the session' do
       before do
-        fakeapp = lambda {|env| [200, {}, []]}
-        Rack::Csrf.new fakeapp, :key => 'whatever'
+        Rack::Csrf.new nil, :key => 'whatever'
       end
 
       it 'should use the key provided by method key' do
@@ -84,8 +97,7 @@ describe Rack::Csrf do
     let(:env) { {'rack.session' => {}} }
 
     let :tag do
-      fakeapp = lambda {|env| [200, {}, []]}
-      Rack::Csrf.new fakeapp, :field => 'whatever'
+      Rack::Csrf.new nil, :field => 'whatever'
       Rack::Csrf.tag env
     end
 
@@ -113,78 +125,112 @@ describe Rack::Csrf do
     end
   end
 
-  describe 'skip_checking' do
-    class MockReq
-      attr_accessor :path_info, :request_method
-    end
-
-    before :each do
-      @request = MockReq.new
-      @request.path_info = '/hello'
-      @request.request_method = 'POST'
-    end
+  describe 'metatag(env)' do
+    let(:env) { {'rack.session' => {}} }
 
-    context 'with empty :skip and :check_only lists' do
-      let(:csrf) { Rack::Csrf.new nil }
+    context 'by default' do
+      let :metatag do
+        Rack::Csrf.new nil, :header => 'whatever'
+        Rack::Csrf.metatag env
+      end
 
-      it 'should run the check, irrespective of the request' do
-        csrf.send(:skip_checking, @request).should be_false
+      subject { metatag }
+      it { should =~ /^<meta/ }
+      it { should =~ /name="_csrf"/ }
+      it "should have the content provided by method token(env)" do
+        quoted_value = Regexp.quote %Q(content="#{Rack::Csrf.token(env)}")
+        metatag.should =~ /#{quoted_value}/
       end
     end
 
-    context 'with routes in the :skip list and nothing in the :check_only list' do
-      let(:csrf) { Rack::Csrf.new nil, :skip => ['POST:/hello'] }
-
-      it 'should skip the check when the request is included in the :skip list' do
-        csrf.send(:skip_checking, @request).should be_true
+    context 'with custom name' do
+      let :metatag do
+        Rack::Csrf.new nil, :header => 'whatever'
+        Rack::Csrf.metatag env, :name => 'custom_name'
       end
 
-      it 'should run the check when the request is not in the :skip list' do
-        @request.path_info = '/byebye'
-        csrf.send(:skip_checking, @request).should be_false
+      subject { metatag }
+      it { should =~ /^<meta/ }
+      it { should =~ /name="custom_name"/ }
+      it "should have the content provided by method token(env)" do
+        quoted_value = Regexp.quote %Q(content="#{Rack::Csrf.token(env)}")
+        metatag.should =~ /#{quoted_value}/
       end
     end
+  end
+
+  describe 'csrf_metatag(env)' do
+    it 'should be the same as method metatag(env)' do
+      Rack::Csrf.method(:csrf_metatag).should == Rack::Csrf.method(:metatag)
+    end
+  end
 
-    context 'with routes in the :check_only list and nothing in the :skip list' do
-      let(:csrf) { Rack::Csrf.new nil, :check_only => ['POST:/hello'] }
+  # Protected/private API
 
-      it 'should run the check when the request is included in the :check_only list' do
-        csrf.send(:skip_checking, @request).should be_false
-      end
+  describe 'rackified_header' do
+    before  { Rack::Csrf.new nil, :header => 'my-header' }
+    subject { Rack::Csrf.rackified_header }
+    it      { should == 'HTTP_MY_HEADER'}
+  end
 
-      it 'should skip the check when the request is not in the :check_only list' do
-        @request.path_info = '/byebye'
-        csrf.send(:skip_checking, @request).should be_true
-      end
+  describe 'skip_checking' do
+    let :request do
+      double 'Request',
+        :path_info => '/hello',
+        :request_method => 'POST',
+        :env => {'HTTP_X_VERY_SPECIAL_HEADER' => 'so true'}
     end
 
-    context 'with different routes in the :skip and :check_only lists' do
-      let :csrf do
-        Rack::Csrf.new nil,
-          :skip => ['POST:/hello'],
-          :check_only => ['POST:/byebye']
-      end
+    context 'when the lists are empty and there is no custom check' do
+      let(:csrf) { Rack::Csrf.new nil }
 
-      it 'should skip the check when the request is included in the :skip list' do
-        csrf.send(:skip_checking, @request).should be_true
+      it 'should run the check' do
+        csrf.send(:skip_checking, request).should be_false
       end
+    end
+
+    context 'when the request is included in the :skip list' do
+      let(:csrf) { Rack::Csrf.new nil, :skip => ['POST:/hello'] }
 
-      it 'should run the check when the request is included in the :check_only list' do
-        @request.path_info = '/byebye'
-        csrf.send(:skip_checking, @request).should be_false
+      it 'should not run the check' do
+        csrf.send(:skip_checking, request).should be_true
       end
     end
 
-    context 'with the same routes in the :check_only and :skip lists' do
-      let :csrf do
-        Rack::Csrf.new nil,
-          :skip => ['POST:/hello'],
-          :check_only => ['POST:/hello']
+    context 'when the request is not included in the :skip list' do
+      context 'but the request satisfies the custom check' do
+        let(:csrf) { Rack::Csrf.new nil, :skip_if => lambda { |req| req.env.key?('HTTP_X_VERY_SPECIAL_HEADER') } }
+
+        it 'should not run the check' do
+          csrf.send(:skip_checking, request).should be_true
+        end
       end
 
-      context 'when the request is included in one of the list' do
-        it 'should ignore the :check_only list and skip the check' do
-          csrf.send(:skip_checking, @request).should be_true
+      context 'and the request does not satisfies the custom check' do
+        context 'and the :check_only list is empty' do
+          let(:csrf) { Rack::Csrf.new nil, :check_only => [] }
+
+          it 'should run the check' do
+            csrf.send(:skip_checking, request).should be_false
+          end
+        end
+
+        context 'and the :check_only list is not empty' do
+          context 'and the request is included in the :check_only list' do
+            let(:csrf) { Rack::Csrf.new nil, :check_only => ['POST:/hello'] }
+
+            it 'should run the check' do
+              csrf.send(:skip_checking, request).should be_false
+            end
+          end
+
+          context 'but the request is not included in the :check_only list' do
+            let(:csrf) { Rack::Csrf.new nil, :check_only => ['POST:/ciao'] }
+
+            it 'should not run the check' do
+              csrf.send(:skip_checking, request).should be_true
+            end
+          end
         end
       end
     end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack_csrf
 version: !ruby/object:Gem::Version 
-  hash: 3
+  hash: 31
   prerelease: 
   segments: 
   - 2
-  - 3
+  - 4
   - 0
-  version: 2.3.0
+  version: 2.4.0
 platform: ruby
 authors: 
 - Emanuele Vicentini
@@ -15,11 +15,11 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-10-23 00:00:00 Z
+date: 2012-02-28 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: rack
   prerelease: false
+  type: :runtime
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
@@ -30,28 +30,44 @@ dependencies:
         - 0
         - 9
         version: "0.9"
-  type: :runtime
   version_requirements: *id001
+  name: rack
 - !ruby/object:Gem::Dependency 
-  name: cucumber
   prerelease: false
+  type: :development
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 1
+        hash: 23
         segments: 
-        - 0
         - 1
-        - 13
-        version: 0.1.13
-  type: :development
+        - 0
+        - 0
+        version: 1.0.0
   version_requirements: *id002
+  name: bundler
 - !ruby/object:Gem::Dependency 
-  name: rack-test
   prerelease: false
+  type: :development
   requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 17
+        segments: 
+        - 1
+        - 1
+        - 1
+        version: 1.1.1
+  version_requirements: *id003
+  name: cucumber
+- !ruby/object:Gem::Dependency 
+  prerelease: false
+  type: :development
+  requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -60,12 +76,12 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  type: :development
-  version_requirements: *id003
+  version_requirements: *id004
+  name: rack-test
 - !ruby/object:Gem::Dependency 
-  name: rspec
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  type: :development
+  requirement: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -76,12 +92,12 @@ dependencies:
         - 0
         - 0
         version: 2.0.0
-  type: :development
-  version_requirements: *id004
+  version_requirements: *id005
+  name: rspec
 - !ruby/object:Gem::Dependency 
-  name: rdoc
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  type: :development
+  requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -92,8 +108,22 @@ dependencies:
         - 4
         - 2
         version: 2.4.2
+  version_requirements: *id006
+  name: rdoc
+- !ruby/object:Gem::Dependency 
+  prerelease: false
   type: :development
-  version_requirements: *id005
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  version_requirements: *id007
+  name: jeweler
 description: Anti-CSRF Rack middleware
 email: emanuele.vicentini@gmail.com
 executables: []
@@ -106,6 +136,7 @@ extra_rdoc_files:
 files: 
 - .rspec
 - Changelog.md
+- Gemfile
 - LICENSE.rdoc
 - README.rdoc
 - Rakefile
@@ -150,6 +181,7 @@ files:
 - features/inspecting_also_get_requests.feature
 - features/raising_exception.feature
 - features/setup.feature
+- features/skip_if_block_passes.feature
 - features/skip_some_routes.feature
 - features/step_definitions/request_steps.rb
 - features/step_definitions/response_steps.rb
@@ -157,6 +189,7 @@ files:
 - features/support/env.rb
 - features/support/fake_session.rb
 - features/variation_on_field_name.feature
+- features/variation_on_header_name.feature
 - features/variation_on_key_name.feature
 - lib/rack/csrf.rb
 - lib/rack/vendor/securerandom.rb
@@ -171,7 +204,7 @@ rdoc_options:
 - --line-numbers
 - --inline-source
 - --title
-- Rack::Csrf 2.3.0
+- Rack::Csrf 2.4.0
 - --main
 - README.rdoc
 require_paths: 
@@ -197,7 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: rackcsrf
-rubygems_version: 1.8.11
+rubygems_version: 1.8.17
 signing_key: 
 specification_version: 3
 summary: Anti-CSRF Rack middleware