Skip to content

Commit f913433

Browse files
Benjamin-CoueyBenjamin-Couey
committed
Added tests specifying that, on an invalid CSRF token, the user should be redirected back with a friendly message
1 parent f6fa554 commit f913433

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

spec/system/authorization_system_spec.rb

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,4 +16,45 @@
1616

1717
expect(current_path).to eql "/dashboard"
1818
end
19+
20+
context "Submitting a form with an invalid CSRF token" do
21+
before(:all) do
22+
ActionController::Base.allow_forgery_protection = true
23+
end
24+
25+
context "When logging in" do
26+
it "should redirect back and show a helpful message" do
27+
visit "/users/sign_in"
28+
fill_in "user_email", with: user.email
29+
fill_in "user_password", with: DEFAULT_USER_PASSWORD
30+
first('input[name="authenticity_token"]', visible: false).set("NOTAVALIDCSRFTOKEN")
31+
click_button "Log in"
32+
expect(current_path).to eql "/users/sign_in"
33+
expect(page).to have_content "Your session expired. This could be due to leaving a page open for a long time, or having multiple tabs open. Try resubmitting."
34+
end
35+
end
36+
37+
context "When logged in and creating a distribution" do
38+
before do
39+
create(:storage_location, organization: organization, name: "Test Storage Location")
40+
storage_location = create(:partner, organization: organization, name: "Test Partner")
41+
setup_storage_location(storage_location)
42+
end
43+
it "should redirect back and show a helpful message" do
44+
sign_in(user)
45+
visit new_distribution_path
46+
select "Test Partner", from: "Partner"
47+
select "Test Storage Location", from: "From storage location"
48+
first('input[name="authenticity_token"]', visible: false).set("NOTAVALIDCSRFTOKEN")
49+
click_button "Save"
50+
click_button "Yes, it's correct"
51+
expect(current_path).to eql new_distribution_path
52+
expect(page).to have_content "Your session expired. This could be due to leaving a page open for a long time, or having multiple tabs open. Try resubmitting."
53+
end
54+
end
55+
56+
after(:all) do
57+
ActionController::Base.allow_forgery_protection = false
58+
end
59+
end
1960
end

0 commit comments

Comments
 (0)