diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-21 15:09:05 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-21 15:09:05 +0000 |
commit | cf6a3e7ed4cb10a3e9fcbda810601387afc8b8d6 (patch) | |
tree | bda3707e95a53cb225793fded61d5073950b0b68 /spec/requests/sessions_spec.rb | |
parent | 2a040e2655fe0a99df61ad0a7bd0c27e68af0c38 (diff) | |
download | gitlab-ce-cf6a3e7ed4cb10a3e9fcbda810601387afc8b8d6.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/requests/sessions_spec.rb')
-rw-r--r-- | spec/requests/sessions_spec.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/requests/sessions_spec.rb b/spec/requests/sessions_spec.rb new file mode 100644 index 00000000000..6697700c37d --- /dev/null +++ b/spec/requests/sessions_spec.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Sessions' do + context 'authentication', :allow_forgery_protection do + let(:user) { create(:user) } + + it 'logout does not require a csrf token' do + login_as(user) + + post(destroy_user_session_path, headers: { 'X-CSRF-Token' => 'invalid' }) + + expect(response).to redirect_to(new_user_session_path) + end + end +end |