diff options
Diffstat (limited to 'spec/initializers/actionpack_generate_old_csrf_token_spec.rb')
-rw-r--r-- | spec/initializers/actionpack_generate_old_csrf_token_spec.rb | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/spec/initializers/actionpack_generate_old_csrf_token_spec.rb b/spec/initializers/actionpack_generate_old_csrf_token_spec.rb deleted file mode 100644 index 036f52398bb..00000000000 --- a/spec/initializers/actionpack_generate_old_csrf_token_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe ActionController::Base, 'CSRF token generation patch', type: :controller do # rubocop:disable RSpec/FilePath - let(:fixed_seed) { SecureRandom.random_bytes(described_class::AUTHENTICITY_TOKEN_LENGTH) } - - context 'global_csrf_token feature flag is enabled' do - it 'generates 6.0.3.1 style CSRF token', :aggregate_failures do - generated_token = controller.send(:form_authenticity_token) - - expect(valid_authenticity_token?(generated_token)).to be_truthy - expect(compare_with_real_token(generated_token)).to be_falsey - expect(compare_with_global_token(generated_token)).to be_truthy - end - end - - context 'global_csrf_token feature flag is disabled' do - before do - stub_feature_flags(global_csrf_token: false) - end - - it 'generates 6.0.3 style CSRF token', :aggregate_failures do - generated_token = controller.send(:form_authenticity_token) - - expect(valid_authenticity_token?(generated_token)).to be_truthy - expect(compare_with_real_token(generated_token)).to be_truthy - expect(compare_with_global_token(generated_token)).to be_falsey - end - end - - def compare_with_global_token(token) - unmasked_token = controller.send :unmask_token, Base64.strict_decode64(token) - - controller.send(:compare_with_global_token, unmasked_token, session) - end - - def compare_with_real_token(token) - unmasked_token = controller.send :unmask_token, Base64.strict_decode64(token) - - controller.send(:compare_with_real_token, unmasked_token, session) - end - - def valid_authenticity_token?(token) - controller.send(:valid_authenticity_token?, session, token) - end -end |