/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/spec/session_hijacking_spec.rb

https://github.com/delowong/logstash · Ruby · 55 lines · 46 code · 8 blank · 1 comment · 2 complexity · eadea319a0fd33bbb447ab33108d4627 MD5 · raw file

  1. require File.expand_path('../spec_helper.rb', __FILE__)
  2. describe Rack::Protection::SessionHijacking do
  3. it_behaves_like "any rack application"
  4. it "accepts a session without changes to tracked parameters" do
  5. session = {:foo => :bar}
  6. get '/', {}, 'rack.session' => session
  7. get '/', {}, 'rack.session' => session
  8. session[:foo].should == :bar
  9. end
  10. it "denies requests with a changing User-Agent header" do
  11. session = {:foo => :bar}
  12. get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'a'
  13. get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'b'
  14. session.should be_empty
  15. end
  16. it "accepts requests with a changing Accept-Encoding header" do
  17. # this is tested because previously it led to clearing the session
  18. session = {:foo => :bar}
  19. get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
  20. get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
  21. session.should_not be_empty
  22. end
  23. it "denies requests with a changing Accept-Language header" do
  24. session = {:foo => :bar}
  25. get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
  26. get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'b'
  27. session.should be_empty
  28. end
  29. it "accepts requests with the same Accept-Language header" do
  30. session = {:foo => :bar}
  31. get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
  32. get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
  33. session.should_not be_empty
  34. end
  35. it "comparison of Accept-Language header is not case sensitive" do
  36. session = {:foo => :bar}
  37. get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
  38. get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'A'
  39. session.should_not be_empty
  40. end
  41. it "accepts requests with a changing Version header"do
  42. session = {:foo => :bar}
  43. get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
  44. get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
  45. session[:foo].should == :bar
  46. end
  47. end