PageRenderTime 36ms CodeModel.GetById 18ms app.highlight 16ms RepoModel.GetById 1ms app.codeStats 0ms

/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/spec/session_hijacking_spec.rb

https://github.com/delowong/logstash
Ruby | 55 lines | 46 code | 8 blank | 1 comment | 2 complexity | eadea319a0fd33bbb447ab33108d4627 MD5 | raw file
 1require File.expand_path('../spec_helper.rb', __FILE__)
 2
 3describe Rack::Protection::SessionHijacking do
 4  it_behaves_like "any rack application"
 5
 6  it "accepts a session without changes to tracked parameters" do
 7    session = {:foo => :bar}
 8    get '/', {}, 'rack.session' => session
 9    get '/', {}, 'rack.session' => session
10    session[:foo].should == :bar
11  end
12
13  it "denies requests with a changing User-Agent header" do
14    session = {:foo => :bar}
15    get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'a'
16    get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'b'
17    session.should be_empty
18  end
19
20  it "accepts requests with a changing Accept-Encoding header" do
21    # this is tested because previously it led to clearing the session
22    session = {:foo => :bar}
23    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
24    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
25    session.should_not be_empty
26  end
27
28  it "denies requests with a changing Accept-Language header" do
29    session = {:foo => :bar}
30    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
31    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'b'
32    session.should be_empty
33  end
34
35  it "accepts requests with the same Accept-Language header" do
36    session = {:foo => :bar}
37    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
38    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
39    session.should_not be_empty
40  end
41
42  it "comparison of Accept-Language header is not case sensitive" do
43    session = {:foo => :bar}
44    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
45    get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'A'
46    session.should_not be_empty
47  end
48
49  it "accepts requests with a changing Version header"do
50    session = {:foo => :bar}
51    get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
52    get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
53    session[:foo].should == :bar
54  end
55end