/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/spec/session_hijacking_spec.rb

https://github.com/delowong/logstash · Ruby · 55 lines · 46 code · 8 blank · 1 comment · 2 complexity · eadea319a0fd33bbb447ab33108d4627 MD5 · raw file 

    

  1. require File.expand_path('../spec_helper.rb', __FILE__)
    2. 

  2. 

  3. describe Rack::Protection::SessionHijacking do
    4. 

  4.   it_behaves_like "any rack application"
    5. 

  5. 

  6.   it "accepts a session without changes to tracked parameters" do
    7. 

  7.     session = {:foo => :bar}
    8. 

  8.     get '/', {}, 'rack.session' => session
    9. 

  9.     get '/', {}, 'rack.session' => session
    10. 

  10.     session[:foo].should == :bar
    11. 

  11.   end
    12. 

  12. 

  13.   it "denies requests with a changing User-Agent header" do
    14. 

  14.     session = {:foo => :bar}
    15. 

  15.     get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'a'
    16. 

  16.     get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'b'
    17. 

  17.     session.should be_empty
    18. 

  18.   end
    19. 

  19. 

  20.   it "accepts requests with a changing Accept-Encoding header" do
    21. 

  21.     # this is tested because previously it led to clearing the session
    22. 

  22.     session = {:foo => :bar}
    23. 

  23.     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
    24. 

  24.     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
    25. 

  25.     session.should_not be_empty
    26. 

  26.   end
    27. 

  27. 

  28.   it "denies requests with a changing Accept-Language header" do
    29. 

  29.     session = {:foo => :bar}
    30. 

  30.     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
    31. 

  31.     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'b'
    32. 

  32.     session.should be_empty
    33. 

  33.   end
    34. 

  34. 

  35.   it "accepts requests with the same Accept-Language header" do
    36. 

  36.     session = {:foo => :bar}
    37. 

  37.     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
    38. 

  38.     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
    39. 

  39.     session.should_not be_empty
    40. 

  40.   end
    41. 

  41. 

  42.   it "comparison of Accept-Language header is not case sensitive" do
    43. 

  43.     session = {:foo => :bar}
    44. 

  44.     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
    45. 

  45.     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'A'
    46. 

  46.     session.should_not be_empty
    47. 

  47.   end
    48. 

  48. 

  49.   it "accepts requests with a changing Version header"do
    50. 

  50.     session = {:foo => :bar}
    51. 

  51.     get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
    52. 

  52.     get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
    53. 

  53.     session[:foo].should == :bar
    54. 

  54.   end
    55. 

  55. end
    56.