Skip to content

Commit 2833d31

Browse files
dornerdorner
committed
Add tests
1 parent afeef31 commit 2833d31

5 files changed

Lines changed: 50 additions & 4 deletions

File tree

app/controllers/concerns/validatable.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@ module Validatable
33

44
included do
55
rescue_from ActionController::InvalidAuthenticityToken do
6-
if action_name == 'validate'
7-
render json: { valid: false }
6+
if action_name == "validate"
7+
render json: {valid: false}
88
else
99
session_expired
1010
end

spec/requests/distributions_requests_spec.rb

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -816,6 +816,17 @@
816816

817817
include_examples "restricts access to organization users/admins"
818818
end
819+
820+
describe 'POST #validate' do
821+
it 'should handle missing CSRF gracefully' do
822+
ActionController::Base.allow_forgery_protection = true
823+
post validate_partners_individuals_requests_path
824+
ActionController::Base.allow_forgery_protection = false
825+
826+
expect(JSON.parse(response.body)).to eq({'valid' => false})
827+
expect(response.status).to eq(200)
828+
end
829+
end
819830
end
820831

821832
context "While not signed in" do

spec/requests/partners/family_requests_controller_spec.rb renamed to spec/requests/partners/family_requests_requests_spec.rb

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111

1212
before { sign_in(partner_user) }
1313

14-
describe 'GET #new' do
14+
describe "GET #new" do
1515
subject { get new_partners_family_request_path }
1616

1717
it "does not allow deactivated partners" do
@@ -27,7 +27,7 @@
2727
end
2828
end
2929

30-
describe 'POST #create' do
30+
describe "POST #create" do
3131
before do
3232
# Set one child as deactivated and the other as active but
3333
# without a item_needed_diaperid
@@ -66,4 +66,15 @@
6666
expect(Partners::ChildItemRequest.find_by(child_id: children[2].id)).to be_present
6767
end
6868
end
69+
70+
describe "POST #validate" do
71+
it "should handle missing CSRF gracefully" do
72+
ActionController::Base.allow_forgery_protection = true
73+
post validate_partners_family_requests_path
74+
ActionController::Base.allow_forgery_protection = false
75+
76+
expect(JSON.parse(response.body)).to eq({"valid" => false})
77+
expect(response.status).to eq(200)
78+
end
79+
end
6980
end

spec/requests/partners/individuals_requests_controller_spec.rb renamed to spec/requests/partners/individuals_requests_requests_spec.rb

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,4 +156,15 @@
156156
end
157157
end
158158
end
159+
160+
describe "POST #validate" do
161+
it "should handle missing CSRF gracefully" do
162+
ActionController::Base.allow_forgery_protection = true
163+
post validate_partners_individuals_requests_path
164+
ActionController::Base.allow_forgery_protection = false
165+
166+
expect(JSON.parse(response.body)).to eq({"valid" => false})
167+
expect(response.status).to eq(200)
168+
end
169+
end
159170
end

spec/requests/partners/requests_spec.rb

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -407,4 +407,17 @@
407407
end
408408
end
409409
end
410+
411+
describe 'POST #validate' do
412+
it 'should handle missing CSRF gracefully' do
413+
sign_in(partner_user)
414+
415+
ActionController::Base.allow_forgery_protection = true
416+
post validate_partners_requests_path
417+
ActionController::Base.allow_forgery_protection = false
418+
419+
expect(JSON.parse(response.body)).to eq({'valid' => false})
420+
expect(response.status).to eq(200)
421+
end
422+
end
410423
end

0 commit comments

Comments
 (0)