Revision b71907ec
Added by Lukas Zapletal almost 6 years ago
test/controllers/application_controller_subclass_test.rb | ||
---|---|---|
get :index
|
||
end
|
||
|
||
it "doesn't escalate privileges in the old session" do
|
||
old_session = session
|
||
get :index
|
||
refute old_session.keys.include?(:user), "old session contains user"
|
||
assert session[:user], "new session doesn't contain user"
|
||
end
|
||
|
||
it "retains taxonomy session attributes in new session" do
|
||
get :index, session: {:location_id => taxonomies(:location1).id,
|
||
:organization_id => taxonomies(:organization1).id,
|
test/controllers/users_controller_test.rb | ||
---|---|---|
post :login, params: { :login => {'login' => users(:admin).login, 'password' => 'secret'} }
|
||
end
|
||
|
||
test "#login doesn't escalate privileges in the old session" do
|
||
old_session = session
|
||
post :login, params: { :login => {'login' => users(:admin).login, 'password' => 'secret'} }
|
||
refute old_session.keys.include?(:user), "old session contains user"
|
||
assert session[:user], "new session doesn't contain user"
|
||
end
|
||
|
||
test "#login refuses logins when User.try_to_login fails" do
|
||
u = FactoryBot.create(:user)
|
||
User.expects(:try_to_login).with(u.login, 'password').returns(nil)
|
Also available in: Unified diff
Fixes #23875 - removed old session tests