Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #10059: auto_complete_should_work_with_CSRF_and_be_testable_outside_a_project.patch

File auto_complete_should_work_with_CSRF_and_be_testable_outside_a_project.patch, 4.5 kB (added by krishna, 1 year ago)

  • auto_complete/test/auto_complete_test.rb

    old new  
    1 require File.expand_path(File.join(File.dirname(__FILE__), '../../../../test/test_helper'))  
     1require "test/unit" 
     2require "rubygems" 
     3require "action_controller" 
     4require "action_controller/assertions" 
     5require "action_controller/mime_type" 
    26 
     7$:.unshift File.dirname(__FILE__) + '/../lib' 
     8require "auto_complete" 
     9require "auto_complete_macros_helper" 
     10require File.dirname(__FILE__) + '/../init' 
     11 
    312class AutoCompleteTest < Test::Unit::TestCase 
    413  include AutoComplete 
    514  include AutoCompleteMacrosHelper 
     
    817  include ActionView::Helpers::TagHelper 
    918  include ActionView::Helpers::TextHelper 
    1019  include ActionView::Helpers::FormHelper 
    11   include ActionView::Helpers::CaptureHelper 
     20  include ActionView::Helpers::CaptureHelper   
    1221   
    1322  def setup 
     23    @protect_against_forgery = false 
    1424    @controller = Class.new do 
    1525      def url_for(options) 
    1626        url =  "http://www.example.com/" 
     
    4151    assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nvar some_input_auto_completer = new Ajax.Autocompleter('some_input', 'some_input_auto_complete', 'http://www.example.com/autocomplete', {paramName:'huidriwusch'})\n//]]>\n</script>), 
    4252      auto_complete_field("some_input", :url => { :action => "autocomplete" }, :param_name => 'huidriwusch'); 
    4353    assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nvar some_input_auto_completer = new Ajax.Autocompleter('some_input', 'some_input_auto_complete', 'http://www.example.com/autocomplete', {method:'get'})\n//]]>\n</script>), 
    44       auto_complete_field("some_input", :url => { :action => "autocomplete" }, :method => :get); 
     54      auto_complete_field("some_input", :url => { :action => "autocomplete" }, :method => :get);    
    4555  end 
    4656   
     57  def test_auto_complete_field_with_protect_against_forgery 
     58    @protect_against_forgery = true 
     59    assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nvar some_input_auto_completer = new Ajax.Autocompleter('some_input', 'some_input_auto_complete', 'http://www.example.com/autocomplete', {parameters:'authenticity_token=' + encodeURIComponent('some_secret_hash')})\n//]]>\n</script>), 
     60      auto_complete_field("some_input", :url => { :action => "autocomplete" }); 
     61  end 
     62   
    4763  def test_auto_complete_result 
    4864    result = [ { :title => 'test1'  }, { :title => 'test2'  } ] 
    4965    assert_equal %(<ul><li>test1</li><li>test2</li></ul>),  
     
    6480      text_field_with_auto_complete(:message, :recipient, {}, :skip_style => true) 
    6581  end 
    6682   
     83  def test_text_field_with_auto_complete_and_protect_against_forgery 
     84    @protect_against_forgery = true 
     85    assert_dom_equal %(<input id=\"message_recipient\" name=\"message[recipient]\" size=\"30\" type=\"text\" /><div class=\"auto_complete\" id=\"message_recipient_auto_complete\"></div><script type=\"text/javascript\">\n//<![CDATA[\nvar message_recipient_auto_completer = new Ajax.Autocompleter('message_recipient', 'message_recipient_auto_complete', 'http://www.example.com/auto_complete_for_message_recipient', {parameters:'authenticity_token=' + encodeURIComponent('some_secret_hash')})\n//]]>\n</script>), 
     86      text_field_with_auto_complete(:message, :recipient, {}, :skip_style => true)     
     87  end 
     88     
     89  # stubbed CSRF-related methods for testing 
     90  def protect_against_forgery? 
     91    @protect_against_forgery # so we can turn it on and off for tests 
     92  end 
     93   
     94  def request_forgery_protection_token 
     95    :authenticity_token 
     96  end 
     97   
     98  def form_authenticity_token 
     99    "some_secret_hash" 
     100  end 
     101   
    67102end 

  • auto_complete/lib/auto_complete_macros_helper.rb

    old new  
    7070    js_options[:frequency]  = "#{options[:frequency]}" if options[:frequency] 
    7171    js_options[:method]     = "'#{options[:method].to_s}'" if options[:method] 
    7272 
     73    if protect_against_forgery? 
     74      js_options[:parameters] = "'#{request_forgery_protection_token}=' + encodeURIComponent('#{escape_javascript form_authenticity_token}')" 
     75    end 
     76 
    7377    { :after_update_element => :afterUpdateElement,  
    7478      :on_show => :onShow, :on_hide => :onHide, :min_chars => :minChars }.each do |k,v| 
    7579      js_options[v] = options[k] if options[k]