Update tests to use safe redirects

2026-01-09 15:47:59 -05:00 · 2019-01-22 17:21:32 -02:00
parent c000b58c56
commit c116542c28
3 changed files with 6 additions and 6 deletions
--- a/test/controllers/passwords_controller_test.rb
+++ b/test/controllers/passwords_controller_test.rb
@@ -25,7 +25,7 @@ class PasswordsControllerTest < Devise::ControllerTestCase
  end
  test 'redirect accordingly if after_resetting_password_path_for is overridden' do
-    custom_path = "http://custom.path/"
+    custom_path = "/custom-path/"
    Devise::PasswordsController.any_instance.stubs(:after_resetting_password_path_for).with(@user).returns(custom_path)
    put_update_with_params
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@@ -36,7 +36,7 @@ class SessionsControllerTest < Devise::ControllerTestCase
  test "#create delete the url stored in the session if the requested format is navigational" do
    request.env["devise.mapping"] = Devise.mappings[:user]
-    request.session["user_return_to"] = 'foo.bar'
+    request.session["user_return_to"] = '/foo.bar'
    user = create_user
    user.confirm
--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@@ -82,7 +82,7 @@ class FailureTest < ActiveSupport::TestCase
    end
    test 'returns to the default redirect location considering subdomain' do
-      call_failure('warden.options' => { scope: :subdomain_user })
+      call_failure('warden.options' => { scope: :subdomain_user }, 'REQUEST_URI' => 'http://sub.test.host/', 'HTTP_HOST' => 'sub.test.host')
      assert_equal 302, @response.first
      assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
      assert_equal 'http://sub.test.host/subdomain_users/sign_in', @response.second['Location']
@@ -105,7 +105,7 @@ class FailureTest < ActiveSupport::TestCase
    test 'returns to the root path considering subdomain if no session path is available' do
      swap Devise, router_name: :fake_app do
-        call_failure app: FailureWithSubdomain
+        call_failure app: FailureWithSubdomain, 'REQUEST_URI' => 'http://sub.test.host/', 'HTTP_HOST' => 'sub.test.host'
        assert_equal 302, @response.first
        assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
        assert_equal 'http://sub.test.host/', @response.second['Location']
@@ -130,7 +130,7 @@ class FailureTest < ActiveSupport::TestCase
      test 'returns to the default redirect location considering the relative url root and subdomain' do
        swap Rails.application.config, relative_url_root: "/sample" do
-          call_failure('warden.options' => { scope: :subdomain_user })
+          call_failure('warden.options' => { scope: :subdomain_user }, 'REQUEST_URI' => 'http://sub.test.host/', 'HTTP_HOST' => 'sub.test.host')
          assert_equal 302, @response.first
          assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location']
        end
@@ -148,7 +148,7 @@ class FailureTest < ActiveSupport::TestCase
      test "returns to the default redirect location considering action_controller's relative url root and subdomain" do
        swap Rails.application.config.action_controller, relative_url_root: "/sample" do
-          call_failure('warden.options' => { scope: :subdomain_user })
+          call_failure('warden.options' => { scope: :subdomain_user }, 'REQUEST_URI' => 'http://sub.test.host/', 'HTTP_HOST' => 'sub.test.host')
          assert_equal 302, @response.first
          assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location']
        end