summaryrefslogtreecommitdiff
path: root/test/functional/api
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2016-08-18 11:00:16 +0200
committerAzul <azul@riseup.net>2016-08-19 11:15:31 +0200
commitfbad882075e745ab7afbe5f89c67544fb3c607c3 (patch)
treed55e4c4dd3a6612e04e0fd40e736c8b6d4342762 /test/functional/api
parent20bb76848b852bba9ab3c99b1c2a68464585bd56 (diff)
respond_to on a per controller basis
If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
Diffstat (limited to 'test/functional/api')
-rw-r--r--test/functional/api/certs_controller_test.rb6
-rw-r--r--test/functional/api/sessions_controller_test.rb3
2 files changed, 8 insertions, 1 deletions
diff --git a/test/functional/api/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb
index f23b4c8..25ceb8e 100644
--- a/test/functional/api/certs_controller_test.rb
+++ b/test/functional/api/certs_controller_test.rb
@@ -57,4 +57,10 @@ class Api::CertsControllerTest < ApiControllerTest
returns(cert)
return cert
end
+
+ # overwrite defaults from ApiController because we don't do json here.
+ def add_api_defaults(args)
+ add_defaults args, version: '2'
+ end
+
end
diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb
index 03a1ef9..06a3c22 100644
--- a/test/functional/api/sessions_controller_test.rb
+++ b/test/functional/api/sessions_controller_test.rb
@@ -44,7 +44,8 @@ class Api::SessionsControllerTest < ApiControllerTest
api_post :update, :id => @user.login, :client_auth => @client_hex
- assert_nil session[:handshake]
+ assert_nil session[:handshake],
+ 'session should be cleared to prevent session fixation attacks'
assert_response :success
assert json_response.keys.include?("id")
assert json_response.keys.include?("token")