respond_to on a per controller basis

If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
author: Azul <azul@riseup.net> 2016-08-18 11:00:16 +0200
committer: Azul <azul@riseup.net> 2016-08-19 11:15:31 +0200
commit: fbad882075e745ab7afbe5f89c67544fb3c607c3 (patch)
tree: d55e4c4dd3a6612e04e0fd40e736c8b6d4342762 /test
parent: 20bb76848b852bba9ab3c99b1c2a68464585bd56 (diff)
5 files changed, 20 insertions, 17 deletions
diff --git a/test/functional/api/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb
index f23b4c8..25ceb8e 100644
--- a/test/functional/api/certs_controller_test.rb
+++ b/test/functional/api/certs_controller_test.rb
@@ -57,4 +57,10 @@ class Api::CertsControllerTest < ApiControllerTest
       returns(cert)
     return cert
   end
+
+  # overwrite defaults from ApiController because we don't do json here.
+  def add_api_defaults(args)
+    add_defaults args, version: '2'
+  end
+
 end
diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb
index 03a1ef9..06a3c22 100644
--- a/test/functional/api/sessions_controller_test.rb
+++ b/test/functional/api/sessions_controller_test.rb
@@ -44,7 +44,8 @@ class Api::SessionsControllerTest < ApiControllerTest
 
     api_post :update, :id => @user.login, :client_auth => @client_hex
 
-    assert_nil session[:handshake]
+    assert_nil session[:handshake],
+      'session should be cleared to prevent session fixation attacks'
     assert_response :success
     assert json_response.keys.include?("id")
     assert json_response.keys.include?("token")
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index 53382c1..3adddfd 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -3,13 +3,8 @@ require 'openssl'
 
 class SmtpCertTest < ApiIntegrationTest
 
-  setup do
-    @testcode = InviteCode.new
-    @testcode.save!
-  end
-
   test "retrieve smtp cert" do
-    @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+    @user = create_invited_user effective_service_level_code: 2
     login
     post smtp_cert_url, {}, RACK_ENV
     assert_text_response
@@ -20,7 +15,7 @@ class SmtpCertTest < ApiIntegrationTest
   end
 
   test "cert and key" do
-    @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+    @user = create_invited_user effective_service_level_code: 2
     login
     post smtp_cert_url, {}, RACK_ENV
     assert_text_response
@@ -32,7 +27,7 @@ class SmtpCertTest < ApiIntegrationTest
   end
 
   test "fingerprint is stored with identity" do
-    @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+    @user = create_invited_user effective_service_level_code: 2
     login
     post smtp_cert_url, {}, RACK_ENV
     assert_text_response
@@ -46,7 +41,6 @@ class SmtpCertTest < ApiIntegrationTest
   end
 
   test "fetching smtp certs requires email account" do
-
     login
     post smtp_cert_url, {}, RACK_ENV
     assert_access_denied
diff --git a/test/support/api_controller_test.rb b/test/support/api_controller_test.rb
index 06cb46a..97d86fc 100644
--- a/test/support/api_controller_test.rb
+++ b/test/support/api_controller_test.rb
@@ -17,7 +17,7 @@ class ApiControllerTest < ActionController::TestCase
   end
 
   def add_api_defaults(args)
-    add_defaults args, version: '2'
+    add_defaults args, version: '2', format: :json
   end
 
   def add_defaults(args, defaults)
diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb
index cea480c..7942558 100644
--- a/test/support/api_integration_test.rb
+++ b/test/support/api_integration_test.rb
@@ -7,13 +7,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
     2
   end
 
-  setup do
-    @testcode = InviteCode.new
-    @testcode.save!
-  end
-
   def login(user = nil)
-    @user ||= user ||= FactoryGirl.create(:user, :invite_code => @testcode.invite_code)
+    @user ||= user ||= create_invited_user
     # DUMMY_TOKEN will be frozen. So let's use a dup
     @token ||= DUMMY_TOKEN.dup
     # make sure @token is up to date if it already exists
@@ -23,6 +18,13 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
     @token.save
   end
 
+  def create_invited_user(options = {})
+    @testcode = InviteCode.new
+    @testcode.save!
+    options.reverse_merge! invite_code: @testcode.invite_code
+    FactoryGirl.create :user, options
+  end
+
   teardown do
     if @user && @user.persisted?
       @user.destroy_identities
author	Azul <azul@riseup.net>	2016-08-18 11:00:16 +0200
committer	Azul <azul@riseup.net>	2016-08-19 11:15:31 +0200
commit	fbad882075e745ab7afbe5f89c67544fb3c607c3 (patch)
tree	d55e4c4dd3a6612e04e0fd40e736c8b6d4342762 /test
parent	20bb76848b852bba9ab3c99b1c2a68464585bd56 (diff)