From fbad882075e745ab7afbe5f89c67544fb3c607c3 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Thu, 18 Aug 2016 11:00:16 +0200
Subject: respond_to on a per controller basis

If you inherit respond to and call it again in your controller
it will not overwrite the previous but add to it.

Since we always have some exceptions from the rules it's probably
easiest to be explicit in the controllers that require it themselves.
---
 test/functional/api/sessions_controller_test.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'test/functional/api/sessions_controller_test.rb')

diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb
index 03a1ef9..06a3c22 100644
--- a/test/functional/api/sessions_controller_test.rb
+++ b/test/functional/api/sessions_controller_test.rb
@@ -44,7 +44,8 @@ class Api::SessionsControllerTest < ApiControllerTest
 
     api_post :update, :id => @user.login, :client_auth => @client_hex
 
-    assert_nil session[:handshake]
+    assert_nil session[:handshake],
+      'session should be cleared to prevent session fixation attacks'
     assert_response :success
     assert json_response.keys.include?("id")
     assert json_response.keys.include?("token")
-- 
cgit v1.2.3