diff options
author | Jon Newson <jon_newson@ieee.org> | 2016-02-26 16:20:59 +1100 |
---|---|---|
committer | Jon Newson <jon_newson@ieee.org> | 2016-02-26 16:20:59 +1100 |
commit | 05f4e2ca2d64eaba23c87df4d2e2cc9e09bba6de (patch) | |
tree | 50b2ccf6454f31a3f6bceaa997a5e2abbcb91a80 /web-ui/test/spec/page | |
parent | 52467b9aef76c9aac2f250478befd3afb7b6aabd (diff) | |
parent | dbb434b56e6b161a3b851ae6a81f96dff14a29da (diff) |
Merge branch 'master' of https://github.com/pixelated/pixelated-user-agent
# By Felix Hammerl (5) and others
# Via NavaL
* 'master' of https://github.com/pixelated/pixelated-user-agent:
serving the client directly, as the current dependency on proxy strips out xsrf cookies -fixing functional test
only adding feature resource in root_resource test -- fixing build
changed logout to post Issue #612
Backend and frontend protection against csrf attacks: - root resources changes the csrf token cookie everytime it is loaded, in particular during the intestitial load during login - it will also add that cookie on single user mode - initialize will still load all resources - but they you cant access them if the csrf token do not match - all ajax calls needs to add the token to the header - non ajax get requests do not need xsrf token validation - non ajax post will have to send the token in as a form input or in the content
Consolidate stylesheets
Remove unused font and stylesheetgit s
Create a new deferred for all IMAPAccount calls
Clean up jshintrc
Recreate session on soledad problems
issue #617: Remove old html whitelister
Issue #617: Sanitize received content
Diffstat (limited to 'web-ui/test/spec/page')
-rw-r--r-- | web-ui/test/spec/page/logout.spec.js | 53 | ||||
-rw-r--r-- | web-ui/test/spec/page/router/url_params.spec.js | 2 |
2 files changed, 45 insertions, 10 deletions
diff --git a/web-ui/test/spec/page/logout.spec.js b/web-ui/test/spec/page/logout.spec.js index 7e384cad..a8b882b0 100644 --- a/web-ui/test/spec/page/logout.spec.js +++ b/web-ui/test/spec/page/logout.spec.js @@ -8,26 +8,48 @@ describeComponent('page/logout', function () { features = require('features'); }); - it('should provide logout link if logout is enabled', function () { + it('should provide logout form if logout is enabled', function () { spyOn(features, 'isLogoutEnabled').and.returnValue(true); this.setupComponent('<nav id="logout"></nav>', {}); - var logout_link = this.component.$node.find('a')[0]; - expect(logout_link).toExist(); - expect(logout_link.href).toMatch('test/logout/url'); + var logout_form = this.component.$node.find('form')[0]; + expect(logout_form).toExist(); + expect(logout_form.action).toMatch('test/logout/url'); + expect(logout_form.method).toMatch('POST'); }); - it('should not provide logout link if disabled', function() { + it('should not provide logout form if logout is disabled', function () { spyOn(features, 'isLogoutEnabled').and.returnValue(false); this.setupComponent('<nav id="logout"></nav>', {}); - var logout_link = this.component.$node.find('a')[0]; - expect(logout_link).not.toExist(); + var logout_form = this.component.$node.find('form')[0]; + expect(logout_form).not.toExist(); }); - it('should render logout in collapsed nav bar if logout is enabled', function() { + it('should provide csrf token if logout is enabled', function () { + spyOn(features, 'isLogoutEnabled').and.returnValue(true); + document.cookie = 'XSRF-TOKEN=ff895ffc45a4ce140bfc5dda6c61d232; i18next=en-us'; + + this.setupComponent('<nav id="logout"></nav>', {}); + + var logout_input = this.component.$node.find('input')[0]; + expect(logout_input).toExist(); + expect(logout_input.value).toEqual('ff895ffc45a4ce140bfc5dda6c61d232'); + expect(logout_input.type).toEqual('hidden'); + }); + + it('should not provide csrf token if logout is disabled', function () { + spyOn(features, 'isLogoutEnabled').and.returnValue(false); + + this.setupComponent('<nav id="logout"></nav>', {}); + + var logout_input = this.component.$node.find('input')[0]; + expect(logout_input).not.toExist(); + }); + + xit('should render logout in collapsed nav bar if logout is enabled', function() { spyOn(features, 'isLogoutEnabled').and.returnValue(true); this.setupComponent('<ul id="logout-shortcuts" class="shortcuts"></ul>', {}); @@ -36,6 +58,21 @@ describeComponent('page/logout', function () { expect(logout_icon).toExist(); expect(logout_icon.innerHTML).toContain('<div class="fa fa-sign-out"></div>'); }); + + it('should submit logout form if logout is enabled', function () { + spyOn(features, 'isLogoutEnabled').and.returnValue(true); + + this.setupComponent('<nav id="logout"></nav>', {}); + + var logout_form = this.component.$node.find('form')[0]; + spyOn(logout_form, 'submit'); + + this.component.$node.click(); + + expect(logout_form.submit).toHaveBeenCalled(); + }); + + }); }); diff --git a/web-ui/test/spec/page/router/url_params.spec.js b/web-ui/test/spec/page/router/url_params.spec.js index 24cc3797..3c550a43 100644 --- a/web-ui/test/spec/page/router/url_params.spec.js +++ b/web-ui/test/spec/page/router/url_params.spec.js @@ -1,5 +1,3 @@ -/* global jasmine */ - require(['page/router/url_params'], function (urlParams) { 'use strict'; |