Merge branch 'master' of https://github.com/pixelated/pixelated-user-agent

# By Felix Hammerl (5) and others # Via NavaL * 'master' of https://github.com/pixelated/pixelated-user-agent: serving the client directly, as the current dependency on proxy strips out xsrf cookies -fixing functional test only adding feature resource in root_resource test -- fixing build changed logout to post Issue #612 Backend and frontend protection against csrf attacks: - root resources changes the csrf token cookie everytime it is loaded, in particular during the intestitial load during login - it will also add that cookie on single user mode - initialize will still load all resources - but they you cant access them if the csrf token do not match - all ajax calls needs to add the token to the header - non ajax get requests do not need xsrf token validation - non ajax post will have to send the token in as a form input or in the content Consolidate stylesheets Remove unused font and stylesheetgit s Create a new deferred for all IMAPAccount calls Clean up jshintrc Recreate session on soledad problems issue #617: Remove old html whitelister Issue #617: Sanitize received content
author: Jon Newson <jon_newson@ieee.org> 2016-02-26 16:20:59 +1100
committer: Jon Newson <jon_newson@ieee.org> 2016-02-26 16:20:59 +1100
commit: 05f4e2ca2d64eaba23c87df4d2e2cc9e09bba6de (patch)
tree: 50b2ccf6454f31a3f6bceaa997a5e2abbcb91a80 /web-ui/test/spec/page
parent: 52467b9aef76c9aac2f250478befd3afb7b6aabd (diff)
parent: dbb434b56e6b161a3b851ae6a81f96dff14a29da (diff)
2 files changed, 45 insertions, 10 deletions
diff --git a/web-ui/test/spec/page/logout.spec.js b/web-ui/test/spec/page/logout.spec.js
index 7e384cad..a8b882b0 100644
--- a/web-ui/test/spec/page/logout.spec.js
+++ b/web-ui/test/spec/page/logout.spec.js
@@ -8,26 +8,48 @@ describeComponent('page/logout', function () {
       features = require('features');
     });
 
-    it('should provide logout link if logout is enabled', function () {
+    it('should provide logout form if logout is enabled', function () {
       spyOn(features, 'isLogoutEnabled').and.returnValue(true);
 
       this.setupComponent('<nav id="logout"></nav>', {});
 
-      var logout_link = this.component.$node.find('a')[0];
-      expect(logout_link).toExist();
-      expect(logout_link.href).toMatch('test/logout/url');
+      var logout_form = this.component.$node.find('form')[0];
+      expect(logout_form).toExist();
+      expect(logout_form.action).toMatch('test/logout/url');
+      expect(logout_form.method).toMatch('POST');
     });
 
-    it('should not provide logout link if disabled', function() {
+    it('should not provide logout form if logout is disabled', function () {
       spyOn(features, 'isLogoutEnabled').and.returnValue(false);
 
       this.setupComponent('<nav id="logout"></nav>', {});
 
-      var logout_link = this.component.$node.find('a')[0];
-      expect(logout_link).not.toExist();
+      var logout_form = this.component.$node.find('form')[0];
+      expect(logout_form).not.toExist();
     });
 
-    it('should render logout in collapsed nav bar if logout is enabled', function() {
+    it('should provide csrf token if logout is enabled', function () {
+      spyOn(features, 'isLogoutEnabled').and.returnValue(true);
+      document.cookie = 'XSRF-TOKEN=ff895ffc45a4ce140bfc5dda6c61d232; i18next=en-us';
+
+      this.setupComponent('<nav id="logout"></nav>', {});
+
+      var logout_input = this.component.$node.find('input')[0];
+      expect(logout_input).toExist();
+      expect(logout_input.value).toEqual('ff895ffc45a4ce140bfc5dda6c61d232');
+      expect(logout_input.type).toEqual('hidden');
+    });
+
+    it('should not provide csrf token if logout is disabled', function () {
+      spyOn(features, 'isLogoutEnabled').and.returnValue(false);
+
+      this.setupComponent('<nav id="logout"></nav>', {});
+
+      var logout_input = this.component.$node.find('input')[0];
+      expect(logout_input).not.toExist();
+    });
+
+    xit('should render logout in collapsed nav bar if logout is enabled', function() {
       spyOn(features, 'isLogoutEnabled').and.returnValue(true);
 
       this.setupComponent('<ul id="logout-shortcuts" class="shortcuts"></ul>', {});
@@ -36,6 +58,21 @@ describeComponent('page/logout', function () {
       expect(logout_icon).toExist();
       expect(logout_icon.innerHTML).toContain('<div class="fa fa-sign-out"></div>');
     });
+
+    it('should submit logout form if logout is enabled', function () {
+      spyOn(features, 'isLogoutEnabled').and.returnValue(true);
+
+      this.setupComponent('<nav id="logout"></nav>', {});
+
+      var logout_form = this.component.$node.find('form')[0];
+      spyOn(logout_form, 'submit');
+
+      this.component.$node.click();
+
+      expect(logout_form.submit).toHaveBeenCalled();
+    });
+
+
   });
 });
 
diff --git a/web-ui/test/spec/page/router/url_params.spec.js b/web-ui/test/spec/page/router/url_params.spec.js
index 24cc3797..3c550a43 100644
--- a/web-ui/test/spec/page/router/url_params.spec.js
+++ b/web-ui/test/spec/page/router/url_params.spec.js
@@ -1,5 +1,3 @@
-/* global jasmine */
-
 require(['page/router/url_params'], function (urlParams) {
   'use strict';
author	Jon Newson <jon_newson@ieee.org>	2016-02-26 16:20:59 +1100
committer	Jon Newson <jon_newson@ieee.org>	2016-02-26 16:20:59 +1100
commit	05f4e2ca2d64eaba23c87df4d2e2cc9e09bba6de (patch)
tree	50b2ccf6454f31a3f6bceaa997a5e2abbcb91a80 /web-ui/test/spec/page
parent	52467b9aef76c9aac2f250478befd3afb7b6aabd (diff)
parent	dbb434b56e6b161a3b851ae6a81f96dff14a29da (diff)