Adds tests for global CSRF token header (bug 633129)

2011-03-03 13:32:24 -06:00 · 2011-03-03 13:32:24 -06:00 · 51a06cdf6b
--- a/media/js/zamboni/tests/global_tests.js
+++ b/media/js/zamboni/tests/global_tests.js
@ -0,0 +1,83 @@
+$(document).ready(function(){
+
+function _inspectHeaders(inspector, url) {
+    var headersInspected = false,
+        url = url || '/local-request-for-csrf.json';
+    $.mockjax({
+        url: url,
+        status: 200,
+        response: function(settings) {
+            inspector(this.headers);
+            headersInspected = true;
+        }
+    });
+    $.ajax({
+        url: url,
+        type: 'post',
+        data: 'foo=bar',
+        success: function(response) {},
+        error: function(xhr) {
+            console.log('ajax request Failed');
+        }
+    });
+    tests.waitFor(function() {
+        return headersInspected;
+    }).thenDo(function() {
+        start();
+    });
+}
+
+module('CSRF Token from input', {
+    setup: function() {
+        this._csrf = $.cookie('csrftoken');
+        $.cookie('csrftoken', '');
+        this.sandbox = tests.createSandbox('#csrf-template');
+    },
+    teardown: function() {
+        $.mockjaxClear();
+        this.sandbox.remove();
+        if (this._csrf) {
+            $.cookie('csrftoken', this._csrf);
+        }
+    }
+});
+
+asyncTest('header sent', function() {
+    _inspectHeaders(function(headers) {
+        equals(headers['X-CSRFToken'], '<csrf-from-input>');
+    });
+});
+
+module('CSRF Token from cookie', {
+    setup: function() {
+        this._csrf = $.cookie('csrftoken');
+        $.cookie('csrftoken', '<csrf-cookie>');
+    },
+    teardown: function() {
+        $.mockjaxClear();
+        if (this._csrf) {
+            $.cookie('csrftoken', this._csrf);
+        }
+    }
+});
+
+asyncTest('header sent', function() {
+    _inspectHeaders(function(headers) {
+        equals(headers['X-CSRFToken'], '<csrf-cookie>');
+    });
+});
+
+module('CSRF Token: remote', {
+    teardown: function() {
+        $.mockjaxClear();
+    }
+});
+
+asyncTest('CSRF not sent', function() {
+    _inspectHeaders(function(headers) {
+        var htype = typeof headers['X-CSRFToken'];
+        equals(htype, 'undefined');
+    }, 'http://someserver/hijack');
+});
+
+});
--- a/media/js/zamboni/tests/suite.json
+++ b/media/js/zamboni/tests/suite.json
@ -3,6 +3,7 @@
    "extra_media_urls": [
        "js/zamboni/jstestnet.js",
        "js/zamboni/tests.js",
+        "js/zamboni/global.js",
        "js/zamboni/devhub.js",
        "js/zamboni/l10n.js",
        "js/zamboni/editors.js"
--- a/templates/qunit.html
+++ b/templates/qunit.html
@ -202,6 +202,9 @@
    {% endwith %}
    <div id="editor-motd"><!-- admin edit form and stuff --></div>
  </div>
+  <div id="csrf-template">
+    <input id="csrfmiddlewaretoken" value="<csrf-from-input>">
+  </div>


  <script src="{{ url('jsi18n') }}/build:{{ BUILD_ID_JS }}"></script>