|
|
@ -69,14 +69,13 @@ class AccountControllerTest < ActionController::TestCase |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def test_login_should_not_redirect_to_another_host |
|
|
|
def test_login_should_not_redirect_to_another_host |
|
|
|
back_urls = [ |
|
|
|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake' |
|
|
|
'http://test.foo/fake', |
|
|
|
|
|
|
|
'//test.foo/fake' |
|
|
|
|
|
|
|
] |
|
|
|
|
|
|
|
back_urls.each do |back_url| |
|
|
|
|
|
|
|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => back_url |
|
|
|
|
|
|
|
assert_redirected_to '/my/page' |
|
|
|
assert_redirected_to '/my/page' |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_login_should_not_redirect_to_another_host_using_protocol_relative_url |
|
|
|
|
|
|
|
post :login, :username => 'jsmith', :password => 'jsmith', :back_url => '//test.foo/fake' |
|
|
|
|
|
|
|
assert_redirected_to '/my/page' |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
if Object.const_defined?(:OpenID) |
|
|
|
if Object.const_defined?(:OpenID) |
|
|
|