2021-11-15 10:50:12 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2022-07-27 22:27:38 -04:00
|
|
|
RSpec.describe "multisite", type: %i[multisite request] do
|
2022-05-19 10:58:31 -04:00
|
|
|
let!(:first_host) { get "http://test.localhost/session/csrf.json" }
|
|
|
|
|
2021-11-15 10:50:12 -05:00
|
|
|
it "works" do
|
|
|
|
get "http://test.localhost/session/csrf.json"
|
2022-05-19 10:58:31 -04:00
|
|
|
expect(response).to have_http_status :ok
|
2022-05-19 10:58:31 -04:00
|
|
|
cookie = CGI.escape(response.cookies["_forum_session"])
|
2021-11-15 10:50:12 -05:00
|
|
|
id1 = session["session_id"]
|
|
|
|
|
|
|
|
get "http://test.localhost/session/csrf.json",
|
|
|
|
headers: {
|
|
|
|
"Cookie" => "_forum_session=#{cookie};",
|
|
|
|
}
|
2022-05-19 10:58:31 -04:00
|
|
|
expect(response).to have_http_status :ok
|
2021-11-15 10:50:12 -05:00
|
|
|
id2 = session["session_id"]
|
|
|
|
|
|
|
|
expect(id1).to eq(id2)
|
|
|
|
|
|
|
|
get "http://test2.localhost/session/csrf.json",
|
|
|
|
headers: {
|
|
|
|
"Cookie" => "_forum_session=#{cookie};",
|
|
|
|
}
|
2022-05-19 10:58:31 -04:00
|
|
|
expect(response).to have_http_status :ok
|
2021-11-15 10:50:12 -05:00
|
|
|
id3 = session["session_id"]
|
|
|
|
|
|
|
|
# Session cookie was rejected and rotated
|
|
|
|
expect(id2).not_to eq(id3)
|
|
|
|
end
|
2022-05-19 10:58:31 -04:00
|
|
|
|
|
|
|
describe "Cookies rotator" do
|
|
|
|
let!(:rotations) { request.cookies_rotations }
|
|
|
|
let(:second_host) { get "http://test2.localhost/session/csrf.json" }
|
|
|
|
let(:global_rotations) { Rails.application.config.action_dispatch.cookies_rotations }
|
|
|
|
|
|
|
|
it "adds different rotations for different hosts" do
|
|
|
|
first_host
|
|
|
|
expect(request.cookies_rotations).to have_attributes signed: rotations.signed,
|
|
|
|
encrypted: rotations.encrypted
|
|
|
|
|
|
|
|
second_host
|
|
|
|
expect(request.cookies_rotations).not_to have_attributes signed: rotations.signed,
|
|
|
|
encrypted: rotations.encrypted
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't change global rotations" do
|
|
|
|
second_host
|
|
|
|
expect(global_rotations).to have_attributes signed: [], encrypted: []
|
|
|
|
end
|
|
|
|
end
|
2021-11-15 10:50:12 -05:00
|
|
|
end
|