couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertkowal...@apache.org
Subject [3/3] fauxton commit: updated refs/heads/master to f772160
Date Mon, 10 Aug 2015 11:12:02 GMT
csrf: add tests

PR: #494
PR-URL: https://github.com/apache/couchdb-fauxton/pull/494
Reviewed-By: Robert Newson <rnewson@apache.org>
Reviewed-By: Garren Smith <garren.smith@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/f772160a
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/f772160a
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/f772160a

Branch: refs/heads/master
Commit: f772160aa449fc82701cbafd50d7fe0ba12549a8
Parents: e66fca7
Author: Robert Kowalski <rok@kowalski.gd>
Authored: Sat Aug 8 00:07:33 2015 +0200
Committer: Robert Kowalski <robertkowalski@apache.org>
Committed: Mon Aug 10 13:11:42 2015 +0200

----------------------------------------------------------------------
 app/addons/databases/tests/nightwatch/csrf.js | 59 ++++++++++++++++++++++
 app/core/tests/csrfSpec.js                    | 46 +++++++++++++++++
 2 files changed, 105 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/f772160a/app/addons/databases/tests/nightwatch/csrf.js
----------------------------------------------------------------------
diff --git a/app/addons/databases/tests/nightwatch/csrf.js b/app/addons/databases/tests/nightwatch/csrf.js
new file mode 100644
index 0000000..d83cd77
--- /dev/null
+++ b/app/addons/databases/tests/nightwatch/csrf.js
@@ -0,0 +1,59 @@
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+var newDatabaseName = 'fauxton-selenium-tests-db-create';
+var helpers = require('../../../../../test/nightwatch_tests/helpers/helpers.js');
+module.exports = {
+
+  before: function (client, done) {
+    var nano = helpers.getNanoInstance();
+    nano.db.destroy(newDatabaseName, function (err, body, header) {
+      done();
+    });
+  },
+
+  after: function (client, done) {
+    var nano = helpers.getNanoInstance();
+    nano.db.destroy(newDatabaseName, function (err, body, header) {
+      done();
+    });
+  },
+
+  'Creates a Database' : function (client) {
+    var waitTime = client.globals.maxWaitTime,
+        baseUrl = client.globals.test_settings.launch_url;
+
+    client
+      .loginToGUI()
+      .checkForDatabaseDeleted(newDatabaseName, waitTime)
+      .url(baseUrl)
+
+      // ensure the page has fully loaded
+      .waitForElementPresent('.databases.table', waitTime, false)
+      .waitForElementPresent('#add-new-database', waitTime, false)
+      .clickWhenVisible('#add-new-database', waitTime, false)
+      .waitForElementVisible('#js-new-database-name', waitTime, false)
+      .setValue('#js-new-database-name', [newDatabaseName])
+      .clickWhenVisible('#js-create-database', waitTime, false)
+      .checkForDatabaseCreated(newDatabaseName, waitTime)
+      .url(baseUrl + '/_all_dbs')
+      .waitForElementVisible('html', waitTime, false)
+      .getText('html', function (result) {
+        var data = result.value,
+            createdDatabaseIsPresent = data.indexOf('mismatch');
+
+        this.verify.ok(createdDatabaseIsPresent !== -1,
+          'CSRF token mismatch');
+      })
+    .end();
+  }
+};

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/f772160a/app/core/tests/csrfSpec.js
----------------------------------------------------------------------
diff --git a/app/core/tests/csrfSpec.js b/app/core/tests/csrfSpec.js
new file mode 100644
index 0000000..2851916
--- /dev/null
+++ b/app/core/tests/csrfSpec.js
@@ -0,0 +1,46 @@
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+define([
+  'app',
+  'api',
+  'testUtils'
+], function (app, FauxtonAPI, testUtils) {
+  var assert = testUtils.assert;
+
+  describe('csrf tokens', function () {
+    var xhr, request;
+    beforeEach(function () {
+      xhr = sinon.useFakeXMLHttpRequest();
+      xhr.onCreate = function (xhr) {
+        request = xhr;
+      };
+    });
+
+    afterEach(function () {
+      testUtils.restore(xhr);
+    });
+
+    it('asks for a CSRF token', function (done) {
+      $.ajax({
+        type: 'GET',
+        url: 'http://example.com'
+      }).done(function () {
+        assert.equal(request.requestHeaders['X-CouchDB-CSRF'], 'true');
+        done();
+      });
+      request.respond(200, {
+        'Content-Type': 'application/json'
+      }, '[{ "id": 12, "comment": "Hey there" }]');
+    });
+
+  });
+});


Mime
View raw message