]> git.openstreetmap.org Git - rails.git/blobdiff - test/controllers/users_controller_test.rb
Validate any origin passed the auth failure callback
[rails.git] / test / controllers / users_controller_test.rb
index 23c67794a4d6465bbffff988203f1bdea78d056e..44b5471ac35ce7128c3dc5bb7e8056690a230c2e 100644 (file)
@@ -896,4 +896,18 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     assert_equal "deleted", normal_user.reload.status
     assert_equal "deleted", confirmed_user.reload.status
   end
+
+  def test_auth_failure_callback
+    get auth_failure_path
+    assert_response :redirect
+    assert_redirected_to login_path
+
+    get auth_failure_path, :params => { :origin => "/" }
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get auth_failure_path, :params => { :origin => "http://www.google.com" }
+    assert_response :redirect
+    assert_redirected_to login_path
+  end
 end