Merge pull request #454 from alphagov/really-fix-422-errors

Add tests for #453

config/environments/test.rb

@@ -29,8 +29,8 @@
   # Set the HSTS headers to include subdomains
   config.ssl_options[:hsts] = { expires: 365.days, subdomains: true }
 
-  # Disable request forgery protection in test environment.
-  config.action_controller.allow_forgery_protection = false
+  # Enable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = true
 
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the

spec/requests/seen_cookie_message_spec.rb

@@ -1,8 +1,12 @@
 require 'rails_helper'
 
 RSpec.describe 'seen_cookie_message cookie', type: :request, show_exceptions: true do
-  subject { response.header["Set-Cookie"] }
   let(:the_past) { Time.utc(2014, 7, 2, 10, 9, 9) }
+  let(:cookies) { response.header["Set-Cookie"].split("\n") }
+
+  subject do
+    cookies.find{ |c| c =~ /^seen_cookie_message/ }
+  end
 
   before do
     get "/"

spec/requests/session_cookie_spec.rb

@@ -0,0 +1,31 @@
+require 'rails_helper'
+
+RSpec.describe 'session cookie', type: :request, show_exceptions: true do
+  let(:date) { Time.utc(2016, 4, 12, 12, 59, 59) }
+  let(:cookies) { response.header["Set-Cookie"].split("\n") }
+
+  subject do
+    cookies.find{ |c| c =~ /^_epets_session/ }
+  end
+
+  before do
+    petition = FactoryGirl.create(:open_petition)
+    get "/petitions/#{petition.id}/signatures/new"
+  end
+
+  around do |example|
+    travel_to(date) { example.run }
+  end
+
+  it "should set the secure option" do
+    expect(subject).to match(/; secure/i)
+  end
+
+  it "should set the httponly option" do
+    expect(subject).to match(/; httponly/i)
+  end
+
+  it "should set the expiry to 2 weeks from now" do
+    expect(subject).to match(/; expires=Tue, 26 Apr 2016 12:59:59 -0000/)
+  end
+end