Prevent CSRF bypass unblocking users

[rails.git] / test / controllers / user_blocks_controller_test.rb

diff --git a/test/controllers/user_blocks_controller_test.rb b/test/controllers/user_blocks_controller_test.rb
index d5db896151fd08f14f181cb61fbdd4605e11d206..3e2be801da33e903bf4db4d874ae67c3051ed43c 100644 (file)
--- a/test/controllers/user_blocks_controller_test.rb
+++ b/test/controllers/user_blocks_controller_test.rb
@@ -351,7 +351,14 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
       assert_select "input[type='submit'][value='Revoke!']", :count => 1
     end
 
-    # Check that revoking a block works
+    # Check that revoking a block using GET should fail
+    get revoke_user_block_path(:id => active_block, :confirm => true)
+    assert_response :success
+    assert_template "revoke"
+    b = UserBlock.find(active_block.id)
+    assert b.ends_at - Time.now > 100
+
+    # Check that revoking a block works using POST
     post revoke_user_block_path(:id => active_block, :confirm => true)
     assert_redirected_to user_block_path(active_block)
     b = UserBlock.find(active_block.id)