2020-04-08 14:13:33 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
RSpec.describe 'Sessions', feature_category: :authentication_and_authorization do
|
2020-04-08 14:13:33 +05:30
|
|
|
context 'authentication', :allow_forgery_protection do
|
|
|
|
let(:user) { create(:user) }
|
|
|
|
|
|
|
|
it 'logout does not require a csrf token' do
|
|
|
|
login_as(user)
|
|
|
|
|
|
|
|
post(destroy_user_session_path, headers: { 'X-CSRF-Token' => 'invalid' })
|
|
|
|
|
|
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|