Fixed backbone cookies, angular interceptor and added unit test for tokens
diff --git a/xos/core/xoslib/spec/views/contentprovider.test.js b/xos/core/xoslib/spec/views/contentprovider.test.js
index 6d9a9c2..f80ba55 100644
--- a/xos/core/xoslib/spec/views/contentprovider.test.js
+++ b/xos/core/xoslib/spec/views/contentprovider.test.js
@@ -2,7 +2,9 @@
describe('The Content Provider SPA', () => {
- var scope, element, isolatedScope, httpBackend, mockLocation;
+ var scope, element, isolatedScope, httpBackend, mockLocation, httpProvider;
+
+ var token = 'fakeToken';
// injecting main module
beforeEach(module('xos.contentProviderApp'));
@@ -11,7 +13,10 @@
beforeEach(module('templates'));
beforeEach(function(){
- module(function($provide){
+ module(function($provide, $httpProvider){
+
+ httpProvider = $httpProvider;
+
// mocking routeParams to pass 1 as id
$provide.provider('$routeParams', function(){
/* eslint-disable no-invalid-this*/
@@ -20,6 +25,15 @@
};
/* eslint-enable no-invalid-this*/
});
+
+ //mock $cookie to return a fake xoscsrftoken
+ $provide.service('$cookies', function(){
+ /* eslint-disable no-invalid-this*/
+ this.get = () => {
+ return token;
+ };
+ /* eslint-enable no-invalid-this*/
+ });
});
});
@@ -33,6 +47,25 @@
$httpBackend.whenDELETE('/hpcapi/contentproviders/1/?no_hyperlinks=1').respond();
}));
+ it('should set the $http interceptor', () => {
+ expect(httpProvider.interceptors).toContain('SetCSRFToken');
+ });
+
+ it('should add no_hyperlink param', inject(($http, $httpBackend) => {
+ $http.get('www.example.com');
+ $httpBackend.expectGET('www.example.com?no_hyperlinks=1').respond(200);
+ $httpBackend.flush();
+ }));
+
+ it('should set token in the headers', inject(($http, $httpBackend) => {
+ $http.post('http://example.com');
+ $httpBackend.expectPOST('http://example.com?no_hyperlinks=1', undefined, function(headers){
+ // if this condition is false the httpBackend expectation fail
+ return headers['X-CSRFToken'] === token;
+ }).respond(200, {name: 'example'});
+ httpBackend.flush();
+ }));
+
describe('the action directive', () => {
beforeEach(inject(function($compile, $rootScope){
scope = $rootScope.$new();
diff --git a/xos/core/xoslib/static/js/xosContentProvider.js b/xos/core/xoslib/static/js/xosContentProvider.js
index 98aaedd..632ba5b 100644
--- a/xos/core/xoslib/static/js/xosContentProvider.js
+++ b/xos/core/xoslib/static/js/xosContentProvider.js
@@ -54,7 +54,8 @@
}
if(request.method !== 'GET'){
- request.headers['X-CSRFToken'] = $cookies.get('csrftoken');
+ // request.headers['X-CSRFToken'] = $cookies.get('csrftoken');
+ request.headers['X-CSRFToken'] = $cookies.get('xoscsrftoken');
}
return request;
}
diff --git a/xos/core/xoslib/static/js/xoslib/xos-backbone.js b/xos/core/xoslib/static/js/xoslib/xos-backbone.js
index 61f51b4..04d5fb7 100644
--- a/xos/core/xoslib/static/js/xoslib/xos-backbone.js
+++ b/xos/core/xoslib/static/js/xoslib/xos-backbone.js
@@ -893,8 +893,10 @@
var _sync = Backbone.sync;
Backbone.sync = function(method, model, options){
options.beforeSend = function(xhr){
- var token = getCookie("csrftoken");
- xhr.setRequestHeader('X-CSRFToken', token);
+ // var token = getCookie("csrftoken");
+ // xhr.setRequestHeader('X-CSRFToken', token);
+ var xosToken = getCookie('xoscsrftoken');
+ xhr.setRequestHeader('X-CSRFToken', xosToken);
};
return _sync(method, model, options);
};