Fix OmniAuth CSRF regression test

OmniAuth now rescues the InvalidAuthenticityToken error, so we have to test that the redirect to GitHub doesn't happen instead (without a CSRF token, the user is redirected to users/omniauth_callbacks#failure, which redirects to the root path).
CorporateRewards · May 15, 2023 · bd2c5c3 · bd2c5c3
1 parent 67edf08
commit bd2c5c3
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/spec/request/omniauth_spec.rb b/spec/request/omniauth_spec.rb
@@ -28,9 +28,9 @@
       end
 
       it 'requires CSRF token for initial OmniAuth endpoint' do
-        expect {
-          post user_github_omniauth_authorize_path
-        }.to raise_error(ActionController::InvalidAuthenticityToken)
+        post user_github_omniauth_authorize_path
+
+        expect(response).not_to redirect_to(/github\.com/)
       end
     end
   end