Update API documentation to take the nonce/token switchover into account.

2015-01-27 19:55:36 -08:00 · 2015-01-27 19:55:36 -08:00 · e26f6f5fbe
commit e26f6f5fbe
parent 94af9c6bdd
1 changed files with 12 additions and 13 deletions
--- a/yesod-test/Yesod/Test.hs
+++ b/yesod-test/Yesod/Test.hs
@ -16,9 +16,9 @@ visited page. You can perform assertions on the content of HTML responses,
 using CSS selectors to explore the document more easily.
 You can also easily build requests using forms present in the current page.
-This is very useful for testing web applications built in yesod for example,
+This is very useful for testing web applications built in yesod, for example,
-were your forms may have field names generated by the framework or a randomly
+where your forms may have field names generated by the framework or a randomly
-generated '_token' field.
+generated CSRF token input.
 Your database is also directly available so you can use 'runDB' to set up
 backend pre-conditions, or to assert that your session is having the desired effect.
@ -66,13 +66,13 @@ module Yesod.Test
    , byLabel
    , fileByLabel
-    -- *** Nonces
+    -- *** CSRF Tokens
    -- | In order to prevent CSRF exploits, yesod-form adds a hidden input
    -- to your forms with the name "_token". This token is a randomly generated,
-    -- per-session value called a /nonce/.
+    -- per-session value.
    --
    -- In order to prevent your forms from being rejected in tests, use one of
-    -- these functions to add the nonce to your request.
+    -- these functions to add the token to your request.
    , addToken
    , addToken_
    , addNonce
@ -565,13 +565,13 @@ addNonce :: RequestBuilder site ()
 addNonce = addToken
 {-# DEPRECATED addNonce "Use 'addToken' instead; 'addNonce' will be removed in the next major version. Reasoning: Yesod's CSRF tokens are not actually nonces (one-time values), so yesod-form moved to calling them tokens instead. yesod-test is now using the word token as well. See https://github.com/yesodweb/yesod/issues/914 for details." #-}
-- | Lookup a _token form field and add its value to the params.
+-- | Lookups the hidden input named "_token" and adds its value to the params.
-- Receives a CSS selector that should resolve to the form element containing the nonce.
+-- Receives a CSS selector that should resolve to the form element containing the token.
 --
 -- ==== __Examples__
 --
 -- > request $ do
-- >   addNonce_ "#formID"
+-- >   addToken_ "#formID"
 addToken_ :: Query -> RequestBuilder site ()
 addToken_ scope = do
  matches <- htmlQuery' rbdResponse $ scope <> "input[name=_token][type=hidden][value]"
@ -580,13 +580,12 @@ addToken_ scope = do
    element:[] -> addPostParam "_token" $ head $ attribute "value" $ parseHTML element
    _ -> failure $ "More than one CSRF token found in the page"
-- | Lookup a _token form field and add its value to the params.
+-- | For responses that display a single form, just lookup the only CSRF token available.
 -- Receives a CSS selector that should resolve to the form element containing the nonce.
 --
 -- ==== __Examples__
 --
 -- > request $ do
-- >   addNonce_ "#formID"
+-- >   addToken
 addToken :: RequestBuilder site ()
 addToken = addToken_ ""
@ -712,7 +711,7 @@ addRequestHeader header = ST.modify $ \rbd -> rbd
 -- ==== __Examples__
 --
 -- > request $ do
-- >   addNonce
+-- >   addToken
 -- >   byLabel "First Name" "Felipe"
 -- >   setMethod "PUT"
 -- >   setUrl NameR