From 9c79f006f8f25c6af104613957da43beecec25eb Mon Sep 17 00:00:00 2001 From: evazion Date: Sat, 24 Aug 2019 22:55:35 -0500 Subject: [PATCH] tests: move authentication tests out of post tests. --- .../functional/application_controller_test.rb | 88 +++++++++++++++++++ test/functional/posts_controller_test.rb | 59 ------------- 2 files changed, 88 insertions(+), 59 deletions(-) diff --git a/test/functional/application_controller_test.rb b/test/functional/application_controller_test.rb index 4d3e9b8f9..7a5f4e63c 100644 --- a/test/functional/application_controller_test.rb +++ b/test/functional/application_controller_test.rb @@ -35,5 +35,93 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest assert_response 410 end end + + context "on api authentication" do + setup do + @user = create(:user, password: "password") + @api_key = ApiKey.generate!(@user) + end + + context "using http basic auth" do + should "succeed for api key matches" do + basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:#{@api_key.key}")}" + get edit_user_path(@user), headers: { HTTP_AUTHORIZATION: basic_auth_string } + assert_response :success + end + + should "fail for api key mismatches" do + basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:badpassword")}" + get edit_user_path(@user), headers: { HTTP_AUTHORIZATION: basic_auth_string } + assert_response 401 + end + end + + context "using the api_key parameter" do + should "succeed for api key matches" do + get edit_user_path(@user), params: { login: @user.name, api_key: @api_key.key } + assert_response :success + end + + should "fail for api key mismatches" do + get edit_user_path(@user), params: { login: @user.name } + assert_response 401 + + get edit_user_path(@user), params: { api_key: @api_key.key } + assert_response 401 + + get edit_user_path(@user), params: { login: @user.name, api_key: "bad" } + assert_response 401 + end + end + + context "using the password_hash parameter" do + should "succeed for password matches" do + get edit_user_path(@user), params: { login: @user.name, password_hash: User.sha1("password") } + assert_response :success + end + + should "fail for password mismatches" do + get edit_user_path(@user), params: { login: @user.name } + assert_response 401 + + get edit_user_path(@user), params: { password_hash: User.sha1("password") } + assert_response 401 + + get edit_user_path(@user), params: { login: @user.name, password_hash: "bad" } + assert_response 401 + end + end + + context "without any authentication" do + should "redirect to the login page" do + get edit_user_path(@user) + assert_redirected_to new_session_path(url: edit_user_path(@user)) + end + end + end + + context "on session cookie authentication" do + should "succeed" do + user = create(:user, password: "password") + + post session_path, params: { name: user.name, password: "password" } + get edit_user_path(user) + + assert_response :success + end + end + + context "when the api limit is exceeded" do + should "fail with a 429 error" do + user = create(:user) + post = create(:post, rating: "s") + TokenBucket.any_instance.stubs(:throttled?).returns(true) + + put_auth post_path(post), user, params: { post: { rating: "e" } } + + assert_response 429 + assert_equal("s", post.reload.rating) + end + end end end diff --git a/test/functional/posts_controller_test.rb b/test/functional/posts_controller_test.rb index 547585724..ca60a5c18 100644 --- a/test/functional/posts_controller_test.rb +++ b/test/functional/posts_controller_test.rb @@ -10,65 +10,6 @@ class PostsControllerTest < ActionDispatch::IntegrationTest @post = create(:post, :tag_string => "aaaa") end end - - context "for api calls" do - setup do - @api_key = ApiKey.generate!(@user) - end - - context "passing the api limit" do - setup do - as_user do - @post = create(:post) - end - TokenBucket.any_instance.stubs(:throttled?).returns(true) - @bucket = TokenBucket.create(user_id: @user.id, token_count: 0, last_touched_at: Time.now) - end - - should "work" do - put post_path(@post), params: {:format => "json", :post => {:rating => "q"}, :login => @user.name, :api_key => @user.api_key.key} - assert_response 429 - end - end - - context "using http basic auth" do - should "succeed for password matches" do - @basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:#{@api_key.key}")}" - get posts_path, params: {:format => "json"}, headers: {'HTTP_AUTHORIZATION' => @basic_auth_string} - assert_response :success - end - - should "fail for password mismatches" do - @basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:badpassword")}" - get posts_path, params: {:format => "json"}, headers: {'HTTP_AUTHORIZATION' => @basic_auth_string} - assert_response 401 - end - end - - context "using the api_key parameter" do - should "succeed for password matches" do - get posts_path, params: {:format => "json", :login => @user.name, :api_key => @api_key.key} - assert_response :success - end - - should "fail for password mismatches" do - get posts_path, params: {:format => "json", :login => @user.name, :api_key => "bad"} - assert_response 401 - end - end - - context "using the password_hash parameter" do - should "succeed for password matches" do - get posts_path, params: {:format => "json", :login => @user.name, :password_hash => User.sha1("password")} - assert_response :success - end - - # should "fail for password mismatches" do - # get posts_path, {:format => "json", :login => @user.name, :password_hash => "bad"} - # assert_response 403 - # end - end - end context "index action" do should "render" do