tests: move authentication tests out of post tests.

2019-08-24 22:55:35 -05:00
parent 7c1552061b
commit 9c79f006f8
2 changed files with 88 additions and 59 deletions
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -35,5 +35,93 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
        assert_response 410
      end
    end
+
+    context "on api authentication" do
+      setup do
+        @user = create(:user, password: "password")
+        @api_key = ApiKey.generate!(@user)
+      end
+
+      context "using http basic auth" do
+        should "succeed for api key matches" do
+          basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:#{@api_key.key}")}"
+          get edit_user_path(@user), headers: { HTTP_AUTHORIZATION: basic_auth_string }
+          assert_response :success
+        end
+
+        should "fail for api key mismatches" do
+          basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:badpassword")}"
+          get edit_user_path(@user), headers: { HTTP_AUTHORIZATION: basic_auth_string }
+          assert_response 401
+        end
+      end
+
+      context "using the api_key parameter" do
+        should "succeed for api key matches" do
+          get edit_user_path(@user), params: { login: @user.name, api_key: @api_key.key }
+          assert_response :success
+        end
+
+        should "fail for api key mismatches" do
+          get edit_user_path(@user), params: { login: @user.name }
+          assert_response 401
+
+          get edit_user_path(@user), params: { api_key: @api_key.key }
+          assert_response 401
+
+          get edit_user_path(@user), params: { login: @user.name, api_key: "bad" }
+          assert_response 401
+        end
+      end
+
+      context "using the password_hash parameter" do
+        should "succeed for password matches" do
+          get edit_user_path(@user), params: { login: @user.name, password_hash: User.sha1("password") }
+          assert_response :success
+        end
+
+        should "fail for password mismatches" do
+          get edit_user_path(@user), params: { login: @user.name }
+          assert_response 401
+
+          get edit_user_path(@user), params: { password_hash: User.sha1("password") }
+          assert_response 401
+
+          get edit_user_path(@user), params: { login: @user.name, password_hash: "bad" }
+          assert_response 401
+        end
+      end
+
+      context "without any authentication" do
+        should "redirect to the login page" do
+          get edit_user_path(@user)
+          assert_redirected_to new_session_path(url: edit_user_path(@user))
+        end
+      end
+    end
+
+    context "on session cookie authentication" do
+      should "succeed" do
+        user = create(:user, password: "password")
+
+        post session_path, params: { name: user.name, password: "password" }
+        get edit_user_path(user)
+
+        assert_response :success
+      end
+    end
+
+    context "when the api limit is exceeded" do
+      should "fail with a 429 error" do
+        user = create(:user)
+        post = create(:post, rating: "s")
+        TokenBucket.any_instance.stubs(:throttled?).returns(true)
+
+        put_auth post_path(post), user, params: { post: { rating: "e" } }
+
+        assert_response 429
+        assert_equal("s", post.reload.rating)
+      end
+    end
  end
 end