tests: move authentication tests out of post tests.

test/functional/application_controller_test.rb

@@ -35,5 +35,93 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
         assert_response 410
       end
     end
+
+    context "on api authentication" do
+      setup do
+        @user = create(:user, password: "password")
+        @api_key = ApiKey.generate!(@user)
+      end
+
+      context "using http basic auth" do
+        should "succeed for api key matches" do
+          basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:#{@api_key.key}")}"
+          get edit_user_path(@user), headers: { HTTP_AUTHORIZATION: basic_auth_string }
+          assert_response :success
+        end
+
+        should "fail for api key mismatches" do
+          basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:badpassword")}"
+          get edit_user_path(@user), headers: { HTTP_AUTHORIZATION: basic_auth_string }
+          assert_response 401
+        end
+      end
+
+      context "using the api_key parameter" do
+        should "succeed for api key matches" do
+          get edit_user_path(@user), params: { login: @user.name, api_key: @api_key.key }
+          assert_response :success
+        end
+
+        should "fail for api key mismatches" do
+          get edit_user_path(@user), params: { login: @user.name }
+          assert_response 401
+
+          get edit_user_path(@user), params: { api_key: @api_key.key }
+          assert_response 401
+
+          get edit_user_path(@user), params: { login: @user.name, api_key: "bad" }
+          assert_response 401
+        end
+      end
+
+      context "using the password_hash parameter" do
+        should "succeed for password matches" do
+          get edit_user_path(@user), params: { login: @user.name, password_hash: User.sha1("password") }
+          assert_response :success
+        end
+
+        should "fail for password mismatches" do
+          get edit_user_path(@user), params: { login: @user.name }
+          assert_response 401
+
+          get edit_user_path(@user), params: { password_hash: User.sha1("password") }
+          assert_response 401
+
+          get edit_user_path(@user), params: { login: @user.name, password_hash: "bad" }
+          assert_response 401
+        end
+      end
+
+      context "without any authentication" do
+        should "redirect to the login page" do
+          get edit_user_path(@user)
+          assert_redirected_to new_session_path(url: edit_user_path(@user))
+        end
+      end
+    end
+
+    context "on session cookie authentication" do
+      should "succeed" do
+        user = create(:user, password: "password")
+
+        post session_path, params: { name: user.name, password: "password" }
+        get edit_user_path(user)
+
+        assert_response :success
+      end
+    end
+
+    context "when the api limit is exceeded" do
+      should "fail with a 429 error" do
+        user = create(:user)
+        post = create(:post, rating: "s")
+        TokenBucket.any_instance.stubs(:throttled?).returns(true)
+
+        put_auth post_path(post), user, params: { post: { rating: "e" } }
+
+        assert_response 429
+        assert_equal("s", post.reload.rating)
+      end
+    end
   end
 end

test/functional/posts_controller_test.rb

@@ -10,65 +10,6 @@ class PostsControllerTest < ActionDispatch::IntegrationTest
         @post = create(:post, :tag_string => "aaaa")
       end
     end
-    
-    context "for api calls" do
-      setup do
-        @api_key = ApiKey.generate!(@user)
-      end
-
-      context "passing the api limit" do
-        setup do
-          as_user do
-            @post = create(:post)
-          end
-          TokenBucket.any_instance.stubs(:throttled?).returns(true)
-          @bucket = TokenBucket.create(user_id: @user.id, token_count: 0, last_touched_at: Time.now)
-        end
-        
-        should "work" do
-          put post_path(@post), params: {:format => "json", :post => {:rating => "q"}, :login => @user.name, :api_key => @user.api_key.key}
-          assert_response 429
-        end
-      end
-      
-      context "using http basic auth" do
-        should "succeed for password matches" do
-          @basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:#{@api_key.key}")}"
-          get posts_path, params: {:format => "json"}, headers: {'HTTP_AUTHORIZATION' => @basic_auth_string}
-          assert_response :success
-        end
-        
-        should "fail for password mismatches" do
-          @basic_auth_string = "Basic #{::Base64.encode64("#{@user.name}:badpassword")}"
-          get posts_path, params: {:format => "json"}, headers: {'HTTP_AUTHORIZATION' => @basic_auth_string}
-          assert_response 401
-        end
-      end
-      
-      context "using the api_key parameter" do
-        should "succeed for password matches" do
-          get posts_path, params: {:format => "json", :login => @user.name, :api_key => @api_key.key}
-          assert_response :success
-        end
-        
-        should "fail for password mismatches" do
-          get posts_path, params: {:format => "json", :login => @user.name, :api_key => "bad"}
-          assert_response 401
-        end
-      end
-      
-      context "using the password_hash parameter" do
-        should "succeed for password matches" do
-          get posts_path, params: {:format => "json", :login => @user.name, :password_hash => User.sha1("password")}
-          assert_response :success
-        end
-        
-        # should "fail for password mismatches" do
-        #   get posts_path, {:format => "json", :login => @user.name, :password_hash => "bad"}
-        #   assert_response 403
-        # end
-      end
-    end
 
     context "index action" do
       should "render" do