summaryrefslogtreecommitdiff
path: root/test/functional/api/sessions_controller_test.rb
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2016-10-20 14:39:33 +0200
committerAzul <azul@riseup.net>2016-10-20 14:39:33 +0200
commitb97daaed9b513006ace7e8eb5232a2211e965e77 (patch)
treee27002e8368e92410e5d4af2a945260c2ea6e2d1 /test/functional/api/sessions_controller_test.rb
parentc6c4d9fd10b8ca8e24889112727e44c9bf68dd60 (diff)
parent6eb2dae802e5453e2a4361ab28f614cce9294f4c (diff)
Merge remote-tracking branch 'origin/develop'
We'll only use the master branch for development from now on.
Diffstat (limited to 'test/functional/api/sessions_controller_test.rb')
-rw-r--r--test/functional/api/sessions_controller_test.rb63
1 files changed, 63 insertions, 0 deletions
diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb
new file mode 100644
index 0000000..06a3c22
--- /dev/null
+++ b/test/functional/api/sessions_controller_test.rb
@@ -0,0 +1,63 @@
+require 'test_helper'
+
+# This is a simple controller unit test.
+# We're stubbing out both warden and srp.
+# There's an integration test testing the full rack stack and srp
+class Api::SessionsControllerTest < ApiControllerTest
+
+ setup do
+ @request.env['HTTP_HOST'] = 'api.lvh.me'
+ @user = stub_record :user, {}, true
+ @client_hex = 'a123'
+ end
+
+ test "renders json" do
+ api_get :new, :format => :json
+ assert_response :success
+ assert_json_error nil
+ end
+
+ test "renders warden errors" do
+ request.env['warden.options'] = {attempted_path: 'path/to/controller'}
+ strategy = stub :message => {:field => :translate_me}
+ request.env['warden'].stubs(:winning_strategy).returns(strategy)
+ I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
+ api_get :new, :format => :json
+ assert_response 422
+ assert_json_error :field => "translation stub"
+ end
+
+ # Warden takes care of parsing the params and
+ # rendering the response. So not much to test here.
+ test "should perform handshake" do
+ request.env['warden'].expects(:authenticate!)
+ # make sure we don't get a template missing error:
+ @controller.stubs(:render)
+ api_post :create, :login => @user.login, 'A' => @client_hex
+ end
+
+ test "should authenticate" do
+ request.env['warden'].expects(:authenticate!)
+ @controller.stubs(:current_user).returns(@user)
+ handshake = stub(:to_hash => {h: "ash"})
+ session[:handshake] = handshake
+
+ api_post :update, :id => @user.login, :client_auth => @client_hex
+
+ assert_nil session[:handshake],
+ 'session should be cleared to prevent session fixation attacks'
+ assert_response :success
+ assert json_response.keys.include?("id")
+ assert json_response.keys.include?("token")
+ assert token = Token.find_by_token(json_response['token'])
+ assert_equal @user.id, token.user_id
+ end
+
+ test "destroy should logout" do
+ login
+ expect_logout
+ api_delete :destroy
+ assert_response 204
+ end
+
+end