diff options
| author | Azul <azul@riseup.net> | 2016-10-20 14:39:33 +0200 |
|---|---|---|
| committer | Azul <azul@riseup.net> | 2016-10-20 14:39:33 +0200 |
| commit | b97daaed9b513006ace7e8eb5232a2211e965e77 (patch) | |
| tree | e27002e8368e92410e5d4af2a945260c2ea6e2d1 /test/functional/api/sessions_controller_test.rb | |
| parent | c6c4d9fd10b8ca8e24889112727e44c9bf68dd60 (diff) | |
| parent | 6eb2dae802e5453e2a4361ab28f614cce9294f4c (diff) | |
Merge remote-tracking branch 'origin/develop'
We'll only use the master branch for development from now on.
Diffstat (limited to 'test/functional/api/sessions_controller_test.rb')
| -rw-r--r-- | test/functional/api/sessions_controller_test.rb | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb new file mode 100644 index 0000000..06a3c22 --- /dev/null +++ b/test/functional/api/sessions_controller_test.rb @@ -0,0 +1,63 @@ +require 'test_helper' + +# This is a simple controller unit test. +# We're stubbing out both warden and srp. +# There's an integration test testing the full rack stack and srp +class Api::SessionsControllerTest < ApiControllerTest + + setup do + @request.env['HTTP_HOST'] = 'api.lvh.me' + @user = stub_record :user, {}, true + @client_hex = 'a123' + end + + test "renders json" do + api_get :new, :format => :json + assert_response :success + assert_json_error nil + end + + test "renders warden errors" do + request.env['warden.options'] = {attempted_path: 'path/to/controller'} + strategy = stub :message => {:field => :translate_me} + request.env['warden'].stubs(:winning_strategy).returns(strategy) + I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") + api_get :new, :format => :json + assert_response 422 + assert_json_error :field => "translation stub" + end + + # Warden takes care of parsing the params and + # rendering the response. So not much to test here. + test "should perform handshake" do + request.env['warden'].expects(:authenticate!) + # make sure we don't get a template missing error: + @controller.stubs(:render) + api_post :create, :login => @user.login, 'A' => @client_hex + end + + test "should authenticate" do + request.env['warden'].expects(:authenticate!) + @controller.stubs(:current_user).returns(@user) + handshake = stub(:to_hash => {h: "ash"}) + session[:handshake] = handshake + + api_post :update, :id => @user.login, :client_auth => @client_hex + + assert_nil session[:handshake], + 'session should be cleared to prevent session fixation attacks' + assert_response :success + assert json_response.keys.include?("id") + assert json_response.keys.include?("token") + assert token = Token.find_by_token(json_response['token']) + assert_equal @user.id, token.user_id + end + + test "destroy should logout" do + login + expect_logout + api_delete :destroy + assert_response 204 + end + +end |