diff options
author | elijah <elijah@riseup.net> | 2016-03-28 15:56:21 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2016-03-28 16:03:54 -0700 |
commit | 9a8577a2d19aa51318dce6ff9ffe1bd26f25c09e (patch) | |
tree | 924fe73125e20c26778dca035c0efb28842c40e3 /test/functional/token_auth_test.rb | |
parent | e072ac2fa8bc93ed782df1ff95130f4794f9640f (diff) |
api: added get(:show) to identities and users, allow monitors to create/delete test & tmp users.
Diffstat (limited to 'test/functional/token_auth_test.rb')
-rw-r--r-- | test/functional/token_auth_test.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/test/functional/token_auth_test.rb b/test/functional/token_auth_test.rb new file mode 100644 index 0000000..53d5fb3 --- /dev/null +++ b/test/functional/token_auth_test.rb @@ -0,0 +1,40 @@ +# +# tests for authenticating an admin or monitor user +# via static configured tokens. +# + +require_relative '../test_helper' + +class TokenAuthTest < ActionController::TestCase + tests V1::ConfigsController + + def test_login_via_api_token + with_config(:allow_anonymous_certs => false) do + monitor_auth do + get :index + assert assigns(:token), 'should have authenticated via api token' + assert assigns(:token).is_a? ApiToken + assert @controller.send(:current_user).is_a? ApiMonitorUser + end + end + end + + def test_fail_api_auth_when_ip_not_allowed + with_config(:allow_anonymous_certs => false) do + allowed = "99.99.99.99" + new_config = {api_tokens: APP_CONFIG["api_tokens"].merge(allowed_ips: [allowed])} + with_config(new_config) do + monitor_auth do + request.env['REMOTE_ADDR'] = "1.1.1.1" + get :index + assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" + request.env['REMOTE_ADDR'] = allowed + get :index + assert assigns(:token), "should have authenticated via api token" + end + end + end + end + +end + |