Merge pull request #138 from azul/feature/token-only-api-auth

Feature/token only api auth

1 files changed, 40 insertions, 6 deletions

diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb
index fb761e5..92d153f 100644
--- a/users/test/integration/api/login_test.rb
+++ b/users/test/integration/api/login_test.rb
@@ -1,16 +1,50 @@
 require 'test_helper'
-require_relative 'rack_test'
+require_relative 'srp_test'
 
-class AccountFlowTest < RackTest
+class LoginTest < SrpTest
 
   setup do
-    @login = "integration_test_user"
+    register_user
   end
 
-  test "require json requests" do
-    put "http://api.lvh.me:3000/1/sessions/" + @login,
-      :client_auth => "This is not a valid login anyway"
+  test "requires handshake before validation" do
+    validate("bla")
     assert_json_error login: I18n.t(:all_strategies_failed)
   end
 
+  test "login with srp" do
+    authenticate
+    assert_equal ["M2", "id", "token"], server_auth.keys
+    assert last_response.successful?
+    assert_nil server_auth["errors"]
+    assert server_auth["M2"]
+  end
+
+  test "wrong password login attempt" do
+    authenticate password: "wrong password"
+    assert_json_error "base" => "Not a valid username/password combination"
+    assert !last_response.successful?
+    assert_nil server_auth["M2"]
+  end
+
+  test "wrong username login attempt" do
+    assert_raises RECORD_NOT_FOUND do
+      authenticate login: "wrong login"
+    end
+    assert_json_error "base" => "Not a valid username/password combination"
+    assert !last_response.successful?
+    assert_nil server_auth
+  end
+
+  test "logout" do
+    authenticate
+    logout
+    assert_equal 204, last_response.status
+  end
+
+  test "logout requires token" do
+    authenticate
+    logout(nil, {})
+    assert_equal 422, last_response.status
+  end
 end