diff options
Diffstat (limited to 'test/functional/api/token_auth_test.rb')
-rw-r--r-- | test/functional/api/token_auth_test.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/test/functional/api/token_auth_test.rb b/test/functional/api/token_auth_test.rb new file mode 100644 index 0000000..17a4775 --- /dev/null +++ b/test/functional/api/token_auth_test.rb @@ -0,0 +1,40 @@ +# +# tests for authenticating an admin or monitor user +# via static configured tokens. +# + +require 'test_helper' + +class Api::TokenAuthTest < ActionController::TestCase + tests Api::ConfigsController + + def test_login_via_api_token + with_config(:allow_anonymous_certs => false) do + monitor_auth do + get :index + assert assigns(:token), 'should have authenticated via api token' + assert assigns(:token).is_a? ApiToken + assert @controller.send(:current_user).is_a? ApiMonitorUser + end + end + end + + def test_fail_api_auth_when_ip_not_allowed + with_config(:allow_anonymous_certs => false) do + allowed = "99.99.99.99" + new_config = {api_tokens: APP_CONFIG["api_tokens"].merge(allowed_ips: [allowed])} + with_config(new_config) do + monitor_auth do + request.env['REMOTE_ADDR'] = "1.1.1.1" + get :index + assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" + request.env['REMOTE_ADDR'] = allowed + get :index + assert assigns(:token), "should have authenticated via api token" + end + end + end + end + +end + |