2 files changed, 30 insertions, 1 deletions

diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb
index ad3ac22..dafbfb7 100644
--- a/test/integration/api/token_test.rb
+++ b/test/integration/api/token_test.rb
@@ -1,4 +1,4 @@
-require 'test_helper'
+require_relative '../../test_helper'
 require_relative 'srp_test'
 
 class TokenTest < SrpTest
@@ -12,4 +12,5 @@ class TokenTest < SrpTest
     token = server_auth['token']
     assert Token.find(Digest::SHA512.hexdigest(token))
   end
+
 end
diff --git a/test/unit/api_token_test.rb b/test/unit/api_token_test.rb
new file mode 100644
index 0000000..55d7507
--- /dev/null
+++ b/test/unit/api_token_test.rb
@@ -0,0 +1,28 @@
+require_relative '../test_helper'
+
+class ApiTokenTest < ActiveSupport::TestCase
+
+  setup do
+  end
+
+  test "api token only authenticates ApiUser" do
+    token_string = APP_CONFIG['api_tokens']['test']
+    assert !token_string.nil?
+    assert !token_string.empty?
+    token = ApiToken.find_by_token(token_string)
+    user = token.authenticate
+    assert user, 'api token should authenticate'
+    assert user.is_a?(ApiUser), 'api token should return api user'
+    assert user.is_test?, 'api test token should return test user'
+    assert !user.is_admin?, 'api test token should not return admin user'
+  end
+
+  test "invalid api tokens can't authenticate" do
+    assert_nil ApiToken.find_by_token("not a token")
+    with_config({"api_tokens" => {"test" => ""}}) do
+      assert_equal "", APP_CONFIG['api_tokens']['test']
+      assert_nil ApiToken.find_by_token("")
+    end
+  end
+
+end
\ No newline at end of file