summaryrefslogtreecommitdiff
path: root/test/functional/api/sessions_controller_test.rb
blob: 06a3c2234405a1c3b07fb130b76b1c9de525564d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
require 'test_helper'

# This is a simple controller unit test.
# We're stubbing out both warden and srp.
# There's an integration test testing the full rack stack and srp
class Api::SessionsControllerTest < ApiControllerTest

  setup do
    @request.env['HTTP_HOST'] = 'api.lvh.me'
    @user = stub_record :user, {}, true
    @client_hex = 'a123'
  end

  test "renders json" do
    api_get :new, :format => :json
    assert_response :success
    assert_json_error nil
  end

  test "renders warden errors" do
    request.env['warden.options'] = {attempted_path: 'path/to/controller'}
    strategy = stub :message => {:field => :translate_me}
    request.env['warden'].stubs(:winning_strategy).returns(strategy)
    I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
    api_get :new, :format => :json
    assert_response 422
    assert_json_error :field => "translation stub"
  end

  # Warden takes care of parsing the params and
  # rendering the response. So not much to test here.
  test "should perform handshake" do
    request.env['warden'].expects(:authenticate!)
    # make sure we don't get a template missing error:
    @controller.stubs(:render)
    api_post :create, :login => @user.login, 'A' => @client_hex
  end

  test "should authenticate" do
    request.env['warden'].expects(:authenticate!)
    @controller.stubs(:current_user).returns(@user)
    handshake = stub(:to_hash => {h: "ash"})
    session[:handshake] = handshake

    api_post :update, :id => @user.login, :client_auth => @client_hex

    assert_nil session[:handshake],
      'session should be cleared to prevent session fixation attacks'
    assert_response :success
    assert json_response.keys.include?("id")
    assert json_response.keys.include?("token")
    assert token = Token.find_by_token(json_response['token'])
    assert_equal @user.id, token.user_id
  end

  test "destroy should logout" do
    login
    expect_logout
    api_delete :destroy
    assert_response 204
  end

end