require 'setup' spec :AuthenticationTest do context 'inheritance' do it 'inherits basic auth procedures from superclass' do a = mock_controller { basic_auth {|u,p| [u,p] == %w[u p]} } b = mock_controller(a) app(b) get assert(last_response).is_unauthorized authorize 'u', 'p' get assert(last_response).is_authorized end it 'directly overrides basic auth inherited from superclass' do a = mock_controller { basic_auth {|u,p| [u,p] == %w[u p]} } b = mock_controller(a) { basic_auth {|u,p| [u,p] == %w[x y]} } app(b) get assert(last_response).is_unauthorized authorize 'x', 'y' get assert(last_response).is_authorized end it 'uses `inherit` to override basic auth inherited from superclass' do a = mock_controller { basic_auth {|u,p| [u,p] == %w[u p]} } b = mock_controller(a) { basic_auth {|u,p| [u,p] == %w[x y]} } c = mock_controller(a) { import :basic_auth, from: b } app(c) get assert(last_response).is_unauthorized authorize 'x', 'y' get assert(last_response).is_authorized end it 'inherits basic auth procedures' do a = mock_controller { basic_auth {|u,p| [u,p] == %w[u p]} } b = mock_controller { import :basic_auth, from: a } app(b) get assert(last_response).is_unauthorized authorize 'u', 'p' get assert(last_response).is_authorized end it 'inherits digest auth procedures from superclass' do a = mock_controller { digest_auth {|u| {'u' => 'p'}[u]} } b = mock_controller(a) app(b) get assert(last_response).is_unauthorized digest_authorize 'u', 'p' get assert(last_response).is_authorized end it 'directly overrides digest auth inherited from superclass' do a = mock_controller { digest_auth {|u| {'u' => 'p'}[u]} } b = mock_controller(a) { digest_auth {|u| {'x' => 'y'}[u]} } app(b) get assert(last_response).is_unauthorized digest_authorize 'x', 'y' get assert(last_response).is_authorized end it 'uses `inherit` to override digest auth inherited from superclass' do a = mock_controller { digest_auth {|u| {'u' => 'p'}[u]} } b = mock_controller(a) { digest_auth {|u| {'x' => 'y'}[u]} } c = mock_controller(a) { import :digest_auth, from: b } app(b) get assert(last_response).is_unauthorized digest_authorize 'x', 'y' get assert(last_response).is_authorized end it 'inherits digest auth procedures' do a = mock_controller { digest_auth {|u| {'u' => 'p'}[u]} } b = mock_controller { import :digest_auth, from: a } app(b) get assert(last_response).is_unauthorized digest_authorize 'u', 'p' get assert(last_response).is_authorized end end context 'basic auth' do context 'protect all request methods' do before do app mock_controller { basic_auth {|u,p| [u,p] == %w[u p]} RocketIO::REQUEST_METHODS.each_value {|m| define_method(m) {}} } end it 'returns "401 Unauthorized" if no authorization given' do RocketIO::REQUEST_METHODS.each_value do |rqm| send(rqm) assert(last_response).is_unauthorized end end it 'returns "401 Unauthorized" if wrong authorization given' do authorize('x', 'y') RocketIO::REQUEST_METHODS.values.each do |rqm| send(rqm) assert(last_response).is_unauthorized end end it 'returns "200 Ok" response if authorization passed' do authorize('u', 'p') RocketIO::REQUEST_METHODS.values.each do |rqm| send(rqm) assert(last_response).ok? end end end context 'protect specific request methods' do before do @protected = %w[get post] app mock_controller { basic_auth(:get) {|u,p| [u,p] == ['u', 'get'] } basic_auth(:post) {|u,p| [u,p] == ['u', 'post']} define_method(:get) {} define_method(:post) {} define_method(:put) {} define_method(:delete) {} } end it 'returns "200 Ok" for un-protected methods' do %w[put delete].each do |rqm| send(rqm) assert(last_response).ok? end end it 'returns "401 Unauthorized" if no authorization given' do @protected.each do |rqm| send(rqm) assert(last_response).is_unauthorized end end it 'returns "401 Unauthorized" if wrong authorization given' do authorize('x', 'y') @protected.each do |rqm| send(rqm) assert(last_response).is_unauthorized end end it 'returns "200 Ok" response if authorization passed' do authorize('u', 'get') get assert(last_response).ok? authorize('u', 'post') post assert(last_response).ok? end end end context 'digest auth' do context 'hashed password' do before do app mock_controller { digest_auth(passwords_hashed: true) {|u| {'u' => '5daad7ee02f846df2874dba8f7522112'}[u]} define_method(:get) {} } end it 'returns "401 Unauthorized" if no authorization given' do get assert(last_response).is_unauthorized end it 'returns "401 Unauthorized" if wrong authorization given' do digest_authorize('x', 'y') get assert(last_response).is_unauthorized end it 'returns "200 Ok" response if authorization passed' do digest_authorize('u', 'p') get assert(last_response).ok? end end context 'plain password' do before do app mock_controller { digest_auth {|u| {'u' => 'p'}[u]} define_method(:get) {} } end it 'returns "401 Unauthorized" if no authorization given' do get assert(last_response).is_unauthorized end it 'returns "401 Unauthorized" if wrong authorization given' do digest_authorize('x', 'y') get assert(last_response).is_unauthorized end it 'returns "200 Ok" response if authorization passed' do digest_authorize('u', 'p') get assert(last_response).ok? end end context 'protect specific request methods' do before do @protected = %w[get post] app mock_controller { digest_auth(:get) {|u| {'u' => 'get'}[u] } digest_auth(:post) {|u| {'u' => 'post'}[u]} define_method(:get) {} define_method(:post) {} define_method(:put) {} define_method(:delete) {} } end it 'returns "200 Ok" for un-protected methods' do %w[put delete].each do |rqm| send(rqm) assert(last_response).ok? end end it 'returns "401 Unauthorized" if no authorization given' do @protected.each do |rqm| send(rqm) assert(last_response).is_unauthorized end end it 'returns "401 Unauthorized" if wrong authorization given' do digest_authorize('x', 'y') @protected.each do |rqm| send(rqm) assert(last_response).is_unauthorized end end it 'returns "200 Ok" response if authorization passed' do digest_authorize('u', 'get') get assert(last_response).ok? digest_authorize('u', 'post') post assert(last_response).ok? end end end end