spec/grape/middleware/auth/strategies_spec.rb in grape-1.6.0 vs spec/grape/middleware/auth/strategies_spec.rb in grape-1.6.1

@@ -40,43 +40,83 @@
           actual_response.body.empty?
       end
     end
 
     module StrategiesSpec
-      class Test < Grape::API
+      class PasswordHashed < Grape::API
+        http_digest(realm: { realm: 'Test Api', opaque: 'secret', passwords_hashed: true }) do |username|
+          { 'foo' => Digest::MD5.hexdigest(['foo', 'Test Api', 'bar'].join(':')) }[username]
+        end
+
+        get '/test' do
+          [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }]
+        end
+      end
+
+      class PasswordIsNotHashed < Grape::API
         http_digest(realm: 'Test Api', opaque: 'secret') do |username|
           { 'foo' => 'bar' }[username]
         end
 
         get '/test' do
           [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }]
         end
       end
     end
 
-    def app
-      StrategiesSpec::Test
-    end
+    context 'when password is hashed' do
+      def app
+        StrategiesSpec::PasswordHashed
+      end
 
-    it 'is a digest authentication challenge' do
-      get '/test'
-      expect(last_response).to be_challenge
-    end
+      it 'is a digest authentication challenge' do
+        get '/test'
+        expect(last_response).to be_challenge
+      end
 
-    it 'throws a 401 if no auth is given' do
-      get '/test'
-      expect(last_response.status).to eq(401)
-    end
+      it 'throws a 401 if no auth is given' do
+        get '/test'
+        expect(last_response.status).to eq(401)
+      end
 
-    it 'authenticates if given valid creds' do
-      digest_authorize 'foo', 'bar'
-      get '/test'
-      expect(last_response.status).to eq(200)
+      it 'authenticates if given valid creds' do
+        digest_authorize 'foo', 'bar'
+        get '/test'
+        expect(last_response.status).to eq(200)
+      end
+
+      it 'throws a 401 if given invalid creds' do
+        digest_authorize 'bar', 'foo'
+        get '/test'
+        expect(last_response.status).to eq(401)
+      end
     end
 
-    it 'throws a 401 if given invalid creds' do
-      digest_authorize 'bar', 'foo'
-      get '/test'
-      expect(last_response.status).to eq(401)
+    context 'when password is not hashed' do
+      def app
+        StrategiesSpec::PasswordIsNotHashed
+      end
+
+      it 'is a digest authentication challenge' do
+        get '/test'
+        expect(last_response).to be_challenge
+      end
+
+      it 'throws a 401 if no auth is given' do
+        get '/test'
+        expect(last_response.status).to eq(401)
+      end
+
+      it 'authenticates if given valid creds' do
+        digest_authorize 'foo', 'bar'
+        get '/test'
+        expect(last_response.status).to eq(200)
+      end
+
+      it 'throws a 401 if given invalid creds' do
+        digest_authorize 'bar', 'foo'
+        get '/test'
+        expect(last_response.status).to eq(401)
+      end
     end
   end
 end