From 68fdfde0039f44019b6967a5565b9d390f747395 Mon Sep 17 00:00:00 2001 From: Pratik Naik Date: Sun, 18 Jan 2009 19:21:34 +0000 Subject: Improve HTTP Basic authentication tests --- .../test/controller/http_authentication_test.rb | 54 ------------- .../controller/http_basic_authentication_test.rb | 88 ++++++++++++++++++++++ 2 files changed, 88 insertions(+), 54 deletions(-) delete mode 100644 actionpack/test/controller/http_authentication_test.rb create mode 100644 actionpack/test/controller/http_basic_authentication_test.rb (limited to 'actionpack/test') diff --git a/actionpack/test/controller/http_authentication_test.rb b/actionpack/test/controller/http_authentication_test.rb deleted file mode 100644 index c0069e8032..0000000000 --- a/actionpack/test/controller/http_authentication_test.rb +++ /dev/null @@ -1,54 +0,0 @@ -require 'abstract_unit' - -class HttpBasicAuthenticationTest < Test::Unit::TestCase - include ActionController::HttpAuthentication::Basic - - class DummyController - attr_accessor :headers, :renders, :request - - def initialize - @headers, @renders = {}, [] - @request = ActionController::TestRequest.new - end - - def render(options) - self.renders << options - end - end - - def setup - @controller = DummyController.new - @credentials = ActionController::HttpAuthentication::Basic.encode_credentials("dhh", "secret") - end - - def test_successful_authentication - login = Proc.new { |user_name, password| user_name == "dhh" && password == "secret" } - set_headers - assert authenticate(@controller, &login) - - set_headers '' - assert_nothing_raised do - assert !authenticate(@controller, &login) - end - - set_headers nil - set_headers @credentials, 'REDIRECT_X_HTTP_AUTHORIZATION' - assert authenticate(@controller, &login) - end - - def test_failing_authentication - set_headers - assert !authenticate(@controller) { |user_name, password| user_name == "dhh" && password == "incorrect" } - end - - def test_authentication_request - authentication_request(@controller, "Megaglobalapp") - assert_equal 'Basic realm="Megaglobalapp"', @controller.headers["WWW-Authenticate"] - assert_equal :unauthorized, @controller.renders.first[:status] - end - - private - def set_headers(value = @credentials, name = 'HTTP_AUTHORIZATION') - @controller.request.env[name] = value - end -end diff --git a/actionpack/test/controller/http_basic_authentication_test.rb b/actionpack/test/controller/http_basic_authentication_test.rb new file mode 100644 index 0000000000..08a25bfdb8 --- /dev/null +++ b/actionpack/test/controller/http_basic_authentication_test.rb @@ -0,0 +1,88 @@ +require 'abstract_unit' + +class DummyController < ActionController::Base + before_filter :authenticate, :only => :index + before_filter :authenticate_with_request, :only => :display + + def index + render :text => "Hello Secret" + end + + def display + render :text => 'Definitely Maybe' + end + + private + + def authenticate + authenticate_or_request_with_http_basic do |username, password| + username == 'lifo' && password == 'world' + end + end + + def authenticate_with_request + if authenticate_with_http_basic { |username, password| username == 'pretty' && password == 'please' } + @logged_in = true + else + request_http_basic_authentication("SuperSecret") + end + end +end + +class HttpBasicAuthenticationTest < ActionController::TestCase + AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION'] + + tests DummyController + + AUTH_HEADERS.each do |header| + test "successful authentication with #{header.downcase}" do + @request.env[header] = encode_credentials('lifo', 'world') + get :index + + assert_response :success + assert_equal 'Hello Secret', @response.body, "Authentication failed for request header #{header}" + end + end + + AUTH_HEADERS.each do |header| + test "unsuccessful authentication with #{header.downcase}" do + @request.env[header] = encode_credentials('h4x0r', 'world') + get :index + + assert_response :unauthorized + assert_equal "HTTP Basic: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header}" + end + end + + test "authentication request without credential" do + get :display + + assert_response :unauthorized + assert_equal "HTTP Basic: Access denied.\n", @response.body + assert_equal 'Basic realm="SuperSecret"', @response.headers['WWW-Authenticate'] + end + + test "authentication request with invalid credential" do + @request.env['HTTP_AUTHORIZATION'] = encode_credentials('pretty', 'foo') + get :display + + assert_response :unauthorized + assert_equal "HTTP Basic: Access denied.\n", @response.body + assert_equal 'Basic realm="SuperSecret"', @response.headers['WWW-Authenticate'] + end + + test "authentication request with valid credential" do + @request.env['HTTP_AUTHORIZATION'] = encode_credentials('pretty', 'please') + get :display + + assert_response :success + assert assigns(:logged_in) + assert_equal 'Definitely Maybe', @response.body + end + + private + + def encode_credentials(username, password) + "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}" + end +end -- cgit v1.2.3