webmachine-ruby/spec/webmachine/resource/authentication_spec.rb at ff96766871e2f803894bfa076984e390ab458fb4 · patrick204nqh/webmachine-ruby · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
require 'spec_helper'

describe Webmachine::Resource::Authentication do
  subject { Webmachine::Decision::FSM.new(resource, request, response) }
  let(:method) { 'GET' }
  let(:uri) { URI.parse('http://localhost/') }
  let(:headers) { Webmachine::Headers.new }
  let(:body) { '' }
  let(:request) { Webmachine::Request.new(method, uri, headers, body) }
  let(:response) { Webmachine::Response.new }

  def resource_with(&block)
    klass = Class.new(Webmachine::Resource) do
      def to_html
        'test resource'
      end
    end
    klass.module_eval(&block) if block
    klass.new(request, response)
  end

  describe 'Basic authentication' do
    let(:resource) do
      resource_with do
        include Webmachine::Resource::Authentication

        attr_accessor :realm
        def is_authorized?(auth)
          basic_auth(auth, @realm || 'Webmachine') { |u, p| u == 'webmachine' && p == 'http' }
        end
      end
    end

    context 'when no authorization is sent by the client' do
      it 'should reply with a 401 Unauthorized and a WWW-Authenticate header using Basic' do
        subject.run
        expect(response.code).to eq(401)
        expect(response.headers['WWW-Authenticate']).to eq('Basic realm="Webmachine"')
      end

      it 'should use the specified realm in the WWW-Authenticate header' do
        resource.realm = 'My App'
        subject.run
        expect(response.headers['WWW-Authenticate']).to eq('Basic realm="My App"')
      end
    end

    context 'when the client sends invalid authorization' do
      before do
        headers['Authorization'] = 'Basic ' + ['invalid:auth'].pack('m*').chomp
      end

      it 'should reply with a 401 Unauthorized and a WWW-Authenticate header using Basic' do
        subject.run
        expect(response.code).to eq(401)
        expect(response.headers['WWW-Authenticate']).to eq('Basic realm="Webmachine"')
      end
    end

    context 'when the client sends valid authorization' do
      before do
        headers['Authorization'] = 'Basic ' + ['webmachine:http'].pack('m*').chomp
      end

      it 'should not reply with 401 Unauthorized' do
        subject.run
        expect(response.code).not_to eq(401)
      end
    end
  end
end