BigW Consortium Gitlab

application_controller_spec.rb 4.16 KB
Newer Older
1 2 3
require 'spec_helper'

describe ApplicationController do
4 5
  let(:user) { create(:user) }

6 7 8
  describe '#check_password_expiration' do
    let(:controller) { ApplicationController.new }

9
    it 'redirects if the user is over their password expiry' do
10
      user.password_expires_at = Time.new(2002)
11 12 13 14
      expect(user.ldap_user?).to be_falsey
      allow(controller).to receive(:current_user).and_return(user)
      expect(controller).to receive(:redirect_to)
      expect(controller).to receive(:new_profile_password_path)
15 16 17
      controller.send(:check_password_expiration)
    end

18
    it 'does not redirect if the user is under their password expiry' do
19
      user.password_expires_at = Time.now + 20010101
20 21 22
      expect(user.ldap_user?).to be_falsey
      allow(controller).to receive(:current_user).and_return(user)
      expect(controller).not_to receive(:redirect_to)
23 24 25
      controller.send(:check_password_expiration)
    end

26
    it 'does not redirect if the user is over their password expiry but they are an ldap user' do
27
      user.password_expires_at = Time.new(2002)
28 29 30
      allow(user).to receive(:ldap_user?).and_return(true)
      allow(controller).to receive(:current_user).and_return(user)
      expect(controller).not_to receive(:redirect_to)
31 32 33
      controller.send(:check_password_expiration)
    end
  end
34

35 36 37 38 39 40
  describe "#authenticate_user_from_token!" do
    describe "authenticating a user from a private token" do
      controller(ApplicationController) do
        def index
          render text: "authenticated"
        end
41 42
      end

43 44 45
      context "when the 'private_token' param is populated with the private token" do
        it "logs the user in" do
          get :index, private_token: user.private_token
46
          expect(response).to have_http_status(200)
47 48
          expect(response.body).to eq("authenticated")
        end
49
      end
50

51 52 53 54
      context "when the 'PRIVATE-TOKEN' header is populated with the private token" do
        it "logs the user in" do
          @request.headers['PRIVATE-TOKEN'] = user.private_token
          get :index
55
          expect(response).to have_http_status(200)
56 57
          expect(response.body).to eq("authenticated")
        end
58
      end
59

60 61 62
      it "doesn't log the user in otherwise" do
        @request.headers['PRIVATE-TOKEN'] = "token"
        get :index, private_token: "token", authenticity_token: "token"
Timothy Andrew committed
63 64
        expect(response.status).not_to eq(200)
        expect(response.body).not_to eq("authenticated")
65
      end
66 67
    end

68 69 70 71 72
    describe "authenticating a user from a personal access token" do
      controller(ApplicationController) do
        def index
          render text: 'authenticated'
        end
73 74
      end

75
      let(:personal_access_token) { create(:personal_access_token, user: user) }
76

77 78 79
      context "when the 'personal_access_token' param is populated with the personal access token" do
        it "logs the user in" do
          get :index, private_token: personal_access_token.token
80
          expect(response).to have_http_status(200)
81 82
          expect(response.body).to eq('authenticated')
        end
83
      end
84

85 86 87 88
      context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
        it "logs the user in" do
          @request.headers["PRIVATE-TOKEN"] = personal_access_token.token
          get :index
89
          expect(response).to have_http_status(200)
90 91
          expect(response.body).to eq('authenticated')
        end
92
      end
93

94 95
      it "doesn't log the user in otherwise" do
        get :index, private_token: "token"
Timothy Andrew committed
96 97
        expect(response.status).not_to eq(200)
        expect(response.body).not_to eq('authenticated')
98
      end
99 100
    end
  end
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117

  describe '#route_not_found' do
    let(:controller) { ApplicationController.new }

    it 'renders 404 if authenticated' do
      allow(controller).to receive(:current_user).and_return(user)
      expect(controller).to receive(:not_found)
      controller.send(:route_not_found)
    end

    it 'does redirect to login page if not authenticated' do
      allow(controller).to receive(:current_user).and_return(nil)
      expect(controller).to receive(:redirect_to)
      expect(controller).to receive(:new_user_session_path)
      controller.send(:route_not_found)
    end
  end
118
end