File: strategies_spec.rb

package info (click to toggle)
ruby-grape 1.6.2-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 2,156 kB
  • sloc: ruby: 25,265; makefile: 7
file content (122 lines) | stat: -rw-r--r-- 3,319 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# frozen_string_literal: true

require 'spec_helper'

require 'base64'

describe Grape::Middleware::Auth::Strategies do
  context 'Basic Auth' do
    def app
      proc = ->(u, p) { u && p && u == p }
      Rack::Builder.new do |b|
        b.use Grape::Middleware::Error
        b.use(Grape::Middleware::Auth::Base, type: :http_basic, proc: proc)
        b.run ->(_env) { [200, {}, ['Hello there.']] }
      end
    end

    it 'throws a 401 if no auth is given' do
      @proc = -> { false }
      get '/whatever'
      expect(last_response.status).to eq(401)
    end

    it 'authenticates if given valid creds' do
      get '/whatever', {}, 'HTTP_AUTHORIZATION' => encode_basic_auth('admin', 'admin')
      expect(last_response.status).to eq(200)
    end

    it 'throws a 401 is wrong auth is given' do
      get '/whatever', {}, 'HTTP_AUTHORIZATION' => encode_basic_auth('admin', 'wrong')
      expect(last_response.status).to eq(401)
    end
  end

  context 'Digest MD5 Auth' do
    RSpec::Matchers.define :be_challenge do
      match do |actual_response|
        actual_response.status == 401 &&
          actual_response['WWW-Authenticate'].start_with?('Digest ') &&
          actual_response.body.empty?
      end
    end

    module StrategiesSpec
      class PasswordHashed < Grape::API
        http_digest(realm: { realm: 'Test Api', opaque: 'secret', passwords_hashed: true }) do |username|
          { 'foo' => Digest::MD5.hexdigest(['foo', 'Test Api', 'bar'].join(':')) }[username]
        end

        get '/test' do
          [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }]
        end
      end

      class PasswordIsNotHashed < Grape::API
        http_digest(realm: 'Test Api', opaque: 'secret') do |username|
          { 'foo' => 'bar' }[username]
        end

        get '/test' do
          [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }]
        end
      end
    end

    context 'when password is hashed' do
      def app
        StrategiesSpec::PasswordHashed
      end

      it 'is a digest authentication challenge' do
        get '/test'
        expect(last_response).to be_challenge
      end

      it 'throws a 401 if no auth is given' do
        get '/test'
        expect(last_response.status).to eq(401)
      end

      it 'authenticates if given valid creds' do
        digest_authorize 'foo', 'bar'
        get '/test'
        expect(last_response.status).to eq(200)
      end

      it 'throws a 401 if given invalid creds' do
        digest_authorize 'bar', 'foo'
        get '/test'
        expect(last_response.status).to eq(401)
      end
    end

    context 'when password is not hashed' do
      def app
        StrategiesSpec::PasswordIsNotHashed
      end

      it 'is a digest authentication challenge' do
        get '/test'
        expect(last_response).to be_challenge
      end

      it 'throws a 401 if no auth is given' do
        get '/test'
        expect(last_response.status).to eq(401)
      end

      it 'authenticates if given valid creds' do
        digest_authorize 'foo', 'bar'
        get '/test'
        expect(last_response.status).to eq(200)
      end

      it 'throws a 401 if given invalid creds' do
        digest_authorize 'bar', 'foo'
        get '/test'
        expect(last_response.status).to eq(401)
      end
    end
  end
end