Foodsoft
/
foodsoft
1
1
Fork 0
Code Issues 36 Pull Requests 5 Projects 1 Releases Wiki Activity
foodsoft/spec/controllers/concerns/auth_concern_spec.rb

184 lines
6.7 KiB
Ruby
Raw Normal View History

auth concern spec'd
2022-10-11 16:09:18 +02:00
# frozen_string_literal: true
require 'spec_helper'
class DummyAuthController < ApplicationController; end
describe 'Auth concern', type: :controller do
controller DummyAuthController do
# Defining a dummy action for an anynomous controller which inherits from the described class.
def authenticate_blank
authenticate
end
def authenticate_unknown_group
authenticate('nooby')
end
def authenticate_pickups
authenticate('pickups')
head :ok unless performed?
end
def authenticate_finance_or_orders
authenticate('finance_or_orders')
head :ok unless performed?
end
def try_authenticate_membership_or_admin
authenticate_membership_or_admin
end
def try_authenticate_or_token
authenticate_or_token('xyz')
head :ok unless performed?
end
end
# unit testing protected/private methods
describe 'protected/private methods' do
let(:user) { create :user }
describe '#current_user' do
before { login user }
describe 'with valid session' do
it "returns current_user" do
subject.session[:user_id] = user.id
subject.params[:foodcoop] = FoodsoftConfig[:default_scope]
expect(subject.send(:current_user)).to eq user
expect(assigns(:current_user)).to eq user
end
end
describe 'with invalid session' do
it "not returns current_user" do
subject.session[:user_id] = ''
subject.params[:foodcoop] = FoodsoftConfig[:default_scope]
expect(subject.send(:current_user)).to be_nil
expect(assigns(:current_user)).to be_nil
end
end
end
describe '#deny_access' do
xit "redirects to root_url" do
expect(subject.send(:deny_access)).to redirect_to(root_url)
end
end
describe '#login' do
it "sets user in session" do
subject.send(:login, user)
expect(subject.session[:user_id]).to eq user.id
expect(subject.session[:scope]).to eq FoodsoftConfig.scope
expect(subject.session[:locale]).to eq user.locale
end
end
describe '#login_and_redirect_to_return_to' do
xit "redirects to already set target" do
subject.session[:return_to] = my_profile_url
subject.send(:login_and_redirect_to_return_to, user)
expect(subject.session[:return_to]).to be nil
end
end
end
describe 'authenticate' do
describe 'not logged in' do
it 'does not authenticate' do
routes.draw { get "authenticate_blank" => "dummy_auth#authenticate_blank" }
get :authenticate_blank, params: { foodcoop: FoodsoftConfig[:default_scope] }
expect(response).to have_http_status(:redirect)
expect(response).to redirect_to(login_path)
expect(flash[:alert]).to match(I18n.t('application.controller.error_authn'))
end
end
describe 'logged in' do
let(:user) { create :user }
let(:pickups_user) { create :user, :role_pickups }
let(:finance_user) { create :user, :role_finance }
let(:orders_user) { create :user, :role_orders }
it 'does not authenticate with unknown group' do
login user
routes.draw { get "authenticate_unknown_group" => "dummy_auth#authenticate_unknown_group" }
get :authenticate_unknown_group, params: { foodcoop: FoodsoftConfig[:default_scope] }
expect(response).to have_http_status(:redirect)
expect(response).to redirect_to(root_path)
expect(flash[:alert]).to match(I18n.t('application.controller.error_denied', sign_in: ActionController::Base.helpers.link_to(I18n.t('application.controller.error_denied_sign_in'), login_path)))
end
it 'does not authenticate with pickups group' do
login pickups_user
routes.draw { get "authenticate_pickups" => "dummy_auth#authenticate_pickups" }
get :authenticate_pickups, params: { foodcoop: FoodsoftConfig[:default_scope] }
expect(response).to have_http_status(:success)
end
it 'does not authenticate with finance group' do
login finance_user
routes.draw { get "authenticate_finance_or_orders" => "dummy_auth#authenticate_finance_or_orders" }
get :authenticate_finance_or_orders, params: { foodcoop: FoodsoftConfig[:default_scope] }
expect(response).to have_http_status(:success)
end
it 'does not authenticate with orders group' do
login orders_user
routes.draw { get "authenticate_finance_or_orders" => "dummy_auth#authenticate_finance_or_orders" }
get :authenticate_finance_or_orders, params: { foodcoop: FoodsoftConfig[:default_scope] }
expect(response).to have_http_status(:success)
end
end
end
describe 'authenticate_membership_or_admin' do
describe 'logged in' do
let(:pickups_user) { create :user, :role_pickups }
let(:workgroup) { create :workgroup }
it 'redirects with not permitted group' do
group_id = workgroup.id
login pickups_user
routes.draw { get "try_authenticate_membership_or_admin" => "dummy_auth#try_authenticate_membership_or_admin" }
get :try_authenticate_membership_or_admin, params: { foodcoop: FoodsoftConfig[:default_scope], id: group_id }
expect(response).to have_http_status(:redirect)
expect(response).to redirect_to(root_path)
expect(flash[:alert]).to match(I18n.t('application.controller.error_members_only'))
end
end
end
describe 'authenticate_or_token' do
describe 'logged in' do
let(:token_verifier) { TokenVerifier.new('xyz') }
let(:token_msg) { token_verifier.generate }
let(:user) { create :user }
it 'authenticates token' do
login user
routes.draw { get "try_authenticate_or_token" => "dummy_auth#try_authenticate_or_token" }
get :try_authenticate_or_token, params: { foodcoop: FoodsoftConfig[:default_scope], token: token_msg }
expect(response).to_not have_http_status(:redirect)
end
it 'redirects on faulty token' do
login user
routes.draw { get "try_authenticate_or_token" => "dummy_auth#try_authenticate_or_token" }
get :try_authenticate_or_token, params: { foodcoop: FoodsoftConfig[:default_scope], token: 'abc' }
expect(response).to have_http_status(:redirect)
expect(response).to redirect_to(root_path)
expect(flash[:alert]).to match(I18n.t('application.controller.error_token'))
end
it 'authenticates current user on empty token' do
login user
routes.draw { get "try_authenticate_or_token" => "dummy_auth#try_authenticate_or_token" }
get :try_authenticate_or_token, params: { foodcoop: FoodsoftConfig[:default_scope] }
expect(response).to have_http_status(:success)
end
end
end
end