Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 373
- Log:
Initial import of Radiant 0.9.1, which is now packaged as a gem. This is an
import of the tagged 0.9.1 source checked out from GitHub, which isn't quite
the same as the gem distribution - but it doesn't seem to be available in an
archived form and the installed gem already has modifications, so this is
the closest I can get.
- Author:
- rool
- Date:
- Mon Mar 21 13:40:05 +0000 2011
- Size:
- 3916 Bytes
1 | require 'abstract_unit' |
2 | |
3 | class HttpBasicAuthenticationTest < ActionController::TestCase |
4 | class DummyController < ActionController::Base |
5 | before_filter :authenticate, :only => :index |
6 | before_filter :authenticate_with_request, :only => :display |
7 | before_filter :authenticate_long_credentials, :only => :show |
8 | |
9 | def index |
10 | render :text => "Hello Secret" |
11 | end |
12 | |
13 | def display |
14 | render :text => 'Definitely Maybe' |
15 | end |
16 | |
17 | def show |
18 | render :text => 'Only for loooooong credentials' |
19 | end |
20 | |
21 | private |
22 | |
23 | def authenticate |
24 | authenticate_or_request_with_http_basic do |username, password| |
25 | username == 'lifo' && password == 'world' |
26 | end |
27 | end |
28 | |
29 | def authenticate_with_request |
30 | if authenticate_with_http_basic { |username, password| username == 'pretty' && password == 'please' } |
31 | @logged_in = true |
32 | else |
33 | request_http_basic_authentication("SuperSecret") |
34 | end |
35 | end |
36 | |
37 | def authenticate_long_credentials |
38 | authenticate_or_request_with_http_basic do |username, password| |
39 | username == '1234567890123456789012345678901234567890' && password == '1234567890123456789012345678901234567890' |
40 | end |
41 | end |
42 | end |
43 | |
44 | AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION'] |
45 | |
46 | tests DummyController |
47 | |
48 | AUTH_HEADERS.each do |header| |
49 | test "successful authentication with #{header.downcase}" do |
50 | @request.env[header] = encode_credentials('lifo', 'world') |
51 | get :index |
52 | |
53 | assert_response :success |
54 | assert_equal 'Hello Secret', @response.body, "Authentication failed for request header #{header}" |
55 | end |
56 | test "successful authentication with #{header.downcase} and long credentials" do |
57 | @request.env[header] = encode_credentials('1234567890123456789012345678901234567890', '1234567890123456789012345678901234567890') |
58 | get :show |
59 | |
60 | assert_response :success |
61 | assert_equal 'Only for loooooong credentials', @response.body, "Authentication failed for request header #{header} and long credentials" |
62 | end |
63 | end |
64 | |
65 | AUTH_HEADERS.each do |header| |
66 | test "unsuccessful authentication with #{header.downcase}" do |
67 | @request.env[header] = encode_credentials('h4x0r', 'world') |
68 | get :index |
69 | |
70 | assert_response :unauthorized |
71 | assert_equal "HTTP Basic: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header}" |
72 | end |
73 | test "unsuccessful authentication with #{header.downcase} and long credentials" do |
74 | @request.env[header] = encode_credentials('h4x0rh4x0rh4x0rh4x0rh4x0rh4x0rh4x0rh4x0r', 'worldworldworldworldworldworldworldworld') |
75 | get :show |
76 | |
77 | assert_response :unauthorized |
78 | assert_equal "HTTP Basic: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header} and long credentials" |
79 | end |
80 | end |
81 | |
82 | test "authentication request without credential" do |
83 | get :display |
84 | |
85 | assert_response :unauthorized |
86 | assert_equal "HTTP Basic: Access denied.\n", @response.body |
87 | assert_equal 'Basic realm="SuperSecret"', @response.headers['WWW-Authenticate'] |
88 | end |
89 | |
90 | test "authentication request with invalid credential" do |
91 | @request.env['HTTP_AUTHORIZATION'] = encode_credentials('pretty', 'foo') |
92 | get :display |
93 | |
94 | assert_response :unauthorized |
95 | assert_equal "HTTP Basic: Access denied.\n", @response.body |
96 | assert_equal 'Basic realm="SuperSecret"', @response.headers['WWW-Authenticate'] |
97 | end |
98 | |
99 | test "authentication request with valid credential" do |
100 | @request.env['HTTP_AUTHORIZATION'] = encode_credentials('pretty', 'please') |
101 | get :display |
102 | |
103 | assert_response :success |
104 | assert assigns(:logged_in) |
105 | assert_equal 'Definitely Maybe', @response.body |
106 | end |
107 | |
108 | private |
109 | |
110 | def encode_credentials(username, password) |
111 | "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}" |
112 | end |
113 | end |