Module: Authpwn::ControllerTestExtensions
- Included in:
- ActionController::TestCase
- Defined in:
- lib/authpwn_rails/test_extensions.rb
Overview
Included in controller test cases.
Instance Method Summary collapse
-
#session_current_user ⇒ Object
The authenticated user in the test session.
-
#set_http_basic_user(user, password = nil) ⇒ Object
Sets the HTTP Authentication header for Basic authentication.
-
#set_http_token_user(user, token_code = nil) ⇒ Object
Sets the HTTP Authentication header for Token authentication.
-
#set_session_current_user(user) ⇒ Object
Sets the authenticated user in the test session.
Instance Method Details
#session_current_user ⇒ Object
The authenticated user in the test session.
57 58 59 60 |
# File 'lib/authpwn_rails/test_extensions.rb', line 57 def session_current_user return nil unless suid = request.session[:authpwn_suid] Tokens::Base.with_code(suid).first!.user end |
#set_http_basic_user(user, password = nil) ⇒ Object
Sets the HTTP Authentication header for Basic authentication.
If no password is provided, the user’s password is set to “password”. This change is normally reverted at the end of the test, as long as transactional fixtures are not disabled.
Tests that need to disable transactional fixures should specify the user’s password.
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/authpwn_rails/test_extensions.rb', line 70 def set_http_basic_user(user, password = nil) if user.nil? request.env.delete 'HTTP_AUTHORIZATION' return self end if password.nil? password = 'password' credential = Credentials::Password.where(user_id: user.id).first if credential credential.update_attributes! password: password else credential = Credentials::Password.new password: password credential.user_id = user.id credential.save! end end credential = Credentials::Email.where(user_id: user.id).first unless credential raise RuntimeError, "Can't specify an user without an e-mail" end email = credential.email request.env['HTTP_AUTHORIZATION'] = "Basic #{::Base64.strict_encode64("#{email}:#{password}")}" self end |
#set_http_token_user(user, token_code = nil) ⇒ Object
Sets the HTTP Authentication header for Token authentication.
If the user doesn’t have an API token, one is generated automatically. This change is normally reverted at the end of the test, as long as transactional fixtures are not disabled.
If a token code is provided, the user’s API token’s code is forced to the given value.
Tests that need to disable transactional fixures should delete the user’s API token after completion.
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'lib/authpwn_rails/test_extensions.rb', line 110 def set_http_token_user(user, token_code = nil) if user.nil? request.env.delete 'HTTP_AUTHORIZATION' return self end credential = Tokens::Api.where(user_id: user.id).first credential ||= Tokens::Api.random_for(user) unless token_code.nil? credential.code = token_code credential.save! end request.env['HTTP_AUTHORIZATION'] = "Token #{credential.code}" self end |
#set_session_current_user(user) ⇒ Object
Sets the authenticated user in the test session.
42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/authpwn_rails/test_extensions.rb', line 42 def set_session_current_user(user) if user # Avoid database inserts, if at all possible. if token = Tokens::SessionUid.where(user_id: user.id).first token.spend # Only bump updated_at if necessary. else token = Tokens::SessionUid.random_for user, '127.0.0.1', 'UnitTests' end request.session[:authpwn_suid] = token.suid else request.session.delete :authpwn_suid end end |