diff options
Diffstat (limited to 't/app/controller')
| -rw-r--r-- | t/app/controller/auth.t | 25 | ||||
| -rw-r--r-- | t/app/controller/auth_profile.t | 93 | ||||
| -rw-r--r-- | t/app/controller/dashboard.t | 15 |
3 files changed, 133 insertions, 0 deletions
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 661f99412..8d60137a2 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -251,3 +251,28 @@ FixMyStreet::override_config { is $mech->uri->path, '/my', "redirected to correct page"; }; }; + +subtest "check logging in with token" => sub { + $mech->log_out_ok; + $mech->not_logged_in_ok; + + my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + # token needs to be 18 characters + $user->set_extra_metadata('access_token', '1234567890abcdefgh'); + $user->update(); + + $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh'); + $mech->logged_in_ok; + + $mech->delete_header('Authorization'); + $mech->not_logged_in_ok; + + $mech->get_ok('/auth/check_auth?access_token=1234567890abcdefgh'); + + $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh'); + $user->set_extra_metadata('access_token', 'XXXXXXXXXXXXXXXXXX'); + $user->update(); + $mech->not_logged_in_ok; + + $mech->delete_header('Authorization'); +}; diff --git a/t/app/controller/auth_profile.t b/t/app/controller/auth_profile.t index 519086ff5..74edccfe6 100644 --- a/t/app/controller/auth_profile.t +++ b/t/app/controller/auth_profile.t @@ -260,3 +260,96 @@ subtest "Test change phone to existing account" => sub { is $_->user->email, $test_email; } }; + +subtest "Test superuser can access generate token page" => sub { + my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + ok $user->update({ is_superuser => 0 }), 'user not superuser'; + + $mech->log_out_ok; + $mech->get_ok('/auth'); + $mech->submit_form_ok({ + with_fields => { + username => $test_email, + password_sign_in => $test_password, + }, + }); + + $mech->content_lacks('Generate token'); + + $mech->get('/auth/generate_token'); + is $mech->res->code, 403, "access denied"; + + ok $user->update({ is_superuser => 1 }), 'user is superuser'; + + $mech->get_ok('/my'); + $mech->content_contains('Generate token'); + $mech->get_ok('/auth/generate_token'); +}; + +subtest "Test staff user can access generate token page" => sub { + my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + ok $user->update({ is_superuser => 0 }), 'user not superuser'; + + $mech->log_out_ok; + $mech->get_ok('/auth'); + $mech->submit_form_ok({ + with_fields => { + username => $test_email, + password_sign_in => $test_password, + }, + }); + + $mech->content_lacks('Generate token'); + + my $body = $mech->create_body_ok(2237, 'Oxfordshire'); + + $mech->get('/auth/generate_token'); + is $mech->res->code, 403, "access denied"; + + ok $user->update({ from_body => $body }), 'user is staff user'; + + $mech->get_ok('/my'); + $mech->content_contains('Generate token'); + $mech->get_ok('/auth/generate_token'); +}; + +subtest "Test generate token page" => sub { + my $user = FixMyStreet::App->model('DB::User')->find( { email => $test_email } ); + ok $user->update({ is_superuser => 1 }), 'user set to superuser'; + + $mech->log_out_ok; + + $mech->get_ok('/auth'); + $mech->submit_form_ok({ + with_fields => { + username => $test_email, + password_sign_in => $test_password, + }, + }); + + ok !$user->get_extra_metadata('access_token'); + + $mech->get_ok('/my'); + $mech->follow_link_ok({url => '/auth/generate_token'}); + $mech->content_lacks('Token:'); + $mech->submit_form_ok( + { with_fields => { generate_token => 'Generate token' } }, + "submit generate token form" + ); + $mech->content_contains( 'Your token has been generated', "token generated" ); + + $user->discard_changes(); + my $token = $user->get_extra_metadata('access_token'); + ok $token, 'access token set'; + + $mech->content_contains($token, 'access token displayed'); + + $mech->get_ok('/auth/generate_token'); + $mech->content_contains('Current token:'); + $mech->content_contains($token, 'access token displayed'); + $mech->content_contains('If you generate a new token'); + + $mech->log_out_ok; + $mech->add_header('Authorization', "Bearer $token"); + $mech->logged_in_ok; +} diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t index 7d0b0d217..b53056968 100644 --- a/t/app/controller/dashboard.t +++ b/t/app/controller/dashboard.t @@ -184,6 +184,21 @@ FixMyStreet::override_config { is $rows[5]->[16], '179716', 'Correct Northing conversion'; }; + subtest 'export as csv using token' => sub { + $mech->log_out_ok; + + $counciluser->set_extra_metadata('access_token', '1234567890abcdefgh'); + $counciluser->update(); + + $mech->get_ok('/dashboard?export=1'); + like $mech->res->header('Content-type'), qr'text/html'; + $mech->content_lacks('Report ID'); + + $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh'); + $mech->get_ok('/dashboard?export=1'); + like $mech->res->header('Content-type'), qr'text/csv'; + $mech->content_contains('Report ID'); + }; }; sub test_table { |