aboutsummaryrefslogtreecommitdiffstats
path: root/spec/controllers/admin_public_body_controller_spec.rb
diff options
context:
space:
mode:
authorSeb Bacon <seb.bacon@gmail.com>2012-06-20 10:46:57 +0100
committerSeb Bacon <seb.bacon@gmail.com>2012-06-20 10:46:57 +0100
commit6c4c822ef7a4491bf821326af779e5be9118c0a1 (patch)
tree39cf3564b1b2fb6be26499eda2a41be7ba59ad65 /spec/controllers/admin_public_body_controller_spec.rb
parentea977a0b9e86bc99a84de8577fa4ce1d304ac489 (diff)
parent08dac0261325cd757b7146f9626f3c7b48cc672c (diff)
Merge branch 'release/0.6'0.6
Conflicts: locale/bs/app.po locale/ca/app.po locale/cs/app.po locale/cy/app.po locale/de/app.po locale/en_IE/app.po locale/es/app.po locale/eu/app.po locale/fr/app.po locale/ga_IE/app.po locale/gl/app.po locale/hu_HU/app.po locale/id/app.po locale/pt_BR/app.po locale/sq/app.po locale/sr@latin/app.po spec/fixtures/locale/en/app.po
Diffstat (limited to 'spec/controllers/admin_public_body_controller_spec.rb')
-rw-r--r--spec/controllers/admin_public_body_controller_spec.rb66
1 files changed, 38 insertions, 28 deletions
diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index 1e82a0ba4..171cb21b5 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -4,10 +4,6 @@ describe AdminPublicBodyController, "when administering public bodies" do
integrate_views
before do
- username = MySociety::Config.get('ADMIN_USERNAME', '')
- password = MySociety::Config.get('ADMIN_PASSWORD', '')
- basic_auth_login @request
-
@old_filters = ActionController::Routing::Routes.filters
ActionController::Routing::Routes.filters = RoutingFilter::Chain.new
end
@@ -80,19 +76,29 @@ describe AdminPublicBodyController, "when administering public bodies and paying
integrate_views
+ before do
+ config = MySociety::Config.load_default()
+ config['SKIP_ADMIN_AUTH'] = false
+ basic_auth_login @request
+ end
+ after do
+ config = MySociety::Config.load_default()
+ config['SKIP_ADMIN_AUTH'] = true
+ end
+
+
it "disallows non-authenticated users to do anything" do
@request.env["HTTP_AUTHORIZATION"] = ""
n = PublicBody.count
post :destroy, { :id => 3 }
- response.code.should == "401"
+ response.should redirect_to(:controller=>'user', :action=>'signin', :token=>PostRedirect.get_last_post_redirect.token)
PublicBody.count.should == n
session[:using_admin].should == nil
end
- it "skips admin authorisation when no username/password set" do
+ it "skips admin authorisation when SKIP_ADMIN_AUTH set" do
config = MySociety::Config.load_default()
- config['ADMIN_USERNAME'] = ''
- config['ADMIN_PASSWORD'] = ''
+ config['SKIP_ADMIN_AUTH'] = true
@request.env["HTTP_AUTHORIZATION"] = ""
n = PublicBody.count
@@ -101,30 +107,44 @@ describe AdminPublicBodyController, "when administering public bodies and paying
session[:using_admin].should == 1
end
- it "skips admin authorisation when no username set" do
+ it "doesn't let people with bad credentials log in" do
config = MySociety::Config.load_default()
- config['ADMIN_USERNAME'] = ''
+ config['SKIP_ADMIN_AUTH'] = false
+ config['ADMIN_USERNAME'] = 'biz'
config['ADMIN_PASSWORD'] = 'fuz'
@request.env["HTTP_AUTHORIZATION"] = ""
-
n = PublicBody.count
+ basic_auth_login(@request, "baduser", "badpassword")
post :destroy, { :id => public_bodies(:forlorn_public_body).id }
- PublicBody.count.should == n - 1
- session[:using_admin].should == 1
+ response.should redirect_to(:controller=>'user', :action=>'signin', :token=>PostRedirect.get_last_post_redirect.token)
+ PublicBody.count.should == n
+ session[:using_admin].should == nil
end
- it "forces authorisation when password and username set" do
+
+ it "allows people with good credentials log in using HTTP Basic Auth" do
config = MySociety::Config.load_default()
+ config['SKIP_ADMIN_AUTH'] = false
config['ADMIN_USERNAME'] = 'biz'
config['ADMIN_PASSWORD'] = 'fuz'
@request.env["HTTP_AUTHORIZATION"] = ""
n = PublicBody.count
- basic_auth_login(@request, "baduser", "badpassword")
+ basic_auth_login(@request, "biz", "fuz")
+ post :show, { :id => public_bodies(:humpadink_public_body).id, :emergency => 1}
+ session[:using_admin].should == 1
+ n = PublicBody.count
post :destroy, { :id => public_bodies(:forlorn_public_body).id }
- response.code.should == "401"
- PublicBody.count.should == n
- session[:using_admin].should == nil
+ session[:using_admin].should == 1
+ PublicBody.count.should == n - 1
end
+ it "allows superusers to do stuff" do
+ session[:user_id] = users(:admin_user).id
+ @request.env["HTTP_AUTHORIZATION"] = ""
+ n = PublicBody.count
+ post :destroy, { :id => public_bodies(:forlorn_public_body).id }
+ PublicBody.count.should == n - 1
+ session[:using_admin].should == 1
+ end
end
@@ -132,12 +152,6 @@ end
describe AdminPublicBodyController, "when administering public bodies with i18n" do
integrate_views
- before do
- username = MySociety::Config.get('ADMIN_USERNAME', '')
- password = MySociety::Config.get('ADMIN_PASSWORD', '')
- basic_auth_login @request
- end
-
it "shows the index page" do
get :index
end
@@ -201,10 +215,6 @@ describe AdminPublicBodyController, "when creating public bodies with i18n" do
integrate_views
before do
- username = MySociety::Config.get('ADMIN_USERNAME', '')
- password = MySociety::Config.get('ADMIN_PASSWORD', '')
- basic_auth_login @request
-
@old_filters = ActionController::Routing::Routes.filters
ActionController::Routing::Routes.filters = RoutingFilter::Chain.new
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 15:33:40 +0000