fix up basic auth for admin settings: get credentials from config, cause default (where no config) to skip authorization completely, add tests for these

author: Seb Bacon <seb.bacon@gmail.com> 2011-07-06 12:00:26 +0100
committer: Seb Bacon <seb.bacon@gmail.com> 2011-07-06 12:00:26 +0100
commit: 732b3e5c430a83f72adb44dc621d48edb86f081f (patch)
tree: 63e77046c96d31081579853decc1b8cef2affc94 /spec/controllers/admin_public_body_controller_spec.rb
parent: 737f5967131120adab322adf3dbdbd4f40426499 (diff)
1 files changed, 32 insertions, 3 deletions
diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index a32c27dd9..9eabb2f8e 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -3,7 +3,14 @@ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
 describe AdminPublicBodyController, "when administering public bodies" do
     integrate_views
     fixtures :public_bodies, :public_body_translations
-  
+
+    before do
+        username = MySociety::Config.get('ADMIN_USERNAME', '')
+        password = MySociety::Config.get('ADMIN_PASSWORD', '')
+        basic_auth_login @request
+    end
+
+
     it "shows the index page" do
         get :index
     end
@@ -40,14 +47,18 @@ describe AdminPublicBodyController, "when administering public bodies" do
         post :destroy, { :id => 3 }
         PublicBody.count.should == 1
     end
-
-
 end
 
 describe AdminPublicBodyController, "when administering public bodies with i18n" do
     integrate_views
     fixtures :public_bodies, :public_body_translations
   
+    before do
+        username = MySociety::Config.get('ADMIN_USERNAME', '')
+        password = MySociety::Config.get('ADMIN_PASSWORD', '')
+        basic_auth_login @request
+    end
+
     it "shows the index page" do
         get :index
     end
@@ -95,5 +106,23 @@ describe AdminPublicBodyController, "when administering public bodies with i18n"
         PublicBody.count.should == 1
     end
 
+    it "don't allow non-authenticated users to do anything" do
+        @request.env["HTTP_AUTHORIZATION"] = ""
+        PublicBody.count.should == 2
+        post :destroy, { :id => 3 }
+        response.code.should == "401"
+        PublicBody.count.should == 2
+    end
+
+    it "when no username/password set, skip admin authorisation" do
+        config = MySociety::Config.load_default()
+        config['ADMIN_USERNAME'] = ''
+        config['ADMIN_PASSWORD'] = ''
+        @request.env["HTTP_AUTHORIZATION"] = ""
+        PublicBody.count.should == 2
+        post :destroy, { :id => 3 }
+        PublicBody.count.should == 1
+    end
+
 
 end
author	Seb Bacon <seb.bacon@gmail.com>	2011-07-06 12:00:26 +0100
committer	Seb Bacon <seb.bacon@gmail.com>	2011-07-06 12:00:26 +0100
commit	732b3e5c430a83f72adb44dc621d48edb86f081f (patch)
tree	63e77046c96d31081579853decc1b8cef2affc94 /spec/controllers/admin_public_body_controller_spec.rb
parent	737f5967131120adab322adf3dbdbd4f40426499 (diff)