diff options
| author | Louise Crow <louise.crow@gmail.com> | 2012-11-12 15:06:46 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2012-11-12 15:06:46 +0000 |
| commit | a1ca0f9123a3aea843ba35508a97d5a4fd5cb0db (patch) | |
| tree | b9d3c1390f6b9c8b201e47507f26829b239f2773 /spec/controllers/admin_public_body_controller_spec.rb | |
| parent | 8271b2c664f04d1b68a8b4d4fdb801f5c6b00b8c (diff) | |
| parent | c96b27c301023a6a1f50c12f0c387205b0255836 (diff) | |
Merge remote-tracking branch 'origin/release/0.6.8'0.6.8
Conflicts:
locale/cs/app.po
locale/sl/app.po
locale/sq/app.po
locale/tr/app.po
locale/uk/app.po
Diffstat (limited to 'spec/controllers/admin_public_body_controller_spec.rb')
| -rw-r--r-- | spec/controllers/admin_public_body_controller_spec.rb | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb index be33802c5..504ddc5cc 100644 --- a/spec/controllers/admin_public_body_controller_spec.rb +++ b/spec/controllers/admin_public_body_controller_spec.rb @@ -166,6 +166,13 @@ describe AdminPublicBodyController, "when administering public bodies and paying config['SKIP_ADMIN_AUTH'] = true end + def setup_emergency_credentials(username, password) + config = MySociety::Config.load_default() + config['SKIP_ADMIN_AUTH'] = false + config['ADMIN_USERNAME'] = username + config['ADMIN_PASSWORD'] = password + @request.env["HTTP_AUTHORIZATION"] = "" + end it "disallows non-authenticated users to do anything" do @request.env["HTTP_AUTHORIZATION"] = "" @@ -180,19 +187,14 @@ describe AdminPublicBodyController, "when administering public bodies and paying config = MySociety::Config.load_default() config['SKIP_ADMIN_AUTH'] = true @request.env["HTTP_AUTHORIZATION"] = "" - n = PublicBody.count post :destroy, { :id => public_bodies(:forlorn_public_body).id } PublicBody.count.should == n - 1 session[:using_admin].should == 1 end - it "doesn't let people with bad credentials log in" do - config = MySociety::Config.load_default() - config['SKIP_ADMIN_AUTH'] = false - config['ADMIN_USERNAME'] = 'biz' - config['ADMIN_PASSWORD'] = 'fuz' - @request.env["HTTP_AUTHORIZATION"] = "" + it "doesn't let people with bad emergency account credentials log in" do + setup_emergency_credentials('biz', 'fuz') n = PublicBody.count basic_auth_login(@request, "baduser", "badpassword") post :destroy, { :id => public_bodies(:forlorn_public_body).id } @@ -201,12 +203,8 @@ describe AdminPublicBodyController, "when administering public bodies and paying session[:using_admin].should == nil end - it "allows people with good credentials log in using HTTP Basic Auth" do - config = MySociety::Config.load_default() - config['SKIP_ADMIN_AUTH'] = false - config['ADMIN_USERNAME'] = 'biz' - config['ADMIN_PASSWORD'] = 'fuz' - @request.env["HTTP_AUTHORIZATION"] = "" + it "allows people with good emergency account credentials log in using HTTP Basic Auth" do + setup_emergency_credentials('biz', 'fuz') n = PublicBody.count basic_auth_login(@request, "biz", "fuz") post :show, { :id => public_bodies(:humpadink_public_body).id, :emergency => 1} @@ -235,6 +233,33 @@ describe AdminPublicBodyController, "when administering public bodies and paying PublicBody.count.should == n session[:using_admin].should == nil end + + describe 'when asked for the admin current user' do + + it 'returns the emergency account name for someone who logged in with the emergency account' do + setup_emergency_credentials('biz', 'fuz') + basic_auth_login(@request, "biz", "fuz") + post :show, { :id => public_bodies(:humpadink_public_body).id, :emergency => 1 } + controller.send(:admin_current_user).should == 'biz' + end + + it 'returns the current user url_name for a superuser' do + session[:user_id] = users(:admin_user).id + @request.env["HTTP_AUTHORIZATION"] = "" + post :show, { :id => public_bodies(:humpadink_public_body).id } + controller.send(:admin_current_user).should == users(:admin_user).url_name + end + + it 'returns the REMOTE_USER value from the request environment when skipping admin auth' do + config = MySociety::Config.load_default() + config['SKIP_ADMIN_AUTH'] = true + @request.env["HTTP_AUTHORIZATION"] = "" + @request.env["REMOTE_USER"] = "i_am_admin" + post :show, { :id => public_bodies(:humpadink_public_body).id } + controller.send(:admin_current_user).should == "i_am_admin" + end + + end end describe AdminPublicBodyController, "when administering public bodies with i18n" do |