diff options
Diffstat (limited to 'spec/controllers/admin_public_body_controller_spec.rb')
| -rw-r--r-- | spec/controllers/admin_public_body_controller_spec.rb | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb index 53db4f412..0a90cd64b 100644 --- a/spec/controllers/admin_public_body_controller_spec.rb +++ b/spec/controllers/admin_public_body_controller_spec.rb @@ -52,6 +52,12 @@ describe AdminPublicBodyController, "when administering public bodies" do get :show, :id => 2 session[:using_admin].should == 1 end +end + +describe AdminPublicBodyController, "when administering public bodies and paying attention to authentication" do + + integrate_views + fixtures :public_bodies, :public_body_translations it "disallows non-authenticated users to do anything" do @request.env["HTTP_AUTHORIZATION"] = "" @@ -82,6 +88,19 @@ describe AdminPublicBodyController, "when administering public bodies" do PublicBody.count.should == 1 session[:using_admin].should == 1 end + it "forces authorisation when password and username set" do + config = MySociety::Config.load_default() + config['ADMIN_USERNAME'] = 'biz' + config['ADMIN_PASSWORD'] = 'fuz' + @request.env["HTTP_AUTHORIZATION"] = "" + PublicBody.count.should == 2 + basic_auth_login(@request, "baduser", "badpassword") + post :destroy, { :id => 3 } + response.code.should == "401" + PublicBody.count.should == 2 + session[:using_admin].should == nil + end + end |