From 9179a0b0ba7cdd84494ed614a04d95c7a976ba88 Mon Sep 17 00:00:00 2001 From: Seb Bacon Date: Fri, 30 Sep 2011 12:14:20 +0100 Subject: Respect admin password and username. Fixes #245. --- spec/controllers/admin_public_body_controller_spec.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'spec/controllers/admin_public_body_controller_spec.rb') diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb index 53db4f412..0a90cd64b 100644 --- a/spec/controllers/admin_public_body_controller_spec.rb +++ b/spec/controllers/admin_public_body_controller_spec.rb @@ -52,6 +52,12 @@ describe AdminPublicBodyController, "when administering public bodies" do get :show, :id => 2 session[:using_admin].should == 1 end +end + +describe AdminPublicBodyController, "when administering public bodies and paying attention to authentication" do + + integrate_views + fixtures :public_bodies, :public_body_translations it "disallows non-authenticated users to do anything" do @request.env["HTTP_AUTHORIZATION"] = "" @@ -82,6 +88,19 @@ describe AdminPublicBodyController, "when administering public bodies" do PublicBody.count.should == 1 session[:using_admin].should == 1 end + it "forces authorisation when password and username set" do + config = MySociety::Config.load_default() + config['ADMIN_USERNAME'] = 'biz' + config['ADMIN_PASSWORD'] = 'fuz' + @request.env["HTTP_AUTHORIZATION"] = "" + PublicBody.count.should == 2 + basic_auth_login(@request, "baduser", "badpassword") + post :destroy, { :id => 3 } + response.code.should == "401" + PublicBody.count.should == 2 + session[:using_admin].should == nil + end + end -- cgit v1.2.3