Skip to content

Commit 79af2cb

Browse files
jsteenb2jsteenb2
committed
chore(allsrv): add tests for unauthorized access
Filling in some tests gaps. With these in place, we can now address concern 2), the duplication of auth everywhere. Take a crack at DRYing up the basic auth integration.
1 parent ec22efa commit 79af2cb

File tree

1 file changed

+63
-0
lines changed

1 file changed

+63
-0
lines changed

allsrv/server_test.go

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,21 @@ func TestServer(t *testing.T) {
4141
assert.Equal(t, want, got)
4242
})
4343
})
44+
45+
t.Run("when provided invalid basic auth should fail", func(t *testing.T) {
46+
svr := allsrv.NewServer(new(allsrv.InmemDB), "dodgers@stink.com", "PaSsWoRd")
47+
48+
req := httptest.NewRequest("POST", "/foo", newJSONBody(t, allsrv.Foo{
49+
Name: "first-foo",
50+
Note: "some note",
51+
}))
52+
req.SetBasicAuth("dodgers@rule.com", "wrongO")
53+
rec := httptest.NewRecorder()
54+
55+
svr.ServeHTTP(rec, req)
56+
57+
assert.Equal(t, http.StatusUnauthorized, rec.Code)
58+
})
4459
})
4560

4661
t.Run("foo read", func(t *testing.T) {
@@ -71,6 +86,18 @@ func TestServer(t *testing.T) {
7186
assert.Equal(t, want, got)
7287
})
7388
})
89+
90+
t.Run("when provided invalid basic auth should fail", func(t *testing.T) {
91+
svr := allsrv.NewServer(new(allsrv.InmemDB), "dodgers@stink.com", "PaSsWoRd")
92+
93+
req := httptest.NewRequest("GET", "/foo?id=reader1", nil)
94+
req.SetBasicAuth("dodgers@rule.com", "wrongO")
95+
rec := httptest.NewRecorder()
96+
97+
svr.ServeHTTP(rec, req)
98+
99+
assert.Equal(t, http.StatusUnauthorized, rec.Code)
100+
})
74101
})
75102

76103
t.Run("foo update", func(t *testing.T) {
@@ -98,6 +125,30 @@ func TestServer(t *testing.T) {
98125
// note: lame we don't get the updated foo back
99126
assert.Equal(t, http.StatusOK, rec.Code)
100127
})
128+
129+
t.Run("when provided invalid basic auth should fail", func(t *testing.T) {
130+
db := new(allsrv.InmemDB)
131+
err := db.CreateFoo(allsrv.Foo{
132+
ID: "id1",
133+
Name: "first_name",
134+
Note: "first note",
135+
})
136+
require.NoError(t, err)
137+
138+
svr := allsrv.NewServer(db, "dodgers@stink.com", "PaSsWoRd")
139+
140+
req := httptest.NewRequest("PUT", "/foo", newJSONBody(t, allsrv.Foo{
141+
ID: "id1",
142+
Name: "second_name",
143+
Note: "second note",
144+
}))
145+
req.SetBasicAuth("dodgers@rule.com", "wrongO")
146+
rec := httptest.NewRecorder()
147+
148+
svr.ServeHTTP(rec, req)
149+
150+
assert.Equal(t, http.StatusUnauthorized, rec.Code)
151+
})
101152
})
102153

103154
t.Run("foo delete", func(t *testing.T) {
@@ -120,6 +171,18 @@ func TestServer(t *testing.T) {
120171

121172
assert.Equal(t, http.StatusOK, rec.Code)
122173
})
174+
175+
t.Run("when provided invalid basic auth should fail", func(t *testing.T) {
176+
svr := allsrv.NewServer(new(allsrv.InmemDB), "dodgers@stink.com", "PaSsWoRd")
177+
178+
req := httptest.NewRequest("DELETE", "/foo?id=id1", nil)
179+
req.SetBasicAuth("dodgers@rule.com", "wrongO")
180+
rec := httptest.NewRecorder()
181+
182+
svr.ServeHTTP(rec, req)
183+
184+
assert.Equal(t, http.StatusUnauthorized, rec.Code)
185+
})
123186
})
124187
}
125188

0 commit comments

Comments
 (0)