module Authpwn::ControllerTestExtensions
Included in controller test cases.
Public Instance Methods
The authenticated user in the test session.
# File lib/authpwn_rails/test_extensions.rb, line 57 def session_current_user return nil unless suid = request.session[:authpwn_suid] Tokens::Base.with_code(suid).first!.user end
Sets the HTTP Authentication header for Basic authentication.
If no password is provided, the user's password is set to “password”. This change is normally reverted at the end of the test, as long as transactional fixtures are not disabled.
Tests that need to disable transactional fixures should specify the user's password.
# File lib/authpwn_rails/test_extensions.rb, line 70 def set_http_basic_user(user, password = nil) if user.nil? request.env.delete 'HTTP_AUTHORIZATION' return self end if password.nil? password = 'password' credential = Credentials::Password.where(user_id: user.id).first if credential credential.update_attributes! password: password else credential = Credentials::Password.new password: password credential.user_id = user.id credential.save! end end credential = Credentials::Email.where(user_id: user.id).first unless credential raise RuntimeError, "Can't specify an user without an e-mail" end email = credential.email request.env['HTTP_AUTHORIZATION'] = "Basic #{::Base64.strict_encode64("#{email}:#{password}")}" self end
Sets the HTTP Authentication header for Token authentication.
If the user doesn't have an API token, one is generated automatically. This change is normally reverted at the end of the test, as long as transactional fixtures are not disabled.
If a token code is provided, the user's API token's code is forced to the given value.
Tests that need to disable transactional fixures should delete the user's API token after completion.
# File lib/authpwn_rails/test_extensions.rb, line 110 def set_http_token_user(user, token_code = nil) if user.nil? request.env.delete 'HTTP_AUTHORIZATION' return self end credential = Tokens::Api.where(user_id: user.id).first credential ||= Tokens::Api.random_for(user) unless token_code.nil? credential.code = token_code credential.save! end request.env['HTTP_AUTHORIZATION'] = "Token #{credential.code}" self end
Sets the authenticated user in the test session.
# File lib/authpwn_rails/test_extensions.rb, line 42 def set_session_current_user(user) if user # Avoid database inserts, if at all possible. if token = Tokens::SessionUid.where(user_id: user.id).first token.spend # Only bump updated_at if necessary. else token = Tokens::SessionUid.random_for user, '127.0.0.1', 'UnitTests' end request.session[:authpwn_suid] = token.suid else request.session.delete :authpwn_suid end end