IZ, RS, Move AS::Photo controller spec into integration so that rack middleware is run. Make auth failure return 401 rather than 302.
This commit is contained in:
Raphael Sofaer
parent
54ef22b83e
commit
17917528f6
2 changed files with 42 additions and 19 deletions
|
|
@ -3,8 +3,28 @@
|
||||||
# the COPYRIGHT file.
|
# the COPYRIGHT file.
|
||||||
|
|
||||||
class ActivityStreams::PhotosController < ApplicationController
|
class ActivityStreams::PhotosController < ApplicationController
|
||||||
authenticate_with_oauth
|
class AuthenticationFilter
|
||||||
before_filter :set_user_from_oauth
|
def initialize(scope = nil)
|
||||||
|
@scope = scope
|
||||||
|
end
|
||||||
|
|
||||||
|
def filter(controller, &block)
|
||||||
|
if controller.params[:auth_token]
|
||||||
|
if controller.current_user
|
||||||
|
yield
|
||||||
|
else
|
||||||
|
controller.fail!
|
||||||
|
end
|
||||||
|
else
|
||||||
|
controller.request.env['oauth2'].authenticate_request! :scope => @scope do |*args|
|
||||||
|
controller.sign_in controller.request.env['oauth2'].resource_owner
|
||||||
|
block.call(*args)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
around_filter AuthenticationFilter.new
|
||||||
skip_before_filter :verify_authenticity_token, :only => :create
|
skip_before_filter :verify_authenticity_token, :only => :create
|
||||||
|
|
||||||
respond_to :json
|
respond_to :json
|
||||||
|
|
@ -39,10 +59,8 @@ class ActivityStreams::PhotosController < ApplicationController
|
||||||
end
|
end
|
||||||
respond_with @photo
|
respond_with @photo
|
||||||
end
|
end
|
||||||
def current_user
|
|
||||||
@user
|
def fail!
|
||||||
end
|
render :nothing => true, :status => 401
|
||||||
def set_user_from_oauth
|
|
||||||
@user = request.env['oauth2'].resource_owner
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -30,24 +30,29 @@ describe ActivityStreams::PhotosController do
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
JSON
|
JSON
|
||||||
|
@url = activity_streams_photos_path
|
||||||
end
|
end
|
||||||
it 'allows oauth authentication' do
|
it 'allows oauth authentication' do
|
||||||
token = Factory(:oauth_access_token)
|
token = Factory(:oauth_access_token)
|
||||||
get :create, @json.merge!(:oauth_token => token.access_token)
|
post @url, @json.merge!(:oauth_token => token.access_token)
|
||||||
response.should be_success
|
response.should be_success
|
||||||
end
|
end
|
||||||
|
|
||||||
# It is unclear why this test fails. An equivalent cucumber feature passes in features/logs_in_and_out.feature.
|
it 'denies an invalid oauth token' do
|
||||||
=begin
|
post @url, @json.merge!(:oauth_token => "aoijgosidjg")
|
||||||
it 'does not store a session' do
|
response.status.should == 401
|
||||||
bob.reset_authentication_token!
|
response.body.should be_empty
|
||||||
get :create, @json.merge!(:auth_token => bob.authentication_token)
|
end
|
||||||
photo = ActivityStreams::Photo.where(:author_id => bob.person.id).first
|
|
||||||
warden.should be_authenticated
|
it 'allows token authentication' do
|
||||||
get :show, :id => photo.id
|
bob.reset_authentication_token!
|
||||||
warden.should_not be_authenticated
|
post @url, @json.merge!(:auth_token => bob.authentication_token)
|
||||||
response.should redirect_to new_user_session_path
|
response.should be_success
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'correctly denies an invalid token' do
|
||||||
|
post @url, @json.merge!(:auth_token => "iudsfghpsdifugh")
|
||||||
|
response.status.should == 401
|
||||||
end
|
end
|
||||||
=end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
Loading…
Reference in a new issue