IZ, RS, Move AS::Photo controller spec into integration so that rack middleware is run. Make auth failure return 401 rather than 302.

2011-06-27 12:31:47 -07:00 · 2011-06-27 12:31:47 -07:00 · 17917528f6
commit 17917528f6
parent 54ef22b83e
2 changed files with 42 additions and 19 deletions
--- a/app/controllers/activity_streams/photos_controller.rb
+++ b/app/controllers/activity_streams/photos_controller.rb
@ -3,8 +3,28 @@
 #   the COPYRIGHT file.

 class ActivityStreams::PhotosController < ApplicationController
-  authenticate_with_oauth
-  before_filter :set_user_from_oauth
+  class AuthenticationFilter
+    def initialize(scope = nil)
+      @scope = scope
+    end
+
+    def filter(controller, &block)
+      if controller.params[:auth_token]
+        if controller.current_user
+          yield
+        else
+          controller.fail!
+        end
+      else
+        controller.request.env['oauth2'].authenticate_request! :scope => @scope do |*args|
+          controller.sign_in controller.request.env['oauth2'].resource_owner
+          block.call(*args)
+        end
+      end
+    end
+  end
+
+  around_filter AuthenticationFilter.new
  skip_before_filter :verify_authenticity_token, :only => :create

  respond_to :json
@ -39,10 +59,8 @@ class ActivityStreams::PhotosController < ApplicationController
    end
    respond_with @photo
  end
-  def current_user
-    @user
-  end
-  def set_user_from_oauth
-    @user = request.env['oauth2'].resource_owner
+
+  def fail!
+    render :nothing => true, :status => 401
  end
 end
--- a/spec/integration/activity_streams/photos_controller_spec.rb
+++ b/spec/integration/activity_streams/photos_controller_spec.rb
@ -30,24 +30,29 @@ describe ActivityStreams::PhotosController do
          }
        }
 JSON
+      @url = activity_streams_photos_path
    end
    it 'allows oauth authentication' do
      token = Factory(:oauth_access_token)
-      get :create, @json.merge!(:oauth_token => token.access_token)
+      post @url, @json.merge!(:oauth_token => token.access_token)
      response.should be_success
    end

-    # It is unclear why this test fails.  An equivalent cucumber feature passes in features/logs_in_and_out.feature.
-=begin
-    it 'does not store a session' do
+    it 'denies an invalid oauth token' do
+      post @url, @json.merge!(:oauth_token => "aoijgosidjg")
+      response.status.should == 401
+      response.body.should be_empty
+    end
+
+    it 'allows token authentication' do
      bob.reset_authentication_token!
-      get :create, @json.merge!(:auth_token => bob.authentication_token)
-      photo = ActivityStreams::Photo.where(:author_id => bob.person.id).first
-      warden.should be_authenticated
-      get :show, :id => photo.id
-      warden.should_not be_authenticated
-      response.should redirect_to new_user_session_path
+      post @url, @json.merge!(:auth_token => bob.authentication_token)
+      response.should be_success
+    end
+
+    it 'correctly denies an invalid token' do
+      post @url, @json.merge!(:auth_token => "iudsfghpsdifugh")
+      response.status.should == 401
    end
-=end
  end
 end