diff options
Diffstat (limited to 'src/test/scala/xyz/driver/core/AuthTest.scala')
-rw-r--r-- | src/test/scala/xyz/driver/core/AuthTest.scala | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/src/test/scala/xyz/driver/core/AuthTest.scala b/src/test/scala/xyz/driver/core/AuthTest.scala new file mode 100644 index 0000000..f4d4d2a --- /dev/null +++ b/src/test/scala/xyz/driver/core/AuthTest.scala @@ -0,0 +1,79 @@ +package xyz.driver.core + +import akka.http.scaladsl.testkit.ScalatestRouteTest +import akka.http.scaladsl.server._ +import Directives._ +import akka.http.scaladsl.model.headers.{HttpChallenges, RawHeader} +import akka.http.scaladsl.server.AuthenticationFailedRejection.CredentialsRejected +import org.scalatest.mock.MockitoSugar +import org.scalatest.{FlatSpec, Matchers} +import xyz.driver.core.auth._ +import xyz.driver.core.rest.ServiceRequestContext + +import scala.concurrent.Future +import scalaz.OptionT + +class AuthTest extends FlatSpec with Matchers with MockitoSugar with ScalatestRouteTest { + + val authStatusService: AuthService[User] = new AuthService[User] { + override def authStatus(context: ServiceRequestContext): OptionT[Future, User] = OptionT.optionT[Future] { + if (context.contextHeaders.keySet.contains(AuthService.AuthenticationTokenHeader)) { + Future.successful(Some(new User { + override def id: Id[User] = Id[User]("1") + override def roles: Set[Role] = Set(PathologistRole) + }: User)) + } else { + Future.successful(Option.empty[User]) + } + } + } + + import authStatusService._ + + "'authorize' directive" should "throw error is auth token is not in the request" in { + + Get("/naive/attempt") ~> + authorize(CanSignOutReport) { user => + complete("Never going to be here") + } ~> + check { + // handled shouldBe false + rejections should contain(ValidationRejection("Wasn't able to find authenticated user for the token provided")) + } + } + + it should "throw error is authorized user is not having the requested permission" in { + + val referenceAuthToken = AuthToken("I am a pathologist's token") + + Post("/administration/attempt").addHeader( + RawHeader(AuthService.AuthenticationTokenHeader, referenceAuthToken.value) + ) ~> + authorize(CanAssignRoles) { user => + complete("Never going to get here") + } ~> + check { + handled shouldBe false + rejections should contain( + AuthenticationFailedRejection( + CredentialsRejected, + HttpChallenges.basic("User does not have the required permissions: CanAssignRoles"))) + } + } + + it should "pass and retrieve the token to client code, if token is in request and user has permission" in { + + val referenceAuthToken = AuthToken("I am token") + + Get("/valid/attempt/?a=2&b=5").addHeader( + RawHeader(AuthService.AuthenticationTokenHeader, referenceAuthToken.value) + ) ~> + authorize(CanSignOutReport) { user => + complete("Alright, user \"" + user.id + "\" is authorized") + } ~> + check { + handled shouldBe true + responseAs[String] shouldBe "Alright, user \"1\" is authorized" + } + } +} |