diff options
| author | vlad <vlad@drivergrp.com> | 2016-10-21 16:07:05 -0400 |
|---|---|---|
| committer | vlad <vlad@drivergrp.com> | 2016-10-21 16:07:05 -0400 |
| commit | 02810f5eac3b4ce6a5d1128281a01b2a2ed0647c (patch) | |
| tree | a733b421759216a7f12d227d2f912eecdfa842aa /src/test/scala/xyz/driver/core/AuthTest.scala | |
| parent | 7c77f5ff23e4b0f8d5e189492bc4f25f847adc00 (diff) | |
| download | driver-core-02810f5eac3b4ce6a5d1128281a01b2a2ed0647c.tar.gz driver-core-02810f5eac3b4ce6a5d1128281a01b2a2ed0647c.tar.bz2 driver-core-02810f5eac3b4ce6a5d1128281a01b2a2ed0647c.zip | |
Renamed package to xyz, New formatting, authorize directive supporting multiple permissions
Diffstat (limited to 'src/test/scala/xyz/driver/core/AuthTest.scala')
| -rw-r--r-- | src/test/scala/xyz/driver/core/AuthTest.scala | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/src/test/scala/xyz/driver/core/AuthTest.scala b/src/test/scala/xyz/driver/core/AuthTest.scala new file mode 100644 index 0000000..fef3eda --- /dev/null +++ b/src/test/scala/xyz/driver/core/AuthTest.scala @@ -0,0 +1,77 @@ +package xyz.driver.core + +import akka.http.scaladsl.testkit.ScalatestRouteTest +import akka.http.scaladsl.server._ +import Directives._ +import akka.http.scaladsl.model.headers.{HttpChallenges, RawHeader} +import akka.http.scaladsl.server.AuthenticationFailedRejection.CredentialsRejected +import org.scalatest.mock.MockitoSugar +import org.scalatest.{FlatSpec, Matchers} +import xyz.driver.core.auth._ + +import scala.concurrent.Future +import scalaz.OptionT + +class AuthTest extends FlatSpec with Matchers with MockitoSugar with ScalatestRouteTest { + + val authStatusService: AuthService[User] = new AuthService[User] { + override def authStatus(authToken: AuthToken): OptionT[Future, User] = OptionT.optionT[Future] { + Future.successful(Some(new User() { + override def id: Id[User] = Id[User](1L) + override def roles: Set[Role] = Set(PathologistRole) + })) + } + } + + import authStatusService._ + + "'authorize' directive" should "throw error is auth token is not in the request" in { + + Get("/naive/attempt") ~> + authorize(CanSignOutReport) { + case (authToken, user) => + complete("Never going to be here") + } ~> + check { + handled shouldBe false + rejections should contain(MissingHeaderRejection("WWW-Authenticate")) + } + } + + it should "throw error is authorized user is not having the requested permission" in { + + val referenceAuthToken = AuthToken(Base64("I am a pathologist's token")) + + Post("/administration/attempt").addHeader( + RawHeader(AuthService.AuthenticationTokenHeader, referenceAuthToken.value.value) + ) ~> + authorize(CanAssignRoles) { + case (authToken, user) => + complete("Never going to get here") + } ~> + check { + handled shouldBe false + rejections should contain( + AuthenticationFailedRejection( + CredentialsRejected, + HttpChallenges.basic("User does not have the required permissions: CanAssignRoles"))) + } + } + + it should "pass and retrieve the token to client code, if token is in request and user has permission" in { + + val referenceAuthToken = AuthToken(Base64("I am token")) + + Get("/valid/attempt/?a=2&b=5").addHeader( + RawHeader(AuthService.AuthenticationTokenHeader, referenceAuthToken.value.value) + ) ~> + authorize(CanSignOutReport) { + case (authToken, user) => + complete("Alright, \"" + authToken.value.value + "\" is handled") + } ~> + check { + handled shouldBe true + responseAs[String] shouldBe "Alright, \"I am token\" is handled" + } + } +} |