2015-10-11 05:41:23 -04:00
|
|
|
require 'rails_helper'
|
2014-05-22 18:13:25 -04:00
|
|
|
require_dependency 'auth/default_current_user_provider'
|
|
|
|
|
|
|
|
describe Auth::DefaultCurrentUserProvider do
|
|
|
|
|
|
|
|
def provider(url, opts=nil)
|
|
|
|
opts ||= {method: "GET"}
|
|
|
|
env = Rack::MockRequest.env_for(url, opts)
|
|
|
|
Auth::DefaultCurrentUserProvider.new(env)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "raises errors for incorrect api_key" do
|
|
|
|
expect{
|
|
|
|
provider("/?api_key=INCORRECT").current_user
|
|
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "finds a user for a correct per-user api key" do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1)
|
2015-01-09 11:34:37 -05:00
|
|
|
expect(provider("/?api_key=hello").current_user.id).to eq(user.id)
|
2014-05-22 18:13:25 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it "raises for a user pretending" do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
user2 = Fabricate(:user)
|
|
|
|
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1)
|
|
|
|
|
|
|
|
expect{
|
|
|
|
provider("/?api_key=hello&api_username=#{user2.username.downcase}").current_user
|
|
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
|
|
end
|
|
|
|
|
2014-11-19 23:21:49 -05:00
|
|
|
it "raises for a user with a mismatching ip" do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1, allowed_ips: ['10.0.0.0/24'])
|
|
|
|
|
|
|
|
expect{
|
|
|
|
provider("/?api_key=hello&api_username=#{user.username.downcase}", "REMOTE_ADDR" => "10.1.0.1").current_user
|
|
|
|
}.to raise_error(Discourse::InvalidAccess)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
it "allows a user with a matching ip" do
|
|
|
|
user = Fabricate(:user)
|
2014-11-24 01:16:11 -05:00
|
|
|
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1, allowed_ips: ['100.0.0.0/24'])
|
2014-11-19 23:21:49 -05:00
|
|
|
|
|
|
|
found_user = provider("/?api_key=hello&api_username=#{user.username.downcase}",
|
2014-11-24 01:16:11 -05:00
|
|
|
"REMOTE_ADDR" => "100.0.0.22").current_user
|
|
|
|
|
2015-01-09 11:34:37 -05:00
|
|
|
expect(found_user.id).to eq(user.id)
|
2014-11-19 23:21:49 -05:00
|
|
|
|
2014-11-24 01:16:11 -05:00
|
|
|
|
|
|
|
found_user = provider("/?api_key=hello&api_username=#{user.username.downcase}",
|
|
|
|
"HTTP_X_FORWARDED_FOR" => "10.1.1.1, 100.0.0.22").current_user
|
2015-01-09 11:34:37 -05:00
|
|
|
expect(found_user.id).to eq(user.id)
|
2014-11-19 23:21:49 -05:00
|
|
|
|
|
|
|
end
|
|
|
|
|
2014-05-22 18:13:25 -04:00
|
|
|
it "finds a user for a correct system api key" do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
ApiKey.create!(key: "hello", created_by_id: -1)
|
2015-01-09 11:34:37 -05:00
|
|
|
expect(provider("/?api_key=hello&api_username=#{user.username.downcase}").current_user.id).to eq(user.id)
|
2014-05-22 18:13:25 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it "should not update last seen for message bus" do
|
2015-01-09 11:34:37 -05:00
|
|
|
expect(provider("/message-bus/anything/goes", method: "POST").should_update_last_seen?).to eq(false)
|
|
|
|
expect(provider("/message-bus/anything/goes", method: "GET").should_update_last_seen?).to eq(false)
|
2014-05-22 18:13:25 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it "should update last seen for others" do
|
2015-01-09 11:34:37 -05:00
|
|
|
expect(provider("/topic/anything/goes", method: "POST").should_update_last_seen?).to eq(true)
|
|
|
|
expect(provider("/topic/anything/goes", method: "GET").should_update_last_seen?).to eq(true)
|
2014-05-22 18:13:25 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|