authlogic/test/session_test/single_access_token_test.rb at 4c016ec6a480638dbc5cd38a8f652bfe1dcb4cee · binarylogic/authlogic · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# frozen_string_literal: true

require "test_helper"

module SessionTest
  module SingleAccessTokenTest
    class ConfigTest < ActiveSupport::TestCase
      def test_params_key
        assert_equal UserSession.cookie_key, UserSession.params_key

        UserSession.params_key = "my_params_key"
        assert_equal "my_params_key", UserSession.params_key

        UserSession.params_key "user_credentials"
        assert_equal "user_credentials", UserSession.params_key
      end

      def test_headers_key
        assert_equal nil, UserSession.headers_key

        UserSession.headers_key = "my_headers_key"
        assert_equal "my_headers_key", UserSession.headers_key

        UserSession.headers_key "user_credentials"
        assert_equal "user_credentials", UserSession.headers_key
      end

      def test_single_access_allowed_request_types
        UserSession.single_access_allowed_request_types = ["my request type"]
        assert_equal ["my request type"], UserSession.single_access_allowed_request_types
        UserSession.single_access_allowed_request_types(
          ["application/rss+xml", "application/atom+xml"]
        )
        assert_equal(
          ["application/rss+xml", "application/atom+xml"],
          UserSession.single_access_allowed_request_types
        )
      end
    end

    class InstanceMethodsTest < ActiveSupport::TestCase
      def test_persist_persist_by_params
        assert_persist_by(:params)
      end

      def test_persist_persist_by_headers
        # Since default headers_key is nil, set for the test.
        UserSession.send("headers_key=", "user_credentials")
        assert_persist_by(:headers)
      end

      def assert_persist_by(headers_or_params)
        ben = users(:ben)
        session = UserSession.new

        refute session.persisting?
        send("set_#{headers_or_params}_for", ben)

        refute session.persisting?
        refute session.unauthorized_record
        refute session.record
        assert_nil controller.session["user_credentials"]

        set_request_content_type("text/plain")
        refute session.persisting?
        refute session.unauthorized_record
        assert_nil controller.session["user_credentials"]

        set_request_content_type("application/atom+xml")
        assert session.persisting?
        assert_equal ben, session.record

        # should not persist since this is single access
        assert_nil controller.session["user_credentials"]

        set_request_content_type("application/rss+xml")
        assert session.persisting?
        assert_equal ben, session.unauthorized_record
        assert_nil controller.session["user_credentials"]
      end
    end
  end
end