[refs #796] small refactoring & add some specs

2012-12-26 21:13:08 +06:00 · 2012-12-26 21:13:08 +06:00 · 017bab062a
parent 478a8820ac
commit 017bab062a
2 changed files with 25 additions and 7 deletions
--- a/lib/api_defender.rb
+++ b/lib/api_defender.rb
@ -57,9 +57,7 @@ class ApiDefender < Rack::Throttle::Hourly
  def authorized?(request)
    return @authorized if @authorized
    auth = Rack::Auth::Basic::Request.new(request.env)
-    if auth.provided? and auth.basic?
-      @user = User.auth_by_token_or_login_pass(*auth.credentials)
-    end
+    @user = User.auth_by_token_or_login_pass(*auth.credentials) if auth.provided? and auth.basic?
    @authorized = true # cache
  end

--- a/spec/integration/api_defender_spec.rb
+++ b/spec/integration/api_defender_spec.rb
@ -1,17 +1,19 @@
 require 'spec_helper'

 describe ApiDefender do
-  def get_basic_auth user = @user, by_token = false
+  def get_basic_auth user = @user, by_token = false, by_email = false
    u,pass = if by_token
               [user.authentication_token, '']
+             elsif by_email
+               [user.email, @password]
             else
-               [user.uname, '123456']
+               [user.uname, @password]
             end
    ActionController::HttpAuthentication::Basic.encode_credentials u, pass
  end

-  def get_request auth_user = nil, by_token = false
-    auth = auth_user ? {'HTTP_AUTHORIZATION' => get_basic_auth(auth_user, by_token)} : {}
+  def get_request auth_user = nil, by_token = false, by_email = false
+    auth = auth_user ? {'HTTP_AUTHORIZATION' => get_basic_auth(auth_user, by_token, by_email)} : {}
    get "/api/v1/users/#{@user.id}.json", {}, auth
  end

@ -61,6 +63,24 @@ describe ApiDefender do
      response.headers['X-RateLimit-Remaining'].should == (@rate_limit-1).to_s
    end

+    it "should allow auth by uname and password" do
+      (@rate_limit+1).times {get_request}
+      get_request @user
+      response.headers['X-RateLimit-Remaining'].should == (@rate_limit-1).to_s
+    end
+
+    it "should allow auth by email and password" do
+      (@rate_limit+1).times {get_request}
+      get_request @user, false, true
+      response.headers['X-RateLimit-Remaining'].should == (@rate_limit-1).to_s
+    end
+
+    it "should allow auth by token" do
+      (@rate_limit+1).times {get_request}
+      get_request @user, true
+      response.headers['X-RateLimit-Remaining'].should == (@rate_limit-1).to_s
+    end
+
    it "should return the correct limit usage for auth user after anonymous access" do
      get_request
      get_request @user