diff options
Diffstat (limited to 'test/silmataivas_web/plugs')
| -rw-r--r-- | test/silmataivas_web/plugs/admin_only_test.exs | 49 | ||||
| -rw-r--r-- | test/silmataivas_web/plugs/auth_test.exs | 60 |
2 files changed, 109 insertions, 0 deletions
diff --git a/test/silmataivas_web/plugs/admin_only_test.exs b/test/silmataivas_web/plugs/admin_only_test.exs new file mode 100644 index 0000000..cf939a2 --- /dev/null +++ b/test/silmataivas_web/plugs/admin_only_test.exs @@ -0,0 +1,49 @@ +defmodule SilmataivasWeb.AdminOnlyTest do + use SilmataivasWeb.ConnCase + + import Silmataivas.UsersFixtures + + alias SilmataivasWeb.Plugs.AdminOnly + + describe "admin_only plug" do + test "allows admin users to access protected routes", %{conn: conn} do + # Create an admin user + admin = user_fixture(%{role: "admin"}) + + # Set up the connection with the admin user + conn = + conn + |> assign(:current_user, admin) + |> AdminOnly.call(%{}) + + # Verify the connection is allowed to continue + refute conn.halted + end + + test "rejects non-admin users from accessing protected routes", %{conn: conn} do + # Create a regular user + regular_user = user_fixture(%{role: "user"}) + + # Set up the connection with the regular user + conn = + conn + |> assign(:current_user, regular_user) + |> AdminOnly.call(%{}) + + # Verify the connection is halted + assert conn.halted + assert conn.status == 403 + assert conn.resp_body == "Forbidden" + end + + test "rejects unauthenticated requests from accessing protected routes", %{conn: conn} do + # Set up the connection with no user + conn = AdminOnly.call(conn, %{}) + + # Verify the connection is halted + assert conn.halted + assert conn.status == 403 + assert conn.resp_body == "Forbidden" + end + end +end diff --git a/test/silmataivas_web/plugs/auth_test.exs b/test/silmataivas_web/plugs/auth_test.exs new file mode 100644 index 0000000..e6cf0e6 --- /dev/null +++ b/test/silmataivas_web/plugs/auth_test.exs @@ -0,0 +1,60 @@ +defmodule SilmataivasWeb.AuthTest do + use SilmataivasWeb.ConnCase + + import Silmataivas.UsersFixtures + + alias SilmataivasWeb.Plugs.Auth + + describe "auth plug" do + test "authenticates user with valid token", %{conn: conn} do + # Create a user + user = user_fixture() + + # Set up the connection with a valid token + conn = + conn + |> put_req_header("authorization", "Bearer #{user.user_id}") + |> Auth.call(%{}) + + # Verify the user is authenticated + assert conn.assigns.current_user.id == user.id + refute conn.halted + end + + test "rejects request with invalid token format", %{conn: conn} do + # Set up the connection with an invalid token format + conn = + conn + |> put_req_header("authorization", "Invalid #{Ecto.UUID.generate()}") + |> Auth.call(%{}) + + # Verify the connection is halted + assert conn.halted + assert conn.status == 401 + assert conn.resp_body == "Unauthorized" + end + + test "rejects request with non-existent user token", %{conn: conn} do + # Set up the connection with a non-existent user token + conn = + conn + |> put_req_header("authorization", "Bearer #{Ecto.UUID.generate()}") + |> Auth.call(%{}) + + # Verify the connection is halted + assert conn.halted + assert conn.status == 401 + assert conn.resp_body == "Unauthorized" + end + + test "rejects request without authorization header", %{conn: conn} do + # Set up the connection without an authorization header + conn = Auth.call(conn, %{}) + + # Verify the connection is halted + assert conn.halted + assert conn.status == 401 + assert conn.resp_body == "Unauthorized" + end + end +end |