diff options
Diffstat (limited to 'test/silmataivas_web/plugs')
| -rw-r--r-- | test/silmataivas_web/plugs/admin_only_test.exs | 49 | ||||
| -rw-r--r-- | test/silmataivas_web/plugs/auth_test.exs | 60 |
2 files changed, 0 insertions, 109 deletions
diff --git a/test/silmataivas_web/plugs/admin_only_test.exs b/test/silmataivas_web/plugs/admin_only_test.exs deleted file mode 100644 index cf939a2..0000000 --- a/test/silmataivas_web/plugs/admin_only_test.exs +++ /dev/null @@ -1,49 +0,0 @@ -defmodule SilmataivasWeb.AdminOnlyTest do - use SilmataivasWeb.ConnCase - - import Silmataivas.UsersFixtures - - alias SilmataivasWeb.Plugs.AdminOnly - - describe "admin_only plug" do - test "allows admin users to access protected routes", %{conn: conn} do - # Create an admin user - admin = user_fixture(%{role: "admin"}) - - # Set up the connection with the admin user - conn = - conn - |> assign(:current_user, admin) - |> AdminOnly.call(%{}) - - # Verify the connection is allowed to continue - refute conn.halted - end - - test "rejects non-admin users from accessing protected routes", %{conn: conn} do - # Create a regular user - regular_user = user_fixture(%{role: "user"}) - - # Set up the connection with the regular user - conn = - conn - |> assign(:current_user, regular_user) - |> AdminOnly.call(%{}) - - # Verify the connection is halted - assert conn.halted - assert conn.status == 403 - assert conn.resp_body == "Forbidden" - end - - test "rejects unauthenticated requests from accessing protected routes", %{conn: conn} do - # Set up the connection with no user - conn = AdminOnly.call(conn, %{}) - - # Verify the connection is halted - assert conn.halted - assert conn.status == 403 - assert conn.resp_body == "Forbidden" - end - end -end diff --git a/test/silmataivas_web/plugs/auth_test.exs b/test/silmataivas_web/plugs/auth_test.exs deleted file mode 100644 index e6cf0e6..0000000 --- a/test/silmataivas_web/plugs/auth_test.exs +++ /dev/null @@ -1,60 +0,0 @@ -defmodule SilmataivasWeb.AuthTest do - use SilmataivasWeb.ConnCase - - import Silmataivas.UsersFixtures - - alias SilmataivasWeb.Plugs.Auth - - describe "auth plug" do - test "authenticates user with valid token", %{conn: conn} do - # Create a user - user = user_fixture() - - # Set up the connection with a valid token - conn = - conn - |> put_req_header("authorization", "Bearer #{user.user_id}") - |> Auth.call(%{}) - - # Verify the user is authenticated - assert conn.assigns.current_user.id == user.id - refute conn.halted - end - - test "rejects request with invalid token format", %{conn: conn} do - # Set up the connection with an invalid token format - conn = - conn - |> put_req_header("authorization", "Invalid #{Ecto.UUID.generate()}") - |> Auth.call(%{}) - - # Verify the connection is halted - assert conn.halted - assert conn.status == 401 - assert conn.resp_body == "Unauthorized" - end - - test "rejects request with non-existent user token", %{conn: conn} do - # Set up the connection with a non-existent user token - conn = - conn - |> put_req_header("authorization", "Bearer #{Ecto.UUID.generate()}") - |> Auth.call(%{}) - - # Verify the connection is halted - assert conn.halted - assert conn.status == 401 - assert conn.resp_body == "Unauthorized" - end - - test "rejects request without authorization header", %{conn: conn} do - # Set up the connection without an authorization header - conn = Auth.call(conn, %{}) - - # Verify the connection is halted - assert conn.halted - assert conn.status == 401 - assert conn.resp_body == "Unauthorized" - end - end -end |