diff options
Diffstat (limited to 'tests/integration/auth.rs')
| -rw-r--r-- | tests/integration/auth.rs | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/tests/integration/auth.rs b/tests/integration/auth.rs new file mode 100644 index 0000000..78984d8 --- /dev/null +++ b/tests/integration/auth.rs @@ -0,0 +1,58 @@ +use crate::harness::{SiteBuilder, TestServer, server_with_site, test_config_with_site}; + +#[tokio::test] +async fn invalid_auth_returns_401() { + let server = server_with_site().await; + + let cases: Vec<(&str, Option<&str>)> = vec![ + ("no header", None), + ("wrong token", Some("Bearer wrong-token")), + ("wrong scheme", Some("Basic dXNlcjpwYXNz")), + ("empty header", Some("")), + ("bearer without token", Some("Bearer ")), + ]; + + for (label, header_value) in &cases { + let mut req = TestServer::client().post(server.url("/my-site")); + if let Some(value) = header_value { + req = req.header("Authorization", *value); + } + + let resp = req.send().await.unwrap(); + assert_eq!( + resp.status().as_u16(), + 401, + "expected 401 for case: {label}" + ); + let body = resp.text().await.unwrap(); + let json: serde_json::Value = serde_json::from_str(&body).unwrap(); + assert_eq!( + json["error"], "unauthorized", + "expected JSON error for case: {label}" + ); + } +} + +#[tokio::test] +async fn disabled_auth_allows_unauthenticated_requests() { + let dir = tempfile::tempdir().unwrap().keep(); + let site = SiteBuilder::new("open-site", "https://example.com/repo.git", "").build(); + let server = TestServer::start(test_config_with_site(dir, site)).await; + + // POST without Authorization header → 202 + let resp = TestServer::client() + .post(server.url("/open-site")) + .send() + .await + .unwrap(); + assert_eq!(resp.status().as_u16(), 202); + + // POST with arbitrary Authorization header → 202 (token ignored) + let resp = TestServer::client() + .post(server.url("/open-site")) + .header("Authorization", "Bearer anything") + .send() + .await + .unwrap(); + assert_eq!(resp.status().as_u16(), 202); +} |