From 064a1d01c5c14f5ecc032fa9b8346a4a88b893f6 Mon Sep 17 00:00:00 2001
From: Dawid Rycerz <dawid@rycerz.xyz>
Date: Thu, 22 Jan 2026 22:07:32 +0100
Subject: witryna 0.1.0 — initial release
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Minimalist Git-based static site deployment orchestrator.
Webhook-triggered builds in Podman/Docker containers with atomic
symlink publishing, SIGHUP hot-reload, and zero-downtime deploys.

See README.md for usage, CHANGELOG.md for details.
---
 tests/integration/auth.rs | 58 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 tests/integration/auth.rs

(limited to 'tests/integration/auth.rs')

diff --git a/tests/integration/auth.rs b/tests/integration/auth.rs
new file mode 100644
index 0000000..78984d8
--- /dev/null
+++ b/tests/integration/auth.rs
@@ -0,0 +1,58 @@
+use crate::harness::{SiteBuilder, TestServer, server_with_site, test_config_with_site};
+
+#[tokio::test]
+async fn invalid_auth_returns_401() {
+    let server = server_with_site().await;
+
+    let cases: Vec<(&str, Option<&str>)> = vec![
+        ("no header", None),
+        ("wrong token", Some("Bearer wrong-token")),
+        ("wrong scheme", Some("Basic dXNlcjpwYXNz")),
+        ("empty header", Some("")),
+        ("bearer without token", Some("Bearer ")),
+    ];
+
+    for (label, header_value) in &cases {
+        let mut req = TestServer::client().post(server.url("/my-site"));
+        if let Some(value) = header_value {
+            req = req.header("Authorization", *value);
+        }
+
+        let resp = req.send().await.unwrap();
+        assert_eq!(
+            resp.status().as_u16(),
+            401,
+            "expected 401 for case: {label}"
+        );
+        let body = resp.text().await.unwrap();
+        let json: serde_json::Value = serde_json::from_str(&body).unwrap();
+        assert_eq!(
+            json["error"], "unauthorized",
+            "expected JSON error for case: {label}"
+        );
+    }
+}
+
+#[tokio::test]
+async fn disabled_auth_allows_unauthenticated_requests() {
+    let dir = tempfile::tempdir().unwrap().keep();
+    let site = SiteBuilder::new("open-site", "https://example.com/repo.git", "").build();
+    let server = TestServer::start(test_config_with_site(dir, site)).await;
+
+    // POST without Authorization header → 202
+    let resp = TestServer::client()
+        .post(server.url("/open-site"))
+        .send()
+        .await
+        .unwrap();
+    assert_eq!(resp.status().as_u16(), 202);
+
+    // POST with arbitrary Authorization header → 202 (token ignored)
+    let resp = TestServer::client()
+        .post(server.url("/open-site"))
+        .header("Authorization", "Bearer anything")
+        .send()
+        .await
+        .unwrap();
+    assert_eq!(resp.status().as_u16(), 202);
+}
-- 
cgit v1.2.3