1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
use crate::harness::{SiteBuilder, TestServer, server_with_site, test_config_with_site};
#[tokio::test]
async fn invalid_auth_returns_401() {
let server = server_with_site().await;
let cases: Vec<(&str, Option<&str>)> = vec![
("no header", None),
("wrong token", Some("Bearer wrong-token")),
("wrong scheme", Some("Basic dXNlcjpwYXNz")),
("empty header", Some("")),
("bearer without token", Some("Bearer ")),
];
for (label, header_value) in &cases {
let mut req = TestServer::client().post(server.url("/my-site"));
if let Some(value) = header_value {
req = req.header("Authorization", *value);
}
let resp = req.send().await.unwrap();
assert_eq!(
resp.status().as_u16(),
401,
"expected 401 for case: {label}"
);
let body = resp.text().await.unwrap();
let json: serde_json::Value = serde_json::from_str(&body).unwrap();
assert_eq!(
json["error"], "unauthorized",
"expected JSON error for case: {label}"
);
}
}
#[tokio::test]
async fn disabled_auth_allows_unauthenticated_requests() {
let dir = tempfile::tempdir().unwrap().keep();
let site = SiteBuilder::new("open-site", "https://example.com/repo.git", "").build();
let server = TestServer::start(test_config_with_site(dir, site)).await;
// POST without Authorization header → 202
let resp = TestServer::client()
.post(server.url("/open-site"))
.send()
.await
.unwrap();
assert_eq!(resp.status().as_u16(), 202);
// POST with arbitrary Authorization header → 202 (token ignored)
let resp = TestServer::client()
.post(server.url("/open-site"))
.header("Authorization", "Bearer anything")
.send()
.await
.unwrap();
assert_eq!(resp.status().as_u16(), 202);
}
|
