35 lines
1.0 KiB
Haskell
35 lines
1.0 KiB
Haskell
module Feature.Auth.NoAnonSpec where
|
|
|
|
import Network.Wai (Application)
|
|
|
|
import Network.HTTP.Types
|
|
import Test.Hspec
|
|
import Test.Hspec.Wai
|
|
import Test.Hspec.Wai.JSON
|
|
|
|
import Protolude hiding (get)
|
|
import SpecHelper
|
|
|
|
spec :: SpecWith ((), Application)
|
|
spec = describe "server started without anonymous role" $ do
|
|
it "behaves normally on attempted auth" $ do
|
|
-- token body: { "role": "postgrest_test_author" }
|
|
let auth = authHeaderJWT "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoicG9zdGdyZXN0X3Rlc3RfYXV0aG9yIn0.Xod-F15qsGL0WhdOCr2j3DdKuTw9QJERVgoFD3vGaWA"
|
|
request methodGet "/authors_only"
|
|
[auth]
|
|
""
|
|
`shouldRespondWith`
|
|
200
|
|
|
|
it "responds with error when user does not attempt auth" $
|
|
get "/items"
|
|
`shouldRespondWith`
|
|
[json|
|
|
{"hint": null,
|
|
"details": null,
|
|
"code": "PGRST302",
|
|
"message":"Anonymous access is disabled"}|]
|
|
{ matchStatus = 401
|
|
, matchHeaders = ["WWW-Authenticate" <:> "Bearer"]
|
|
}
|