32 lines
940 B
Haskell
32 lines
940 B
Haskell
module Feature.Auth.NoJwtSpec where
|
|
|
|
import Network.Wai (Application)
|
|
|
|
import Network.HTTP.Types
|
|
import Test.Hspec
|
|
import Test.Hspec.Wai
|
|
import Test.Hspec.Wai.JSON
|
|
|
|
import Protolude hiding (get)
|
|
import SpecHelper
|
|
|
|
spec :: SpecWith ((), Application)
|
|
spec = describe "server started without JWT secret" $ do
|
|
|
|
it "responds with error on attempted auth" $ do
|
|
-- token body: { "role": "postgrest_test_author" }
|
|
let auth = authHeaderJWT "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoicG9zdGdyZXN0X3Rlc3RfYXV0aG9yIn0.Xod-F15qsGL0WhdOCr2j3DdKuTw9QJERVgoFD3vGaWA"
|
|
request methodGet "/authors_only"
|
|
[auth]
|
|
""
|
|
`shouldRespondWith`
|
|
[json|
|
|
{"hint": null,
|
|
"details": null,
|
|
"code": "PGRST300",
|
|
"message": "Server lacks JWT secret"}|]
|
|
{ matchStatus = 500 }
|
|
|
|
it "behaves normally when user does not attempt auth" $
|
|
get "/items" `shouldRespondWith` 200
|