diff options
author | Daniel DeLeo <dan@opscode.com> | 2010-07-21 19:58:11 -0700 |
---|---|---|
committer | Daniel DeLeo <dan@opscode.com> | 2010-07-21 19:58:11 -0700 |
commit | 48df6b6096cef7cb0c366525d82e20befcf8e345 (patch) | |
tree | 7f7527773ecf4c0b4bbd4291e6cfc9d8c898d9e7 /spec | |
parent | 4d07b23047d17e42eb4630cbc758cc2f671ee986 (diff) | |
download | mixlib-authentication-48df6b6096cef7cb0c366525d82e20befcf8e345.tar.gz |
[CHEF-761] initialize with the request to access normalized headers
* Can now create the signature verification object w/ the request and
then access values computed by the HTTPAuthenticationRequest object.
* created a #authenticate_reqest method that can be used when signature
verification is initialized w/ the request
* #authenticate_user_request works as before
Diffstat (limited to 'spec')
-rw-r--r-- | spec/mixlib/authentication/http_authentication_request_spec.rb | 3 | ||||
-rw-r--r-- | spec/mixlib/authentication/mixlib_authentication_spec.rb | 17 |
2 files changed, 19 insertions, 1 deletions
diff --git a/spec/mixlib/authentication/http_authentication_request_spec.rb b/spec/mixlib/authentication/http_authentication_request_spec.rb index bd5fe9c..563f8cc 100644 --- a/spec/mixlib/authentication/http_authentication_request_spec.rb +++ b/spec/mixlib/authentication/http_authentication_request_spec.rb @@ -82,7 +82,8 @@ describe Mixlib::Authentication::HTTPAuthenticationRequest do it "raises an error when not all required headers are given" do @merb_headers.delete("HTTP_X_OPS_SIGN") exception = Mixlib::Authentication::MissingAuthenticationHeader - lambda {Mixlib::Authentication::HTTPAuthenticationRequest.new(@request)}.should raise_error(exception) + auth_req = Mixlib::Authentication::HTTPAuthenticationRequest.new(@request) + lambda {auth_req.validate_headers!}.should raise_error(exception) end it "extracts the path from the request" do diff --git a/spec/mixlib/authentication/mixlib_authentication_spec.rb b/spec/mixlib/authentication/mixlib_authentication_spec.rb index 4a64580..94e8b3d 100644 --- a/spec/mixlib/authentication/mixlib_authentication_spec.rb +++ b/spec/mixlib/authentication/mixlib_authentication_spec.rb @@ -156,6 +156,23 @@ describe "Mixlib::Authentication::SignatureVerification" do res.should_not be_nil end + it "shouldn't authenticate if an Authorization header is missing" do + headers = MERB_HEADERS.clone + headers.delete("HTTP_X_OPS_SIGN") + + mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, headers, BODY) + Time.stub!(:now).and_return(TIMESTAMP_OBJ) + + auth_req = Mixlib::Authentication::SignatureVerification.new + lambda {auth_req.authenticate_user_request(mock_request, @user_private_key)}.should raise_error(Mixlib::Authentication::AuthenticationError) + + auth_req.should_not be_a_valid_request + auth_req.should_not be_a_valid_timestamp + auth_req.should_not be_a_valid_signature + auth_req.should_not be_a_valid_content_hash + end + + it "shouldn't authenticate if Authorization header is wrong" do headers = MERB_HEADERS.clone headers["HTTP_X_OPS_CONTENT_HASH"] += "_" |