diff options
author | Phil Manavopoulos <phil.manavopoulos@bytemark.co.uk> | 2017-09-12 15:53:55 +0100 |
---|---|---|
committer | Phil Manavopoulos <phil.manavopoulos@bytemark.co.uk> | 2017-09-12 15:53:55 +0100 |
commit | 8cb68ee8a1928bc9fd6f6d44937b3a8ea84b1f43 (patch) | |
tree | 64a988f5f735aee4139cb9dca336a0da93b54fbf | |
parent | 4eff930c3f01414bb454d7bcb5501827cb60289b (diff) |
Add test to assert that AJAX calls are also authenticated
-rw-r--r-- | test/tc_mauve_web_interface.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/test/tc_mauve_web_interface.rb b/test/tc_mauve_web_interface.rb index 54c9697..d2817d5 100644 --- a/test/tc_mauve_web_interface.rb +++ b/test/tc_mauve_web_interface.rb @@ -112,13 +112,21 @@ EOF assert last_response.body.include?("Mauve: Login") assert session['__FLASH__'].empty? - # Check we can access this page before logging in. + # Check we can't access this page before logging in. get '/alerts' assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set following forbidden access") follow_redirect! while last_response.redirect? assert_equal(403, last_response.status, "The HTTP status wasn't 403") assert last_response.body.include?("Mauve: Login") assert session['__FLASH__'].empty? + + # Check we can't access AJAX requests before logging in. + get '/ajax/alerts_table/raised/subject' + refute(session['__FLASH__'].has_key?(:error), "The flash error shouldn't have been set from an AJAX call") + follow_redirect! while last_response.redirect? + assert_equal(403, last_response.status, "The HTTP status wasn't 403") + assert last_response.body.include?('You must be logged in to access this page') + assert session['__FLASH__'].empty? # # Try to falsify our login. |