aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Manavopoulos <phil.manavopoulos@bytemark.co.uk>2017-09-12 15:53:55 +0100
committerPhil Manavopoulos <phil.manavopoulos@bytemark.co.uk>2017-09-12 15:53:55 +0100
commit8cb68ee8a1928bc9fd6f6d44937b3a8ea84b1f43 (patch)
tree64a988f5f735aee4139cb9dca336a0da93b54fbf
parent4eff930c3f01414bb454d7bcb5501827cb60289b (diff)
Add test to assert that AJAX calls are also authenticated
-rw-r--r--test/tc_mauve_web_interface.rb10
1 files changed, 9 insertions, 1 deletions
diff --git a/test/tc_mauve_web_interface.rb b/test/tc_mauve_web_interface.rb
index 54c9697..d2817d5 100644
--- a/test/tc_mauve_web_interface.rb
+++ b/test/tc_mauve_web_interface.rb
@@ -112,13 +112,21 @@ EOF
assert last_response.body.include?("Mauve: Login")
assert session['__FLASH__'].empty?
- # Check we can access this page before logging in.
+ # Check we can't access this page before logging in.
get '/alerts'
assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set following forbidden access")
follow_redirect! while last_response.redirect?
assert_equal(403, last_response.status, "The HTTP status wasn't 403")
assert last_response.body.include?("Mauve: Login")
assert session['__FLASH__'].empty?
+
+ # Check we can't access AJAX requests before logging in.
+ get '/ajax/alerts_table/raised/subject'
+ refute(session['__FLASH__'].has_key?(:error), "The flash error shouldn't have been set from an AJAX call")
+ follow_redirect! while last_response.redirect?
+ assert_equal(403, last_response.status, "The HTTP status wasn't 403")
+ assert last_response.body.include?('You must be logged in to access this page')
+ assert session['__FLASH__'].empty?
#
# Try to falsify our login.