view release on metacpan or  search on metacpan

t/30-authenticate_Basic.t  view on Meta::CPAN

    };

} # BEGIN

my $app = Dancer2->runner->psgi_app;

{
    is (
        ref $app,
        'CODE',
        'Got app'
    );
};

test_psgi $app, sub {
    my $cb = shift;
    my $req = HTTP::Request->new( GET => '/');
    my $res = $cb->( $req );
    is (
        $res->code,
        200,
        'Status 200: root resource accessible without login'
    );
    is (
        $res->content,
        qq|Access does not need any authorization|,
        'Delivering: root resource accessible without login'
    );
};

test_psgi $app, sub {
    my $cb = shift;
    my $req = HTTP::Request->new( GET => '/auth');
    my $res = $cb->( $req );
    is (
        $res->code,
        401,
        'Status 401: without HTTP-field Autorization'
    );
    is (
        $res->headers->header('WWW-Authenticate'),
        qq|Basic realm="some_realm"|,
        'HTTP-field: WWW-Authentication without HTTP-field Autorization'
    );
    isnt ( # negative testing, we should not get this content
        $res->content,
        qq|Access granted for default realm|,
        'Delivering: without HTTP-field Autorization'
    );
};


test_psgi $app, sub {
    my $cb = shift;
    my $req = HTTP::Request->new( GET => '/auth');
    $req->authorization_basic ( 'foo', 'bar');
    my $res = $cb->( $req );
    is (
        $res->code,
        401,
        'Status 401: without proper credentials'
    );
    is (
        $res->headers->header('WWW-Authenticate'),
        qq|Basic realm="some_realm"|,
        'HTTP-field: WWW-Authentication without proper credentials'
    );
    isnt ( # negative testing, we should not get this content
        $res->content,
        qq|Access granted for default realm|,
        'Delivering: without proper credentials'
    );
};

test_psgi $app, sub {
    my $cb = shift;
    my $req = HTTP::Request->new( GET => '/auth');
    $req->authorization_basic ( 'dave', 'beer');
    my $res = $cb->( $req );
    is (
        $res->code,
        200,
        'Status 200: with the right credentials'
    );
    isnt ( # negative testing, we should not be required to authenticate
        $res->headers->header('WWW-Authenticate'),
        qq|Basic realm="some_realm"|,
        'HTTP-field: WWW-Authentication with the right credentials'
    );
    is (
        $res->content,
        qq|Access granted for default realm|,
        'Delivering: with the right credentials'
    );
};

#
# Roles
#

test_psgi $app, sub {
    my $cb = shift;
    my $req = HTTP::Request->new( GET => '/beer');
    $req->authorization_basic ( 'dave', 'beer');
    my $res = $cb->( $req );
    is (
        $res->code,
        200,
        'Status 200: BeerDrinker'
    );
    is (
        $res->content,
        qq|Enjoy your Beer!|,
        'Delivering: BeerDrinker'
    );
};

test_psgi $app, sub {
    my $cb = shift;
    my $req = HTTP::Request->new( GET => '/vodka');
    $req->authorization_basic ( 'dave', 'beer');
    my $res = $cb->( $req );
    is (
        $res->code,
        200,
        'Status 200: VodkaDrinker'
    );
    is (
        $res->content,
        qq|Enjoy your Vodka!|,
        'Delivering: VodkaDrinker'
    );
};

test_psgi $app, sub {
    my $cb = shift;
    my $req = HTTP::Request->new( GET => '/martini');
    $req->authorization_basic ( 'dave', 'beer');
    my $res = $cb->( $req );
    is (
        $res->code,
        403,
        'Status 403: not a MartiniDrinker'
    );
    is (
        $res->content,
        qq|Permission denied for resource: '/martini'|,
        'Delivering: not a MartiniDrinker'
    );
    isnt (
        $res->code,
        200,
        'Status 200: not a MartiniDrinker'