Unverified Commit 39d3406b authored by Hannah Stepanek's avatar Hannah Stepanek Committed by GitHub

Merge pull request #932 from hypothesis/add-auth-header-test

Add tests for Authorization header on API requests
parents 726d66f1 8825a052
...@@ -17,9 +17,11 @@ const util = require('../../../shared/test/util'); ...@@ -17,9 +17,11 @@ const util = require('../../../shared/test/util');
const routes = require('./api-index.json').links; const routes = require('./api-index.json').links;
describe('sidebar.services.api', function() { describe('sidebar.services.api', function() {
let $httpBackend = null; let $httpBackend;
let sandbox = null; let $q;
let api = null; let fakeAuth;
let sandbox;
let api;
before(function() { before(function() {
angular.module('h', []).service( angular.module('h', []).service(
...@@ -45,7 +47,9 @@ describe('sidebar.services.api', function() { ...@@ -45,7 +47,9 @@ describe('sidebar.services.api', function() {
links: sinon.stub(), links: sinon.stub(),
routes: sinon.stub(), routes: sinon.stub(),
}; };
const fakeAuth = {}; fakeAuth = {
tokenGetter: sinon.stub(),
};
angular.mock.module('h', { angular.mock.module('h', {
apiRoutes: fakeApiRoutes, apiRoutes: fakeApiRoutes,
...@@ -54,10 +58,8 @@ describe('sidebar.services.api', function() { ...@@ -54,10 +58,8 @@ describe('sidebar.services.api', function() {
}); });
angular.mock.inject(function(_$q_) { angular.mock.inject(function(_$q_) {
const $q = _$q_; $q = _$q_;
fakeAuth.tokenGetter = function() { fakeAuth.tokenGetter.returns($q.resolve('faketoken'));
return $q.resolve('faketoken');
};
fakeApiRoutes.routes.returns($q.resolve(routes)); fakeApiRoutes.routes.returns($q.resolve(routes));
}); });
...@@ -337,4 +339,29 @@ describe('sidebar.services.api', function() { ...@@ -337,4 +339,29 @@ describe('sidebar.services.api', function() {
.respond(() => [200, { userid: 'acct:user@example.com' }]); .respond(() => [200, { userid: 'acct:user@example.com' }]);
$httpBackend.flush(); $httpBackend.flush();
}); });
it('omits Authorization header if no access token is available', () => {
fakeAuth.tokenGetter.returns($q.resolve(null));
api.profile.read();
$httpBackend
.expectGET(
'https://example.com/api/profile',
headers => !('Authorization' in headers)
)
.respond(() => [200, { userid: 'acct:user@example.com' }]);
$httpBackend.flush();
});
it('sets Authorization header if access token is available', () => {
api.profile.read();
$httpBackend
.expectGET(
'https://example.com/api/profile',
headers => headers.Authorization === 'Bearer faketoken'
)
.respond(() => [200, { userid: 'acct:user@example.com' }]);
$httpBackend.flush();
});
}); });
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment