Skip to content

C
coopwire-hypothesis
Commit 8825a052 authored by Robert Knight's avatar Robert Knight
Browse files
Options

Add missing tests to check that Authorization header is set on API requests

parent a1c2b014
Show whitespace changes
Inline Side-by-side
Showing with 35 additions and 8 deletions
src/sidebar/services/test/api-test.js
View file @ 8825a052
...@@ -17,9 +17,11 @@ const util = require('../../../shared/test/util'); ...@@ -17,9 +17,11 @@ const util = require('../../../shared/test/util');
const routes = require('./api-index.json').links; const routes = require('./api-index.json').links;
describe('sidebar.services.api', function() { describe('sidebar.services.api', function() {
let $httpBackend = null; let $httpBackend;
let sandbox = null; let $q;
let api = null; let fakeAuth;
let sandbox;
let api;
before(function() { before(function() {
angular.module('h', []).service( angular.module('h', []).service(
...@@ -45,7 +47,9 @@ describe('sidebar.services.api', function() { ...@@ -45,7 +47,9 @@ describe('sidebar.services.api', function() {
links: sinon.stub(), links: sinon.stub(),
routes: sinon.stub(), routes: sinon.stub(),
}; };
const fakeAuth = {}; fakeAuth = {
tokenGetter: sinon.stub(),
};
angular.mock.module('h', { angular.mock.module('h', {
apiRoutes: fakeApiRoutes, apiRoutes: fakeApiRoutes,
...@@ -54,10 +58,8 @@ describe('sidebar.services.api', function() { ...@@ -54,10 +58,8 @@ describe('sidebar.services.api', function() {
}); });
angular.mock.inject(function(_$q_) { angular.mock.inject(function(_$q_) {
const $q = _$q_; $q = _$q_;
fakeAuth.tokenGetter = function() { fakeAuth.tokenGetter.returns($q.resolve('faketoken'));
return $q.resolve('faketoken');
};
fakeApiRoutes.routes.returns($q.resolve(routes)); fakeApiRoutes.routes.returns($q.resolve(routes));
}); });
...@@ -337,4 +339,29 @@ describe('sidebar.services.api', function() { ...@@ -337,4 +339,29 @@ describe('sidebar.services.api', function() {
.respond(() => [200, { userid: 'acct:user@example.com' }]); .respond(() => [200, { userid: 'acct:user@example.com' }]);
$httpBackend.flush(); $httpBackend.flush();
}); });
it('omits Authorization header if no access token is available', () => {
fakeAuth.tokenGetter.returns($q.resolve(null));
api.profile.read();
$httpBackend
.expectGET(
'https://example.com/api/profile',
headers => !('Authorization' in headers)
)
.respond(() => [200, { userid: 'acct:user@example.com' }]);
$httpBackend.flush();
});
it('sets Authorization header if access token is available', () => {
api.profile.read();
$httpBackend
.expectGET(
'https://example.com/api/profile',
headers => headers.Authorization === 'Bearer faketoken'
)
.respond(() => [200, { userid: 'acct:user@example.com' }]);
$httpBackend.flush();
});
}); });
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment