link-share/spec/features/authorization_spec.rb
2016-01-11 14:22:15 -05:00

56 lines
1.3 KiB
Ruby

require 'spec_helper'
describe 'Authorization' do
context 'when not logged in' do
it 'should not allow access to manage' do
visit '/manage'
expect(page.status_code).to be(401)
end
it 'should not allow access to the create form' do
visit '/new'
expect(page.status_code).to be(401)
end
it 'should not allow access to send' do
visit '/send'
expect(page.status_code).to be(401)
end
it 'should not allow access to delete' do
visit '/destroy'
expect(page.status_code).to be(401)
end
end
it 'should allow accessing the home page' do
visit '/'
expect(page.status_code).to be(200)
end
it 'should allow accessing the events page' do
visit '/events'
expect(page.status_code).to be(200)
end
context 'when logging in' do
context 'with incorrect credentials' do
before(:each) { basic_auth 'baduser', 'badpassword' }
it 'should allow not allow access' do
visit '/manage'
expect(page.status_code).to be(401)
end
end
context 'with correct credentials' do
before(:each) { basic_auth 'admin', 'password' }
it 'should allow access' do
visit '/manage'
expect(page.status_code).to be(200)
end
end
end
end