mirror of
https://github.com/livebook-dev/livebook.git
synced 2025-09-06 13:04:53 +08:00
161 lines
4.9 KiB
Elixir
161 lines
4.9 KiB
Elixir
defmodule LivebookWeb.AuthPlugTest do
|
|
# Not async, because we alter global config (auth mode)
|
|
use LivebookWeb.ConnCase, async: false
|
|
|
|
setup context do
|
|
authentication =
|
|
cond do
|
|
context[:token] -> :token
|
|
password = context[:password] -> {:password, password}
|
|
true -> :disabled
|
|
end
|
|
|
|
unless authentication == :disabled do
|
|
Application.put_env(:livebook, :authentication, authentication)
|
|
|
|
on_exit(fn ->
|
|
Application.put_env(:livebook, :authentication, :disabled)
|
|
end)
|
|
end
|
|
|
|
:ok
|
|
end
|
|
|
|
describe "token authentication" do
|
|
test "skips authentication when no token is configured", %{conn: conn} do
|
|
conn = get(conn, ~p"/")
|
|
|
|
assert conn.status == 200
|
|
assert conn.resp_body =~ "New notebook"
|
|
end
|
|
|
|
@tag :token
|
|
test "redirects to /authenticate if not authenticated", %{conn: conn} do
|
|
conn = get(conn, ~p"/")
|
|
assert redirected_to(conn) == ~p"/authenticate"
|
|
end
|
|
|
|
@tag :token
|
|
test "redirects to the same path when valid token is provided in query params", %{conn: conn} do
|
|
conn = get(conn, ~p"/?token=#{auth_token()}")
|
|
|
|
assert redirected_to(conn) == ~p"/"
|
|
end
|
|
|
|
@tag :token
|
|
test "redirects to /authenticate when invalid token is provided in query params",
|
|
%{conn: conn} do
|
|
conn = get(conn, ~p"/?token=invalid")
|
|
assert redirected_to(conn) == ~p"/authenticate"
|
|
end
|
|
|
|
@tag :token
|
|
test "persists authentication across requests", %{conn: conn} do
|
|
conn = get(conn, ~p"/?token=#{auth_token()}")
|
|
assert get_session(conn, "80:token")
|
|
|
|
conn = get(conn, ~p"/")
|
|
assert conn.status == 200
|
|
assert conn.resp_body =~ "New notebook"
|
|
end
|
|
|
|
@tag :token
|
|
test "redirects to referer on valid authentication", %{conn: conn} do
|
|
referer = "/import?url=example.com"
|
|
|
|
conn = get(conn, referer)
|
|
assert redirected_to(conn) == ~p"/authenticate"
|
|
|
|
conn = post(conn, ~p"/authenticate", token: auth_token())
|
|
assert redirected_to(conn) == referer
|
|
end
|
|
|
|
@tag :token
|
|
test "redirects back to /authenticate on invalid token", %{conn: conn} do
|
|
conn = post(conn, ~p"/authenticate?token=invalid_token")
|
|
assert html_response(conn, 200) =~ "Authentication required"
|
|
|
|
conn = get(conn, ~p"/")
|
|
assert redirected_to(conn) == ~p"/authenticate"
|
|
end
|
|
|
|
@tag :token
|
|
test "persists authentication across requests (via /authenticate)", %{conn: conn} do
|
|
conn = post(conn, ~p"/authenticate?token=#{auth_token()}")
|
|
assert get_session(conn, "80:token")
|
|
|
|
conn = get(conn, ~p"/")
|
|
assert conn.status == 200
|
|
assert conn.resp_body =~ "New notebook"
|
|
|
|
conn = get(conn, ~p"/authenticate")
|
|
assert redirected_to(conn) == ~p"/"
|
|
end
|
|
end
|
|
|
|
describe "password authentication" do
|
|
test "redirects to '/' if no authentication is required", %{conn: conn} do
|
|
conn = get(conn, ~p"/authenticate")
|
|
assert redirected_to(conn) == ~p"/"
|
|
end
|
|
|
|
@tag password: "grumpycat"
|
|
test "does not crash when given a token", %{conn: conn} do
|
|
conn = post(conn, ~p"/authenticate?token=grumpycat")
|
|
assert html_response(conn, 200) =~ "token is invalid"
|
|
end
|
|
|
|
@tag password: "grumpycat"
|
|
test "redirects to /authenticate if not authenticated", %{conn: conn} do
|
|
conn = get(conn, ~p"/")
|
|
assert redirected_to(conn) == ~p"/authenticate"
|
|
end
|
|
|
|
@tag password: "grumpycat"
|
|
test "redirects to '/' on valid authentication", %{conn: conn} do
|
|
conn = post(conn, ~p"/authenticate?password=grumpycat")
|
|
assert redirected_to(conn) == ~p"/"
|
|
|
|
conn = get(conn, ~p"/")
|
|
assert html_response(conn, 200) =~ "New notebook"
|
|
end
|
|
|
|
@tag password: "grumpycat"
|
|
test "redirects to referer on valid authentication", %{conn: conn} do
|
|
referer = "/import?url=example.com"
|
|
|
|
conn = get(conn, referer)
|
|
assert redirected_to(conn) == ~p"/authenticate"
|
|
|
|
conn = post(conn, ~p"/authenticate", password: "grumpycat")
|
|
assert redirected_to(conn) == referer
|
|
end
|
|
|
|
@tag password: "grumpycat"
|
|
test "redirects back to /authenticate on invalid password", %{conn: conn} do
|
|
conn = post(conn, ~p"/authenticate?password=invalid_password")
|
|
assert html_response(conn, 200) =~ "Authentication required"
|
|
|
|
conn = get(conn, ~p"/")
|
|
assert redirected_to(conn) == ~p"/authenticate"
|
|
end
|
|
|
|
@tag password: "grumpycat"
|
|
test "persists authentication across requests", %{conn: conn} do
|
|
conn = post(conn, ~p"/authenticate?password=grumpycat")
|
|
assert get_session(conn, "80:password")
|
|
|
|
conn = get(conn, ~p"/")
|
|
assert conn.status == 200
|
|
assert conn.resp_body =~ "New notebook"
|
|
|
|
conn = get(conn, ~p"/authenticate")
|
|
assert redirected_to(conn) == ~p"/"
|
|
end
|
|
end
|
|
|
|
defp auth_token() do
|
|
%{mode: :token, secret: token} = Livebook.Config.authentication()
|
|
token
|
|
end
|
|
end
|