use strict;
use warnings;
use lib 't';
use Mojolicious::Lite;
use Test::Mojo;
use Mojolicious::Plugin::DigestAuth::Util 'parse_header';
use Test::More tests => 13;
use TestHelper;
my $url = '/';
get $url => create_action(expires => 1);
my $t = Test::Mojo->new;
$t->get_ok($url)
->status_is(401);
my $headers = build_auth_request($t->tx);
$t->get_ok($url, $headers)
->status_is(200);
# Let nonce expire
sleep(2);
$t->get_ok($url, $headers)
->status_is(401)
->header_like('WWW-Authenticate', qr/stale=true/);
# Authenticate with new nonce
$headers = parse_header($t->tx->res->headers->www_authenticate);
$t->get_ok($url, build_auth_request($t->tx, %$headers))
->status_is(200);
# Try with a bad nonce
my $good_nonce = $headers->{nonce};
$headers->{nonce} = '-> __bad_nonce__';
$t->get_ok($url, build_auth_request($t->tx, %$headers))
->status_is(401);
# Try again with the good one
$headers->{nonce} = $good_nonce;
$t->get_ok($url, build_auth_request($t->tx, %$headers))
->status_is(200);