t/04-server/02-authentication.t

#!perl

use strict;
use warnings;

use Test::More;
use Plack::Test;

use JSON;
use HTTP::Request;

use Pinto::Server;
use Pinto::Constants qw(:server);

use lib 't/lib';
use Pinto::Tester;
use Pinto::Tester::Util qw(make_htpasswd_file);

#------------------------------------------------------------------------------
# Create a repository and configure server

my $t             = Pinto::Tester->new;
my @credentials   = qw(my_login my_password);
my $htpasswd_file = make_htpasswd_file(@credentials);
my $auth          = { backend => 'Passwd', path => $htpasswd_file->stringify };
my %opts          = ( root => $t->pinto->root, auth => $auth );
my $app           = Pinto::Server->new(%opts)->to_app;

my $auth_required_rx = qr/authorization required/i;

#------------------------------------------------------------------------------

test_psgi
    app    => $app,
    client => sub {
    my $cb = shift;

    my $post_req = HTTP::Request->new( POST => "/action/list" );
    my $post_res = $cb->($post_req);

    ok !$post_res->is_success, 'POST request without authentication failed';
    like $post_res->content, $auth_required_rx, 'Expected content';

    my $get_req = HTTP::Request->new( GET => "/init/modules/02packages.details.txt.gz" );
    my $get_res = $cb->($get_req);

    ok !$get_res->is_success, 'GET request without authentication failed';
    like $get_res->content, $auth_required_rx, 'Expected content';

    };

#------------------------------------------------------------------------------

test_psgi
    app    => $app,
    client => sub {
    my $cb = shift;

    my $post_req = HTTP::Request->new( POST => "/action/list" );
    $post_req->authorization_basic(@credentials);
    my $post_res = $cb->($post_req);

    ok $post_res->is_success, 'POST request with correct password succeeded';
    like $post_res->content, qr{$PINTO_SERVER_STATUS_OK\n$}, 'Got status-ok';

    my $get_req = HTTP::Request->new( GET => "modules/02packages.details.txt.gz" );
    $get_req->authorization_basic(@credentials);
    my $get_res = $cb->($get_req);

    ok $get_res->is_success, 'POST request with correct password succeeded';

    # TODO: maybe test headers, body.
    };

#------------------------------------------------------------------------------

test_psgi
    app    => $app,
    client => sub {
    my $cb = shift;

    my @bad_credentials = qw(my_login my_bogus_password);

    my $post_req = HTTP::Request->new( POST => "/action/list" );
    $post_req->authorization_basic(@bad_credentials);
    my $post_res = $cb->($post_req);

    ok !$post_res->is_success, 'POST request with invalid password failed';
    like $post_res->content, $auth_required_rx, 'Expected content';

    my $get_req = HTTP::Request->new( GET => "/init/modules/02packages.details.txt.gz" );
    $get_req->authorization_basic(@bad_credentials);
    my $get_res = $cb->($get_req);

    ok !$get_res->is_success, 'GET request without authentication failed';
    like $get_res->content, $auth_required_rx, 'Expected content';
    };

#------------------------------------------------------------------------------

done_testing;

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)