From 2233606fd0e18914a011168724f17edb5166d359 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Mon, 24 Jan 2022 14:19:24 +0000 Subject: [PATCH] Bug 29914: (QA follow-up) Expand tests to cover failure case before patches When asking for permissions we get 'failed', without we get 'ok' Adding explicit checks for not 'ok' Add a FIXME: We should cover the case where we return 'failed' after changes, but that is a larger undertaking Signed-off-by: Nick Clemens (cherry picked from commit e956130f8f57d6204637015e57f362563041f984) Signed-off-by: Victor Grousset/tuxayo (cherry picked from commit 723928fbc84b1552814e8111372e5fb1f850364e) Signed-off-by: Andrew Fuerste-Henry --- t/db_dependent/Auth.t | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t index 173cfede60..d07313a34d 100755 --- a/t/db_dependent/Auth.t +++ b/t/db_dependent/Auth.t @@ -443,7 +443,7 @@ subtest '_timeout_syspref' => sub { }; subtest 'check_cookie_auth' => sub { - plan tests => 1; + plan tests => 4; t::lib::Mocks::mock_preference('timeout', "1d"); # back to default @@ -465,8 +465,17 @@ subtest 'check_cookie_auth' => sub { # Setting authnotrequired=1 or we wont' hit the return but the end of the sub that prints headers my ( $userid, $cookie, $sessionID, $flags ) = C4::Auth::checkauth( $cgi, 1 ); - my ($auth_status, $session) = C4::Auth::check_cookie_auth($sessionID, {catalogue => 1}); - is( $auth_status, 'anon', 'check_cookie_auth should not return ok if the user has not been authenticated before' ); + my ($auth_status, $session) = C4::Auth::check_cookie_auth($sessionID); + isnt( $auth_status, 'ok', 'check_cookie_auth should not return ok if the user has not been authenticated before if no permissions needed' ); + is( $auth_status, 'anon', 'check_cookie_auth should return anon if the user has not been authenticated before and no permissions needed' ); + + ( $userid, $cookie, $sessionID, $flags ) = C4::Auth::checkauth( $cgi, 1 ); + + ($auth_status, $session) = C4::Auth::check_cookie_auth($sessionID, {catalogue => 1}); + isnt( $auth_status, 'ok', 'check_cookie_auth should not return ok if the user has not been authenticated before and permissions needed' ); + is( $auth_status, 'anon', 'check_cookie_auth should return anon if the user has not been authenticated before and permissions needed' ); + + #FIXME We should have a test to cover 'failed' status when a user has logged in, but doesn't have permission }; $schema->storage->txn_rollback; -- 2.39.2