5apps/liquor-cabinet
5apps/liquor-cabinet
4
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Activity

Send "Unauthorized" message body with 401 responses (refs #42)

Browse Source
This commit is contained in:
Garret Alfert 2016-06-02 13:07:19 +02:00
parent 7aaf3f80f7
commit 9a9a9c79e5
2 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/remote_storage/swift.rb
View File

@ -24,12 +24,14 @@ module RemoteStorage
return true if ["GET", "HEAD"].include?(request_method) && !listing return true if ["GET", "HEAD"].include?(request_method) && !listing
end end
server.halt 401, "Unauthorized" if token.empty?
authorizations = redis.smembers("authorizations:#{user}:#{token}") authorizations = redis.smembers("authorizations:#{user}:#{token}")
permission = directory_permission(authorizations, directory) permission = directory_permission(authorizations, directory)
server.halt 401 unless permission server.halt 401, "Unauthorized" unless permission
if ["PUT", "DELETE"].include? request_method if ["PUT", "DELETE"].include? request_method
server.halt 401 unless permission == "rw" server.halt 401, "Unauthorized" unless permission == "rw"
end end
end end

46
spec/swift/app_spec.rb
View File

@ -173,6 +173,29 @@ describe "App" do
purge_redis purge_redis
end end
context "not authorized" do
describe "with no token" do
it "says it's not authorized" do
delete "/phil/food/aguacate"
last_response.status.must_equal 401
last_response.body.must_equal "Unauthorized"
end
end
describe "with wrong token" do
it "says it's not authorized" do
header "Authorization", "Bearer wrongtoken"
delete "/phil/food/aguacate"
last_response.status.must_equal 401
last_response.body.must_equal "Unauthorized"
end
end
end
context "authorized" do context "authorized" do
before do before do
redis.sadd "authorizations:phil:amarillo", [":rw"] redis.sadd "authorizations:phil:amarillo", [":rw"]
@ -248,6 +271,29 @@ describe "App" do
purge_redis purge_redis
end end
context "not authorized" do
describe "without token" do
it "says it's not authorized" do
get "/phil/food/"
last_response.status.must_equal 401
last_response.body.must_equal "Unauthorized"
end
end
describe "with wrong token" do
it "says it's not authorized" do
header "Authorization", "Bearer wrongtoken"
get "/phil/food/"
last_response.status.must_equal 401
last_response.body.must_equal "Unauthorized"
end
end
end
context "authorized" do context "authorized" do
before do before do