X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/55aafbb07904ca24390dd47ea960eae7cb2b909a..f9ae5b90a5e04477133ca7a7d34bd3eebf862474:/services/api/test/functional/user_sessions_controller_test.rb?ds=sidebyside

diff --git a/services/api/test/functional/user_sessions_controller_test.rb b/services/api/test/functional/user_sessions_controller_test.rb
index f7021cf9de..cee8245b25 100644
--- a/services/api/test/functional/user_sessions_controller_test.rb
+++ b/services/api/test/functional/user_sessions_controller_test.rb
@@ -9,7 +9,7 @@ class UserSessionsControllerTest < ActionController::TestCase
   test "new user from new api client" do
     authorize_with :inactive
     api_client_page = 'http://client.example.com/home'
-    get :login, return_to: api_client_page
+    get :login, params: {return_to: api_client_page}
     assert_response :redirect
     assert_equal(0, @response.redirect_url.index(api_client_page + '?'),
                  'Redirect url ' + @response.redirect_url +
@@ -17,4 +17,22 @@ class UserSessionsControllerTest < ActionController::TestCase
     assert_not_nil assigns(:api_client)
   end
 
+  test "login with remote param returns a salted token" do
+    authorize_with :inactive
+    api_client_page = 'http://client.example.com/home'
+    remote_prefix = 'zbbbb'
+    get :login, params: {return_to: api_client_page, remote: remote_prefix}
+    assert_response :redirect
+    api_client_auth = assigns(:api_client_auth)
+    assert_not_nil api_client_auth
+    assert_includes(@response.redirect_url, 'api_token='+api_client_auth.salted_token(remote: remote_prefix))
+  end
+
+  test "login with malformed remote param returns an error" do
+    authorize_with :inactive
+    api_client_page = 'http://client.example.com/home'
+    remote_prefix = 'invalid_cluster_id'
+    get :login, params: {return_to: api_client_page, remote: remote_prefix}
+    assert_response 400
+  end
 end