X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7ea3065904e73e024f9028c787c86e4bbe861ff7..282d7a0c9d8279fa0a1293573e4313c8223be1b5:/services/api/test/functional/user_sessions_controller_test.rb diff --git a/services/api/test/functional/user_sessions_controller_test.rb b/services/api/test/functional/user_sessions_controller_test.rb index 1d85ef352d..cee8245b25 100644 --- a/services/api/test/functional/user_sessions_controller_test.rb +++ b/services/api/test/functional/user_sessions_controller_test.rb @@ -1,3 +1,7 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + require 'test_helper' class UserSessionsControllerTest < ActionController::TestCase @@ -5,7 +9,7 @@ class UserSessionsControllerTest < ActionController::TestCase test "new user from new api client" do authorize_with :inactive api_client_page = 'http://client.example.com/home' - get :login, return_to: api_client_page + get :login, params: {return_to: api_client_page} assert_response :redirect assert_equal(0, @response.redirect_url.index(api_client_page + '?'), 'Redirect url ' + @response.redirect_url + @@ -13,4 +17,22 @@ class UserSessionsControllerTest < ActionController::TestCase assert_not_nil assigns(:api_client) end + test "login with remote param returns a salted token" do + authorize_with :inactive + api_client_page = 'http://client.example.com/home' + remote_prefix = 'zbbbb' + get :login, params: {return_to: api_client_page, remote: remote_prefix} + assert_response :redirect + api_client_auth = assigns(:api_client_auth) + assert_not_nil api_client_auth + assert_includes(@response.redirect_url, 'api_token='+api_client_auth.salted_token(remote: remote_prefix)) + end + + test "login with malformed remote param returns an error" do + authorize_with :inactive + api_client_page = 'http://client.example.com/home' + remote_prefix = 'invalid_cluster_id' + get :login, params: {return_to: api_client_page, remote: remote_prefix} + assert_response 400 + end end