X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/994fa4569b8da43486719ce0da770ab1887b24b9..a41baffe4f38019cb5b36875c5e0c838ef9201e5:/apps/workbench/test/controllers/collections_controller_test.rb

diff --git a/apps/workbench/test/controllers/collections_controller_test.rb b/apps/workbench/test/controllers/collections_controller_test.rb
index 14db674292..95c0a57db1 100644
--- a/apps/workbench/test/controllers/collections_controller_test.rb
+++ b/apps/workbench/test/controllers/collections_controller_test.rb
@@ -174,12 +174,23 @@ class CollectionsControllerTest < ActionController::TestCase
                      "using a reader token set the session's API token")
   end
 
-  test "trying to get from Keep with an unscoped reader token prompts login" do
-    params = collection_params(:foo_file, 'foo')
-    params[:reader_token] =
-      api_fixture('api_client_authorizations')['active_noscope']['api_token']
-    get(:show_file, params)
-    assert_response :redirect
+  [false, api_fixture('api_client_authorizations')['anonymous']['api_token']].
+    each do |anon_conf|
+    test "download a file using a reader token with insufficient scope (anon_conf=#{!!anon_conf})" do
+      Rails.configuration.anonymous_user_token = anon_conf
+      params = collection_params(:foo_file, 'foo')
+      params[:reader_token] =
+        api_fixture('api_client_authorizations')['active_noscope']['api_token']
+      get(:show_file, params)
+      if anon_conf
+        # Some files can be shown without a valid token, but not this one.
+        assert_response 404
+      else
+        # No files will ever be shown without a valid token. You
+        # should log in and try again.
+        assert_response :redirect
+      end
+    end
   end
 
   test "can get a file with an unpermissioned auth but in-scope reader token" do