X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e74ede4659428af77c50057d69a0d08e4e74a6ef..46f3bff06569f06ce84799635ad25727cfd095b5:/apps/workbench/test/unit/user_test.rb

diff --git a/apps/workbench/test/unit/user_test.rb b/apps/workbench/test/unit/user_test.rb
index 89e95dff8c..fa9a69d380 100644
--- a/apps/workbench/test/unit/user_test.rb
+++ b/apps/workbench/test/unit/user_test.rb
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
 
 class UserTest < ActiveSupport::TestCase
@@ -9,4 +13,18 @@ class UserTest < ActiveSupport::TestCase
       assert_nil user.first_name
     end
   end
+
+  test "User.current doesn't return anonymous user when using invalid token" do
+    # Set up anonymous user token
+    Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
+    # First, try with a valid user
+    use_token :active
+    u = User.current
+    assert(find_fixture(User, "active").uuid == u.uuid)
+    # Next, simulate an invalid token
+    Thread.current[:arvados_api_token] = 'thistokenwontwork'
+    assert_raises(ArvadosApiClient::NotLoggedInException) do
+      User.current
+    end
+  end
 end