From c4e6d3c9a8a55460c4ee663e66ea1093c6088d4f Mon Sep 17 00:00:00 2001
From: Lucas Di Pentima <ldipentima@veritasgenetics.com>
Date: Mon, 4 Dec 2017 16:19:37 -0300
Subject: [PATCH] 12662: Added test proving that User.current won't return the
 anonoymous user when using an invalid token and having the
 anonymous_user_token config set.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima@veritasgenetics.com>
---
 apps/workbench/test/unit/user_test.rb | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/apps/workbench/test/unit/user_test.rb b/apps/workbench/test/unit/user_test.rb
index 1b887151c4..fa9a69d380 100644
--- a/apps/workbench/test/unit/user_test.rb
+++ b/apps/workbench/test/unit/user_test.rb
@@ -13,4 +13,18 @@ class UserTest < ActiveSupport::TestCase
       assert_nil user.first_name
     end
   end
+
+  test "User.current doesn't return anonymous user when using invalid token" do
+    # Set up anonymous user token
+    Rails.configuration.anonymous_user_token = api_fixture('api_client_authorizations')['anonymous']['api_token']
+    # First, try with a valid user
+    use_token :active
+    u = User.current
+    assert(find_fixture(User, "active").uuid == u.uuid)
+    # Next, simulate an invalid token
+    Thread.current[:arvados_api_token] = 'thistokenwontwork'
+    assert_raises(ArvadosApiClient::NotLoggedInException) do
+      User.current
+    end
+  end
 end
-- 
2.30.2