Cover bearer-authenticated export download URLs
This commit is contained in:
@@ -18,7 +18,9 @@ class ActiveStorageAuthorizationTest < ActionDispatch::IntegrationTest
|
||||
end
|
||||
|
||||
test "bearer token with board access can view blob" do
|
||||
get rails_blob_path(@blob, disposition: :inline), env: bearer_token_env(identity_access_tokens(:davids_api_token).token)
|
||||
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:davids_api_token).token}" }
|
||||
|
||||
get rails_blob_path(@blob, disposition: :inline), env: bearer_token
|
||||
|
||||
assert_response :redirect
|
||||
assert_match %r{rails/active_storage}, response.location
|
||||
@@ -46,7 +48,9 @@ class ActiveStorageAuthorizationTest < ActionDispatch::IntegrationTest
|
||||
end
|
||||
|
||||
test "bearer token with board access can view representation" do
|
||||
get rails_representation_path(@blob.representation(resize_to_limit: [ 100, 100 ])), env: bearer_token_env(identity_access_tokens(:davids_api_token).token)
|
||||
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:davids_api_token).token}" }
|
||||
|
||||
get rails_representation_path(@blob.representation(resize_to_limit: [ 100, 100 ])), env: bearer_token
|
||||
|
||||
assert_response :redirect
|
||||
assert_match %r{rails/active_storage/}, response.location
|
||||
@@ -210,8 +214,9 @@ class ActiveStorageAuthorizationTest < ActionDispatch::IntegrationTest
|
||||
|
||||
test "export owner can download their export with bearer token" do
|
||||
blob = create_export_blob_for(users(:david))
|
||||
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:davids_api_token).token}" }
|
||||
|
||||
get rails_blob_path(blob, disposition: :attachment), env: bearer_token_env(identity_access_tokens(:davids_api_token).token)
|
||||
get rails_blob_path(blob, disposition: :attachment), env: bearer_token
|
||||
|
||||
assert_response :redirect
|
||||
assert_match %r{rails/active_storage}, response.location
|
||||
@@ -272,8 +277,4 @@ class ActiveStorageAuthorizationTest < ActionDispatch::IntegrationTest
|
||||
user.avatar.blob
|
||||
end
|
||||
end
|
||||
|
||||
def bearer_token_env(token)
|
||||
{ "HTTP_AUTHORIZATION" => "Bearer #{token}" }
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user