Fix basic auth test assertions

lovasoa · lovasoa · commit 7399b1084a20 · 2025-09-15T14:01:28.000+02:00
Use "Unauthorized" instead of "not authorized" to match the expected
response.

Add tests for basic auth error cases.
diff --git a/tests/core/mod.rs b/tests/core/mod.rs
@@ -174,7 +174,7 @@ async fn test_official_website_basic_auth_example() {
     let body = test::read_body(resp).await;
     let body_str = String::from_utf8(body.to_vec()).unwrap();
     assert!(
-        body_str.contains("not authorized"),
+        body_str.contains("Unauthorized"),
         "{body_str}\nexpected to contain Unauthorized"
     );
 }
diff --git a/tests/errors/basic_auth.rs b/tests/errors/basic_auth.rs
@@ -0,0 +1,43 @@
+use crate::common::{get_request_to, req_path};
+use actix_web::{http::StatusCode, test};
+use sqlpage::webserver::http::main_handler;
+
+#[actix_web::test]
+async fn test_basic_auth_not_provided() {
+    let resp_result = req_path("/tests/errors/basic_auth.sql").await;
+    let resp = resp_result.unwrap();
+    assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
+    assert_eq!(
+        resp.headers().get("www-authenticate").unwrap(),
+        "Basic realm=\"Authentication required\", charset=\"UTF-8\""
+    );
+    let body = test::read_body(resp).await;
+    let body_str = String::from_utf8(body.to_vec()).unwrap();
+    assert!(
+        body_str.contains("Unauthorized"),
+        "{body_str}\nexpected to contain Unauthorized"
+    );
+    assert!(
+        !body_str.contains("Success!"),
+        "{body_str}\nexpected not to contain Success!"
+    );
+}
+
+#[actix_web::test]
+async fn test_basic_auth_with_credentials() {
+    let req = get_request_to("/tests/errors/basic_auth.sql")
+        .await
+        .unwrap() // log in with credentials "user:password"
+        .append_header(("Authorization", "Basic dXNlcjpwYXNzd29yZA=="))
+        .to_srv_request();
+    let resp = main_handler(req)
+        .await
+        .expect("req with credentials should succeed");
+    assert_eq!(resp.status(), StatusCode::OK);
+    let body = test::read_body(resp).await;
+    let body_str = String::from_utf8(body.to_vec()).unwrap();
+    assert!(
+        body_str.contains("Success!"),
+        "{body_str}\nexpected to contain Success"
+    );
+}
diff --git a/tests/errors/basic_auth.sql b/tests/errors/basic_auth.sql
@@ -0,0 +1,5 @@
+SELECT 'authentication' AS component,
+    '$argon2i$v=19$m=8,t=1,p=1$YWFhYWFhYWE$oKBq5E8XFTHO2w' AS password_hash, -- this is a hash of the password 'password'
+    sqlpage.basic_auth_password() AS password; -- this is the password that the user entered in the browser popup
+
+SELECT 'text' AS component, 'Success!' AS contents;

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@ async fn test_official_website_basic_auth_example() {`
`174`	`174`	`let body = test::read_body(resp).await;`
`175`	`175`	`let body_str = String::from_utf8(body.to_vec()).unwrap();`
`176`	`176`	`assert!(`
`177`		`- body_str.contains("not authorized"),`
	`177`	`+ body_str.contains("Unauthorized"),`
`178`	`178`	`"{body_str}\nexpected to contain Unauthorized"`
`179`	`179`	`);`
`180`	`180`	`}`