first pass RT4 merge, RT#13852

1 files changed, 36 insertions, 0 deletions

diff --git a/rt/t/web/remote_user.t b/rt/t/web/remote_user.t
new file mode 100644
index 000000000..edad6ef95
--- /dev/null
+++ b/rt/t/web/remote_user.t
@@ -0,0 +1,36 @@
+use strict;
+use warnings;
+use RT;
+use RT::Test tests => 9;
+use MIME::Base64 qw//;
+
+RT->Config->Set( DevelMode => 0 );
+RT->Config->Set( WebExternalAuth => 1 );
+
+sub auth {
+    return Authorization => "Basic " .
+        MIME::Base64::encode( join(":", @_) );
+}
+
+my ( $url, $m ) = RT::Test->started_ok( basic_auth => 1 );
+$m->get($url);
+is($m->status, 401, "Initial request with no creds gets 401");
+
+$m->get($url, auth( root => "wrong" ));
+is($m->status, 401, "Request with wrong creds gets 401");
+
+$m->get($url, auth( root => "password" ));
+is($m->status, 200, "Request with right creds gets 200");
+
+$m->content_like(
+    qr{<span class="current-user">\Qroot\E</span>}i,
+    "Has user on the page"
+);
+$m->content_unlike(qr/Logout/i, "Has no logout button, no WebFallbackToInternalAuth");
+
+$m->get($url);
+is($m->status, 401, "Subsequent requests without credentials aren't still logged in");
+
+
+# Put the credentials back for the warnings check at the end
+$m->default_header( auth( root => "password" ));