Merge pull request #128 from edgurgel/fix-trigger-event-unauthorized

Fix EventHandler.is_authrozied/2 for unauthorized requests
edgurgel · Jun 23, 2018 · 7d1e1e1 · 7d1e1e1
2 parents cc0a458 + e67b451
commit 7d1e1e1
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 9 deletions.
diff --git a/lib/poxa/event_handler.ex b/lib/poxa/event_handler.ex
@@ -47,13 +47,12 @@ defmodule Poxa.EventHandler do
     {qs_vals, req} = :cowboy_req.qs_vals(req)
     {method, req} = :cowboy_req.method(req)
     {path, req} = :cowboy_req.path(req)
-    authorized = Authentication.check(method, path, body, qs_vals)
-    req = if authorized do
-            req
-          else
-            :cowboy_req.set_resp_body(@authentication_error_json, req)
-          end
-    {authorized, req, state}
+    if Authentication.check(method, path, body, qs_vals) do
+      {true, req, state}
+    else
+      req = :cowboy_req.set_resp_body(@authentication_error_json, req)
+      {{false, "Authentication error"}, req, state}
+    end
   end
 
 

diff --git a/test/event_handler_test.exs b/test/event_handler_test.exs
@@ -53,7 +53,7 @@ defmodule Poxa.EventHandlerTest do
     expect(:cowboy_req, :path, 1, {:path, :req3})
     expect(:cowboy_req, :set_resp_body, 2, :req4)
 
-    assert is_authorized(:req, %{body: :body}) == {false, :req4, %{body: :body}}
+    assert is_authorized(:req, %{body: :body}) == {{false, "Authentication error"}, :req4, %{body: :body}}
 
     assert validate Authentication
     assert validate :cowboy_req

diff --git a/test/integration/trigger_event_test.exs b/test/integration/trigger_event_test.exs
@@ -5,10 +5,13 @@ defmodule Poxa.Integration.TriggerEvent do
 
   setup_all do
     Application.ensure_all_started(:pusher)
-    Pusher.configure!("localhost", 8080, "app_id", "app_key", "secret")
     :ok
   end
 
+  setup do
+    Pusher.configure!("localhost", 8080, "app_id", "app_key", "secret")
+  end
+
   test "trigger event returns 200" do
     [channel, socket_id] = ["channel", "123.456"]
 
@@ -26,4 +29,12 @@ defmodule Poxa.Integration.TriggerEvent do
 
     assert Pusher.trigger("test_event", %{}, channel, socket_id) == :error
   end
+
+
+  test "trigger event returns 401 on invalid authentication" do
+    [channel, socket_id] = ["channel", "123.456"]
+
+    Pusher.configure!("localhost", 8080, "app_id", "app_key", "wrong_secret")
+    assert Pusher.trigger("test_event", %{}, channel, socket_id) == :error
+  end
 end