Tidy up user-or-network specs

- Remove conceptually redundant group grant block - Remove superstitious header delete (could mask a bad implementation change) - Adjust client ip language in context labels
mlibrary · Jan 10, 2024 · 300227d · 300227d
1 parent 576a8e2
commit 300227d
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 25 deletions.
diff --git a/lauth/spec/requests/authorized_any_spec.rb b/lauth/spec/requests/authorized_any_spec.rb
@@ -26,27 +26,7 @@
     end
   end
 
-  context "with an authorized group" do
-    let!(:user) { Factory[:user, userid: "lauth-group-member"] }
-    let!(:group) {
-      Factory[:group]
-      relations.groups.last
-    }
-    let!(:group_membership) { Factory[:group_membership, group: group, user: user] }
-    let!(:group_grant) { Factory[:grant, :for_group, group: group, collection: collection] }
-
-    it "is allowed within an allowed network" do
-      expect(request(from: "10.1.16.1", as: user)).to eq({determination: "allowed"})
-    end
-    it "is allowed within a denied network" do
-      expect(request(from: "10.1.17.1", as: user)).to eq({determination: "allowed"})
-    end
-    it "is allowed outside of any known network" do
-      expect(request(from: "10.1.18.1", as: user)).to eq({determination: "allowed"})
-    end
-  end
-
-  context "without an authorized individual" do
+  context "with an anonymous user" do
     it "is allowed within an allowed network" do
       expect(request(from: "10.1.16.1", as: "")).to eq({determination: "allowed"})
     end

diff --git a/test/restrictions/campus_network_spec.rb b/test/restrictions/campus_network_spec.rb
@@ -58,7 +58,6 @@ def website
   # @return response
   def request_from(ip)
     website.get("/restricted-by-network/") do |req|
-      req.headers.delete("X-Remote-User") # Ensure X-Remote-User not set
       req.headers["X-Client-IP"] = ip
     end
   end

diff --git a/test/restrictions/login_or_network_spec.rb b/test/restrictions/login_or_network_spec.rb
@@ -5,7 +5,7 @@
   let(:content) { "allowed by user authentication or authorized network" }
 
   context "given a collection configured for 'any' auth" do
-    context "when inside an allowed network" do
+    context "when the client is within an allowed network" do
       let(:ip) { "10.1.16.22" }
       it "allows an authorized user" do
         response = request(from: ip, as: good_user)
@@ -21,7 +21,7 @@
       end
     end
 
-    context "when inside a denied network" do
+    context "when the client is within a denied network" do
       let(:ip) { "10.1.17.2" }
       it "allows an authorized user" do
         response = request(from: ip, as: good_user)
@@ -39,7 +39,7 @@
 
     # These are identical to the tests for /restricted-by-username/
     # except against a collection in 'any' mode.
-    context "when outside any known network" do
+    context "when the client is outside known networks" do
       let(:ip) { "10.1.8.1" }
       it "allows an authorized user" do
         response = request(from: ip, as: good_user)