server: cover HTMX auth-redirect path in repo-ops tests
This commit is contained in:
@@ -328,4 +328,35 @@ func TestRunOpsRequireAuth(t *testing.T) {
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
// HTMX path: unauthenticated POST with HX-Request: true → 303 to /login.
|
||||
// Auth check fires before host lookup so the host ID doesn't need to exist.
|
||||
for _, path := range []string{
|
||||
"/hosts/" + hostID + "/repo/prune",
|
||||
"/hosts/" + hostID + "/repo/check",
|
||||
"/hosts/" + hostID + "/repo/unlock",
|
||||
} {
|
||||
path := path
|
||||
t.Run("htmx"+path, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
client := &stdhttp.Client{
|
||||
CheckRedirect: func(_ *stdhttp.Request, _ []*stdhttp.Request) error {
|
||||
return stdhttp.ErrUseLastResponse
|
||||
},
|
||||
}
|
||||
req, _ := stdhttp.NewRequest("POST", url+path, nil)
|
||||
req.Header.Set("HX-Request", "true")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
t.Fatalf("do: %v", err)
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode != stdhttp.StatusSeeOther {
|
||||
t.Errorf("want 303, got %d", res.StatusCode)
|
||||
}
|
||||
if loc := res.Header.Get("Location"); loc != "/login" {
|
||||
t.Errorf("want Location=/login, got %q", loc)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user