Uwe Schuster
abf6153439
AuthInterceptor previously returned application/json for every rejection,
which is wrong for browser navigation: the user followed a /set-password
link and saw a raw {"status":"Unauthorized"} blob.
Add wantsJson() negotiation (path /api/* OR X-Requested-With OR Accept
prefers application/json over text/html) and an IAuthPolicy hook
unauthenticatedRedirect(path) that lets consumers bounce browser
navigations to a landing/login page. JSON callers (fetch/axios) still
get JSON 401/403. Default policy returns nullopt → minimal HTML error
page, never raw JSON to a browser.
Same hook covers both 401 and 403 (decision Option A on the issue) so
consumers wire one redirect target for both unauth and forbidden cases.
Bootstrap a minimal test harness (decision Option T2): CMake option
OATPP_AUTHKIT_BUILD_TESTS gates enable_testing() + a tests subdir.
Adds test_negotiation covering wantsJson + urlEncode. No third-party
test framework — assertions use <cassert> + a tiny REQUIRE macro so the
suite stays dependency-free for future tests.
Closes #2
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
11 lines
472 B
CMake
11 lines
472 B
CMake
# Minimal test harness for oatpp-authkit.
|
|
#
|
|
# Adds plain executable tests linked against the INTERFACE library and oatpp.
|
|
# No third-party test framework — assertions use <cassert> and a tiny REQUIRE
|
|
# macro so the suite stays portable and dependency-free.
|
|
|
|
find_package(oatpp REQUIRED)
|
|
|
|
add_executable(test_negotiation test_negotiation.cpp)
|
|
target_link_libraries(test_negotiation PRIVATE oatpp::authkit oatpp::oatpp)
|
|
add_test(NAME negotiation COMMAND test_negotiation)
|