auth/login should return empty object when insecure

test/red/api/auth/index_spec.js

@@ -21,6 +21,7 @@ var sinon = require("sinon");
 var passport = require("passport");
 
 var auth = require("../../../../red/api/auth");
+var Users = require("../../../../red/api/auth/users");
 var Tokens = require("../../../../red/api/auth/tokens");
 
 var settings = require("../../../../red/settings");
@@ -71,7 +72,16 @@ describe("api auth middleware",function() {
     });
     
     describe("login", function() {
-        it("returns login details", function(done) {
+        beforeEach(function() {
+            sinon.stub(Tokens,"init",function(){});
+            sinon.stub(Users,"init",function(){});
+        });
+        afterEach(function() {
+            Tokens.init.restore();
+            Users.init.restore();
+        });
+        it("returns login details - credentials", function(done) {
+            auth.init({adminAuth:{}},null);
             auth.login(null,{json: function(resp) {
                 resp.should.have.a.property("type","credentials");
                 resp.should.have.a.property("prompts");
@@ -79,6 +89,13 @@ describe("api auth middleware",function() {
                 done();
             }});
         });
+        it("returns login details - none", function(done) {
+            auth.init({},null);
+            auth.login(null,{json: function(resp) {
+                resp.should.eql({});
+                done();
+            }});
+        });
             
     });
     

test/red/api/index_spec.js

@@ -51,11 +51,6 @@ describe("api index", function() {
                 .get("/settings")
                 .expect(200,done)
         });
-        it('does not serve auth', function(done) {
-            request(app)
-                .get("/auth/login")
-                .expect(404,done)
-        });
     });
 
     describe("can serve auth", function() {