diff options
author | elijah <elijah@riseup.net> | 2014-06-23 02:40:21 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-06-23 02:40:21 -0700 |
commit | 10c76ac1cfa4e94375b456266e4113a4313abe96 (patch) | |
tree | f901c5b5977633199997750cce4a530e68b8d48c | |
parent | c20aa4f8c35a4cba982de92105da2566ecdfa1ae (diff) |
tests: fixed problem with showing couchdb password in process table, and adding warnings for when ACL is not being respected (which is currently always). closes #5445
-rwxr-xr-x | bin/run_tests | 23 | ||||
-rw-r--r-- | tests/white-box/couchdb.rb | 35 |
2 files changed, 47 insertions, 11 deletions
diff --git a/bin/run_tests b/bin/run_tests index 3ba89684..d7fc1e4c 100755 --- a/bin/run_tests +++ b/bin/run_tests @@ -122,7 +122,7 @@ class LeapTest < MiniTest::Unit::TestCase # # attempts a http GET on the url, yields |body, response, error| # - def get(url, params=nil) + def get(url, params=nil, options=nil) uri = URI(url) if params uri.query = URI.encode_www_form(params) @@ -133,7 +133,11 @@ class LeapTest < MiniTest::Unit::TestCase http.use_ssl = true end http.start do |agent| - response = agent.get(uri.request_uri) + request = Net::HTTP::Get.new uri.request_uri + if options && options[:username] + request.basic_auth options[:username], options[:password] + end + response = agent.request(request) if response.is_a?(Net::HTTPSuccess) yield response.body, response, nil else @@ -146,7 +150,7 @@ class LeapTest < MiniTest::Unit::TestCase def assert_get(url, params=nil, options=nil) options ||= {} - get(url, params) do |body, response, error| + get(url, params, options) do |body, response, error| if body yield body if block_given? elsif response @@ -158,6 +162,19 @@ class LeapTest < MiniTest::Unit::TestCase end # + # only a warning for now, should be a failure in the future + # + def assert_auth_fail(url, params, auth_options) + get(url, params, auth_options) do |body, response, error| + unless response.code == 401 + warn "Expected a '401 Unauthorized' response, but got #{response.code} instead (GET #{url} with username '#{auth_options[:username]}')." + return false + end + end + true + end + + # # test if a socket can be connected to # diff --git a/tests/white-box/couchdb.rb b/tests/white-box/couchdb.rb index 9d5da94f..8b9789bd 100644 --- a/tests/white-box/couchdb.rb +++ b/tests/white-box/couchdb.rb @@ -33,7 +33,7 @@ class CouchDB < LeapTest neighbors = assert_property('couch.bigcouch.neighbors') neighbors << assert_property('domain.full') neighbors.sort! - assert_get(url) do |body| + assert_get(url, nil, http_basic_auth) do |body| response = JSON.parse(body) nodes_in_db = response['rows'].collect{|row| row['id'].sub(/^bigcouch@/, '')}.sort assert_equal neighbors, nodes_in_db, "The couchdb replication node list is wrong (/nodes/_all_docs)" @@ -49,7 +49,7 @@ class CouchDB < LeapTest # def test_03_Are_configured_nodes_online? url = couchdb_url("/_membership") - assert_get(url) do |body| + assert_get(url, nil, http_basic_auth) do |body| response = JSON.parse(body) nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes'] nodes_available_but_not_configured = response['all_nodes'] - response['cluster_nodes'] @@ -68,7 +68,7 @@ class CouchDB < LeapTest def test_04_Do_ACL_users_exist? acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'tapicero', 'webapp'] url = couchdb_backend_url("/_users/_all_docs") - assert_get(url) do |body| + assert_get(url, nil, http_basic_auth) do |body| response = JSON.parse(body) assert_equal 6, response['total_rows'] actual_users = response['rows'].map{|row| row['id'].sub(/^org.couchdb.user:/, '') } @@ -88,6 +88,23 @@ class CouchDB < LeapTest pass end + # + # for now, this just prints warnings, since we are failing these tests. + # + def test_06_Is_ACL_enforced? + ok = assert_auth_fail( + couchdb_url('/users/_all_docs'), + {:limit => 1}, + http_basic_auth('leap_mx') + ) + ok = assert_auth_fail( + couchdb_url('/users/_all_docs'), + {:limit => 1}, + {} + ) && ok + pass if ok + end + private def couchdb_url(path="", port=nil) @@ -95,15 +112,17 @@ class CouchDB < LeapTest assert_property 'couch.port' $node['couch']['port'] end - @password ||= begin - assert_property 'couch.users.admin.password' - $node['couch']['users']['admin']['password'] - end - "http://admin:#{@password}@localhost:#{port || @port}#{path}" + "http://localhost:#{port || @port}#{path}" end def couchdb_backend_url(path="") couchdb_url(path, "5986") # TODO: admin port is hardcoded for now but should be configurable. end + def http_basic_auth(username='admin') + assert_property 'couch.users.' + username + password = $node['couch']['users'][username]['password'] + {:username => username, :password => password} + end + end |