tests - added test that creates user, authenticates, deletes user

3 files changed, 182 insertions, 67 deletions

diff --git a/tests/white-box/couchdb.rb b/tests/white-box/couchdb.rb
index a5adb2bf..d438b193 100644
--- a/tests/white-box/couchdb.rb
+++ b/tests/white-box/couchdb.rb
@@ -52,7 +52,7 @@ class CouchDB < LeapTest
   #
   def test_03_Are_configured_nodes_online?
     return unless multimaster?
-    url = couchdb_url("/_membership", :user => 'admin')
+    url = couchdb_url("/_membership", :username => 'admin')
     assert_get(url) do |body|
       response = JSON.parse(body)
       nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes']
@@ -71,7 +71,7 @@ class CouchDB < LeapTest
 
   def test_04_Do_ACL_users_exist?
     acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'tapicero', 'webapp', 'replication']
-    url = couchdb_backend_url("/_users/_all_docs", :user => 'admin')
+    url = couchdb_backend_url("/_users/_all_docs", :username => 'admin')
     assert_get(url) do |body|
       response = JSON.parse(body)
       assert_equal acl_users.count, response['total_rows']
@@ -84,7 +84,7 @@ class CouchDB < LeapTest
   def test_05_Do_required_databases_exist?
     dbs_that_should_exist = ["customers","identities","keycache","sessions","shared","tickets","tokens","users"]
     dbs_that_should_exist.each do |db_name|
-      url = couchdb_url("/"+db_name, :user => 'admin')
+      url = couchdb_url("/"+db_name, :username => 'admin')
       assert_get(url) do |body|
         assert response = JSON.parse(body)
         assert_equal db_name, response['db_name']
@@ -102,50 +102,54 @@ class CouchDB < LeapTest
 
   #def test_06_Is_ACL_enforced?
   #  ok = assert_auth_fail(
-  #    couchdb_url('/users/_all_docs', :user => 'leap_mx'),
+  #    couchdb_url('/users/_all_docs', :username => 'leap_mx'),
   #    {:limit => 1}
   #  )
   #  ok = assert_auth_fail(
-  #    couchdb_url('/users/_all_docs', :user => 'leap_mx'),
+  #    couchdb_url('/users/_all_docs', :username => 'leap_mx'),
   #    {:limit => 1}
   #  ) && ok
   #  pass if ok
   #end
 
-  def test_07_What?
+  def test_07_Can_records_be_created?
+    token = Token.new
+    url = couchdb_url("/tokens", :username => 'admin')
+    assert_post(url, token, :format => :json) do |body|
+      assert response = JSON.parse(body), "POST response should be JSON"
+      assert response["ok"], "POST response should be OK"
+      assert_delete(File.join(url, response["id"]), :rev => response["rev"]) do |body|
+        assert response = JSON.parse(body), "DELETE response should be JSON"
+        assert response["ok"], "DELETE response should be OK"
+      end
+    end
     pass
   end
 
   private
 
-  def couchdb_url(path="", options=nil)
-    options||={}
-    @port ||= begin
-      assert_property 'couch.port'
-      $node['couch']['port']
-    end
-    url = 'http://'
-    if options[:user]
-      assert_property 'couch.users.' + options[:user]
-      password = $node['couch']['users'][options[:user]]['password']
-      url += "%s:%s@" % [options[:user], password]
-    end
-    url += "localhost:#{options[:port] || @port}#{path}"
-    url
+  def multimaster?
+    mode == "multimaster"
   end
 
+  def mode
+    assert_property('couch.mode')
+  end
+
+  # TODO: admin port is hardcoded for now but should be configurable.
   def couchdb_backend_url(path="", options={})
-    # TODO: admin port is hardcoded for now but should be configurable.
     options = {port: multimaster? && "5986"}.merge options
     couchdb_url(path, options)
   end
 
-  def multimaster?
-    mode == "multimaster"
-  end
-
-  def mode
-    assert_property('couch.mode')
+  require 'securerandom'
+  require 'digest/sha2'
+  class Token < Hash
+    def initialize
+      self['token'] = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
+      self['_id'] = Digest::SHA512.hexdigest(self['token'])
+      self['last_seen_at'] = Time.now
+    end
   end
 
 end
diff --git a/tests/white-box/mx.rb b/tests/white-box/mx.rb
new file mode 100644
index 00000000..da780de4
--- /dev/null
+++ b/tests/white-box/mx.rb
@@ -0,0 +1,50 @@
+raise SkipTest unless $node["services"].include?("mx")
+
+require 'json'
+
+class Mx < LeapTest
+  depends_on "Network"
+
+  def setup
+  end
+
+  def test_01_Can_contact_couchdb?
+    dbs = ["identities"]
+    dbs.each do |db_name|
+      couchdb_urls("/"+db_name, url_options).each do |url|
+        assert_get(url) do |body|
+          assert response = JSON.parse(body)
+          assert_equal db_name, response['db_name']
+        end
+      end
+    end
+    pass
+  end
+
+  def test_02_Can_contact_couchdb_via_haproxy?
+    if property('haproxy.couch')
+      url = couchdb_url_via_haproxy("", url_options)
+      assert_get(url) do |body|
+        assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+      end
+      pass
+    end
+  end
+
+  def test_03_Are_MX_daemons_running?
+    assert_running 'leap_mx'
+    assert_running '/usr/lib/postfix/master'
+    assert_running '/usr/sbin/unbound'
+    pass
+  end
+
+  private
+
+  def url_options
+    {
+      :username => property('couchdb_leap_mx_user.username'),
+      :password => property('couchdb_leap_mx_user.password')
+    }
+  end
+
+end
diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb
index 7df57fd7..0fea1c7f 100644
--- a/tests/white-box/webapp.rb
+++ b/tests/white-box/webapp.rb
@@ -1,58 +1,29 @@
 raise SkipTest unless $node["services"].include?("webapp")
 
-require 'socket'
+require 'json'
 
 class Webapp < LeapTest
   depends_on "Network"
 
-  HAPROXY_CONFIG = '/etc/haproxy/haproxy.cfg'
-
   def setup
   end
 
-  #
-  # example properties:
-  #
-  # stunnel:
-  #   clients:
-  #     couch_client:
-  #       couch1_5984:
-  #         accept_port: 4000
-  #         connect: couch1.bitmask.i
-  #         connect_port: 15984
-  #
   def test_01_Can_contact_couchdb?
-    assert_property('stunnel.clients.couch_client')
-    $node['stunnel']['clients']['couch_client'].values.each do |stunnel_conf|
-      assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.'
-      local_stunnel_url = "http://localhost:#{port}"
-      remote_ip_address = TCPSocket.gethostbyname(stunnel_conf['connect']).last
-      msg = "(stunnel to %s:%s, aka %s)" % [stunnel_conf['connect'], stunnel_conf['connect_port'], remote_ip_address]
-      assert_get(local_stunnel_url, nil, error_msg: msg) do |body|
-        assert_match /"couchdb":"Welcome"/, body, "Request to #{local_stunnel_url} should return couchdb welcome message."
-      end
+    url = couchdb_url("", url_options)
+    assert_get(url) do |body|
+      assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
     end
     pass
   end
 
-  #
-  # example properties:
-  #
-  # haproxy:
-  #   servers:
-  #     couch1:
-  #       backup: false
-  #       host: localhost
-  #       port: 4000
-  #       weight: 10
-  #
-  def test_02_Is_haproxy_working?
-    port = file_match(HAPROXY_CONFIG, /^  bind localhost:(\d+)$/)
-    url = "http://localhost:#{port}"
-    assert_get(url) do |body|
-      assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+  def test_02_Can_contact_couchdb_via_haproxy?
+    if property('haproxy.couch')
+      url = couchdb_url_via_haproxy("", url_options)
+      assert_get(url) do |body|
+        assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
+      end
+      pass
     end
-    pass
   end
 
   def test_03_Are_daemons_running?
@@ -70,4 +41,94 @@ class Webapp < LeapTest
     pass
   end
 
+  def test_05_Can_create_user?
+    @@user = nil
+    user = SRP::User.new
+    url = api_url("/1/users.json")
+    assert_post(url, user.to_params) do |body|
+      assert response = JSON.parse(body), 'response should be JSON'
+      assert response['ok'], 'creating a user should be successful'
+    end
+    @@user = user
+    pass
+  end
+
+  def test_06_Can_authenticate?
+    @@user_id = nil
+    @@session_token = nil
+    if @@user.nil?
+      skip "Depends on user creation"
+    else
+      url = api_url("/1/sessions.json")
+      session = SRP::Session.new(@@user)
+      params = {'login' => @@user.username, 'A' => session.aa}
+      assert_post(url, params) do |response, body|
+        cookie = response['Set-Cookie'].split(';').first
+        assert(response = JSON.parse(body), 'response should be JSON')
+        assert(bb = response["B"])
+        session.bb = bb
+        url = api_url("/1/sessions/login.json")
+        params = {'client_auth' => session.m, 'A' => session.aa}
+        options = {:headers => {'Cookie' => cookie}}
+        assert_put(url, params, options) do |body|
+          assert(response = JSON.parse(body), 'response should be JSON')
+          assert(response['M2'], 'response should include M2')
+          assert(@@session_token = response['token'], 'response should include token')
+          assert(@@user_id = response['id'], 'response should include user id')
+        end
+      end
+      pass
+    end
+  end
+
+  def test_07_Can_delete_user?
+    if @@user_id.nil? || @@session_token.nil?
+      skip "Depends on authentication"
+    else
+      url = api_url("/1/users/#{@@user_id}.json")
+      options = {:headers => {
+        "Authorization" => "Token token=\"#{@@session_token}\""
+      }}
+      delete(url, {}, options) do |body, response, error|
+        if response.code.to_i != 200
+          skip "It appears the web api is too old to support deleting users"
+        else
+          assert(response = JSON.parse(body), 'response should be JSON')
+          assert(response["success"], 'delete should be a success')
+          pass
+        end
+      end
+    end
+  end
+
+  private
+
+  def url_options
+    {
+      :username => property('couchdb_webapp_user.username'),
+      :password => property('couchdb_webapp_user.password')
+    }
+  end
+
+  def api_url(path)
+    "https://%{domain}:%{port}#{path}" % {
+      :domain   => property('api.domain'),
+      :port     => property('api.port')
+    }
+  end
+
+  #
+  # I tried, but couldn't get this working:
+  # #
+  # # get an CSRF authenticity token
+  # #
+  # url = api_url("/")
+  # csrf_token = nil
+  # assert_get(url) do |body|
+  #   lines = body.split("\n").grep(/csrf-token/)
+  #   assert lines.any?, 'failed to find csrf-token'
+  #   csrf_token = lines.first.split('"')[1]
+  #   assert csrf_token, 'failed to find csrf-token'
+  # end
+
 end