From 10c76ac1cfa4e94375b456266e4113a4313abe96 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 23 Jun 2014 02:40:21 -0700
Subject: tests: fixed problem with showing couchdb password in process table,
 and adding warnings for when ACL is not being respected (which is currently
 always). closes #5445

---
 tests/white-box/couchdb.rb | 35 +++++++++++++++++++++++++++--------
 1 file changed, 27 insertions(+), 8 deletions(-)

(limited to 'tests/white-box/couchdb.rb')

diff --git a/tests/white-box/couchdb.rb b/tests/white-box/couchdb.rb
index 9d5da94f..8b9789bd 100644
--- a/tests/white-box/couchdb.rb
+++ b/tests/white-box/couchdb.rb
@@ -33,7 +33,7 @@ class CouchDB < LeapTest
     neighbors = assert_property('couch.bigcouch.neighbors')
     neighbors << assert_property('domain.full')
     neighbors.sort!
-    assert_get(url) do |body|
+    assert_get(url, nil, http_basic_auth) do |body|
       response = JSON.parse(body)
       nodes_in_db = response['rows'].collect{|row| row['id'].sub(/^bigcouch@/, '')}.sort
       assert_equal neighbors, nodes_in_db, "The couchdb replication node list is wrong (/nodes/_all_docs)"
@@ -49,7 +49,7 @@ class CouchDB < LeapTest
   #
   def test_03_Are_configured_nodes_online?
     url = couchdb_url("/_membership")
-    assert_get(url) do |body|
+    assert_get(url, nil, http_basic_auth) do |body|
       response = JSON.parse(body)
       nodes_configured_but_not_available = response['cluster_nodes'] - response['all_nodes']
       nodes_available_but_not_configured = response['all_nodes'] - response['cluster_nodes']
@@ -68,7 +68,7 @@ class CouchDB < LeapTest
   def test_04_Do_ACL_users_exist?
     acl_users = ['_design/_auth', 'leap_mx', 'nickserver', 'soledad', 'tapicero', 'webapp']
     url = couchdb_backend_url("/_users/_all_docs")
-    assert_get(url) do |body|
+    assert_get(url, nil, http_basic_auth) do |body|
       response = JSON.parse(body)
       assert_equal 6, response['total_rows']
       actual_users = response['rows'].map{|row| row['id'].sub(/^org.couchdb.user:/, '') }
@@ -88,6 +88,23 @@ class CouchDB < LeapTest
     pass
   end
 
+  #
+  # for now, this just prints warnings, since we are failing these tests.
+  #
+  def test_06_Is_ACL_enforced?
+    ok = assert_auth_fail(
+      couchdb_url('/users/_all_docs'),
+      {:limit => 1},
+      http_basic_auth('leap_mx')
+    )
+    ok = assert_auth_fail(
+      couchdb_url('/users/_all_docs'),
+      {:limit => 1},
+      {}
+    ) && ok
+    pass if ok
+  end
+
   private
 
   def couchdb_url(path="", port=nil)
@@ -95,15 +112,17 @@ class CouchDB < LeapTest
       assert_property 'couch.port'
       $node['couch']['port']
     end
-    @password ||= begin
-      assert_property 'couch.users.admin.password'
-      $node['couch']['users']['admin']['password']
-    end
-    "http://admin:#{@password}@localhost:#{port || @port}#{path}"
+    "http://localhost:#{port || @port}#{path}"
   end
 
   def couchdb_backend_url(path="")
     couchdb_url(path, "5986") # TODO: admin port is hardcoded for now but should be configurable.
   end
 
+  def http_basic_auth(username='admin')
+    assert_property 'couch.users.' + username
+    password = $node['couch']['users'][username]['password']
+    {:username => username, :password => password}
+  end
+
 end
-- 
cgit v1.2.3