1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
raise SkipTest unless $node["services"].include?("webapp")
require 'json'
class Webapp < LeapTest
depends_on "Network"
def setup
end
def test_01_Can_contact_couchdb?
url = couchdb_url("", url_options)
assert_get(url) do |body|
assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
end
pass
end
def test_02_Can_contact_couchdb_via_haproxy?
if property('haproxy.couch')
url = couchdb_url_via_haproxy("", url_options)
assert_get(url) do |body|
assert_match /"couchdb":"Welcome"/, body, "Request to #{url} should return couchdb welcome message."
end
pass
end
end
def test_03_Are_daemons_running?
assert_running '/usr/sbin/apache2'
assert_running '/usr/bin/nickserver'
pass
end
#
# this is technically a black-box test. so, move this when we have support
# for black box tests.
#
def test_04_Can_access_webapp?
assert_get('https://' + $node['webapp']['domain'] + '/')
pass
end
def test_05_Can_create_user?
@@user = nil
user = SRP::User.new
url = api_url("/1/users.json")
assert_post(url, user.to_params) do |body|
assert response = JSON.parse(body), 'response should be JSON'
assert response['ok'], 'creating a user should be successful'
end
@@user = user
pass
end
def test_06_Can_authenticate?
@@user_id = nil
@@session_token = nil
if @@user.nil?
skip "Depends on user creation"
else
url = api_url("/1/sessions.json")
session = SRP::Session.new(@@user)
params = {'login' => @@user.username, 'A' => session.aa}
assert_post(url, params) do |response, body|
cookie = response['Set-Cookie'].split(';').first
assert(response = JSON.parse(body), 'response should be JSON')
assert(bb = response["B"])
session.bb = bb
url = api_url("/1/sessions/login.json")
params = {'client_auth' => session.m, 'A' => session.aa}
options = {:headers => {'Cookie' => cookie}}
assert_put(url, params, options) do |body|
assert(response = JSON.parse(body), 'response should be JSON')
assert(response['M2'], 'response should include M2')
assert(@@session_token = response['token'], 'response should include token')
assert(@@user_id = response['id'], 'response should include user id')
end
end
pass
end
end
def test_07_Can_delete_user?
if @@user_id.nil? || @@session_token.nil?
skip "Depends on authentication"
else
url = api_url("/1/users/#{@@user_id}.json")
options = {:headers => {
"Authorization" => "Token token=\"#{@@session_token}\""
}}
delete(url, {}, options) do |body, response, error|
if response.code.to_i != 200
skip "It appears the web api is too old to support deleting users"
else
assert(response = JSON.parse(body), 'response should be JSON')
assert(response["success"], 'delete should be a success')
pass
end
end
end
end
private
def url_options
{
:username => property('couchdb_webapp_user.username'),
:password => property('couchdb_webapp_user.password')
}
end
def api_url(path)
"https://%{domain}:%{port}#{path}" % {
:domain => property('api.domain'),
:port => property('api.port')
}
end
#
# I tried, but couldn't get this working:
# #
# # get an CSRF authenticity token
# #
# url = api_url("/")
# csrf_token = nil
# assert_get(url) do |body|
# lines = body.split("\n").grep(/csrf-token/)
# assert lines.any?, 'failed to find csrf-token'
# csrf_token = lines.first.split('"')[1]
# assert csrf_token, 'failed to find csrf-token'
# end
end
|