summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2012-11-06 11:51:10 +0100
committerAzul <azul@leap.se>2012-11-06 11:51:10 +0100
commitda2804c8f8a800851fa1863f579e2b8e9a57b4cc (patch)
treeaa3dc8b9eb1741870e7f98e9c1c71a626c2979da
parentef90c45998b33ba8606c3786875e21496ace4686 (diff)
first steps towards warden srp testing
-rw-r--r--core/lib/extensions/testing.rb13
-rw-r--r--users/app/controllers/sessions_controller.rb1
-rw-r--r--users/test/integration/api/account_flow_test.rb26
-rw-r--r--users/test/unit/warden_strategy_secure_remote_password_test.rb61
4 files changed, 90 insertions, 11 deletions
diff --git a/core/lib/extensions/testing.rb b/core/lib/extensions/testing.rb
index 14a5698..86a059f 100644
--- a/core/lib/extensions/testing.rb
+++ b/core/lib/extensions/testing.rb
@@ -1,15 +1,22 @@
module LeapWebCore
module AssertResponses
+ # response that works with different TestCases:
+ # ActionController::TestCase has @response
+ # ActionDispatch::IntegrationTest has @response
+ # Rack::Test::Methods defines last_response
+ def get_response
+ @response || last_response
+ end
+
def assert_attachement_filename(name)
assert_equal %Q(attachment; filename="#{name}"),
- @response.headers["Content-Disposition"]
+ get_response.headers["Content-Disposition"]
end
-
def assert_json_response(object)
object.stringify_keys! if object.respond_to? :stringify_keys!
- assert_equal object, JSON.parse(@response.body)
+ assert_equal object, JSON.parse(get_response.body)
end
end
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 722265a..72e2892 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -11,6 +11,7 @@ class SessionsController < ApplicationController
end
def update
+ debugger
authenticate!
end
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index dc475b5..4dcca24 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -1,7 +1,16 @@
require 'test_helper'
-class AccountFlowTest < ActionDispatch::IntegrationTest
+CONFIG_RU = (Rails.root + 'config.ru').to_s
+OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
+
+class AccountFlowTest < ActiveSupport::TestCase
+ include Rack::Test::Methods
include Warden::Test::Helpers
+ include LeapWebCore::AssertResponses
+
+ def app
+ OUTER_APP
+ end
def teardown
Warden.test_reset!
@@ -9,9 +18,9 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
# this test wraps the api and implements the interface the ruby-srp client.
def handshake(login, aa)
- post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json
- assert_response :success
- response = JSON.parse(@response.body)
+ post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json
+ assert last_response.successful?
+ response = JSON.parse(last_response.body)
if response['errors']
raise RECORD_NOT_FOUND.new(response['errors'])
else
@@ -20,9 +29,10 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
end
def validate(m)
- put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json
- assert_response :success
- return JSON.parse(@response.body)
+ debugger
+ put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json
+ assert last_response.successful?
+ return JSON.parse(last_response.body)
end
def setup
@@ -45,7 +55,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
test "signup response" do
assert_json_response :login => @login, :ok => true
- assert_response :success
+ assert last_response.successful?
end
test "signup and login with srp via api" do
diff --git a/users/test/unit/warden_strategy_secure_remote_password_test.rb b/users/test/unit/warden_strategy_secure_remote_password_test.rb
new file mode 100644
index 0000000..ee68fe7
--- /dev/null
+++ b/users/test/unit/warden_strategy_secure_remote_password_test.rb
@@ -0,0 +1,61 @@
+class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase
+
+ setup do
+ @user = stub :login => "me", :id => 123
+ @client_hex = 'a123'
+ @client_rnd = @client_hex.hex
+ @server_hex = 'b123'
+ @server_rnd = @server_hex.hex
+ @server_rnd_exp = 'e123'.hex
+ @salt = 'stub user salt'
+ @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
+ @server_auth = 'adfe'
+ end
+
+
+ test "should perform handshake" do
+ @user.expects(:initialize_auth).
+ with(@client_rnd).
+ returns(@server_handshake)
+ @server_handshake.expects(:to_json).
+ returns({'B' => @server_hex, 'salt' => @salt}.to_json)
+ User.expects(:find_by_param).with(@user.login).returns(@user)
+ assert_equal @server_handshake, session[:handshake]
+ assert_response :success
+ assert_json_response :B => @server_hex, :salt => @salt
+ end
+
+ test "should report user not found" do
+ unknown = "login_that_does_not_exist"
+ User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND)
+ post :create, :login => unknown
+ assert_response :success
+ assert_json_response :errors => {"login" => ["unknown user"]}
+ end
+
+ test "should authorize" do
+ session[:handshake] = @server_handshake
+ @server_handshake.expects(:authenticate!).
+ with(@client_rnd).
+ returns(@user)
+ @server_handshake.expects(:to_json).
+ returns({:M2 => @server_auth}.to_json)
+ post :update, :id => @user.login, :client_auth => @client_hex
+ assert_nil session[:handshake]
+ assert_json_response :M2 => @server_auth
+ assert_equal @user.id, session[:user_id]
+ end
+
+ test "should report wrong password" do
+ session[:handshake] = @server_handshake
+ @server_handshake.expects(:authenticate!).
+ with(@client_rnd).
+ raises(WRONG_PASSWORD)
+ post :update, :id => @user.login, :client_auth => @client_hex
+ assert_nil session[:handshake]
+ assert_nil session[:user_id]
+ assert_json_response :errors => {"password" => ["wrong password"]}
+ end
+
+
+end