Merge remote-tracking branch 'origin/develop'

Conflicts: app/assets/javascripts/srp test/nagios/soledad_sync.py test/nagios/webapp_login.py
author: Azul <azul@leap.se> 2014-05-16 08:42:36 +0200
committer: Azul <azul@leap.se> 2014-05-16 08:42:36 +0200
commit: 8fbbb8717f0578536b97c2dc0883c632f120e976 (patch)
tree: 17aeb2b48ada703ac916a9a65fbf3c75a5dadb86 /test/functional
parent: 81555ec6244ed76f92e3629880f68104b8705817 (diff)
parent: a4f7a410c536d88c91c834cab6ee950c71005ddd (diff)
12 files changed, 662 insertions, 0 deletions
diff --git a/test/functional/application_controller_test.rb b/test/functional/application_controller_test.rb
new file mode 100644
index 0000000..c4c922b
--- /dev/null
+++ b/test/functional/application_controller_test.rb
@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class ApplicationControllerTest < ActionController::TestCase
+
+  def setup
+    # so we can test the effect on the response
+    @controller.response = @response
+  end
+
+  def test_require_login_redirect
+    @controller.send(:require_login)
+    assert_access_denied(true, false)
+  end
+
+  def test_require_login
+    login
+    @controller.send(:require_login)
+    assert_access_denied(false)
+  end
+
+  def test_require_admin
+    login
+    @current_user.expects(:is_admin?).returns(false)
+    @controller.send(:require_admin)
+    assert_access_denied
+  end
+
+end
diff --git a/test/functional/helper_methods_test.rb b/test/functional/helper_methods_test.rb
new file mode 100644
index 0000000..44226ae
--- /dev/null
+++ b/test/functional/helper_methods_test.rb
@@ -0,0 +1,39 @@
+#
+# Testing and documenting the helper methods available from
+# ApplicationController
+#
+
+require 'test_helper'
+
+class HelperMethodsTest < ActionController::TestCase
+  tests ApplicationController
+
+  # we test them right in here...
+  include ApplicationController._helpers
+
+  # the helpers all reference the controller.
+  def controller
+    @controller
+  end
+
+  def test_current_user
+    login
+    assert_equal @current_user, current_user
+  end
+
+  def test_logged_in
+    login
+    assert logged_in?
+  end
+
+  def test_logged_out
+    assert !logged_in?
+  end
+
+  def test_admin
+    login
+    @current_user.expects(:is_admin?).returns(bool = stub)
+    assert_equal bool, admin?
+  end
+
+end
diff --git a/test/functional/keys_controller_test.rb b/test/functional/keys_controller_test.rb
new file mode 100644
index 0000000..863be93
--- /dev/null
+++ b/test/functional/keys_controller_test.rb
@@ -0,0 +1,32 @@
+require 'test_helper'
+
+class KeysControllerTest < ActionController::TestCase
+
+  test "get existing public key" do
+    public_key = 'my public key'
+    @user = stub_record :user, :public_key => public_key
+    User.stubs(:find_by_login).with(@user.login).returns(@user)
+    get :show, :login => @user.login
+    assert_response :success
+    assert_equal "text/text", response.content_type
+    assert_equal public_key, response.body
+  end
+
+  test "get non-existing public key for user" do
+    # this isn't a scenerio that should generally occur.
+    @user = stub_record :user
+    User.stubs(:find_by_login).with(@user.login).returns(@user)
+    get :show, :login => @user.login
+    assert_response :success
+    assert_equal "text/text", response.content_type
+    assert_equal '', response.body.strip
+  end
+
+  test "get public key for non-existing user" do
+    # raise 404 error if user doesn't exist (doesn't need to be this routing error, but seems fine to assume for now):
+    assert_raise(ActionController::RoutingError) {
+      get :show, :login => 'asdkljslksjfdlskfj'
+    }
+  end
+
+end
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb
new file mode 100644
index 0000000..fe7903f
--- /dev/null
+++ b/test/functional/sessions_controller_test.rb
@@ -0,0 +1,59 @@
+require 'test_helper'
+
+# This is a simple controller unit test.
+# We're stubbing out both warden and srp.
+# There's an integration test testing the full rack stack and srp
+class SessionsControllerTest < ActionController::TestCase
+
+  setup do
+    @user = stub :login => "me", :id => 123
+    @client_hex = 'a123'
+  end
+
+  test "should get login screen" do
+    get :new
+    assert_response :success
+    assert_equal "text/html", response.content_type
+    assert_template "sessions/new"
+  end
+
+  test "redirect to home_url if logged in" do
+    login
+    get :new
+    assert_response :redirect
+    assert_redirected_to home_url
+  end
+
+  test "renders json" do
+    get :new, :format => :json
+    assert_response :success
+    assert_json_error nil
+  end
+
+  test "renders warden errors" do
+    request.env['warden.options'] = {attempted_path: '/1/sessions/asdf.json'}
+    strategy = stub :message => {:field => :translate_me}
+    request.env['warden'].stubs(:winning_strategy).returns(strategy)
+    I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
+    get :new, :format => :json
+    assert_response 422
+    assert_json_error :field => "translation stub"
+  end
+
+  test "renders failed attempt message" do
+    request.env['warden.options'] = {attempted_path: '/1/sessions/asdf.json'}
+    request.env['warden'].stubs(:winning_strategy).returns(nil)
+    get :new, :format => :json
+    assert_response 422
+    assert_json_error :login => I18n.t(:all_strategies_failed)
+  end
+
+  test "destory should logout" do
+    login
+    expect_logout
+    delete :destroy
+    assert_response :redirect
+    assert_redirected_to home_url
+  end
+
+end
diff --git a/test/functional/test_helpers_test.rb b/test/functional/test_helpers_test.rb
new file mode 100644
index 0000000..845e516
--- /dev/null
+++ b/test/functional/test_helpers_test.rb
@@ -0,0 +1,38 @@
+#
+# There are a few test helpers for dealing with login etc.
+# We test them here and also document their behaviour.
+#
+
+require 'test_helper'
+
+class TestHelpersTest < ActionController::TestCase
+  tests ApplicationController # testing no controller in particular
+
+  def test_login_stubs_warden
+    login
+    assert_equal @current_user, request.env['warden'].user
+  end
+
+  def test_login_token_authenticates
+    login
+    assert_equal @current_user, @controller.send(:token_authenticate)
+  end
+
+  def test_login_stubs_token
+    login
+    assert @token
+    assert_equal @current_user, @token.authenticate
+  end
+
+  def test_login_adds_token_header
+    login
+    token_present = @controller.authenticate_with_http_token do |token, options|
+      assert_equal @token.id, token
+    end
+    # authenticate_with_http_token just returns nil and does not
+    # execute the block if there is no token. So we have to also
+    # ensure it was run:
+    assert token_present
+  end
+end
+
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
new file mode 100644
index 0000000..0713836
--- /dev/null
+++ b/test/functional/users_controller_test.rb
@@ -0,0 +1,165 @@
+require 'test_helper'
+
+class UsersControllerTest < ActionController::TestCase
+
+  test "should get new" do
+    get :new
+    assert_equal User, assigns(:user).class
+    assert_response :success
+  end
+
+  test "new should redirect logged in users" do
+    login
+    get :new
+    assert_response :redirect
+    assert_redirected_to home_path
+  end
+
+  test "failed show without login" do
+    user = find_record :user
+    get :show, :id => user.id
+    assert_response :redirect
+    assert_redirected_to login_path
+  end
+
+  test "user can see user" do
+    user = find_record :user,
+      :most_recent_tickets => []
+    login user
+    get :show, :id => user.id
+    assert_response :success
+  end
+
+  test "admin can see other user" do
+    user = find_record :user,
+      :most_recent_tickets => []
+    login :is_admin? => true
+    get :show, :id => user.id
+    assert_response :success
+
+  end
+
+  test "user cannot see other user" do
+    user = find_record :user,
+      :most_recent_tickets => []
+    login
+    get :show, :id => user.id
+    assert_response :redirect
+    assert_access_denied
+  end
+
+  test "may not show non-existing user without auth" do
+    nonid = 'thisisnotanexistinguserid'
+
+    get :show, :id => nonid
+    assert_access_denied(true, false)
+  end
+
+  test "may not show non-existing user without admin" do
+    nonid = 'thisisnotanexistinguserid'
+    login
+
+    get :show, :id => nonid
+    assert_access_denied
+  end
+
+  test "redirect admin to user list for non-existing user" do
+    nonid = 'thisisnotanexistinguserid'
+    login :is_admin? => true
+    get :show, :id => nonid
+    assert_response :redirect
+    assert_equal({:alert => "No such user."}, flash.to_hash)
+    assert_redirected_to users_path
+  end
+
+  test "should get edit view" do
+    user = find_record :user
+
+    login user
+    get :edit, :id => user.id
+
+    assert_equal user, assigns[:user]
+  end
+
+  test "admin can destroy user" do
+    user = find_record :user
+
+    # we destroy the user record and the associated data...
+    user.expects(:destroy)
+    Identity.expects(:disable_all_for).with(user)
+    Ticket.expects(:destroy_all_from).with(user)
+
+    login :is_admin? => true
+    delete :destroy, :id => user.id
+
+    assert_response :redirect
+    assert_redirected_to users_path
+  end
+
+  test "user can cancel account" do
+    user = find_record :user
+
+    # we destroy the user record and the associated data...
+    user.expects(:destroy)
+    Identity.expects(:disable_all_for).with(user)
+    Ticket.expects(:destroy_all_from).with(user)
+
+    login user
+    expect_logout
+    delete :destroy, :id => @current_user.id
+
+    assert_response :redirect
+    assert_redirected_to bye_url
+  end
+
+  test "non-admin can't destroy user" do
+    user = find_record :user
+
+    login
+    delete :destroy, :id => user.id
+
+    assert_access_denied
+  end
+
+  test "admin can list users" do
+    login :is_admin? => true
+    get :index
+
+    assert_response :success
+    assert assigns(:users)
+  end
+
+  test "non-admin can't list users" do
+    login
+    get :index
+
+    assert_access_denied
+  end
+
+  test "admin can search users" do
+    login :is_admin? => true
+    get :index, :query => "a"
+
+    assert_response :success
+    assert assigns(:users)
+  end
+
+  test "user cannot enable own account" do
+    user = find_record :user
+    login
+    post :enable, :id => user.id
+    assert_access_denied
+  end
+
+  test "admin can deactivate user" do
+    user = find_record :user
+    assert user.enabled?
+    user.expects(:save).returns(true)
+
+    login :is_admin? => true
+
+    post :deactivate, :id => user.id
+    assert !assigns(:user).enabled?
+  end
+
+end
diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb
new file mode 100644
index 0000000..fb8e9c4
--- /dev/null
+++ b/test/functional/v1/certs_controller_test.rb
@@ -0,0 +1,46 @@
+require 'test_helper'
+
+class V1::CertsControllerTest < ActionController::TestCase
+
+  test "send unlimited cert without login" do
+    with_config allow_anonymous_certs: true do
+      cert = expect_cert('UNLIMITED')
+      get :show
+      assert_response :success
+      assert_equal cert.to_s, @response.body
+    end
+  end
+
+  test "send limited cert" do
+    with_config allow_limited_certs: true do
+      login
+      cert = expect_cert('LIMITED')
+      get :show
+      assert_response :success
+      assert_equal cert.to_s, @response.body
+    end
+  end
+
+  test "send unlimited cert" do
+    login effective_service_level: ServiceLevel.new(id: 2)
+    cert = expect_cert('UNLIMITED')
+    get :show
+    assert_response :success
+    assert_equal cert.to_s, @response.body
+  end
+
+  test "redirect if no eip service offered" do
+    get :show
+    assert_response :redirect
+  end
+
+  protected
+
+  def expect_cert(prefix)
+    cert = stub :to_s => "#{prefix.downcase} cert"
+    ClientCertificate.expects(:new).
+      with(:prefix => prefix).
+      returns(cert)
+    return cert
+  end
+end
diff --git a/test/functional/v1/messages_controller_test.rb b/test/functional/v1/messages_controller_test.rb
new file mode 100644
index 0000000..24a5b1f
--- /dev/null
+++ b/test/functional/v1/messages_controller_test.rb
@@ -0,0 +1,57 @@
+require 'test_helper'
+
+class V1::MessagesControllerTest < ActionController::TestCase
+
+  setup do
+    @user = FactoryGirl.build(:user)
+    @user.save
+    @message = Message.new(:text => 'a test message')
+    @message.user_ids_to_show << @user.id
+    @message.save
+  end
+
+  teardown do
+    @message.destroy
+    @user.destroy
+  end
+
+  test "get messages for user" do
+    login @user
+    get :index
+    assert response.body.include? @message.text
+    assert response.body.include? @message.id
+  end
+
+  test "mark message read for user" do
+    login @user
+    assert @message.user_ids_to_show.include?(@user.id)
+    assert !@message.user_ids_have_shown.include?(@user.id)
+    put :update, :id => @message.id
+    @message.reload
+    assert !@message.user_ids_to_show.include?(@user.id)
+    assert @message.user_ids_have_shown.include?(@user.id)
+    assert_json_response true
+  end
+
+  test "do not get seen messages" do
+    login @user
+    put :update, :id => @message.id
+    @message.reload
+    get :index
+    assert !(response.body.include? @message.text)
+    assert !(response.body.include? @message.id)
+  end
+
+
+  test "mark read responds even with bad inputs" do
+    login @user
+    put :update, :id => 'more nonsense'
+    assert_json_response false
+ end
+
+  test "fails if not authenticated" do
+    get :index, :format => :json
+    assert_access_denied
+  end
+
+end
diff --git a/test/functional/v1/services_controller_test.rb b/test/functional/v1/services_controller_test.rb
new file mode 100644
index 0000000..cde7d9f
--- /dev/null
+++ b/test/functional/v1/services_controller_test.rb
@@ -0,0 +1,29 @@
+require 'test_helper'
+
+class V1::ServicesControllerTest < ActionController::TestCase
+
+  test "anonymous user gets login required service info" do
+    get :show, format: :json
+    assert_json_response name: 'anonymous',
+      eip_rate_limit: false,
+      description: 'please login to access our services'
+  end
+
+  test "anonymous user gets vpn service info" do
+    with_config allow_anonymous_certs: true do
+      get :show, format: :json
+      assert_json_response name: 'anonymous',
+        eip_rate_limit: false,
+        description: 'anonymous access to the VPN'
+    end
+  end
+
+  test "user can see their service info" do
+    login
+    get :show, format: :json
+    default_level = APP_CONFIG[:default_service_level]
+    assert_json_response APP_CONFIG[:service_levels][default_level]
+  end
+
+end
+
diff --git a/test/functional/v1/sessions_controller_test.rb b/test/functional/v1/sessions_controller_test.rb
new file mode 100644
index 0000000..df0d681
--- /dev/null
+++ b/test/functional/v1/sessions_controller_test.rb
@@ -0,0 +1,62 @@
+require 'test_helper'
+
+# This is a simple controller unit test.
+# We're stubbing out both warden and srp.
+# There's an integration test testing the full rack stack and srp
+class V1::SessionsControllerTest < ActionController::TestCase
+
+  setup do
+    @request.env['HTTP_HOST'] = 'api.lvh.me'
+    @user = stub_record :user, {}, true
+    @client_hex = 'a123'
+  end
+
+  test "renders json" do
+    get :new, :format => :json
+    assert_response :success
+    assert_json_error nil
+  end
+
+  test "renders warden errors" do
+    request.env['warden.options'] = {attempted_path: 'path/to/controller'}
+    strategy = stub :message => {:field => :translate_me}
+    request.env['warden'].stubs(:winning_strategy).returns(strategy)
+    I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
+    get :new, :format => :json
+    assert_response 422
+    assert_json_error :field => "translation stub"
+  end
+
+  # Warden takes care of parsing the params and
+  # rendering the response. So not much to test here.
+  test "should perform handshake" do
+    request.env['warden'].expects(:authenticate!)
+    # make sure we don't get a template missing error:
+    @controller.stubs(:render)
+    post :create, :login => @user.login, 'A' => @client_hex
+  end
+
+  test "should authenticate" do
+    request.env['warden'].expects(:authenticate!)
+    @controller.stubs(:current_user).returns(@user)
+    handshake = stub(:to_hash => {h: "ash"})
+    session[:handshake] = handshake
+
+    post :update, :id => @user.login, :client_auth => @client_hex
+
+    assert_nil session[:handshake]
+    assert_response :success
+    assert json_response.keys.include?("id")
+    assert json_response.keys.include?("token")
+    assert token = Token.find(json_response['token'])
+    assert_equal @user.id, token.user_id
+  end
+
+  test "destroy should logout" do
+    login
+    expect_logout
+    delete :destroy
+    assert_response 204
+  end
+
+end
diff --git a/test/functional/v1/users_controller_test.rb b/test/functional/v1/users_controller_test.rb
new file mode 100644
index 0000000..7cd9b0c
--- /dev/null
+++ b/test/functional/v1/users_controller_test.rb
@@ -0,0 +1,74 @@
+require 'test_helper'
+
+class V1::UsersControllerTest < ActionController::TestCase
+
+  test "user can change settings" do
+    user = find_record :user
+    changed_attribs = record_attributes_for :user_with_settings
+    account_settings = stub
+    account_settings.expects(:update).with(changed_attribs)
+    Account.expects(:new).with(user).returns(account_settings)
+
+    login user
+    put :update, :user => changed_attribs, :id => user.id, :format => :json
+
+    assert_equal user, assigns[:user]
+    assert_response 204
+    assert_equal " ", @response.body
+  end
+
+  test "admin can update user" do
+    user = find_record :user
+    changed_attribs = record_attributes_for :user_with_settings
+    account_settings = stub
+    account_settings.expects(:update).with(changed_attribs)
+    Account.expects(:new).with(user).returns(account_settings)
+
+    login :is_admin? => true
+    put :update, :user => changed_attribs, :id => user.id, :format => :json
+
+    assert_equal user, assigns[:user]
+    assert_response 204
+  end
+
+  test "user cannot update other user" do
+    user = find_record :user
+    login
+    put :update, :user => record_attributes_for(:user_with_settings), :id => user.id, :format => :json
+    assert_access_denied
+  end
+
+  test "should create new user" do
+    user_attribs = record_attributes_for :user
+    user = User.new(user_attribs)
+    Account.expects(:create).with(user_attribs).returns(user)
+
+    post :create, :user => user_attribs, :format => :json
+
+    assert_nil session[:user_id]
+    assert_json_response user
+    assert_response :success
+  end
+
+  test "should redirect to signup form on failed attempt" do
+    user_attribs = record_attributes_for :user
+    user_attribs.slice!('login')
+    user = User.new(user_attribs)
+    assert !user.valid?
+    Account.expects(:create).with(user_attribs).returns(user)
+
+    post :create, :user => user_attribs, :format => :json
+
+    assert_json_error user.errors.messages
+    assert_response 422
+  end
+
+  test "admin can autocomplete users" do
+    login :is_admin? => true
+    get :index, :query => 'a', :format => :json
+
+    assert_response :success
+    assert assigns(:users)
+  end
+
+end
diff --git a/test/functional/webfinger_controller_test.rb b/test/functional/webfinger_controller_test.rb
new file mode 100644
index 0000000..6597b69
--- /dev/null
+++ b/test/functional/webfinger_controller_test.rb
@@ -0,0 +1,33 @@
+require 'test_helper'
+
+class WebfingerControllerTest < ActionController::TestCase
+
+  test "get host meta xml" do
+    get :host_meta, :format => :xml
+    assert_response :success
+    assert_equal "application/xml", response.content_type
+  end
+
+  test "get host meta json" do
+    get :host_meta, :format => :json
+    assert_response :success
+    assert_equal "application/json", response.content_type
+  end
+
+  test "get user webfinger xml" do
+    @user = stub_record :user, :public_key => 'my public key'
+    User.stubs(:find_by_login).with(@user.login).returns(@user)
+    get :search, :q => @user.email_address.to_s, :format => :xml
+    assert_response :success
+    assert_equal "application/xml", response.content_type
+  end
+
+  test "get user webfinger json" do
+    @user = stub_record :user, :public_key => 'my public key'
+    User.stubs(:find_by_login).with(@user.login).returns(@user)
+    get :search, :q => @user.email_address.to_s, :format => :json
+    assert_response :success
+    assert_equal "application/json", response.content_type
+  end
+
+end
author	Azul <azul@leap.se>	2014-05-16 08:42:36 +0200
committer	Azul <azul@leap.se>	2014-05-16 08:42:36 +0200
commit	8fbbb8717f0578536b97c2dc0883c632f120e976 (patch)
tree	17aeb2b48ada703ac916a9a65fbf3c75a5dadb86 /test/functional
parent	81555ec6244ed76f92e3629880f68104b8705817 (diff)
parent	a4f7a410c536d88c91c834cab6ee950c71005ddd (diff)