summaryrefslogtreecommitdiff
path: root/test/integration/browser
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-05-16 08:42:36 +0200
committerAzul <azul@leap.se>2014-05-16 08:42:36 +0200
commit8fbbb8717f0578536b97c2dc0883c632f120e976 (patch)
tree17aeb2b48ada703ac916a9a65fbf3c75a5dadb86 /test/integration/browser
parent81555ec6244ed76f92e3629880f68104b8705817 (diff)
parenta4f7a410c536d88c91c834cab6ee950c71005ddd (diff)
Merge remote-tracking branch 'origin/develop'
Conflicts: app/assets/javascripts/srp test/nagios/soledad_sync.py test/nagios/webapp_login.py
Diffstat (limited to 'test/integration/browser')
-rw-r--r--test/integration/browser/account_test.rb164
-rw-r--r--test/integration/browser/password_validation_test.rb31
-rw-r--r--test/integration/browser/session_test.rb17
3 files changed, 212 insertions, 0 deletions
diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb
new file mode 100644
index 0000000..491a9e1
--- /dev/null
+++ b/test/integration/browser/account_test.rb
@@ -0,0 +1,164 @@
+require 'test_helper'
+
+class AccountTest < BrowserIntegrationTest
+
+ teardown do
+ Identity.destroy_all_disabled
+ end
+
+ test "signup successfully" do
+ username, password = submit_signup
+ assert page.has_content?("Welcome #{username}")
+ click_on 'Logout'
+ assert page.has_content?("Log In")
+ assert_equal '/', current_path
+ assert user = User.find_by_login(username)
+ user.account.destroy
+ end
+
+ test "signup with username ending in dot json" do
+ username = Faker::Internet.user_name + '.json'
+ submit_signup username
+ assert page.has_content?("Welcome #{username}")
+ end
+
+ test "successful login" do
+ username, password = submit_signup
+ click_on 'Logout'
+ attempt_login(username, password)
+ assert page.has_content?("Welcome #{username}")
+ within('.sidenav li.active') do
+ assert page.has_content?("Overview")
+ end
+ User.find_by_login(username).account.destroy
+ end
+
+ test "failed login" do
+ visit '/'
+ attempt_login("username", "wrong password")
+ assert_invalid_login(page)
+ end
+
+ test "account destruction" do
+ username, password = submit_signup
+ click_on I18n.t('account_settings')
+ click_on I18n.t('destroy_my_account')
+ assert page.has_content?(I18n.t('account_destroyed'))
+ attempt_login(username, password)
+ assert_invalid_login(page)
+ end
+
+ test "handle blocked after account destruction" do
+ username, password = submit_signup
+ click_on I18n.t('account_settings')
+ click_on I18n.t('destroy_my_account')
+ submit_signup(username)
+ assert page.has_content?('has already been taken')
+ end
+
+ test "default user actions" do
+ login
+ click_on "Account Settings"
+ assert page.has_content? I18n.t('destroy_my_account')
+ assert page.has_no_css? '#update_login_and_password'
+ assert page.has_no_css? '#update_pgp_key'
+ end
+
+ test "default admin actions" do
+ login
+ with_config admins: [@user.login] do
+ click_on "Account Settings"
+ assert page.has_content? I18n.t('destroy_my_account')
+ assert page.has_no_css? '#update_login_and_password'
+ assert page.has_css? '#update_pgp_key'
+ end
+ end
+
+ test "change password" do
+ with_config user_actions: ['change_password'] do
+ login
+ click_on "Account Settings"
+ within('#update_login_and_password') do
+ fill_in 'Password', with: "other password"
+ fill_in 'Password confirmation', with: "other password"
+ click_on 'Save'
+ end
+ click_on 'Logout'
+ attempt_login(@user.login, "other password")
+ assert page.has_content?("Welcome #{@user.login}")
+ end
+ end
+
+ test "change pgp key" do
+ with_config user_actions: ['change_pgp_key'] do
+ pgp_key = FactoryGirl.build :pgp_key
+ login
+ click_on "Account Settings"
+ within('#update_pgp_key') do
+ fill_in 'Public key', with: pgp_key
+ click_on 'Save'
+ end
+ page.assert_selector 'input[value="Saving..."]'
+ # at some point we're done:
+ page.assert_no_selector 'input[value="Saving..."]'
+ assert page.has_field? 'Public key', with: pgp_key.to_s
+ assert_equal pgp_key, @user.reload.public_key
+ end
+ end
+
+
+ # trying to seed an invalid A for srp login
+ test "detects attempt to circumvent SRP" do
+ user = FactoryGirl.create :user
+ visit '/login'
+ fill_in 'Username', with: user.login
+ fill_in 'Password', with: "password"
+ inject_malicious_js
+ click_on 'Log In'
+ assert page.has_content?("Invalid random key")
+ assert page.has_no_content?("Welcome")
+ user.destroy
+ end
+
+ test "reports internal server errors" do
+ V1::UsersController.any_instance.stubs(:create).raises
+ submit_signup
+ assert page.has_content?("server failed")
+ end
+
+ test "does not render signup form without js" do
+ Capybara.current_driver = :rack_test # no js
+ visit '/signup'
+ assert page.has_no_content?("Username")
+ assert page.has_no_content?("Password")
+ end
+
+ test "does not render login form without js" do
+ Capybara.current_driver = :rack_test # no js
+ visit '/login'
+ assert page.has_no_content?("Username")
+ assert page.has_no_content?("Password")
+ end
+
+ def attempt_login(username, password)
+ click_on 'Log In'
+ fill_in 'Username', with: username
+ fill_in 'Password', with: password
+ click_on 'Log In'
+ end
+
+ def assert_invalid_login(page)
+ assert page.has_selector? '.btn-primary.disabled'
+ assert page.has_content? I18n.t(:invalid_user_pass)
+ assert page.has_no_selector? '.btn-primary.disabled'
+ end
+
+ def inject_malicious_js
+ page.execute_script <<-EOJS
+ var calc = new srp.Calculate();
+ calc.A = function(_a) {return "00";};
+ calc.S = calc.A;
+ srp.session = new srp.Session(null, calc);
+ EOJS
+ end
+end
diff --git a/test/integration/browser/password_validation_test.rb b/test/integration/browser/password_validation_test.rb
new file mode 100644
index 0000000..45eb0bf
--- /dev/null
+++ b/test/integration/browser/password_validation_test.rb
@@ -0,0 +1,31 @@
+require 'test_helper'
+
+class PasswordValidationTest < BrowserIntegrationTest
+
+ test "password confirmation is validated" do
+ username ||= "test_#{SecureRandom.urlsafe_base64}".downcase
+ password ||= SecureRandom.base64
+ visit '/users/new'
+ fill_in 'Username', with: username
+ fill_in 'Password', with: password
+ fill_in 'Password confirmation', with: password + "-typo"
+ click_on 'Sign Up'
+ assert page.has_content? "does not match."
+ assert_equal '/users/new', current_path
+ assert page.has_selector? ".error #srp_password_confirmation"
+ end
+
+ test "password needs to be at least 8 chars long" do
+ username ||= "test_#{SecureRandom.urlsafe_base64}".downcase
+ password ||= SecureRandom.base64[0,7]
+ visit '/users/new'
+ fill_in 'Username', with: username
+ fill_in 'Password', with: password
+ fill_in 'Password confirmation', with: password
+ click_on 'Sign Up'
+ assert page.has_content? "needs to be at least 8 characters long"
+ assert_equal '/users/new', current_path
+ assert page.has_selector? ".error #srp_password"
+ end
+end
+
diff --git a/test/integration/browser/session_test.rb b/test/integration/browser/session_test.rb
new file mode 100644
index 0000000..fb20847
--- /dev/null
+++ b/test/integration/browser/session_test.rb
@@ -0,0 +1,17 @@
+require 'test_helper'
+
+class SessionTest < BrowserIntegrationTest
+
+ test "valid session" do
+ login
+ assert page.has_content?("Logout")
+ end
+
+ test "expired session" do
+ login
+ pretend_now_is(Time.now + 80.minutes) do
+ visit '/'
+ assert page.has_content?("Log In")
+ end
+ end
+end