summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorazul <azul@riseup.net>2016-08-19 10:40:37 +0000
committerazul <azul@riseup.net>2016-08-19 10:40:37 +0000
commit67302ca1986a66a6d278c34216ad33f4c65a018e (patch)
treed55e4c4dd3a6612e04e0fd40e736c8b6d4342762 /test
parent44910c0909f28791fe6725fa76301e5111ece3b4 (diff)
parentfbad882075e745ab7afbe5f89c67544fb3c607c3 (diff)
Merge branch 'bugfix/send-406-on-unsupported-format' into 'develop'
Bugfix/send 406 on unsupported format See merge request !5
Diffstat (limited to 'test')
-rw-r--r--test/functional/api/certs_controller_test.rb6
-rw-r--r--test/functional/api/sessions_controller_test.rb3
-rw-r--r--test/functional/home_controller_test.rb16
-rw-r--r--test/integration/api/smtp_cert_test.rb12
-rw-r--r--test/support/api_controller_test.rb2
-rw-r--r--test/support/api_integration_test.rb14
6 files changed, 36 insertions, 17 deletions
diff --git a/test/functional/api/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb
index f23b4c8..25ceb8e 100644
--- a/test/functional/api/certs_controller_test.rb
+++ b/test/functional/api/certs_controller_test.rb
@@ -57,4 +57,10 @@ class Api::CertsControllerTest < ApiControllerTest
returns(cert)
return cert
end
+
+ # overwrite defaults from ApiController because we don't do json here.
+ def add_api_defaults(args)
+ add_defaults args, version: '2'
+ end
+
end
diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb
index 03a1ef9..06a3c22 100644
--- a/test/functional/api/sessions_controller_test.rb
+++ b/test/functional/api/sessions_controller_test.rb
@@ -44,7 +44,8 @@ class Api::SessionsControllerTest < ApiControllerTest
api_post :update, :id => @user.login, :client_auth => @client_hex
- assert_nil session[:handshake]
+ assert_nil session[:handshake],
+ 'session should be cleared to prevent session fixation attacks'
assert_response :success
assert json_response.keys.include?("id")
assert json_response.keys.include?("token")
diff --git a/test/functional/home_controller_test.rb b/test/functional/home_controller_test.rb
new file mode 100644
index 0000000..cafaac5
--- /dev/null
+++ b/test/functional/home_controller_test.rb
@@ -0,0 +1,16 @@
+require 'test_helper'
+
+class HomeControllerTest < ActionController::TestCase
+
+ def test_renders_okay
+ get :index
+ assert_response :success
+ end
+
+ def test_other_formats_trigger_406
+ assert_raises ActionController::UnknownFormat do
+ get :index, format: :xml
+ end
+ end
+
+end
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index 53382c1..3adddfd 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -3,13 +3,8 @@ require 'openssl'
class SmtpCertTest < ApiIntegrationTest
- setup do
- @testcode = InviteCode.new
- @testcode.save!
- end
-
test "retrieve smtp cert" do
- @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+ @user = create_invited_user effective_service_level_code: 2
login
post smtp_cert_url, {}, RACK_ENV
assert_text_response
@@ -20,7 +15,7 @@ class SmtpCertTest < ApiIntegrationTest
end
test "cert and key" do
- @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+ @user = create_invited_user effective_service_level_code: 2
login
post smtp_cert_url, {}, RACK_ENV
assert_text_response
@@ -32,7 +27,7 @@ class SmtpCertTest < ApiIntegrationTest
end
test "fingerprint is stored with identity" do
- @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+ @user = create_invited_user effective_service_level_code: 2
login
post smtp_cert_url, {}, RACK_ENV
assert_text_response
@@ -46,7 +41,6 @@ class SmtpCertTest < ApiIntegrationTest
end
test "fetching smtp certs requires email account" do
-
login
post smtp_cert_url, {}, RACK_ENV
assert_access_denied
diff --git a/test/support/api_controller_test.rb b/test/support/api_controller_test.rb
index 06cb46a..97d86fc 100644
--- a/test/support/api_controller_test.rb
+++ b/test/support/api_controller_test.rb
@@ -17,7 +17,7 @@ class ApiControllerTest < ActionController::TestCase
end
def add_api_defaults(args)
- add_defaults args, version: '2'
+ add_defaults args, version: '2', format: :json
end
def add_defaults(args, defaults)
diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb
index cea480c..7942558 100644
--- a/test/support/api_integration_test.rb
+++ b/test/support/api_integration_test.rb
@@ -7,13 +7,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
2
end
- setup do
- @testcode = InviteCode.new
- @testcode.save!
- end
-
def login(user = nil)
- @user ||= user ||= FactoryGirl.create(:user, :invite_code => @testcode.invite_code)
+ @user ||= user ||= create_invited_user
# DUMMY_TOKEN will be frozen. So let's use a dup
@token ||= DUMMY_TOKEN.dup
# make sure @token is up to date if it already exists
@@ -23,6 +18,13 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
@token.save
end
+ def create_invited_user(options = {})
+ @testcode = InviteCode.new
+ @testcode.save!
+ options.reverse_merge! invite_code: @testcode.invite_code
+ FactoryGirl.create :user, options
+ end
+
teardown do
if @user && @user.persisted?
@user.destroy_identities