Merge branch 'bugfix/send-406-on-unsupported-format' into 'develop'

Bugfix/send 406 on unsupported format See merge request !5
author: azul <azul@riseup.net> 2016-08-19 10:40:37 +0000
committer: azul <azul@riseup.net> 2016-08-19 10:40:37 +0000
commit: 67302ca1986a66a6d278c34216ad33f4c65a018e (patch)
tree: d55e4c4dd3a6612e04e0fd40e736c8b6d4342762 /test
parent: 44910c0909f28791fe6725fa76301e5111ece3b4 (diff)
parent: fbad882075e745ab7afbe5f89c67544fb3c607c3 (diff)
6 files changed, 36 insertions, 17 deletions
diff --git a/test/functional/api/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb
index f23b4c8..25ceb8e 100644
--- a/test/functional/api/certs_controller_test.rb
+++ b/test/functional/api/certs_controller_test.rb
@@ -57,4 +57,10 @@ class Api::CertsControllerTest < ApiControllerTest
       returns(cert)
     return cert
   end
+
+  # overwrite defaults from ApiController because we don't do json here.
+  def add_api_defaults(args)
+    add_defaults args, version: '2'
+  end
+
 end
diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb
index 03a1ef9..06a3c22 100644
--- a/test/functional/api/sessions_controller_test.rb
+++ b/test/functional/api/sessions_controller_test.rb
@@ -44,7 +44,8 @@ class Api::SessionsControllerTest < ApiControllerTest
 
     api_post :update, :id => @user.login, :client_auth => @client_hex
 
-    assert_nil session[:handshake]
+    assert_nil session[:handshake],
+      'session should be cleared to prevent session fixation attacks'
     assert_response :success
     assert json_response.keys.include?("id")
     assert json_response.keys.include?("token")
diff --git a/test/functional/home_controller_test.rb b/test/functional/home_controller_test.rb
new file mode 100644
index 0000000..cafaac5
--- /dev/null
+++ b/test/functional/home_controller_test.rb
@@ -0,0 +1,16 @@
+require 'test_helper'
+
+class HomeControllerTest < ActionController::TestCase
+
+  def test_renders_okay
+    get :index
+    assert_response :success
+  end
+
+  def test_other_formats_trigger_406
+    assert_raises ActionController::UnknownFormat do
+      get :index, format: :xml
+    end
+  end
+
+end
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index 53382c1..3adddfd 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -3,13 +3,8 @@ require 'openssl'
 
 class SmtpCertTest < ApiIntegrationTest
 
-  setup do
-    @testcode = InviteCode.new
-    @testcode.save!
-  end
-
   test "retrieve smtp cert" do
-    @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+    @user = create_invited_user effective_service_level_code: 2
     login
     post smtp_cert_url, {}, RACK_ENV
     assert_text_response
@@ -20,7 +15,7 @@ class SmtpCertTest < ApiIntegrationTest
   end
 
   test "cert and key" do
-    @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+    @user = create_invited_user effective_service_level_code: 2
     login
     post smtp_cert_url, {}, RACK_ENV
     assert_text_response
@@ -32,7 +27,7 @@ class SmtpCertTest < ApiIntegrationTest
   end
 
   test "fingerprint is stored with identity" do
-    @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code
+    @user = create_invited_user effective_service_level_code: 2
     login
     post smtp_cert_url, {}, RACK_ENV
     assert_text_response
@@ -46,7 +41,6 @@ class SmtpCertTest < ApiIntegrationTest
   end
 
   test "fetching smtp certs requires email account" do
-
     login
     post smtp_cert_url, {}, RACK_ENV
     assert_access_denied
diff --git a/test/support/api_controller_test.rb b/test/support/api_controller_test.rb
index 06cb46a..97d86fc 100644
--- a/test/support/api_controller_test.rb
+++ b/test/support/api_controller_test.rb
@@ -17,7 +17,7 @@ class ApiControllerTest < ActionController::TestCase
   end
 
   def add_api_defaults(args)
-    add_defaults args, version: '2'
+    add_defaults args, version: '2', format: :json
   end
 
   def add_defaults(args, defaults)
diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb
index cea480c..7942558 100644
--- a/test/support/api_integration_test.rb
+++ b/test/support/api_integration_test.rb
@@ -7,13 +7,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
     2
   end
 
-  setup do
-    @testcode = InviteCode.new
-    @testcode.save!
-  end
-
   def login(user = nil)
-    @user ||= user ||= FactoryGirl.create(:user, :invite_code => @testcode.invite_code)
+    @user ||= user ||= create_invited_user
     # DUMMY_TOKEN will be frozen. So let's use a dup
     @token ||= DUMMY_TOKEN.dup
     # make sure @token is up to date if it already exists
@@ -23,6 +18,13 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
     @token.save
   end
 
+  def create_invited_user(options = {})
+    @testcode = InviteCode.new
+    @testcode.save!
+    options.reverse_merge! invite_code: @testcode.invite_code
+    FactoryGirl.create :user, options
+  end
+
   teardown do
     if @user && @user.persisted?
       @user.destroy_identities
author	azul <azul@riseup.net>	2016-08-19 10:40:37 +0000
committer	azul <azul@riseup.net>	2016-08-19 10:40:37 +0000
commit	67302ca1986a66a6d278c34216ad33f4c65a018e (patch)
tree	d55e4c4dd3a6612e04e0fd40e736c8b6d4342762 /test
parent	44910c0909f28791fe6725fa76301e5111ece3b4 (diff)
parent	fbad882075e745ab7afbe5f89c67544fb3c607c3 (diff)