Merge pull request #175 from azul/feature/view-for-valid-certs

Feature/view for valid certs
author: azul <azul@leap.se> 2014-07-14 07:52:12 +0200
committer: azul <azul@leap.se> 2014-07-14 07:52:12 +0200
commit: 07b141f3d677e993f02380b455738b20b9f0fe42 (patch)
tree: 553111ac07f6100738f29ddc7165fa800852f224 /test
parent: 1c7308207a9ab46cfb60c72aceaee2b3c82281fe (diff)
parent: 3bbfdf29bbc40432c21e34fe84060cf9ae70273f (diff)
3 files changed, 109 insertions, 73 deletions
diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb
index 9281ae6..3427e2d 100644
--- a/test/functional/v1/smtp_certs_controller_test.rb
+++ b/test/functional/v1/smtp_certs_controller_test.rb
@@ -27,7 +27,8 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase
   protected
 
   def expect_cert(prefix)
-    cert = stub :to_s => "#{prefix.downcase} cert"
+    cert = stub to_s: "#{prefix.downcase} cert",
+      expiry: 1.month.from_now.utc.at_midnight
     ClientCertificate.expects(:new).
       with(:prefix => prefix).
       returns(cert)
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index f72362d..7697e44 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -33,8 +33,10 @@ class SmtpCertTest < ApiIntegrationTest
     assert_text_response
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
-    today = DateTime.now.to_date.to_s
-    assert_equal({fingerprint => today}, @user.reload.identity.cert_fingerprints)
+    expiry = APP_CONFIG[:client_cert_lifespan].months.from_now.utc.midnight
+    expiry_string = expiry.to_date.to_s
+    fingerprints = {fingerprint => expiry_string}
+    assert_equal fingerprints, @user.reload.identity.cert_fingerprints
   end
 
   test "fetching smtp certs requires email account" do
diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb
index 49b2075..cb0f6bd 100644
--- a/test/unit/identity_test.rb
+++ b/test/unit/identity_test.rb
@@ -7,135 +7,163 @@ class IdentityTest < ActiveSupport::TestCase
     @user = find_record :user
   end
 
-  test "blank identity does not crash on valid?" do
-    id = Identity.new
-    assert !id.valid?
+  teardown do
+    if @id && @id.persisted?
+      id = Identity.find(@id.id)
+      id.destroy if id.present?
+    end
   end
 
-  test "enabled identity requires destination" do
-    id = Identity.new user: @user, address: @user.email_address
-    assert !id.valid?
-    assert_equal ["can't be blank"], id.errors[:destination]
+  test "blank @identity does not crash on valid?" do
+    @id = Identity.new
+    assert !@id.valid?
   end
 
-  test "disabled identity requires no destination" do
-    id = Identity.new address: @user.email_address
-    assert id.valid?
+  test "enabled @identity requires destination" do
+    @id = Identity.new user: @user, address: @user.email_address
+    assert !@id.valid?
+    assert_equal ["can't be blank"], @id.errors[:destination]
   end
 
-  test "initial identity for a user" do
-    id = Identity.for(@user)
-    assert_equal @user.email_address, id.address
-    assert_equal @user.email_address, id.destination
-    assert_equal @user, id.user
+  test "disabled @identity requires no destination" do
+    @id = Identity.new address: @user.email_address
+    assert @id.valid?
+  end
+
+  test "initial @identity for a user" do
+    @id = Identity.for(@user)
+    assert_equal @user.email_address, @id.address
+    assert_equal @user.email_address, @id.destination
+    assert_equal @user, @id.user
   end
 
   test "add alias" do
-    id = Identity.for @user, address: alias_name
-    assert_equal LocalEmail.new(alias_name), id.address
-    assert_equal @user.email_address, id.destination
-    assert_equal @user, id.user
+    @id = Identity.for @user, address: alias_name
+    assert_equal LocalEmail.new(alias_name), @id.address
+    assert_equal @user.email_address, @id.destination
+    assert_equal @user, @id.user
   end
 
   test "add forward" do
-    id = Identity.for @user, destination: forward_address
-    assert_equal @user.email_address, id.address
-    assert_equal Email.new(forward_address), id.destination
-    assert_equal @user, id.user
+    @id = Identity.for @user, destination: forward_address
+    assert_equal @user.email_address, @id.address
+    assert_equal Email.new(forward_address), @id.destination
+    assert_equal @user, @id.user
   end
 
   test "forward alias" do
-    id = Identity.for @user, address: alias_name, destination: forward_address
-    assert_equal LocalEmail.new(alias_name), id.address
-    assert_equal Email.new(forward_address), id.destination
-    assert_equal @user, id.user
+    @id = Identity.for @user, address: alias_name, destination: forward_address
+    assert_equal LocalEmail.new(alias_name), @id.address
+    assert_equal Email.new(forward_address), @id.destination
+    assert_equal @user, @id.user
   end
 
   test "prevents duplicates" do
-    id = Identity.create_for @user, address: alias_name, destination: forward_address
+    @id = Identity.create_for @user, address: alias_name, destination: forward_address
     dup = Identity.build_for @user, address: alias_name, destination: forward_address
     assert !dup.valid?
     assert_equal ["has already been taken"], dup.errors[:destination]
-    id.destroy
   end
 
   test "validates availability" do
     other_user = find_record :user
-    id = Identity.create_for @user, address: alias_name, destination: forward_address
+    @id = Identity.create_for @user, address: alias_name, destination: forward_address
     taken = Identity.build_for other_user, address: alias_name
     assert !taken.valid?
     assert_equal ["has already been taken"], taken.errors[:address]
-    id.destroy
   end
 
   test "setting and getting pgp key" do
-    id = Identity.for(@user)
-    id.set_key(:pgp, pgp_key_string)
-    assert_equal pgp_key_string, id.keys[:pgp]
+    @id = Identity.for(@user)
+    @id.set_key(:pgp, pgp_key_string)
+    assert_equal pgp_key_string, @id.keys[:pgp]
   end
 
   test "querying pgp key via couch" do
-    id = Identity.for(@user)
-    id.set_key(:pgp, pgp_key_string)
-    id.save
-    view = Identity.pgp_key_by_email.key(id.address)
+    @id = Identity.for(@user)
+    @id.set_key(:pgp, pgp_key_string)
+    @id.save
+    view = Identity.pgp_key_by_email.key(@id.address)
     assert_equal 1, view.rows.count
     assert result = view.rows.first
-    assert_equal id.address, result["key"]
-    assert_equal id.keys[:pgp], result["value"]
-    id.destroy
+    assert_equal @id.address, result["key"]
+    assert_equal @id.keys[:pgp], result["value"]
   end
 
-  test "fail to add non-local email address as identity address" do
-    id = Identity.for @user, address: forward_address
-    assert !id.valid?
-    assert_match /needs to end in/, id.errors[:address].first
+  test "fail to add non-local email address as @identity address" do
+    @id = Identity.for @user, address: forward_address
+    assert !@id.valid?
+    assert_match /needs to end in/, @id.errors[:address].first
   end
 
   test "alias must meet same conditions as login" do
-    id = Identity.create_for @user, address: alias_name.capitalize
-    assert !id.valid?
+    @id = Identity.create_for @user, address: alias_name.capitalize
+    assert !@id.valid?
     #hacky way to do this, but okay for now:
-    assert id.errors.messages.flatten(2).include? "Must begin with a lowercase letter"
-    assert id.errors.messages.flatten(2).include? "Only lowercase letters, digits, . - and _ allowed."
+    assert @id.errors.messages.flatten(2).include? "Must begin with a lowercase letter"
+    assert @id.errors.messages.flatten(2).include? "Only lowercase letters, digits, . - and _ allowed."
   end
 
   test "destination must be valid email address" do
-    id = Identity.create_for @user, address: @user.email_address, destination: 'ASKJDLFJD'
-    assert !id.valid?
-    assert id.errors.messages[:destination].include? "needs to be a valid email address"
+    @id = Identity.create_for @user, address: @user.email_address, destination: 'ASKJDLFJD'
+    assert !@id.valid?
+    assert @id.errors.messages[:destination].include? "needs to be a valid email address"
   end
 
-  test "disabled identity" do
-    id = Identity.for(@user)
-    id.disable
-    assert_equal @user.email_address, id.address
-    assert_equal nil, id.destination
-    assert_equal nil, id.user
-    assert !id.enabled?
-    assert id.valid?
+  test "disabled @identity" do
+    @id = Identity.for(@user)
+    @id.disable
+    assert_equal @user.email_address, @id.address
+    assert_equal nil, @id.destination
+    assert_equal nil, @id.user
+    assert !@id.enabled?
+    assert @id.valid?
   end
 
-  test "disabled identity blocks handle" do
-    id = Identity.for(@user)
-    id.disable
-    id.save
+  test "disabled @identity blocks handle" do
+    @id = Identity.for(@user)
+    @id.disable
+    @id.save
     other_user = find_record :user
-    taken = Identity.build_for other_user, address: id.address
+    taken = Identity.build_for other_user, address: @id.address
     assert !taken.valid?
     assert_equal ["has already been taken"], taken.errors[:address]
-    Identity.destroy_all_disabled
   end
 
   test "destroy all disabled identities" do
-    id = Identity.for(@user)
-    id.disable
-    id.save
-    assert Identity.count > 0
+    @id = Identity.for(@user)
+    @id.disable
+    @id.save
+    assert Identity.disabled.count > 0
     Identity.destroy_all_disabled
     assert_equal 0, Identity.disabled.count
   end
 
+  test "store cert fingerprint" do
+    @id = Identity.for(@user)
+    @id.register_cert cert_stub
+    entry = {cert_stub.fingerprint => cert_stub.expiry.to_date.to_s}
+    assert_equal entry, @id.cert_fingerprints
+  end
+
+  test "query cert fingerprints by expiry" do
+    @id = Identity.for(@user)
+    @id.register_cert cert_stub
+    @id.save
+    row = Identity.cert_fingerprints_by_expiry.descending.rows.first
+    assert_equal row['key'], cert_stub.expiry.to_date.to_s
+    assert_equal row['value'], cert_stub.fingerprint
+  end
+
+  test "query cert expiry for a cert fingerprint" do
+    @id = Identity.for(@user)
+    @id.register_cert cert_stub
+    @id.save
+    row = Identity.cert_expiry_by_fingerprint.key(cert_stub.fingerprint).rows.first
+    assert_equal row['key'], cert_stub.fingerprint
+    assert_equal row['value'], cert_stub.expiry.to_date.to_s
+  end
+
   def alias_name
     @alias_name ||= Faker::Internet.user_name
   end
@@ -147,4 +175,9 @@ class IdentityTest < ActiveSupport::TestCase
   def pgp_key_string
     @pgp_key ||= "DUMMY PGP KEY ... "+SecureRandom.base64(4096)
   end
+
+  def cert_stub
+    @cert_stub ||= stub expiry: 1.month.from_now,
+    fingerprint: SecureRandom.hex
+  end
 end
author	azul <azul@leap.se>	2014-07-14 07:52:12 +0200
committer	azul <azul@leap.se>	2014-07-14 07:52:12 +0200
commit	07b141f3d677e993f02380b455738b20b9f0fe42 (patch)
tree	553111ac07f6100738f29ddc7165fa800852f224 /test
parent	1c7308207a9ab46cfb60c72aceaee2b3c82281fe (diff)
parent	3bbfdf29bbc40432c21e34fe84060cf9ae70273f (diff)