summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-05-15 11:17:47 +0200
committerAzul <azul@leap.se>2014-05-19 14:24:47 +0200
commit71dcf3f4e5d423b78b47f675297fc98b28ef3442 (patch)
tree7415f1f5825abf2d21b2232ccd1ff820f1f513d2 /test
parent5dd6c1529f8f4fc5089c71b0a44e360acaea900d (diff)
SmtpCertsController, routes and tests
Diffstat (limited to 'test')
-rw-r--r--test/functional/v1/smtp_certs_controller_test.rb35
-rw-r--r--test/integration/api/smtp_cert_test.rb51
-rw-r--r--test/support/api_integration_test.rb2
3 files changed, 88 insertions, 0 deletions
diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb
new file mode 100644
index 0000000..f9ba26f
--- /dev/null
+++ b/test/functional/v1/smtp_certs_controller_test.rb
@@ -0,0 +1,35 @@
+require 'test_helper'
+
+class V1::SmtpCertsControllerTest < ActionController::TestCase
+
+ test "no smtp cert without login" do
+ with_config allow_anonymous_certs: true do
+ get :show, format: 'json'
+ assert_access_denied
+ end
+ end
+
+ test "require service level with email" do
+ login
+ get :show
+ assert_access_denied
+ end
+
+ test "send cert with username" do
+ login effective_service_level: ServiceLevel.new(id: 2)
+ cert = expect_cert(@current_user.email_address)
+ get :show
+ assert_response :success
+ assert_equal cert.to_s, @response.body
+ end
+
+ protected
+
+ def expect_cert(prefix)
+ cert = stub :to_s => "#{prefix.downcase} cert"
+ ClientCertificate.expects(:new).
+ with(:prefix => prefix).
+ returns(cert)
+ return cert
+ end
+end
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
new file mode 100644
index 0000000..a579d93
--- /dev/null
+++ b/test/integration/api/smtp_cert_test.rb
@@ -0,0 +1,51 @@
+require 'test_helper'
+require 'openssl'
+
+class SmtpCertTest < ApiIntegrationTest
+
+ test "retrieve smtp cert" do
+ @user = FactoryGirl.create :user, effective_service_level_code: 2
+ login
+ get '/1/smtp_cert', {}, RACK_ENV
+ assert_text_response
+ assert_response_includes "BEGIN RSA PRIVATE KEY"
+ assert_response_includes "END RSA PRIVATE KEY"
+ assert_response_includes "BEGIN CERTIFICATE"
+ assert_response_includes "END CERTIFICATE"
+ end
+
+ test "key matches the cert" do
+ @user = FactoryGirl.create :user, effective_service_level_code: 2
+ login
+ get '/1/smtp_cert', {}, RACK_ENV
+ assert_text_response
+ cert = OpenSSL::X509::Certificate.new(get_response.body)
+ key = OpenSSL::PKey::RSA.new(get_response.body)
+ assert cert.check_private_key(key)
+ end
+
+ # we'll store the fingerprint later.
+ test "fingerprint matches" do
+ @user = FactoryGirl.create :user, effective_service_level_code: 2
+ login
+ get '/1/smtp_cert', {}, RACK_ENV
+ assert_text_response
+ cert = OpenSSL::X509::Certificate.new(get_response.body)
+ fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
+ skip "we're not storing the fingerprints yet"
+ assert_equal fingerprint, @user.identity.cert_fingerprints.last
+ end
+
+ test "fetching smtp certs requires email account" do
+ login
+ get '/1/smtp_cert', {}, RACK_ENV
+ assert_json_response error: I18n.t(:not_authorized)
+ end
+
+ test "no anonymous smtp certs" do
+ with_config allow_anonymous_certs: true do
+ get '/1/smtp_cert', {}, RACK_ENV
+ assert_json_response error: I18n.t(:not_authorized)
+ end
+ end
+end
diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb
index 50c528b..aa9c00d 100644
--- a/test/support/api_integration_test.rb
+++ b/test/support/api_integration_test.rb
@@ -6,6 +6,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest
def login(user = nil)
@user ||= user ||= FactoryGirl.create(:user)
@token ||= DUMMY_TOKEN
+ # make sure @token is up to date if it already exists
+ @token.reload if @token.persisted
@token.user_id = @user.id
@token.last_seen_at = Time.now
@token.save