diff options
author | Azul <azul@riseup.net> | 2012-09-27 22:39:08 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2012-09-27 22:39:08 +0200 |
commit | ebbfe3d77efddbe8f97fa82c171632ac4cfcf6da (patch) | |
tree | b81b55476f4f7889af0e346ebf5dc95afc4a02af /users/test/integration/api/account_flow_test.rb | |
parent | 1208257bcc0e2a6648b68433a7b7e24791f92583 (diff) |
added in leap web users - one repo to rule them all
Diffstat (limited to 'users/test/integration/api/account_flow_test.rb')
-rw-r--r-- | users/test/integration/api/account_flow_test.rb | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb new file mode 100644 index 0000000..e20bcf6 --- /dev/null +++ b/users/test/integration/api/account_flow_test.rb @@ -0,0 +1,69 @@ +require 'test_helper' + +class AccountFlowTest < ActionDispatch::IntegrationTest + + # this test wraps the api and implements the interface the ruby-srp client. + def handshake(login, aa) + post "sessions", :login => login, 'A' => aa.to_s(16) + assert_response :success + response = JSON.parse(@response.body) + if response['errors'] + raise RECORD_NOT_FOUND.new(response['errors']) + else + return response['B'].hex + end + end + + def validate(m) + put "sessions/" + @login, :client_auth => m.to_s(16) + assert_response :success + return JSON.parse(@response.body) + end + + def setup + @login = "integration_test_user" + User.find_by_login(@login).tap{|u| u.destroy if u} + @password = "srp, verify me!" + @srp = SRP::Client.new(@login, @password) + @user_params = { + :login => @login, + :password_verifier => @srp.verifier.to_s(16), + :password_salt => @srp.salt.to_s(16) + } + end + + def teardown + @user.destroy if @user # make sure we can run this test again + end + + test "signup and login with srp via api" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + server_auth = @srp.authenticate(self, @login, @password) + assert_nil server_auth["errors"] + assert server_auth["M2"] + end + + test "signup and wrong password login attempt" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + server_auth = @srp.authenticate(self, @login, "wrong password") + assert_equal ["wrong password"], server_auth["errors"]['password'] + assert_nil server_auth["M2"] + end + + test "signup and wrong username login attempt" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + assert_raises RECORD_NOT_FOUND do + server_auth = @srp.authenticate(self, "wronglogin", @password) + end + end + +end |