diff options
-rw-r--r-- | .gitignore | 5 | ||||
-rw-r--r-- | .travis.yml | 2 | ||||
-rw-r--r-- | certs/app/controllers/certs_controller.rb | 7 | ||||
-rw-r--r-- | certs/app/models/cert.rb | 57 | ||||
-rw-r--r-- | certs/app/models/leap_ca/cert.rb | 56 | ||||
-rw-r--r-- | certs/config/locales/en.yml | 2 | ||||
-rw-r--r-- | certs/test/functional/certs_controller_test.rb | 6 | ||||
-rw-r--r-- | certs/test/unit/cert_pool_test.rb | 35 | ||||
-rw-r--r-- | certs/test/unit/cert_test.rb | 46 | ||||
-rw-r--r-- | users/app/controllers/sessions_controller.rb | 1 | ||||
-rw-r--r-- | users/app/controllers/v1/sessions_controller.rb | 1 | ||||
-rw-r--r-- | users/test/integration/api/account_flow_test.rb | 8 |
12 files changed, 119 insertions, 107 deletions
@@ -21,3 +21,8 @@ Gemfile.lock */Gemfile.lock test/dummy/log/* test/dummy/tmp/* +config/couchdb.yml +public/assets/* +public/ca.crt +public/config/* +public/provider.json diff --git a/.travis.yml b/.travis.yml index 984e24a..6b9a119 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,2 +1,4 @@ services: - couchdb +notifications: + email: false diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb index 402bef3..d81aea0 100644 --- a/certs/app/controllers/certs_controller.rb +++ b/certs/app/controllers/certs_controller.rb @@ -4,8 +4,11 @@ class CertsController < ApplicationController # GET /cert def show - @cert = Cert.pick_from_pool - render :text => @cert.zipped, :content_type => 'text/plain' + @cert = LeapCA::Cert.pick_from_pool + render :text => @cert.key + @cert.cert, :content_type => 'text/plain' + rescue RECORD_NOT_FOUND + flash[:error] = t(:cert_pool_empty) + redirect_to root_path end end diff --git a/certs/app/models/cert.rb b/certs/app/models/cert.rb deleted file mode 100644 index 9a6c98d..0000000 --- a/certs/app/models/cert.rb +++ /dev/null @@ -1,57 +0,0 @@ -class Cert < CouchRest::Model::Base - - use_database 'client_certificates' - - timestamps! - - property :random, Float, :accessible => false - - before_validation :set_random, :attach_zip, :on => :create - - validates :random, :presence => true, - :numericality => {:greater_than => 0, :less_than => 1} - - validates :zip_attachment, :presence => true - - design do - view :by_random - end - - class << self - def sample - self.by_random.startkey(rand).first || self.by_random.first - end - - def pick_from_pool - cert = self.sample || self.create! - cert.destroy - return cert - rescue RESOURCE_NOT_FOUND - retry if Cert.by_random.count > 0 - raise RECORD_NOT_FOUND - end - - end - - def set_random - self.random = rand - end - - def attach_zip - file = File.open(Rails.root.join("config", "cert")) - self.create_attachment :file => file, :name => zipname - end - - def zipname - 'cert.txt' - end - - def zip_attachment - attachments[zipname] - end - - def zipped - read_attachment(zipname) - end - -end diff --git a/certs/app/models/leap_ca/cert.rb b/certs/app/models/leap_ca/cert.rb new file mode 100644 index 0000000..9d4f15e --- /dev/null +++ b/certs/app/models/leap_ca/cert.rb @@ -0,0 +1,56 @@ +# +# Model for certificates stored in CouchDB. +# +# This file must be loaded after Config has been loaded. +# + +module LeapCA + class Cert < CouchRest::Model::Base + +# No config yet. use_database LeapCA::Config.db_name + use_database 'client_certificates' + + timestamps! + + property :key, String # the client private RSA key + property :cert, String # the client x509 certificate, signed by the CA + property :valid_until, Time # expiration time of the client certificate + property :random, Float, :accessible => false # used to help pick a random cert by the webapp + + before_validation :set_random, :on => :create + + validates :key, :presence => true + validates :cert, :presence => true + validates :random, :presence => true + validates :random, :numericality => {:greater_than => 0, :less_than => 1} + + design do + view :by_random + end + + def set_random + self.random = rand + end + + class << self + def sample + self.by_random.startkey(rand).first || self.by_random.first + end + + def pick_from_pool + cert = self.sample + raise RECORD_NOT_FOUND unless cert + cert.destroy + return cert + rescue RESOURCE_NOT_FOUND + retry if self.by_random.count > 0 + raise RECORD_NOT_FOUND + end + + def valid_attributes_hash + {:key => "ABCD", :cert => "A123"} + end + end + + end +end diff --git a/certs/config/locales/en.yml b/certs/config/locales/en.yml new file mode 100644 index 0000000..18e4f47 --- /dev/null +++ b/certs/config/locales/en.yml @@ -0,0 +1,2 @@ +en: + cert_pool_empty: "Sorry the Cert pool is empty, please check back later." diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb index 9bba8c0..3d6946e 100644 --- a/certs/test/functional/certs_controller_test.rb +++ b/certs/test/functional/certs_controller_test.rb @@ -12,10 +12,10 @@ class CertsControllerTest < ActionController::TestCase test "should send cert" do login - cert = stub :zipped => "adsf", :zipname => "cert_stub.zip" - Cert.expects(:pick_from_pool).returns(cert) + cert = stub :cert => "adsf", :key => "key" + LeapCA::Cert.expects(:pick_from_pool).returns(cert) get :show assert_response :success - assert_equal cert.zipped, @response.body + assert_equal cert.key + cert.cert, @response.body end end diff --git a/certs/test/unit/cert_pool_test.rb b/certs/test/unit/cert_pool_test.rb index 24ace57..06f7ce0 100644 --- a/certs/test/unit/cert_pool_test.rb +++ b/certs/test/unit/cert_pool_test.rb @@ -3,49 +3,50 @@ require 'test_helper' class CertPoolTest < ActiveSupport::TestCase setup do - 2.times { Cert.create! } + 2.times { LeapCA::Cert.create(LeapCA::Cert.valid_attributes_hash) } end teardown do - Cert.all.each {|c| c.destroy} + LeapCA::Cert.all.each {|c| c.destroy} end test "picks random sample" do - Cert.create! # with 3 certs chances are pretty low we pick the same one 40 times. + # with 3 certs chances are pretty low we pick the same one 40 times. + LeapCA::Cert.create! LeapCA::Cert.valid_attributes_hash picked = [] - first = Cert.sample.id - current = Cert.sample.id + first = LeapCA::Cert.sample.id + current = LeapCA::Cert.sample.id 40.times do break if current != first - current = Cert.sample.id + current = LeapCA::Cert.sample.id end assert_not_equal current, first end test "picks cert from the pool" do - assert_difference "Cert.count", -1 do - cert = Cert.pick_from_pool + assert_difference "LeapCA::Cert.count", -1 do + cert = LeapCA::Cert.pick_from_pool end end test "err's out if all certs have been destroyed" do - sample = Cert.first.tap{|c| c.destroy} - Cert.all.each {|c| c.destroy} + sample = LeapCA::Cert.first.tap{|c| c.destroy} + LeapCA::Cert.all.each {|c| c.destroy} assert_raises RECORD_NOT_FOUND do - Cert.expects(:sample).returns(sample) - cert = Cert.pick_from_pool + LeapCA::Cert.expects(:sample).returns(sample) + cert = LeapCA::Cert.pick_from_pool end end test "picks other cert if first pick has been destroyed" do - first = Cert.first.tap{|c| c.destroy} - second = Cert.first - Cert.expects(:sample).at_least_once. + first = LeapCA::Cert.first.tap{|c| c.destroy} + second = LeapCA::Cert.first + LeapCA::Cert.expects(:sample).at_least_once. returns(first). then.returns(second) - cert = Cert.pick_from_pool + cert = LeapCA::Cert.pick_from_pool assert_equal second, cert - assert_nil Cert.first + assert_nil LeapCA::Cert.first end end diff --git a/certs/test/unit/cert_test.rb b/certs/test/unit/cert_test.rb index 9362da2..0b21d0b 100644 --- a/certs/test/unit/cert_test.rb +++ b/certs/test/unit/cert_test.rb @@ -3,47 +3,37 @@ require 'test_helper' class CertTest < ActiveSupport::TestCase setup do - @sample = Cert.new - @sample.set_random - @sample.attach_zip + @sample = LeapCA::Cert.new LeapCA::Cert.valid_attributes_hash end - test "certs come with attachments" do - assert @sample.has_attachment? "cert.txt" - end - - test "cert.zip_attachment returns couchDB attachment" do - assert_equal "text/plain", @sample.zip_attachment["content_type"] - end - - test "cert.zipped returns the actual data" do - @sample.save # This is required ! - assert lines = @sample.zipped.split("\n") - assert_equal 56, lines.count - assert_equal "-----BEGIN RSA PRIVATE KEY-----", lines.first.chomp - assert_equal "-----END CERTIFICATE-----", lines.last.chomp - end - - test "cert.zipname returns name for the zip file" do - assert_equal "cert.txt", @sample.zipname + test "stub cert for testing is valid" do + assert @sample.valid? end - test "test data is valid" do + test "setting random on create validation" do + @sample.random = "asdf" assert @sample.valid? + assert @sample.random.is_a? Float + assert @sample.random >= 0 + assert @sample.random < 1 end test "validates random" do - @sample.stubs(:set_random) - [0, 1, nil, "asdf"].each do |invalid| + @sample.save # make sure we are past the on_create + assert @sample.valid? + ["asdf", 1, 2, -0.1, nil, "asdf"].each do |invalid| @sample.random = invalid assert !@sample.valid?, "#{invalid} should not be a valid value for random" end end - test "validates attachment" do - @sample.stubs(:attach_zip) - @sample.delete_attachment(@sample.zipname) - assert !@sample.valid?, "Cert should require zipped attachment" + test "validates key" do + @sample.key = nil + assert !@sample.valid?, "Cert should require key" end + test "validates cert" do + @sample.cert = nil + assert !@sample.valid?, "Cert should require cert" + end end diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index bc910b5..0345fbd 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -11,6 +11,7 @@ class SessionsController < ApplicationController end def create + logout if logged_in? authenticate! end diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb index 5b4a13b..27d10fb 100644 --- a/users/app/controllers/v1/sessions_controller.rb +++ b/users/app/controllers/v1/sessions_controller.rb @@ -12,6 +12,7 @@ module V1 end def create + logout if logged_in? authenticate! end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index e425c35..7636f2b 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -62,6 +62,14 @@ class AccountFlowTest < ActiveSupport::TestCase assert server_auth["M2"] end + test "duplicate login does not break things" do + server_auth = @srp.authenticate(self) + server_auth = @srp.authenticate(self) + assert last_response.successful? + assert_nil server_auth["errors"] + assert server_auth["M2"] + end + test "signup and wrong password login attempt" do srp = SRP::Client.new(@login, "wrong password") server_auth = srp.authenticate(self) |