summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore5
-rw-r--r--.travis.yml2
-rw-r--r--certs/app/controllers/certs_controller.rb7
-rw-r--r--certs/app/models/cert.rb57
-rw-r--r--certs/app/models/leap_ca/cert.rb56
-rw-r--r--certs/config/locales/en.yml2
-rw-r--r--certs/test/functional/certs_controller_test.rb6
-rw-r--r--certs/test/unit/cert_pool_test.rb35
-rw-r--r--certs/test/unit/cert_test.rb46
-rw-r--r--users/app/controllers/sessions_controller.rb1
-rw-r--r--users/app/controllers/v1/sessions_controller.rb1
-rw-r--r--users/test/integration/api/account_flow_test.rb8
12 files changed, 119 insertions, 107 deletions
diff --git a/.gitignore b/.gitignore
index a3f0974..974d05e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,8 @@ Gemfile.lock
*/Gemfile.lock
test/dummy/log/*
test/dummy/tmp/*
+config/couchdb.yml
+public/assets/*
+public/ca.crt
+public/config/*
+public/provider.json
diff --git a/.travis.yml b/.travis.yml
index 984e24a..6b9a119 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,2 +1,4 @@
services:
- couchdb
+notifications:
+ email: false
diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
index 402bef3..d81aea0 100644
--- a/certs/app/controllers/certs_controller.rb
+++ b/certs/app/controllers/certs_controller.rb
@@ -4,8 +4,11 @@ class CertsController < ApplicationController
# GET /cert
def show
- @cert = Cert.pick_from_pool
- render :text => @cert.zipped, :content_type => 'text/plain'
+ @cert = LeapCA::Cert.pick_from_pool
+ render :text => @cert.key + @cert.cert, :content_type => 'text/plain'
+ rescue RECORD_NOT_FOUND
+ flash[:error] = t(:cert_pool_empty)
+ redirect_to root_path
end
end
diff --git a/certs/app/models/cert.rb b/certs/app/models/cert.rb
deleted file mode 100644
index 9a6c98d..0000000
--- a/certs/app/models/cert.rb
+++ /dev/null
@@ -1,57 +0,0 @@
-class Cert < CouchRest::Model::Base
-
- use_database 'client_certificates'
-
- timestamps!
-
- property :random, Float, :accessible => false
-
- before_validation :set_random, :attach_zip, :on => :create
-
- validates :random, :presence => true,
- :numericality => {:greater_than => 0, :less_than => 1}
-
- validates :zip_attachment, :presence => true
-
- design do
- view :by_random
- end
-
- class << self
- def sample
- self.by_random.startkey(rand).first || self.by_random.first
- end
-
- def pick_from_pool
- cert = self.sample || self.create!
- cert.destroy
- return cert
- rescue RESOURCE_NOT_FOUND
- retry if Cert.by_random.count > 0
- raise RECORD_NOT_FOUND
- end
-
- end
-
- def set_random
- self.random = rand
- end
-
- def attach_zip
- file = File.open(Rails.root.join("config", "cert"))
- self.create_attachment :file => file, :name => zipname
- end
-
- def zipname
- 'cert.txt'
- end
-
- def zip_attachment
- attachments[zipname]
- end
-
- def zipped
- read_attachment(zipname)
- end
-
-end
diff --git a/certs/app/models/leap_ca/cert.rb b/certs/app/models/leap_ca/cert.rb
new file mode 100644
index 0000000..9d4f15e
--- /dev/null
+++ b/certs/app/models/leap_ca/cert.rb
@@ -0,0 +1,56 @@
+#
+# Model for certificates stored in CouchDB.
+#
+# This file must be loaded after Config has been loaded.
+#
+
+module LeapCA
+ class Cert < CouchRest::Model::Base
+
+# No config yet. use_database LeapCA::Config.db_name
+ use_database 'client_certificates'
+
+ timestamps!
+
+ property :key, String # the client private RSA key
+ property :cert, String # the client x509 certificate, signed by the CA
+ property :valid_until, Time # expiration time of the client certificate
+ property :random, Float, :accessible => false # used to help pick a random cert by the webapp
+
+ before_validation :set_random, :on => :create
+
+ validates :key, :presence => true
+ validates :cert, :presence => true
+ validates :random, :presence => true
+ validates :random, :numericality => {:greater_than => 0, :less_than => 1}
+
+ design do
+ view :by_random
+ end
+
+ def set_random
+ self.random = rand
+ end
+
+ class << self
+ def sample
+ self.by_random.startkey(rand).first || self.by_random.first
+ end
+
+ def pick_from_pool
+ cert = self.sample
+ raise RECORD_NOT_FOUND unless cert
+ cert.destroy
+ return cert
+ rescue RESOURCE_NOT_FOUND
+ retry if self.by_random.count > 0
+ raise RECORD_NOT_FOUND
+ end
+
+ def valid_attributes_hash
+ {:key => "ABCD", :cert => "A123"}
+ end
+ end
+
+ end
+end
diff --git a/certs/config/locales/en.yml b/certs/config/locales/en.yml
new file mode 100644
index 0000000..18e4f47
--- /dev/null
+++ b/certs/config/locales/en.yml
@@ -0,0 +1,2 @@
+en:
+ cert_pool_empty: "Sorry the Cert pool is empty, please check back later."
diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb
index 9bba8c0..3d6946e 100644
--- a/certs/test/functional/certs_controller_test.rb
+++ b/certs/test/functional/certs_controller_test.rb
@@ -12,10 +12,10 @@ class CertsControllerTest < ActionController::TestCase
test "should send cert" do
login
- cert = stub :zipped => "adsf", :zipname => "cert_stub.zip"
- Cert.expects(:pick_from_pool).returns(cert)
+ cert = stub :cert => "adsf", :key => "key"
+ LeapCA::Cert.expects(:pick_from_pool).returns(cert)
get :show
assert_response :success
- assert_equal cert.zipped, @response.body
+ assert_equal cert.key + cert.cert, @response.body
end
end
diff --git a/certs/test/unit/cert_pool_test.rb b/certs/test/unit/cert_pool_test.rb
index 24ace57..06f7ce0 100644
--- a/certs/test/unit/cert_pool_test.rb
+++ b/certs/test/unit/cert_pool_test.rb
@@ -3,49 +3,50 @@ require 'test_helper'
class CertPoolTest < ActiveSupport::TestCase
setup do
- 2.times { Cert.create! }
+ 2.times { LeapCA::Cert.create(LeapCA::Cert.valid_attributes_hash) }
end
teardown do
- Cert.all.each {|c| c.destroy}
+ LeapCA::Cert.all.each {|c| c.destroy}
end
test "picks random sample" do
- Cert.create! # with 3 certs chances are pretty low we pick the same one 40 times.
+ # with 3 certs chances are pretty low we pick the same one 40 times.
+ LeapCA::Cert.create! LeapCA::Cert.valid_attributes_hash
picked = []
- first = Cert.sample.id
- current = Cert.sample.id
+ first = LeapCA::Cert.sample.id
+ current = LeapCA::Cert.sample.id
40.times do
break if current != first
- current = Cert.sample.id
+ current = LeapCA::Cert.sample.id
end
assert_not_equal current, first
end
test "picks cert from the pool" do
- assert_difference "Cert.count", -1 do
- cert = Cert.pick_from_pool
+ assert_difference "LeapCA::Cert.count", -1 do
+ cert = LeapCA::Cert.pick_from_pool
end
end
test "err's out if all certs have been destroyed" do
- sample = Cert.first.tap{|c| c.destroy}
- Cert.all.each {|c| c.destroy}
+ sample = LeapCA::Cert.first.tap{|c| c.destroy}
+ LeapCA::Cert.all.each {|c| c.destroy}
assert_raises RECORD_NOT_FOUND do
- Cert.expects(:sample).returns(sample)
- cert = Cert.pick_from_pool
+ LeapCA::Cert.expects(:sample).returns(sample)
+ cert = LeapCA::Cert.pick_from_pool
end
end
test "picks other cert if first pick has been destroyed" do
- first = Cert.first.tap{|c| c.destroy}
- second = Cert.first
- Cert.expects(:sample).at_least_once.
+ first = LeapCA::Cert.first.tap{|c| c.destroy}
+ second = LeapCA::Cert.first
+ LeapCA::Cert.expects(:sample).at_least_once.
returns(first).
then.returns(second)
- cert = Cert.pick_from_pool
+ cert = LeapCA::Cert.pick_from_pool
assert_equal second, cert
- assert_nil Cert.first
+ assert_nil LeapCA::Cert.first
end
end
diff --git a/certs/test/unit/cert_test.rb b/certs/test/unit/cert_test.rb
index 9362da2..0b21d0b 100644
--- a/certs/test/unit/cert_test.rb
+++ b/certs/test/unit/cert_test.rb
@@ -3,47 +3,37 @@ require 'test_helper'
class CertTest < ActiveSupport::TestCase
setup do
- @sample = Cert.new
- @sample.set_random
- @sample.attach_zip
+ @sample = LeapCA::Cert.new LeapCA::Cert.valid_attributes_hash
end
- test "certs come with attachments" do
- assert @sample.has_attachment? "cert.txt"
- end
-
- test "cert.zip_attachment returns couchDB attachment" do
- assert_equal "text/plain", @sample.zip_attachment["content_type"]
- end
-
- test "cert.zipped returns the actual data" do
- @sample.save # This is required !
- assert lines = @sample.zipped.split("\n")
- assert_equal 56, lines.count
- assert_equal "-----BEGIN RSA PRIVATE KEY-----", lines.first.chomp
- assert_equal "-----END CERTIFICATE-----", lines.last.chomp
- end
-
- test "cert.zipname returns name for the zip file" do
- assert_equal "cert.txt", @sample.zipname
+ test "stub cert for testing is valid" do
+ assert @sample.valid?
end
- test "test data is valid" do
+ test "setting random on create validation" do
+ @sample.random = "asdf"
assert @sample.valid?
+ assert @sample.random.is_a? Float
+ assert @sample.random >= 0
+ assert @sample.random < 1
end
test "validates random" do
- @sample.stubs(:set_random)
- [0, 1, nil, "asdf"].each do |invalid|
+ @sample.save # make sure we are past the on_create
+ assert @sample.valid?
+ ["asdf", 1, 2, -0.1, nil, "asdf"].each do |invalid|
@sample.random = invalid
assert !@sample.valid?, "#{invalid} should not be a valid value for random"
end
end
- test "validates attachment" do
- @sample.stubs(:attach_zip)
- @sample.delete_attachment(@sample.zipname)
- assert !@sample.valid?, "Cert should require zipped attachment"
+ test "validates key" do
+ @sample.key = nil
+ assert !@sample.valid?, "Cert should require key"
end
+ test "validates cert" do
+ @sample.cert = nil
+ assert !@sample.valid?, "Cert should require cert"
+ end
end
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index bc910b5..0345fbd 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -11,6 +11,7 @@ class SessionsController < ApplicationController
end
def create
+ logout if logged_in?
authenticate!
end
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index 5b4a13b..27d10fb 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -12,6 +12,7 @@ module V1
end
def create
+ logout if logged_in?
authenticate!
end
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index e425c35..7636f2b 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -62,6 +62,14 @@ class AccountFlowTest < ActiveSupport::TestCase
assert server_auth["M2"]
end
+ test "duplicate login does not break things" do
+ server_auth = @srp.authenticate(self)
+ server_auth = @srp.authenticate(self)
+ assert last_response.successful?
+ assert_nil server_auth["errors"]
+ assert server_auth["M2"]
+ end
+
test "signup and wrong password login attempt" do
srp = SRP::Client.new(@login, "wrong password")
server_auth = srp.authenticate(self)