diff options
-rw-r--r-- | core/lib/extensions/testing.rb | 2 | ||||
-rw-r--r-- | core/test/support/rack_test.rb | 24 | ||||
-rw-r--r-- | users/test/integration/api/login_test.rb | 38 | ||||
-rw-r--r-- | users/test/integration/api/signup_test.rb | 20 | ||||
-rw-r--r-- | users/test/integration/api/srp_test.rb | 5 | ||||
-rw-r--r-- | users/test/integration/api/update_account_test.rb (renamed from users/test/integration/api/account_flow_test.rb) | 32 |
6 files changed, 89 insertions, 32 deletions
diff --git a/core/lib/extensions/testing.rb b/core/lib/extensions/testing.rb index aad7fc1..d9b6da8 100644 --- a/core/lib/extensions/testing.rb +++ b/core/lib/extensions/testing.rb @@ -22,6 +22,8 @@ module LeapWebCore end def assert_json_response(object) + assert_equal 'application/json', + get_response.content_type.split(';').first if object.is_a? Hash object.stringify_keys! if object.respond_to? :stringify_keys! assert_equal object, json_response diff --git a/core/test/support/rack_test.rb b/core/test/support/rack_test.rb index 0476cf7..2d8e5c4 100644 --- a/core/test/support/rack_test.rb +++ b/core/test/support/rack_test.rb @@ -10,4 +10,28 @@ class RackTest < ActiveSupport::TestCase OUTER_APP end + def assert_access_denied + assert_json_response('error' => I18n.t(:not_authorized)) + assert_response :unprocessable_entity + end + + # inspired by rails 4 + # -> actionpack/lib/action_dispatch/testing/assertions/response.rb + def assert_response(type, message = nil) + # RackTest does not know @response + response_code = last_response.status + message ||= "Expected response to be a <#{type}>, but was <#{response_code}>" + + if Symbol === type + if [:success, :missing, :redirect, :error].include?(type) + assert last_response.send("#{type}?"), message + else + code = Rack::Utils::SYMBOL_TO_STATUS_CODE[type] + assert_equal code, response_code, message + end + else + assert_equal type, response_code, message + end + end + end diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb index a760d38..82219d0 100644 --- a/users/test/integration/api/login_test.rb +++ b/users/test/integration/api/login_test.rb @@ -1,15 +1,43 @@ require 'test_helper' +require_relative 'srp_test' -class LoginTest < RackTest +class LoginTest < SrpTest setup do - @login = "integration_test_user" + register_user end - test "require json requests" do - put "http://api.lvh.me:3000/1/sessions/" + @login, - :client_auth => "This is not a valid login anyway" + test "requires handshake before validation" do + validate("bla") assert_json_error login: I18n.t(:all_strategies_failed) end + test "login with srp" do + authenticate + assert last_response.successful? + assert_nil server_auth["errors"] + assert server_auth["M2"] + end + + test "wrong password login attempt" do + authenticate password: "wrong password" + assert_json_error "base" => "Not a valid username/password combination" + assert !last_response.successful? + assert_nil server_auth["M2"] + end + + test "wrong username login attempt" do + assert_raises RECORD_NOT_FOUND do + authenticate login: "wrong login" + end + assert_json_error "base" => "Not a valid username/password combination" + assert !last_response.successful? + assert_nil server_auth + end + + test "logout" do + authenticate + logout + assert_equal 204, last_response.status + end end diff --git a/users/test/integration/api/signup_test.rb b/users/test/integration/api/signup_test.rb new file mode 100644 index 0000000..236c547 --- /dev/null +++ b/users/test/integration/api/signup_test.rb @@ -0,0 +1,20 @@ +require 'test_helper' +require_relative 'srp_test' + +class SignupTest < SrpTest + + setup do + register_user + end + + test "signup response" do + assert_json_response :login => @login, :ok => true + assert last_response.successful? + end + + test "signup creates user" do + assert @user + assert_equal @login, @user.login + end +end + diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb index b291269..bb24f5f 100644 --- a/users/test/integration/api/srp_test.rb +++ b/users/test/integration/api/srp_test.rb @@ -52,6 +52,11 @@ class SrpTest < RackTest @server_auth = srp(params).authenticate(self) end + def logout + delete "http://api.lvh.me:3000/1/logout.json", + format: :json + end + def cleanup_user(login = nil) login ||= @user.login Identity.by_address.key(login + '@' + APP_CONFIG[:domain]).each do |identity| diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/update_account_test.rb index b56d07b..16c2357 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/update_account_test.rb @@ -1,38 +1,15 @@ require 'test_helper' require_relative 'srp_test' -class AccountFlowTest < SrpTest +class UpdateAccountTest < SrpTest setup do register_user end - test "signup response" do - assert_json_response :login => @login, :ok => true - assert last_response.successful? - end - - test "signup and login with srp via api" do - authenticate - assert last_response.successful? - assert_nil server_auth["errors"] - assert server_auth["M2"] - end - - test "signup and wrong password login attempt" do - authenticate password: "wrong password" - assert_json_error "base" => "Not a valid username/password combination" - assert !last_response.successful? - assert_nil server_auth["M2"] - end - - test "signup and wrong username login attempt" do - assert_raises RECORD_NOT_FOUND do - authenticate login: "wrong login" - end - assert_json_error "base" => "Not a valid username/password combination" - assert !last_response.successful? - assert_nil server_auth + test "require authentication" do + update_user password: "No! Verify me instead." + assert_access_denied end test "update password via api" do @@ -49,6 +26,7 @@ class AccountFlowTest < SrpTest new_login = 'zaph' cleanup_user new_login update_user login: new_login, password: @password + authenticate assert last_response.successful? assert_equal new_login, @user.reload.login end |