summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--core/lib/extensions/testing.rb9
-rw-r--r--users/app/controllers/v1/sessions_controller.rb3
-rw-r--r--users/app/models/token.rb17
-rw-r--r--users/test/functional/v1/sessions_controller_test.rb30
-rw-r--r--users/test/unit/token_test.rb37
6 files changed, 84 insertions, 13 deletions
diff --git a/.gitignore b/.gitignore
index 5536c6f..73cd22e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,4 @@ public/config/*
public/provider.json
config/config.yml
bin
+.*.swp
diff --git a/core/lib/extensions/testing.rb b/core/lib/extensions/testing.rb
index 925c023..aad7fc1 100644
--- a/core/lib/extensions/testing.rb
+++ b/core/lib/extensions/testing.rb
@@ -14,10 +14,17 @@ module LeapWebCore
get_response.headers["Content-Disposition"]
end
+ def json_response
+ response = JSON.parse(get_response.body)
+ response.respond_to?(:with_indifferent_access) ?
+ response.with_indifferent_access :
+ response
+ end
+
def assert_json_response(object)
if object.is_a? Hash
object.stringify_keys! if object.respond_to? :stringify_keys!
- assert_equal object, JSON.parse(get_response.body)
+ assert_equal object, json_response
else
assert_equal object.to_json, get_response.body
end
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index 9365d76..e3459d6 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -23,6 +23,7 @@ module V1
def update
authenticate!
+ @token = Token.create(:user_id => current_user.id)
render :json => login_response
end
@@ -35,7 +36,7 @@ module V1
def login_response
handshake = session.delete(:handshake)
- handshake.to_hash.merge(:id => current_user.id)
+ handshake.to_hash.merge(:id => current_user.id, :token => @token.id)
end
end
diff --git a/users/app/models/token.rb b/users/app/models/token.rb
new file mode 100644
index 0000000..44a6dfe
--- /dev/null
+++ b/users/app/models/token.rb
@@ -0,0 +1,17 @@
+class Token < CouchRest::Model::Base
+
+ use_database :tokens
+
+ property :user_id, String, accessible: false
+
+ validates :user_id, presence: true
+
+ def initialize(*args)
+ super
+ self.id = SecureRandom.urlsafe_base64(32)
+ end
+
+ design do
+ end
+end
+
diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb
index 1226c9d..0c4e325 100644
--- a/users/test/functional/v1/sessions_controller_test.rb
+++ b/users/test/functional/v1/sessions_controller_test.rb
@@ -11,6 +11,22 @@ class V1::SessionsControllerTest < ActionController::TestCase
@client_hex = 'a123'
end
+ test "renders json" do
+ get :new, :format => :json
+ assert_response :success
+ assert_json_error nil
+ end
+
+ test "renders warden errors" do
+ request.env['warden.options'] = {attempted_path: 'path/to/controller'}
+ strategy = stub :message => {:field => :translate_me}
+ request.env['warden'].stubs(:winning_strategy).returns(strategy)
+ I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
+ get :new, :format => :json
+ assert_response 422
+ assert_json_error :field => "translation stub"
+ end
+
# Warden takes care of parsing the params and
# rendering the response. So not much to test here.
test "should perform handshake" do
@@ -20,18 +36,9 @@ class V1::SessionsControllerTest < ActionController::TestCase
post :create, :login => @user.login, 'A' => @client_hex
end
- test "should send salt" do
- User.expects(:find_by_login).with(@user.login).returns(@user)
-
- post :create, :login => @user.login
-
- assert_equal @user, assigns(:user)
- assert_json_response salt: @user.salt
- end
-
test "should authorize" do
request.env['warden'].expects(:authenticate!)
- @controller.expects(:current_user).returns(@user)
+ @controller.stubs(:current_user).returns(@user)
handshake = stub(:to_hash => {h: "ash"})
session[:handshake] = handshake
@@ -39,7 +46,8 @@ class V1::SessionsControllerTest < ActionController::TestCase
assert_nil session[:handshake]
assert_response :success
- assert_json_response handshake.to_hash.merge(id: @user.id)
+ assert json_response.keys.include?("id")
+ assert json_response.keys.include?("token")
end
test "logout should reset warden user" do
diff --git a/users/test/unit/token_test.rb b/users/test/unit/token_test.rb
new file mode 100644
index 0000000..bff6b71
--- /dev/null
+++ b/users/test/unit/token_test.rb
@@ -0,0 +1,37 @@
+require 'test_helper'
+
+class ClientCertificateTest < ActiveSupport::TestCase
+
+ setup do
+ @user = FactoryGirl.create(:user)
+ end
+
+ teardown do
+ @user.destroy
+ end
+
+ test "new token for user" do
+ sample = Token.new(:user_id => @user.id)
+ assert sample.valid?
+ assert_equal @user.id, sample.user_id
+ end
+
+ test "token id is secure" do
+ sample = Token.new(:user_id => @user.id)
+ other = Token.new(:user_id => @user.id)
+ assert sample.id,
+ "id is set on initialization"
+ assert sample.id[0..10] != other.id[0..10],
+ "token id prefixes should not repeat"
+ assert /[g-zG-Z]/.match(sample.id),
+ "should use non hex chars in the token id"
+ assert sample.id.size > 16,
+ "token id should be more than 16 chars long"
+ end
+
+ test "token checks for user" do
+ sample = Token.new
+ assert !sample.valid?, "Token should require a user record"
+ end
+
+end