diff options
Diffstat (limited to 'test/functional')
| -rw-r--r-- | test/functional/account_controller_test.rb | 26 | ||||
| -rw-r--r-- | test/functional/api/certs_controller_test.rb (renamed from test/functional/v1/certs_controller_test.rb) | 22 | ||||
| -rw-r--r-- | test/functional/api/identities_controller_test.rb (renamed from test/functional/v1/identities_controller_test.rb) | 8 | ||||
| -rw-r--r-- | test/functional/api/messages_controller_test.rb (renamed from test/functional/v1/messages_controller_test.rb) | 15 | ||||
| -rw-r--r-- | test/functional/api/services_controller_test.rb (renamed from test/functional/v1/services_controller_test.rb) | 8 | ||||
| -rw-r--r-- | test/functional/api/sessions_controller_test.rb (renamed from test/functional/v1/sessions_controller_test.rb) | 15 | ||||
| -rw-r--r-- | test/functional/api/smtp_certs_controller_test.rb (renamed from test/functional/v1/smtp_certs_controller_test.rb) | 10 | ||||
| -rw-r--r-- | test/functional/api/token_auth_test.rb (renamed from test/functional/token_auth_test.rb) | 12 | ||||
| -rw-r--r-- | test/functional/api/users_controller_test.rb (renamed from test/functional/v1/users_controller_test.rb) | 52 | ||||
| -rw-r--r-- | test/functional/home_controller_test.rb | 16 | ||||
| -rw-r--r-- | test/functional/static_config_controller_test.rb | 6 | ||||
| -rw-r--r-- | test/functional/users_controller_test.rb | 24 |
12 files changed, 125 insertions, 89 deletions
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb new file mode 100644 index 0000000..f5f1446 --- /dev/null +++ b/test/functional/account_controller_test.rb @@ -0,0 +1,26 @@ +require 'test_helper' + +class AccountControllerTest < ActionController::TestCase + + test "should get new" do + get :new + assert_equal User, assigns(:user).class + assert_response :success + end + + test "new should redirect logged in users" do + login + get :new + assert_response :redirect + assert_redirected_to home_path + end + + test "new redirects if registration is closed" do + with_config(allow_registration: false) do + get :new + assert_response :redirect + assert_redirected_to home_path + end + end +end + diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb index 04c1c86..25ceb8e 100644 --- a/test/functional/v1/certs_controller_test.rb +++ b/test/functional/api/certs_controller_test.rb @@ -1,11 +1,11 @@ -require_relative '../../test_helper' +require 'test_helper' -class V1::CertsControllerTest < ActionController::TestCase +class Api::CertsControllerTest < ApiControllerTest test "create unlimited cert without login" do with_config allow_anonymous_certs: true do cert = expect_cert('UNLIMITED') - post :create + api_post :create assert_response :success assert_equal cert.to_s, @response.body end @@ -15,7 +15,7 @@ class V1::CertsControllerTest < ActionController::TestCase with_config allow_limited_certs: true do login cert = expect_cert('LIMITED') - post :create + api_post :create assert_response :success assert_equal cert.to_s, @response.body end @@ -23,14 +23,14 @@ class V1::CertsControllerTest < ActionController::TestCase test "fail to create cert when disabled" do login :enabled? => false - post :create + api_post :create assert_access_denied end test "create unlimited cert" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert('UNLIMITED') - post :create + api_post :create assert_response :success assert_equal cert.to_s, @response.body end @@ -38,13 +38,13 @@ class V1::CertsControllerTest < ActionController::TestCase test "GET still works as an alias" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert('UNLIMITED') - get :show + api_get :show assert_response :success assert_equal cert.to_s, @response.body end test "redirect if no eip service offered" do - post :create + api_post :create assert_response :redirect end @@ -57,4 +57,10 @@ class V1::CertsControllerTest < ActionController::TestCase returns(cert) return cert end + + # overwrite defaults from ApiController because we don't do json here. + def add_api_defaults(args) + add_defaults args, version: '2' + end + end diff --git a/test/functional/v1/identities_controller_test.rb b/test/functional/api/identities_controller_test.rb index 6410c44..57345c8 100644 --- a/test/functional/v1/identities_controller_test.rb +++ b/test/functional/api/identities_controller_test.rb @@ -1,15 +1,15 @@ require_relative '../../test_helper' -class V1::IdentitiesControllerTest < ActionController::TestCase +class Api::IdentitiesControllerTest < ApiControllerTest test "api monitor can fetch identity" do monitor_auth do identity = FactoryGirl.create :identity - get :show, :id => identity.address, :format => 'json' + api_get :show, :id => identity.address, :format => 'json' assert_response :success assert_equal identity, assigns(:identity) - get :show, :id => "blahblahblah", :format => 'json' + api_get :show, :id => "blahblahblah", :format => 'json' assert_response :not_found end end @@ -17,7 +17,7 @@ class V1::IdentitiesControllerTest < ActionController::TestCase test "anonymous cannot fetch identity" do identity = FactoryGirl.create :identity - get :show, :id => identity.address, :format => 'json' + api_get :show, :id => identity.address, :format => 'json' assert_response :forbidden end diff --git a/test/functional/v1/messages_controller_test.rb b/test/functional/api/messages_controller_test.rb index 67f34a1..e586980 100644 --- a/test/functional/v1/messages_controller_test.rb +++ b/test/functional/api/messages_controller_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class V1::MessagesControllerTest < ActionController::TestCase +class Api::MessagesControllerTest < ApiControllerTest setup do @user = FactoryGirl.build(:user) @@ -13,9 +13,8 @@ class V1::MessagesControllerTest < ActionController::TestCase test "get the motd" do with_config("customization_directory" => Rails.root+'test/files') do login @user - get :index, :locale => 'es' + api_get :index, :locale => 'es' body = JSON.parse(response.body) - p body message1 = "<p>\"This\" is a <strong>very</strong> fine message. <a href=\"https://bitmask.net\">https://bitmask.net</a></p>\n" assert_equal 2, body.size, 'there should be two messages' assert_equal message1, body.first["text"], 'first message text should match files/motd/1.en.md' @@ -25,7 +24,7 @@ class V1::MessagesControllerTest < ActionController::TestCase test "get localized motd" do with_config("customization_directory" => Rails.root+'test/files') do login @user - get :index, :locale => 'de' + api_get :index, :locale => 'de' body = JSON.parse(response.body) message1 = "<p>Dies ist eine sehr feine Nachricht. <a href=\"https://bitmask.net\">https://bitmask.net</a></p>\n" assert_equal message1, body.first["text"], 'first message text should match files/motd/1.de.md' @@ -34,7 +33,7 @@ class V1::MessagesControllerTest < ActionController::TestCase test "get empty motd" do login @user - get :index + api_get :index assert_equal "[]", response.body, "motd response should be empty if no motd directory exists" end @@ -59,7 +58,7 @@ class V1::MessagesControllerTest < ActionController::TestCase test "get messages for user" do login @user - get :index + api_get :index assert response.body.include? @message.text assert response.body.include? @message.id end @@ -79,7 +78,7 @@ class V1::MessagesControllerTest < ActionController::TestCase login @user put :update, :id => @message.id @message.reload - get :index + api_get :index assert !(response.body.include? @message.text) assert !(response.body.include? @message.id) end @@ -92,7 +91,7 @@ class V1::MessagesControllerTest < ActionController::TestCase end test "fails if not authenticated" do - get :index, :format => :json + api_get :index, :format => :json assert_login_required end =end diff --git a/test/functional/v1/services_controller_test.rb b/test/functional/api/services_controller_test.rb index 039eb27..cb85edf 100644 --- a/test/functional/v1/services_controller_test.rb +++ b/test/functional/api/services_controller_test.rb @@ -1,16 +1,16 @@ require 'test_helper' -class V1::ServicesControllerTest < ActionController::TestCase +class Api::ServicesControllerTest < ApiControllerTest test "anonymous user gets login required service info" do - get :show, format: :json + api_get :show, format: :json assert_json_response error: 'not_authorized_login', message: 'Please log in to perform that action.' end test "anonymous user gets vpn service info" do with_config allow_anonymous_certs: true do - get :show, format: :json + api_get :show, format: :json assert_json_response name: 'anonymous', eip_rate_limit: false, description: 'anonymous access to the VPN' @@ -19,7 +19,7 @@ class V1::ServicesControllerTest < ActionController::TestCase test "user can see their service info" do login - get :show, format: :json + api_get :show, format: :json default_level = APP_CONFIG[:default_service_level] assert_json_response APP_CONFIG[:service_levels][default_level] end diff --git a/test/functional/v1/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb index 8bb6acd..06a3c22 100644 --- a/test/functional/v1/sessions_controller_test.rb +++ b/test/functional/api/sessions_controller_test.rb @@ -3,7 +3,7 @@ require 'test_helper' # This is a simple controller unit test. # We're stubbing out both warden and srp. # There's an integration test testing the full rack stack and srp -class V1::SessionsControllerTest < ActionController::TestCase +class Api::SessionsControllerTest < ApiControllerTest setup do @request.env['HTTP_HOST'] = 'api.lvh.me' @@ -12,7 +12,7 @@ class V1::SessionsControllerTest < ActionController::TestCase end test "renders json" do - get :new, :format => :json + api_get :new, :format => :json assert_response :success assert_json_error nil end @@ -22,7 +22,7 @@ class V1::SessionsControllerTest < ActionController::TestCase strategy = stub :message => {:field => :translate_me} request.env['warden'].stubs(:winning_strategy).returns(strategy) I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") - get :new, :format => :json + api_get :new, :format => :json assert_response 422 assert_json_error :field => "translation stub" end @@ -33,7 +33,7 @@ class V1::SessionsControllerTest < ActionController::TestCase request.env['warden'].expects(:authenticate!) # make sure we don't get a template missing error: @controller.stubs(:render) - post :create, :login => @user.login, 'A' => @client_hex + api_post :create, :login => @user.login, 'A' => @client_hex end test "should authenticate" do @@ -42,9 +42,10 @@ class V1::SessionsControllerTest < ActionController::TestCase handshake = stub(:to_hash => {h: "ash"}) session[:handshake] = handshake - post :update, :id => @user.login, :client_auth => @client_hex + api_post :update, :id => @user.login, :client_auth => @client_hex - assert_nil session[:handshake] + assert_nil session[:handshake], + 'session should be cleared to prevent session fixation attacks' assert_response :success assert json_response.keys.include?("id") assert json_response.keys.include?("token") @@ -55,7 +56,7 @@ class V1::SessionsControllerTest < ActionController::TestCase test "destroy should logout" do login expect_logout - delete :destroy + api_delete :destroy assert_response 204 end diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/api/smtp_certs_controller_test.rb index 1b03995..393f090 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/api/smtp_certs_controller_test.rb @@ -1,17 +1,17 @@ require 'test_helper' -class V1::SmtpCertsControllerTest < ActionController::TestCase +class Api::SmtpCertsControllerTest < ApiControllerTest test "no smtp cert without login" do with_config allow_anonymous_certs: true do - post :create + api_post :create assert_login_required end end test "require service level with email" do login - post :create + api_post :create assert_access_denied end @@ -19,14 +19,14 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert(@current_user.email_address) cert.expects(:fingerprint).returns('fingerprint') - post :create + api_post :create assert_response :success assert_equal cert.to_s, @response.body end test "fail to create cert when disabled" do login :enabled? => false - post :create + api_post :create assert_access_denied end diff --git a/test/functional/token_auth_test.rb b/test/functional/api/token_auth_test.rb index 53d5fb3..c7f91c7 100644 --- a/test/functional/token_auth_test.rb +++ b/test/functional/api/token_auth_test.rb @@ -3,15 +3,15 @@ # via static configured tokens. # -require_relative '../test_helper' +require 'test_helper' -class TokenAuthTest < ActionController::TestCase - tests V1::ConfigsController +class Api::TokenAuthTest < ApiControllerTest + tests Api::ConfigsController def test_login_via_api_token with_config(:allow_anonymous_certs => false) do monitor_auth do - get :index + api_get :index assert assigns(:token), 'should have authenticated via api token' assert assigns(:token).is_a? ApiToken assert @controller.send(:current_user).is_a? ApiMonitorUser @@ -26,10 +26,10 @@ class TokenAuthTest < ActionController::TestCase with_config(new_config) do monitor_auth do request.env['REMOTE_ADDR'] = "1.1.1.1" - get :index + api_get :index assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" request.env['REMOTE_ADDR'] = allowed - get :index + api_get :index assert assigns(:token), "should have authenticated via api token" end end diff --git a/test/functional/v1/users_controller_test.rb b/test/functional/api/users_controller_test.rb index df59c4d..b69770d 100644 --- a/test/functional/v1/users_controller_test.rb +++ b/test/functional/api/users_controller_test.rb @@ -1,6 +1,6 @@ -require_relative '../../test_helper' +require 'test_helper' -class V1::UsersControllerTest < ActionController::TestCase +class Api::UsersControllerTest < ApiControllerTest test "user can change settings" do user = find_record :user @@ -10,11 +10,11 @@ class V1::UsersControllerTest < ActionController::TestCase Account.expects(:new).with(user).returns(account_settings) login user - put :update, :user => changed_attribs, :id => user.id, :format => :json + api_put :update, :user => changed_attribs, :id => user.id, :format => :json assert_equal user, assigns[:user] assert_response 204 - assert_equal " ", @response.body + assert @response.body.blank?, "Response should be blank" end test "admin can update user" do @@ -25,7 +25,7 @@ class V1::UsersControllerTest < ActionController::TestCase Account.expects(:new).with(user).returns(account_settings) login :is_admin? => true - put :update, :user => changed_attribs, :id => user.id, :format => :json + api_put :update, :user => changed_attribs, :id => user.id, :format => :json assert_equal user, assigns[:user] assert_response 204 @@ -34,7 +34,7 @@ class V1::UsersControllerTest < ActionController::TestCase test "user cannot update other user" do user = find_record :user login - put :update, id: user.id, + api_put :update, id: user.id, user: record_attributes_for(:user_with_settings), :format => :json assert_access_denied @@ -45,7 +45,7 @@ class V1::UsersControllerTest < ActionController::TestCase user = User.new(user_attribs) Account.expects(:create).with(user_attribs).returns(user) - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_nil session[:user_id] assert_json_response user @@ -59,7 +59,7 @@ class V1::UsersControllerTest < ActionController::TestCase assert !user.valid? Account.expects(:create).with(user_attribs).returns(user) - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_json_error user.errors.messages assert_response 422 @@ -67,7 +67,7 @@ class V1::UsersControllerTest < ActionController::TestCase test "admin can autocomplete users" do login :is_admin? => true - get :index, :query => 'a', :format => :json + api_get :index, :query => 'a', :format => :json assert_response :success assert assigns(:users) @@ -76,7 +76,7 @@ class V1::UsersControllerTest < ActionController::TestCase test "create returns forbidden if registration is closed" do user_attribs = record_attributes_for :user with_config(allow_registration: false) do - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_response :forbidden end end @@ -84,20 +84,28 @@ class V1::UsersControllerTest < ActionController::TestCase test "admin can show user" do user = FactoryGirl.create :user login :is_admin? => true - get :show, :id => 0, :login => user.login, :format => :json + api_get :show, :id => 0, :login => user.login, :format => :json assert_response :success - assert_json_response user - get :show, :id => user.id, :format => :json + assert_json_response user.to_hash + api_get :show, :id => user.id, :format => :json assert_response :success - assert_json_response user - get :show, :id => "0", :format => :json + assert_json_response user.to_hash + api_get :show, :id => "0", :format => :json assert_response :not_found end + test "admin can show is_admin property" do + user = FactoryGirl.create :user, login: "admin2" + login user + api_get :show, :id => user.id, :format => :json + assert_response :success + assert_json_response user.to_hash.merge(:is_admin => true) + end + test "normal users cannot show user" do user = find_record :user login - get :show, :id => 0, :login => user.login, :format => :json + api_get :show, :id => 0, :login => user.login, :format => :json assert_access_denied end @@ -106,9 +114,9 @@ class V1::UsersControllerTest < ActionController::TestCase with_config(allow_registration: false, invite_required: true) do monitor_auth do user_attribs = record_attributes_for :test_user - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_response :success - delete :destroy, :id => assigns(:user).id, :format => :json + api_delete :destroy, :id => assigns(:user).id, :format => :json assert_response :success end end @@ -117,17 +125,17 @@ class V1::UsersControllerTest < ActionController::TestCase test "api monitor auth cannot create normal users" do monitor_auth do user_attribs = record_attributes_for :user - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_response :forbidden end end - test "api monitor auth cannot delete normal users" do - post :create, :user => record_attributes_for(:user), :format => :json + test "api monitor auth cannot api_delete normal users" do + api_post :create, :user => record_attributes_for(:user), :format => :json assert_response :success normal_user_id = assigns(:user).id monitor_auth do - delete :destroy, :id => normal_user_id, :format => :json + api_delete :destroy, :id => normal_user_id, :format => :json assert_response :forbidden end end diff --git a/test/functional/home_controller_test.rb b/test/functional/home_controller_test.rb new file mode 100644 index 0000000..cafaac5 --- /dev/null +++ b/test/functional/home_controller_test.rb @@ -0,0 +1,16 @@ +require 'test_helper' + +class HomeControllerTest < ActionController::TestCase + + def test_renders_okay + get :index + assert_response :success + end + + def test_other_formats_trigger_406 + assert_raises ActionController::UnknownFormat do + get :index, format: :xml + end + end + +end diff --git a/test/functional/static_config_controller_test.rb b/test/functional/static_config_controller_test.rb index 9c2cfef..7027bf8 100644 --- a/test/functional/static_config_controller_test.rb +++ b/test/functional/static_config_controller_test.rb @@ -1,7 +1,7 @@ require 'test_helper' # use minitest for stubbing, rather than bloated mocha -require 'minitest/stub_const' +require 'minitest/mock' class StaticConfigControllerTest < ActionController::TestCase @@ -9,7 +9,7 @@ class StaticConfigControllerTest < ActionController::TestCase end def test_provider_success - StaticConfigController.stub_const(:PROVIDER_JSON, file_path('provider.json')) do + @controller.stub(:provider_json, file_path('provider.json')) do get :provider, format: :json assert_equal 'application/json', @response.content_type assert_response :success @@ -17,7 +17,7 @@ class StaticConfigControllerTest < ActionController::TestCase end def test_provider_not_modified - StaticConfigController.stub_const(:PROVIDER_JSON, file_path('provider.json')) do + @controller.stub(:provider_json, file_path('provider.json')) do request.env["HTTP_IF_MODIFIED_SINCE"] = File.mtime(file_path('provider.json')).rfc2822() get :provider, format: :json assert_response 304 diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index 7b24098..2794422 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -1,20 +1,7 @@ -require_relative '../test_helper' +require 'test_helper' class UsersControllerTest < ActionController::TestCase - test "should get new" do - get :new - assert_equal User, assigns(:user).class - assert_response :success - end - - test "new should redirect logged in users" do - login - get :new - assert_response :redirect - assert_redirected_to home_path - end - test "failed show without login" do user = find_record :user get :show, :id => user.id @@ -67,8 +54,8 @@ class UsersControllerTest < ActionController::TestCase nonid = 'thisisnotanexistinguserid' login :is_admin? => true get :show, :id => nonid + assert_error_response :no_such_user assert_response :redirect - assert_equal({:alert => "No such user."}, flash.to_hash) assert_redirected_to users_path end @@ -163,11 +150,4 @@ class UsersControllerTest < ActionController::TestCase assert !assigns(:user).enabled? end - test "new redirects if registration is closed" do - with_config(allow_registration: false) do - get :new - assert_response :redirect - assert_redirected_to home_path - end - end end |