5 files changed, 110 insertions, 5 deletions

diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb
new file mode 100644
index 0000000..74d439a
--- /dev/null
+++ b/test/integration/api/cert_test.rb
@@ -0,0 +1,30 @@
+require 'test_helper'
+
+class CertTest < ApiIntegrationTest
+
+  test "retrieve eip cert" do
+    login
+    get '/1/cert', {}, RACK_ENV
+    assert_text_response
+    assert_response_includes "BEGIN RSA PRIVATE KEY"
+    assert_response_includes "END RSA PRIVATE KEY"
+    assert_response_includes "BEGIN CERTIFICATE"
+    assert_response_includes "END CERTIFICATE"
+  end
+
+  test "fetching certs requires login by default" do
+    get '/1/cert', {}, RACK_ENV
+    assert_json_response error: I18n.t(:not_authorized)
+  end
+
+  test "retrieve anonymous eip cert" do
+    with_config allow_anonymous_certs: true do
+      get '/1/cert', {}, RACK_ENV
+      assert_text_response
+      assert_response_includes "BEGIN RSA PRIVATE KEY"
+      assert_response_includes "END RSA PRIVATE KEY"
+      assert_response_includes "BEGIN CERTIFICATE"
+      assert_response_includes "END CERTIFICATE"
+    end
+  end
+end
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
new file mode 100644
index 0000000..f72362d
--- /dev/null
+++ b/test/integration/api/smtp_cert_test.rb
@@ -0,0 +1,52 @@
+require 'test_helper'
+require 'openssl'
+
+class SmtpCertTest < ApiIntegrationTest
+
+  test "retrieve smtp cert" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    post '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    assert_response_includes "BEGIN RSA PRIVATE KEY"
+    assert_response_includes "END RSA PRIVATE KEY"
+    assert_response_includes "BEGIN CERTIFICATE"
+    assert_response_includes "END CERTIFICATE"
+  end
+
+  test "cert and key" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    post '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    cert = OpenSSL::X509::Certificate.new(get_response.body)
+    key = OpenSSL::PKey::RSA.new(get_response.body)
+    assert cert.check_private_key(key)
+    prefix = "/CN=#{@user.email_address}"
+    assert_equal prefix, cert.subject.to_s.slice(0,prefix.size)
+  end
+
+  test "fingerprint is stored with identity" do
+    @user = FactoryGirl.create :user, effective_service_level_code: 2
+    login
+    post '/1/smtp_cert', {}, RACK_ENV
+    assert_text_response
+    cert = OpenSSL::X509::Certificate.new(get_response.body)
+    fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
+    today = DateTime.now.to_date.to_s
+    assert_equal({fingerprint => today}, @user.reload.identity.cert_fingerprints)
+  end
+
+  test "fetching smtp certs requires email account" do
+    login
+    post '/1/smtp_cert', {}, RACK_ENV
+    assert_json_response error: I18n.t(:not_authorized)
+  end
+
+  test "no anonymous smtp certs" do
+    with_config allow_anonymous_certs: true do
+      post '/1/smtp_cert', {}, RACK_ENV
+      assert_json_response error: I18n.t(:not_authorized)
+    end
+  end
+end
diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb
new file mode 100644
index 0000000..ad3ac22
--- /dev/null
+++ b/test/integration/api/token_test.rb
@@ -0,0 +1,15 @@
+require 'test_helper'
+require_relative 'srp_test'
+
+class TokenTest < SrpTest
+
+  setup do
+    register_user
+  end
+
+  test "stores token SHA512 encoded" do
+    authenticate
+    token = server_auth['token']
+    assert Token.find(Digest::SHA512.hexdigest(token))
+  end
+end
diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb
index 491a9e1..aea5406 100644
--- a/test/integration/browser/account_test.rb
+++ b/test/integration/browser/account_test.rb
@@ -9,7 +9,7 @@ class AccountTest < BrowserIntegrationTest
   test "signup successfully" do
     username, password = submit_signup
     assert page.has_content?("Welcome #{username}")
-    click_on 'Logout'
+    click_on 'Log Out'
     assert page.has_content?("Log In")
     assert_equal '/', current_path
     assert user = User.find_by_login(username)
@@ -22,9 +22,15 @@ class AccountTest < BrowserIntegrationTest
     assert page.has_content?("Welcome #{username}")
   end
 
+  test "signup with reserved username" do
+    username = 'certmaster'
+    submit_signup username
+    assert page.has_content?("is reserved.")
+  end
+
   test "successful login" do
     username, password = submit_signup
-    click_on 'Logout'
+    click_on 'Log Out'
     attempt_login(username, password)
     assert page.has_content?("Welcome #{username}")
     within('.sidenav li.active') do
@@ -44,6 +50,7 @@ class AccountTest < BrowserIntegrationTest
     click_on I18n.t('account_settings')
     click_on I18n.t('destroy_my_account')
     assert page.has_content?(I18n.t('account_destroyed'))
+    assert_equal 1, Identity.by_address.key("#{username}@test.me").count
     attempt_login(username, password)
     assert_invalid_login(page)
   end
@@ -83,7 +90,7 @@ class AccountTest < BrowserIntegrationTest
         fill_in 'Password confirmation', with: "other password"
         click_on 'Save'
       end
-      click_on 'Logout'
+      click_on 'Log Out'
       attempt_login(@user.login, "other password")
       assert page.has_content?("Welcome #{@user.login}")
     end
@@ -102,7 +109,8 @@ class AccountTest < BrowserIntegrationTest
       # at some point we're done:
       page.assert_no_selector 'input[value="Saving..."]'
       assert page.has_field? 'Public key', with: pgp_key.to_s
-      assert_equal pgp_key, @user.reload.public_key
+      @user.reload
+      assert_equal pgp_key, @user.public_key
     end
   end
 
diff --git a/test/integration/browser/session_test.rb b/test/integration/browser/session_test.rb
index fb20847..d52508a 100644
--- a/test/integration/browser/session_test.rb
+++ b/test/integration/browser/session_test.rb
@@ -4,7 +4,7 @@ class SessionTest < BrowserIntegrationTest
 
   test "valid session" do
     login
-    assert page.has_content?("Logout")
+    assert page.has_content?("Log Out")
   end
 
   test "expired session" do