diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/functional/test_helpers_test.rb | 2 | ||||
| -rw-r--r-- | test/functional/v1/certs_controller_test.rb | 20 | ||||
| -rw-r--r-- | test/functional/v1/sessions_controller_test.rb | 2 | ||||
| -rw-r--r-- | test/functional/v1/smtp_certs_controller_test.rb | 36 | ||||
| -rw-r--r-- | test/integration/api/cert_test.rb | 30 | ||||
| -rw-r--r-- | test/integration/api/smtp_cert_test.rb | 52 | ||||
| -rw-r--r-- | test/integration/api/token_test.rb | 15 | ||||
| -rw-r--r-- | test/integration/browser/account_test.rb | 16 | ||||
| -rw-r--r-- | test/integration/browser/session_test.rb | 2 | ||||
| -rw-r--r-- | test/support/api_integration_test.rb | 26 | ||||
| -rw-r--r-- | test/support/assert_responses.rb | 30 | ||||
| -rw-r--r-- | test/support/auth_test_helper.rb | 9 | ||||
| -rw-r--r-- | test/support/browser_integration_test.rb | 1 | ||||
| -rw-r--r-- | test/test_helper.rb | 2 | ||||
| -rw-r--r-- | test/unit/identity_test.rb | 21 | ||||
| -rw-r--r-- | test/unit/token_test.rb | 23 | ||||
| -rw-r--r-- | test/unit/user_test.rb | 7 |
17 files changed, 263 insertions, 31 deletions
diff --git a/test/functional/test_helpers_test.rb b/test/functional/test_helpers_test.rb index 845e516..ca85482 100644 --- a/test/functional/test_helpers_test.rb +++ b/test/functional/test_helpers_test.rb @@ -27,7 +27,7 @@ class TestHelpersTest < ActionController::TestCase def test_login_adds_token_header login token_present = @controller.authenticate_with_http_token do |token, options| - assert_equal @token.id, token + assert_equal @token.to_s, token end # authenticate_with_http_token just returns nil and does not # execute the block if there is no token. So we have to also diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb index fb8e9c4..ec34b01 100644 --- a/test/functional/v1/certs_controller_test.rb +++ b/test/functional/v1/certs_controller_test.rb @@ -2,26 +2,34 @@ require 'test_helper' class V1::CertsControllerTest < ActionController::TestCase - test "send unlimited cert without login" do + test "create unlimited cert without login" do with_config allow_anonymous_certs: true do cert = expect_cert('UNLIMITED') - get :show + post :create assert_response :success assert_equal cert.to_s, @response.body end end - test "send limited cert" do + test "create limited cert" do with_config allow_limited_certs: true do login cert = expect_cert('LIMITED') - get :show + post :create assert_response :success assert_equal cert.to_s, @response.body end end - test "send unlimited cert" do + test "create unlimited cert" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert('UNLIMITED') + post :create + assert_response :success + assert_equal cert.to_s, @response.body + end + + test "GET still works as an alias" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert('UNLIMITED') get :show @@ -30,7 +38,7 @@ class V1::CertsControllerTest < ActionController::TestCase end test "redirect if no eip service offered" do - get :show + post :create assert_response :redirect end diff --git a/test/functional/v1/sessions_controller_test.rb b/test/functional/v1/sessions_controller_test.rb index df0d681..8bb6acd 100644 --- a/test/functional/v1/sessions_controller_test.rb +++ b/test/functional/v1/sessions_controller_test.rb @@ -48,7 +48,7 @@ class V1::SessionsControllerTest < ActionController::TestCase assert_response :success assert json_response.keys.include?("id") assert json_response.keys.include?("token") - assert token = Token.find(json_response['token']) + assert token = Token.find_by_token(json_response['token']) assert_equal @user.id, token.user_id end diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb new file mode 100644 index 0000000..9281ae6 --- /dev/null +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -0,0 +1,36 @@ +require 'test_helper' + +class V1::SmtpCertsControllerTest < ActionController::TestCase + + test "no smtp cert without login" do + with_config allow_anonymous_certs: true do + post :create + assert_login_required + end + end + + test "require service level with email" do + login + post :create + assert_access_denied + end + + test "send cert with username" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert(@current_user.email_address) + cert.expects(:fingerprint).returns('fingerprint') + post :create + assert_response :success + assert_equal cert.to_s, @response.body + end + + protected + + def expect_cert(prefix) + cert = stub :to_s => "#{prefix.downcase} cert" + ClientCertificate.expects(:new). + with(:prefix => prefix). + returns(cert) + return cert + end +end diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb new file mode 100644 index 0000000..74d439a --- /dev/null +++ b/test/integration/api/cert_test.rb @@ -0,0 +1,30 @@ +require 'test_helper' + +class CertTest < ApiIntegrationTest + + test "retrieve eip cert" do + login + get '/1/cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + + test "fetching certs requires login by default" do + get '/1/cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + + test "retrieve anonymous eip cert" do + with_config allow_anonymous_certs: true do + get '/1/cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + end +end diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb new file mode 100644 index 0000000..f72362d --- /dev/null +++ b/test/integration/api/smtp_cert_test.rb @@ -0,0 +1,52 @@ +require 'test_helper' +require 'openssl' + +class SmtpCertTest < ApiIntegrationTest + + test "retrieve smtp cert" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + post '/1/smtp_cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + + test "cert and key" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + post '/1/smtp_cert', {}, RACK_ENV + assert_text_response + cert = OpenSSL::X509::Certificate.new(get_response.body) + key = OpenSSL::PKey::RSA.new(get_response.body) + assert cert.check_private_key(key) + prefix = "/CN=#{@user.email_address}" + assert_equal prefix, cert.subject.to_s.slice(0,prefix.size) + end + + test "fingerprint is stored with identity" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + post '/1/smtp_cert', {}, RACK_ENV + assert_text_response + cert = OpenSSL::X509::Certificate.new(get_response.body) + fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') + today = DateTime.now.to_date.to_s + assert_equal({fingerprint => today}, @user.reload.identity.cert_fingerprints) + end + + test "fetching smtp certs requires email account" do + login + post '/1/smtp_cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + + test "no anonymous smtp certs" do + with_config allow_anonymous_certs: true do + post '/1/smtp_cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + end +end diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb new file mode 100644 index 0000000..ad3ac22 --- /dev/null +++ b/test/integration/api/token_test.rb @@ -0,0 +1,15 @@ +require 'test_helper' +require_relative 'srp_test' + +class TokenTest < SrpTest + + setup do + register_user + end + + test "stores token SHA512 encoded" do + authenticate + token = server_auth['token'] + assert Token.find(Digest::SHA512.hexdigest(token)) + end +end diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb index 491a9e1..aea5406 100644 --- a/test/integration/browser/account_test.rb +++ b/test/integration/browser/account_test.rb @@ -9,7 +9,7 @@ class AccountTest < BrowserIntegrationTest test "signup successfully" do username, password = submit_signup assert page.has_content?("Welcome #{username}") - click_on 'Logout' + click_on 'Log Out' assert page.has_content?("Log In") assert_equal '/', current_path assert user = User.find_by_login(username) @@ -22,9 +22,15 @@ class AccountTest < BrowserIntegrationTest assert page.has_content?("Welcome #{username}") end + test "signup with reserved username" do + username = 'certmaster' + submit_signup username + assert page.has_content?("is reserved.") + end + test "successful login" do username, password = submit_signup - click_on 'Logout' + click_on 'Log Out' attempt_login(username, password) assert page.has_content?("Welcome #{username}") within('.sidenav li.active') do @@ -44,6 +50,7 @@ class AccountTest < BrowserIntegrationTest click_on I18n.t('account_settings') click_on I18n.t('destroy_my_account') assert page.has_content?(I18n.t('account_destroyed')) + assert_equal 1, Identity.by_address.key("#{username}@test.me").count attempt_login(username, password) assert_invalid_login(page) end @@ -83,7 +90,7 @@ class AccountTest < BrowserIntegrationTest fill_in 'Password confirmation', with: "other password" click_on 'Save' end - click_on 'Logout' + click_on 'Log Out' attempt_login(@user.login, "other password") assert page.has_content?("Welcome #{@user.login}") end @@ -102,7 +109,8 @@ class AccountTest < BrowserIntegrationTest # at some point we're done: page.assert_no_selector 'input[value="Saving..."]' assert page.has_field? 'Public key', with: pgp_key.to_s - assert_equal pgp_key, @user.reload.public_key + @user.reload + assert_equal pgp_key, @user.public_key end end diff --git a/test/integration/browser/session_test.rb b/test/integration/browser/session_test.rb index fb20847..d52508a 100644 --- a/test/integration/browser/session_test.rb +++ b/test/integration/browser/session_test.rb @@ -4,7 +4,7 @@ class SessionTest < BrowserIntegrationTest test "valid session" do login - assert page.has_content?("Logout") + assert page.has_content?("Log Out") end test "expired session" do diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb new file mode 100644 index 0000000..bd10f11 --- /dev/null +++ b/test/support/api_integration_test.rb @@ -0,0 +1,26 @@ +class ApiIntegrationTest < ActionDispatch::IntegrationTest + + DUMMY_TOKEN = Token.new + RACK_ENV = {'HTTP_AUTHORIZATION' => %Q(Token token="#{DUMMY_TOKEN.to_s}")} + + def login(user = nil) + @user ||= user ||= FactoryGirl.create(:user) + # DUMMY_TOKEN will be frozen. So let's use a dup + @token ||= DUMMY_TOKEN.dup + # make sure @token is up to date if it already exists + @token.reload if @token.persisted? + @token.user_id = @user.id + @token.last_seen_at = Time.now + @token.save + end + + teardown do + if @user && @user.persisted? + Identity.destroy_all_for @user + @user.reload.destroy + end + if @token && @token.persisted? + @token.reload.destroy + end + end +end diff --git a/test/support/assert_responses.rb b/test/support/assert_responses.rb index b01166f..19c2768 100644 --- a/test/support/assert_responses.rb +++ b/test/support/assert_responses.rb @@ -8,21 +8,27 @@ module AssertResponses @response || last_response end - def assert_attachement_filename(name) - assert_equal %Q(attachment; filename="#{name}"), - get_response.headers["Content-Disposition"] + def content_type + get_response.content_type.to_s.split(';').first end def json_response + return nil unless content_type == 'application/json' response = JSON.parse(get_response.body) response.respond_to?(:with_indifferent_access) ? response.with_indifferent_access : response end + def assert_text_response(body = nil) + assert_equal 'text/plain', content_type + unless body.nil? + assert_equal body, get_response.body + end + end + def assert_json_response(object) - assert_equal 'application/json', - get_response.content_type.to_s.split(';').first + assert_equal 'application/json', content_type if object.is_a? Hash object.stringify_keys! if object.respond_to? :stringify_keys! assert_equal object, json_response @@ -35,6 +41,20 @@ module AssertResponses object.stringify_keys! if object.respond_to? :stringify_keys! assert_json_response :errors => object end + + # checks for the presence of a key in a json response + # or a string in a text response + def assert_response_includes(string_or_key) + response = json_response || get_response.body + assert response.include?(string_or_key), + "response should have included #{string_or_key}" + end + + def assert_attachement_filename(name) + assert_equal %Q(attachment; filename="#{name}"), + get_response.headers["Content-Disposition"] + end + end class ::ActionController::TestCase diff --git a/test/support/auth_test_helper.rb b/test/support/auth_test_helper.rb index 57f9f9b..38c2ea1 100644 --- a/test/support/auth_test_helper.rb +++ b/test/support/auth_test_helper.rb @@ -19,6 +19,10 @@ module AuthTestHelper return @current_user end + def assert_login_required + assert_access_denied(true, false) + end + def assert_access_denied(denied = true, logged_in = true) if denied if @response.content_type == 'application/json' @@ -46,8 +50,9 @@ module AuthTestHelper protected def header_for_token_auth - @token = find_record(:token, :authenticate => @current_user) - ActionController::HttpAuthentication::Token.encode_credentials @token.id + @token = stub_record(:token, :authenticate => @current_user) + Token.stubs(:find_by_token).with(@token.token).returns(@token) + ActionController::HttpAuthentication::Token.encode_credentials @token.token end def expect_warden_logout diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 1c872ff..4fec59f 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -54,6 +54,7 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest end # currently this only works for tests with poltergeist. + # ApiIntegrationTest has a working implementation for RackTest def login(user = nil) @user ||= user ||= FactoryGirl.create(:user) token = Token.create user_id: user.id diff --git a/test/test_helper.rb b/test/test_helper.rb index d001ac7..7959ddb 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -27,4 +27,6 @@ class ActiveSupport::TestCase File.join(Rails.root, 'test', 'files', name) end + require 'i18n/missing_translations' + at_exit { I18n.missing_translations.dump } end diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb index eca104f..49b2075 100644 --- a/test/unit/identity_test.rb +++ b/test/unit/identity_test.rb @@ -7,6 +7,22 @@ class IdentityTest < ActiveSupport::TestCase @user = find_record :user end + test "blank identity does not crash on valid?" do + id = Identity.new + assert !id.valid? + end + + test "enabled identity requires destination" do + id = Identity.new user: @user, address: @user.email_address + assert !id.valid? + assert_equal ["can't be blank"], id.errors[:destination] + end + + test "disabled identity requires no destination" do + id = Identity.new address: @user.email_address + assert id.valid? + end + test "initial identity for a user" do id = Identity.for(@user) assert_equal @user.email_address, id.address @@ -39,7 +55,7 @@ class IdentityTest < ActiveSupport::TestCase id = Identity.create_for @user, address: alias_name, destination: forward_address dup = Identity.build_for @user, address: alias_name, destination: forward_address assert !dup.valid? - assert_equal ["This alias already exists"], dup.errors[:base] + assert_equal ["has already been taken"], dup.errors[:destination] id.destroy end @@ -48,7 +64,7 @@ class IdentityTest < ActiveSupport::TestCase id = Identity.create_for @user, address: alias_name, destination: forward_address taken = Identity.build_for other_user, address: alias_name assert !taken.valid? - assert_equal ["This email has already been taken"], taken.errors[:base] + assert_equal ["has already been taken"], taken.errors[:address] id.destroy end @@ -107,6 +123,7 @@ class IdentityTest < ActiveSupport::TestCase other_user = find_record :user taken = Identity.build_for other_user, address: id.address assert !taken.valid? + assert_equal ["has already been taken"], taken.errors[:address] Identity.destroy_all_disabled end diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb index a3c6cf6..b143345 100644 --- a/test/unit/token_test.rb +++ b/test/unit/token_test.rb @@ -14,17 +14,22 @@ class ClientCertificateTest < ActiveSupport::TestCase assert_equal @user, sample.authenticate end - test "token id is secure" do + test "token is secure" do sample = Token.new(:user_id => @user.id) other = Token.new(:user_id => @user.id) - assert sample.id, - "id is set on initialization" - assert sample.id[0..10] != other.id[0..10], - "token id prefixes should not repeat" - assert /[g-zG-Z]/.match(sample.id), - "should use non hex chars in the token id" - assert sample.id.size > 16, - "token id should be more than 16 chars long" + assert sample.token, + "token is set on initialization" + assert sample.token[0..10] != other.token[0..10], + "token prefixes should not repeat" + assert /[g-zG-Z]/.match(sample.token), + "should use non hex chars in the token" + assert sample.token.size > 16, + "token should be more than 16 chars long" + end + + test "token id is hash of the token" do + sample = Token.new(:user_id => @user.id) + assert_equal Digest::SHA512.hexdigest(sample.token), sample.id end test "token checks for user" do diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index ffbb7d8..b3c831b 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -65,4 +65,11 @@ class UserTest < ActiveSupport::TestCase assert_equal key, @user.public_key end + # + ## Regression tests + # + test "make sure valid does not crash" do + assert !User.new.valid? + end + end |