11 files changed, 216 insertions, 30 deletions
diff --git a/test/functional/api/users_controller_test.rb b/test/functional/api/users_controller_test.rb
index b69770d..88ecae0 100644
--- a/test/functional/api/users_controller_test.rb
+++ b/test/functional/api/users_controller_test.rb
@@ -95,11 +95,13 @@ class Api::UsersControllerTest < ApiControllerTest
   end
 
   test "admin can show is_admin property" do
-    user = FactoryGirl.create :user, login: "admin2"
-    login user
-    api_get :show, :id => user.id, :format => :json
-    assert_response :success
-    assert_json_response user.to_hash.merge(:is_admin => true)
+    admin = FactoryGirl.create :user
+    with_config(admins: [admin.login]) do
+      login admin
+      api_get :show, :id => admin.id, :format => :json
+      assert_response :success
+      assert_json_response admin.to_hash.merge(:is_admin => true)
+    end
   end
 
   test "normal users cannot show user" do
diff --git a/test/functional/keys_controller_test.rb b/test/functional/keys_controller_test.rb
index 863be93..1d437e7 100644
--- a/test/functional/keys_controller_test.rb
+++ b/test/functional/keys_controller_test.rb
@@ -2,6 +2,13 @@ require 'test_helper'
 
 class KeysControllerTest < ActionController::TestCase
 
+  test "get key for username with dot" do
+    assert_routing 'key/username.with.dot', controller: 'keys',
+      action: 'show',
+      login: 'username.with.dot',
+      format: :text
+  end
+
   test "get existing public key" do
     public_key = 'my public key'
     @user = stub_record :user, :public_key => public_key
@@ -23,10 +30,9 @@ class KeysControllerTest < ActionController::TestCase
   end
 
   test "get public key for non-existing user" do
-    # raise 404 error if user doesn't exist (doesn't need to be this routing error, but seems fine to assume for now):
-    assert_raise(ActionController::RoutingError) {
-      get :show, :login => 'asdkljslksjfdlskfj'
-    }
+    # raise 404 error if user doesn't exist
+    get :show, :login => 'asdkljslksjfdlskfj'
+    assert_response :not_found
   end
 
 end
diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb
index 1492006..108f05d 100644
--- a/test/integration/api/update_account_test.rb
+++ b/test/integration/api/update_account_test.rb
@@ -28,6 +28,12 @@ class UpdateAccountTest < SrpTest
     assert server_auth["M2"]
   end
 
+  test "update recovery code via api" do
+    authenticate
+    update_user recovery_code_verifier: "123", recovery_code_salt: "456"
+    assert last_response.successful?
+  end
+
   test "change login with password_verifier" do
     authenticate
     new_login = 'zaph'
diff --git a/test/integration/regression/key_discovery_test.rb b/test/integration/regression/key_discovery_test.rb
new file mode 100644
index 0000000..2a38a78
--- /dev/null
+++ b/test/integration/regression/key_discovery_test.rb
@@ -0,0 +1,23 @@
+require 'test_helper'
+
+# This is not really a browser test - key discovery is used from bitmask.
+# However we need to make sure to test the full rack stack to replicate
+# exception handling.
+class KeyDiscoveryTest < RackStackTest
+  include Capybara::DSL
+
+  setup do
+    # make sure we test the whole stack...
+    Capybara.current_driver = Capybara.javascript_driver
+  end
+
+  teardown do
+    # Revert Capybara.current_driver to Capybara.default_driver
+    Capybara.use_default_driver
+  end
+
+  def test_404_on_non_existing_user
+    visit '/key/asjkholifweatg'
+    assert_equal 404, status_code
+  end
+end
diff --git a/test/integration/regression/provider_info_test.rb b/test/integration/regression/provider_info_test.rb
new file mode 100644
index 0000000..2aaf6f6
--- /dev/null
+++ b/test/integration/regression/provider_info_test.rb
@@ -0,0 +1,20 @@
+require 'test_helper'
+
+class ProviderInfoTest < BrowserIntegrationTest
+
+  def test_404_on_missing_page
+    visit '/about'
+    assert_equal 404, status_code
+  end
+
+  def test_404_on_missing_language_page
+    visit '/de/about'
+    assert_equal 404, status_code
+  end
+
+  def test_404_en_fallback
+    visit '/de/bye'
+    assert_equal 200, status_code
+  end
+
+end
diff --git a/test/integration/routes/no_route_test.rb b/test/integration/routes/no_route_test.rb
new file mode 100644
index 0000000..a570f85
--- /dev/null
+++ b/test/integration/routes/no_route_test.rb
@@ -0,0 +1,17 @@
+require 'test_helper'
+
+class NoRouteTest < ActionDispatch::IntegrationTest
+
+  def test_path_with_dot
+    assert_no_route '.viminfo'
+  end
+
+  def assert_no_route(path, options = {})
+    options[:method] ||= :get
+    path = "/#{path}" unless path.first == "/"
+    params = @routes.recognize_path(path, method: :get)
+    flunk "Expected no route to '#{path}' but found: #{params.inspect}"
+  rescue ActionController::RoutingError
+    pass
+  end
+end
diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb
index 1f5e3d2..c0fef0a 100644
--- a/test/support/browser_integration_test.rb
+++ b/test/support/browser_integration_test.rb
@@ -1,33 +1,18 @@
+require_relative 'rack_stack_test'
+
 #
 # BrowserIntegrationTest
 #
 # Use this class for capybara based integration tests for the ui.
 #
-require 'capybara/rails'
 
-class BrowserIntegrationTest < ActionDispatch::IntegrationTest
+class BrowserIntegrationTest < RackStackTest
   # let's use dom_id inorder to identify sections
   include ActionView::RecordIdentifier
 
   CONFIG_RU = (Rails.root + 'config.ru').to_s
   OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
 
-  require 'capybara/poltergeist'
-
-  Capybara.register_driver :rack_test do |app|
-    Capybara::RackTest::Driver.new(app)
-  end
-
-  Capybara.register_driver :poltergeist do |app|
-    Capybara::Poltergeist::Driver.new(app)
-  end
-
-  # this is integration testing. So let's make the whole
-  # rack stack available...
-  Capybara.app = OUTER_APP
-  Capybara.run_server = true
-  Capybara.app_host = 'http://lvh.me:3003'
-  Capybara.server_port = 3003
   Capybara.javascript_driver = :poltergeist
   Capybara.default_max_wait_time = 5
 
diff --git a/test/support/rack_stack_test.rb b/test/support/rack_stack_test.rb
new file mode 100644
index 0000000..eb49d1e
--- /dev/null
+++ b/test/support/rack_stack_test.rb
@@ -0,0 +1,32 @@
+require 'capybara/rails'
+#
+# RackStackTest
+#
+# Tests that will use the entire rack stack from capybara.
+#
+class RackStackTest < ActionDispatch::IntegrationTest
+
+  CONFIG_RU = (Rails.root + 'config.ru').to_s
+  OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first
+
+  # this is integration testing. So let's make the whole
+  # rack stack available...
+  Capybara.app = OUTER_APP
+  Capybara.run_server = true
+  Capybara.app_host = 'http://lvh.me:3003'
+  Capybara.server_port = 3003
+
+  # WARNING: this creates an error in the test as soon as there
+  # is an error in rails. Use the javascript driver for testing
+  # error rendering
+  Capybara.register_driver :rack_test do |app|
+    Capybara::RackTest::Driver.new(app)
+  end
+
+  require 'capybara/poltergeist'
+
+  Capybara.register_driver :poltergeist do |app|
+    Capybara::Poltergeist::Driver.new(app)
+  end
+
+end
diff --git a/test/unit/account_test.rb b/test/unit/account_test.rb
index d56541a..058e196 100644
--- a/test/unit/account_test.rb
+++ b/test/unit/account_test.rb
@@ -26,6 +26,7 @@ class AccountTest < ActiveSupport::TestCase
       user = Account.create(FactoryGirl.attributes_for(:user))
       assert !user.valid?, "user should not be valid"
       assert !user.persisted?, "user should not have been saved"
+      assert_has_errors user, invite_code: "This is not a valid code"
     end
   end
 
@@ -47,6 +48,25 @@ class AccountTest < ActiveSupport::TestCase
     end
   end
 
+  test "error on reused username" do
+    with_config invite_required: false do
+      attributes = FactoryGirl.attributes_for :user
+      user = Account.create attributes
+      dup = Account.create attributes
+      assert !dup.valid?
+      assert_has_errors dup, login: "has already been taken"
+      user.account.destroy
+    end
+  end
+
+  test "error on invalid username" do
+    with_config invite_required: false do
+      attributes = FactoryGirl.attributes_for :user, login: "a"
+      user = Account.create attributes
+      assert !user.valid?
+      assert_has_errors user, login: "Must have at least two characters"
+    end
+  end
 
   test "create and remove a user account" do
     # We keep an identity that will block the handle from being reused.
@@ -76,6 +96,42 @@ class AccountTest < ActiveSupport::TestCase
     user.account.destroy
   end
 
+  test "create recovery code if it does not exist" do
+    user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
+    user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123")
+    user.reload
+
+    assert_equal "abc", user.recovery_code_verifier
+    assert_equal "123", user.recovery_code_salt
+
+    user.account.destroy
+  end
+
+  test "update recovery code that already exists" do
+    user = Account.create(FactoryGirl.attributes_for(:user,
+      :invite_code => @testcode.invite_code,
+      :recovery_code_verifier => "000",
+      :recovery_code_salt => "111"))
+
+    user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123")
+    user.reload
+
+    assert_equal "abc", user.recovery_code_verifier
+    assert_equal "123", user.recovery_code_salt
+
+    user.account.destroy
+  end
+
+  test "update password" do
+    user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
+    user.account.update(:password_verifier => "551A8B", :password_salt => "551A8B")
+
+    assert_equal "551A8B", user.password_verifier
+    assert_equal "551A8B", user.password_salt
+
+    user.account.destroy
+  end
+
   test "Invite code count goes up by 1 when the invite code is entered" do
     with_config invite_required: true do
       user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
@@ -110,4 +166,32 @@ class AccountTest < ActiveSupport::TestCase
     user.account.enable
     assert_equal(cert.fingerprint, Identity.for(user).cert_fingerprints.keys.first)
   end
+
+  # Pixelated relies on the ability to test invite codes without sending a
+  # username and password yet.
+  # So we better make sure we return the appropriate errors
+  test "errors trying to create account with invite only" do
+    with_config invite_required: true do
+      user = Account.create invite_code: @testcode.invite_code
+      assert user.errors[:invite_code].blank?
+    end
+  end
+
+  test "errors trying to create account with invalid invite only" do
+    with_config invite_required: true do
+      user = Account.create invite_code: "wrong_invite_code"
+      assert_has_errors user, invite_code: "This is not a valid code"
+    end
+  end
+
+  # Tests for the presence of the errors given.
+  # Does not test for the absence of other errors - so there may be more.
+  def assert_has_errors(record, errors)
+    errors.each do |field, field_errors|
+      Array(field_errors).each do |error|
+        assert_includes record.errors[field], error
+      end
+    end
+  end
+
 end
diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb
index e9173af..6836487 100644
--- a/test/unit/identity_test.rb
+++ b/test/unit/identity_test.rb
@@ -122,8 +122,8 @@ class IdentityTest < ActiveSupport::TestCase
     @id = Identity.for(@user)
     @id.orphan!
     assert_equal @user.email_address, @id.address
-    assert_equal nil, @id.destination
-    assert_equal nil, @id.user
+    assert_nil @id.destination
+    assert_nil @id.user
     assert @id.orphaned?
     assert @id.valid?
   end
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 02e94df..ab7add0 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -28,6 +28,16 @@ class UserTest < ActiveSupport::TestCase
     assert !@user.valid?
   end
 
+  test "validates hex for recovery_code_verifier" do
+    @user.recovery_code_verifier = "1234567abcdef"
+    assert @user.valid?
+  end
+
+  test "validates recovery_code_verifier with non hex chars" do
+    @user.recovery_code_verifier = "gkpq"
+    assert !@user.valid?
+  end
+
   test "test require alphanumerical for login" do
     @user.login = "qw#r"
     assert !@user.valid?
@@ -73,7 +83,8 @@ class UserTest < ActiveSupport::TestCase
 
   test "user to hash includes id, login, valid and enabled" do
     hash = @user.to_hash
-    assert_equal @user.id, hash[:id]
+    assert_nil @user.id
+    assert_nil hash[:id]
     assert_equal @user.valid?, hash[:ok]
     assert_equal @user.login, hash[:login]
     assert_equal @user.enabled?, hash[:enabled]