summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/functional/test_helpers_test.rb2
-rw-r--r--test/functional/v1/certs_controller_test.rb20
-rw-r--r--test/functional/v1/sessions_controller_test.rb2
-rw-r--r--test/functional/v1/smtp_certs_controller_test.rb36
-rw-r--r--test/integration/api/cert_test.rb30
-rw-r--r--test/integration/api/smtp_cert_test.rb52
-rw-r--r--test/integration/api/token_test.rb15
-rw-r--r--test/integration/browser/account_test.rb16
-rw-r--r--test/integration/browser/session_test.rb2
-rw-r--r--test/support/api_integration_test.rb26
-rw-r--r--test/support/assert_responses.rb30
-rw-r--r--test/support/auth_test_helper.rb9
-rw-r--r--test/support/browser_integration_test.rb1
-rw-r--r--test/test_helper.rb2
-rw-r--r--test/unit/identity_test.rb21
-rw-r--r--test/unit/token_test.rb23
-rw-r--r--test/unit/user_test.rb7
17 files changed, 263 insertions, 31 deletions
diff --git a/test/functional/test_helpers_test.rb b/test/functional/test_helpers_test.rb
index 845e516..ca85482 100644
--- a/test/functional/test_helpers_test.rb
+++ b/test/functional/test_helpers_test.rb
@@ -27,7 +27,7 @@ class TestHelpersTest < ActionController::TestCase
def test_login_adds_token_header
login
token_present = @controller.authenticate_with_http_token do |token, options|
- assert_equal @token.id, token
+ assert_equal @token.to_s, token
end
# authenticate_with_http_token just returns nil and does not
# execute the block if there is no token. So we have to also
diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb
index fb8e9c4..ec34b01 100644
--- a/test/functional/v1/certs_controller_test.rb
+++ b/test/functional/v1/certs_controller_test.rb
@@ -2,26 +2,34 @@ require 'test_helper'
class V1::CertsControllerTest < ActionController::TestCase
- test "send unlimited cert without login" do
+ test "create unlimited cert without login" do
with_config allow_anonymous_certs: true do
cert = expect_cert('UNLIMITED')
- get :show
+ post :create
assert_response :success
assert_equal cert.to_s, @response.body
end
end
- test "send limited cert" do
+ test "create limited cert" do
with_config allow_limited_certs: true do
login
cert = expect_cert('LIMITED')
- get :show
+ post :create
assert_response :success
assert_equal cert.to_s, @response.body
end
end
- test "send unlimited cert" do
+ test "create unlimited cert" do
+ login effective_service_level: ServiceLevel.new(id: 2)
+ cert = expect_cert('UNLIMITED')
+ post :create
+ assert_response :success
+ assert_equal cert.to_s, @response.body
+ end
+
+ test "GET still works as an alias" do
login effective_service_level: ServiceLevel.new(id: 2)
cert = expect_cert('UNLIMITED')
get :show
@@ -30,7 +38,7 @@ class V1::CertsControllerTest < ActionController::TestCase
end
test "redirect if no eip service offered" do
- get :show
+ post :create
assert_response :redirect
end
diff --git a/test/functional/v1/sessions_controller_test.rb b/test/functional/v1/sessions_controller_test.rb
index df0d681..8bb6acd 100644
--- a/test/functional/v1/sessions_controller_test.rb
+++ b/test/functional/v1/sessions_controller_test.rb
@@ -48,7 +48,7 @@ class V1::SessionsControllerTest < ActionController::TestCase
assert_response :success
assert json_response.keys.include?("id")
assert json_response.keys.include?("token")
- assert token = Token.find(json_response['token'])
+ assert token = Token.find_by_token(json_response['token'])
assert_equal @user.id, token.user_id
end
diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb
new file mode 100644
index 0000000..9281ae6
--- /dev/null
+++ b/test/functional/v1/smtp_certs_controller_test.rb
@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class V1::SmtpCertsControllerTest < ActionController::TestCase
+
+ test "no smtp cert without login" do
+ with_config allow_anonymous_certs: true do
+ post :create
+ assert_login_required
+ end
+ end
+
+ test "require service level with email" do
+ login
+ post :create
+ assert_access_denied
+ end
+
+ test "send cert with username" do
+ login effective_service_level: ServiceLevel.new(id: 2)
+ cert = expect_cert(@current_user.email_address)
+ cert.expects(:fingerprint).returns('fingerprint')
+ post :create
+ assert_response :success
+ assert_equal cert.to_s, @response.body
+ end
+
+ protected
+
+ def expect_cert(prefix)
+ cert = stub :to_s => "#{prefix.downcase} cert"
+ ClientCertificate.expects(:new).
+ with(:prefix => prefix).
+ returns(cert)
+ return cert
+ end
+end
diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb
new file mode 100644
index 0000000..74d439a
--- /dev/null
+++ b/test/integration/api/cert_test.rb
@@ -0,0 +1,30 @@
+require 'test_helper'
+
+class CertTest < ApiIntegrationTest
+
+ test "retrieve eip cert" do
+ login
+ get '/1/cert', {}, RACK_ENV
+ assert_text_response
+ assert_response_includes "BEGIN RSA PRIVATE KEY"
+ assert_response_includes "END RSA PRIVATE KEY"
+ assert_response_includes "BEGIN CERTIFICATE"
+ assert_response_includes "END CERTIFICATE"
+ end
+
+ test "fetching certs requires login by default" do
+ get '/1/cert', {}, RACK_ENV
+ assert_json_response error: I18n.t(:not_authorized)
+ end
+
+ test "retrieve anonymous eip cert" do
+ with_config allow_anonymous_certs: true do
+ get '/1/cert', {}, RACK_ENV
+ assert_text_response
+ assert_response_includes "BEGIN RSA PRIVATE KEY"
+ assert_response_includes "END RSA PRIVATE KEY"
+ assert_response_includes "BEGIN CERTIFICATE"
+ assert_response_includes "END CERTIFICATE"
+ end
+ end
+end
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
new file mode 100644
index 0000000..f72362d
--- /dev/null
+++ b/test/integration/api/smtp_cert_test.rb
@@ -0,0 +1,52 @@
+require 'test_helper'
+require 'openssl'
+
+class SmtpCertTest < ApiIntegrationTest
+
+ test "retrieve smtp cert" do
+ @user = FactoryGirl.create :user, effective_service_level_code: 2
+ login
+ post '/1/smtp_cert', {}, RACK_ENV
+ assert_text_response
+ assert_response_includes "BEGIN RSA PRIVATE KEY"
+ assert_response_includes "END RSA PRIVATE KEY"
+ assert_response_includes "BEGIN CERTIFICATE"
+ assert_response_includes "END CERTIFICATE"
+ end
+
+ test "cert and key" do
+ @user = FactoryGirl.create :user, effective_service_level_code: 2
+ login
+ post '/1/smtp_cert', {}, RACK_ENV
+ assert_text_response
+ cert = OpenSSL::X509::Certificate.new(get_response.body)
+ key = OpenSSL::PKey::RSA.new(get_response.body)
+ assert cert.check_private_key(key)
+ prefix = "/CN=#{@user.email_address}"
+ assert_equal prefix, cert.subject.to_s.slice(0,prefix.size)
+ end
+
+ test "fingerprint is stored with identity" do
+ @user = FactoryGirl.create :user, effective_service_level_code: 2
+ login
+ post '/1/smtp_cert', {}, RACK_ENV
+ assert_text_response
+ cert = OpenSSL::X509::Certificate.new(get_response.body)
+ fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
+ today = DateTime.now.to_date.to_s
+ assert_equal({fingerprint => today}, @user.reload.identity.cert_fingerprints)
+ end
+
+ test "fetching smtp certs requires email account" do
+ login
+ post '/1/smtp_cert', {}, RACK_ENV
+ assert_json_response error: I18n.t(:not_authorized)
+ end
+
+ test "no anonymous smtp certs" do
+ with_config allow_anonymous_certs: true do
+ post '/1/smtp_cert', {}, RACK_ENV
+ assert_json_response error: I18n.t(:not_authorized)
+ end
+ end
+end
diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb
new file mode 100644
index 0000000..ad3ac22
--- /dev/null
+++ b/test/integration/api/token_test.rb
@@ -0,0 +1,15 @@
+require 'test_helper'
+require_relative 'srp_test'
+
+class TokenTest < SrpTest
+
+ setup do
+ register_user
+ end
+
+ test "stores token SHA512 encoded" do
+ authenticate
+ token = server_auth['token']
+ assert Token.find(Digest::SHA512.hexdigest(token))
+ end
+end
diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb
index 491a9e1..aea5406 100644
--- a/test/integration/browser/account_test.rb
+++ b/test/integration/browser/account_test.rb
@@ -9,7 +9,7 @@ class AccountTest < BrowserIntegrationTest
test "signup successfully" do
username, password = submit_signup
assert page.has_content?("Welcome #{username}")
- click_on 'Logout'
+ click_on 'Log Out'
assert page.has_content?("Log In")
assert_equal '/', current_path
assert user = User.find_by_login(username)
@@ -22,9 +22,15 @@ class AccountTest < BrowserIntegrationTest
assert page.has_content?("Welcome #{username}")
end
+ test "signup with reserved username" do
+ username = 'certmaster'
+ submit_signup username
+ assert page.has_content?("is reserved.")
+ end
+
test "successful login" do
username, password = submit_signup
- click_on 'Logout'
+ click_on 'Log Out'
attempt_login(username, password)
assert page.has_content?("Welcome #{username}")
within('.sidenav li.active') do
@@ -44,6 +50,7 @@ class AccountTest < BrowserIntegrationTest
click_on I18n.t('account_settings')
click_on I18n.t('destroy_my_account')
assert page.has_content?(I18n.t('account_destroyed'))
+ assert_equal 1, Identity.by_address.key("#{username}@test.me").count
attempt_login(username, password)
assert_invalid_login(page)
end
@@ -83,7 +90,7 @@ class AccountTest < BrowserIntegrationTest
fill_in 'Password confirmation', with: "other password"
click_on 'Save'
end
- click_on 'Logout'
+ click_on 'Log Out'
attempt_login(@user.login, "other password")
assert page.has_content?("Welcome #{@user.login}")
end
@@ -102,7 +109,8 @@ class AccountTest < BrowserIntegrationTest
# at some point we're done:
page.assert_no_selector 'input[value="Saving..."]'
assert page.has_field? 'Public key', with: pgp_key.to_s
- assert_equal pgp_key, @user.reload.public_key
+ @user.reload
+ assert_equal pgp_key, @user.public_key
end
end
diff --git a/test/integration/browser/session_test.rb b/test/integration/browser/session_test.rb
index fb20847..d52508a 100644
--- a/test/integration/browser/session_test.rb
+++ b/test/integration/browser/session_test.rb
@@ -4,7 +4,7 @@ class SessionTest < BrowserIntegrationTest
test "valid session" do
login
- assert page.has_content?("Logout")
+ assert page.has_content?("Log Out")
end
test "expired session" do
diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb
new file mode 100644
index 0000000..bd10f11
--- /dev/null
+++ b/test/support/api_integration_test.rb
@@ -0,0 +1,26 @@
+class ApiIntegrationTest < ActionDispatch::IntegrationTest
+
+ DUMMY_TOKEN = Token.new
+ RACK_ENV = {'HTTP_AUTHORIZATION' => %Q(Token token="#{DUMMY_TOKEN.to_s}")}
+
+ def login(user = nil)
+ @user ||= user ||= FactoryGirl.create(:user)
+ # DUMMY_TOKEN will be frozen. So let's use a dup
+ @token ||= DUMMY_TOKEN.dup
+ # make sure @token is up to date if it already exists
+ @token.reload if @token.persisted?
+ @token.user_id = @user.id
+ @token.last_seen_at = Time.now
+ @token.save
+ end
+
+ teardown do
+ if @user && @user.persisted?
+ Identity.destroy_all_for @user
+ @user.reload.destroy
+ end
+ if @token && @token.persisted?
+ @token.reload.destroy
+ end
+ end
+end
diff --git a/test/support/assert_responses.rb b/test/support/assert_responses.rb
index b01166f..19c2768 100644
--- a/test/support/assert_responses.rb
+++ b/test/support/assert_responses.rb
@@ -8,21 +8,27 @@ module AssertResponses
@response || last_response
end
- def assert_attachement_filename(name)
- assert_equal %Q(attachment; filename="#{name}"),
- get_response.headers["Content-Disposition"]
+ def content_type
+ get_response.content_type.to_s.split(';').first
end
def json_response
+ return nil unless content_type == 'application/json'
response = JSON.parse(get_response.body)
response.respond_to?(:with_indifferent_access) ?
response.with_indifferent_access :
response
end
+ def assert_text_response(body = nil)
+ assert_equal 'text/plain', content_type
+ unless body.nil?
+ assert_equal body, get_response.body
+ end
+ end
+
def assert_json_response(object)
- assert_equal 'application/json',
- get_response.content_type.to_s.split(';').first
+ assert_equal 'application/json', content_type
if object.is_a? Hash
object.stringify_keys! if object.respond_to? :stringify_keys!
assert_equal object, json_response
@@ -35,6 +41,20 @@ module AssertResponses
object.stringify_keys! if object.respond_to? :stringify_keys!
assert_json_response :errors => object
end
+
+ # checks for the presence of a key in a json response
+ # or a string in a text response
+ def assert_response_includes(string_or_key)
+ response = json_response || get_response.body
+ assert response.include?(string_or_key),
+ "response should have included #{string_or_key}"
+ end
+
+ def assert_attachement_filename(name)
+ assert_equal %Q(attachment; filename="#{name}"),
+ get_response.headers["Content-Disposition"]
+ end
+
end
class ::ActionController::TestCase
diff --git a/test/support/auth_test_helper.rb b/test/support/auth_test_helper.rb
index 57f9f9b..38c2ea1 100644
--- a/test/support/auth_test_helper.rb
+++ b/test/support/auth_test_helper.rb
@@ -19,6 +19,10 @@ module AuthTestHelper
return @current_user
end
+ def assert_login_required
+ assert_access_denied(true, false)
+ end
+
def assert_access_denied(denied = true, logged_in = true)
if denied
if @response.content_type == 'application/json'
@@ -46,8 +50,9 @@ module AuthTestHelper
protected
def header_for_token_auth
- @token = find_record(:token, :authenticate => @current_user)
- ActionController::HttpAuthentication::Token.encode_credentials @token.id
+ @token = stub_record(:token, :authenticate => @current_user)
+ Token.stubs(:find_by_token).with(@token.token).returns(@token)
+ ActionController::HttpAuthentication::Token.encode_credentials @token.token
end
def expect_warden_logout
diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb
index 1c872ff..4fec59f 100644
--- a/test/support/browser_integration_test.rb
+++ b/test/support/browser_integration_test.rb
@@ -54,6 +54,7 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest
end
# currently this only works for tests with poltergeist.
+ # ApiIntegrationTest has a working implementation for RackTest
def login(user = nil)
@user ||= user ||= FactoryGirl.create(:user)
token = Token.create user_id: user.id
diff --git a/test/test_helper.rb b/test/test_helper.rb
index d001ac7..7959ddb 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -27,4 +27,6 @@ class ActiveSupport::TestCase
File.join(Rails.root, 'test', 'files', name)
end
+ require 'i18n/missing_translations'
+ at_exit { I18n.missing_translations.dump }
end
diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb
index eca104f..49b2075 100644
--- a/test/unit/identity_test.rb
+++ b/test/unit/identity_test.rb
@@ -7,6 +7,22 @@ class IdentityTest < ActiveSupport::TestCase
@user = find_record :user
end
+ test "blank identity does not crash on valid?" do
+ id = Identity.new
+ assert !id.valid?
+ end
+
+ test "enabled identity requires destination" do
+ id = Identity.new user: @user, address: @user.email_address
+ assert !id.valid?
+ assert_equal ["can't be blank"], id.errors[:destination]
+ end
+
+ test "disabled identity requires no destination" do
+ id = Identity.new address: @user.email_address
+ assert id.valid?
+ end
+
test "initial identity for a user" do
id = Identity.for(@user)
assert_equal @user.email_address, id.address
@@ -39,7 +55,7 @@ class IdentityTest < ActiveSupport::TestCase
id = Identity.create_for @user, address: alias_name, destination: forward_address
dup = Identity.build_for @user, address: alias_name, destination: forward_address
assert !dup.valid?
- assert_equal ["This alias already exists"], dup.errors[:base]
+ assert_equal ["has already been taken"], dup.errors[:destination]
id.destroy
end
@@ -48,7 +64,7 @@ class IdentityTest < ActiveSupport::TestCase
id = Identity.create_for @user, address: alias_name, destination: forward_address
taken = Identity.build_for other_user, address: alias_name
assert !taken.valid?
- assert_equal ["This email has already been taken"], taken.errors[:base]
+ assert_equal ["has already been taken"], taken.errors[:address]
id.destroy
end
@@ -107,6 +123,7 @@ class IdentityTest < ActiveSupport::TestCase
other_user = find_record :user
taken = Identity.build_for other_user, address: id.address
assert !taken.valid?
+ assert_equal ["has already been taken"], taken.errors[:address]
Identity.destroy_all_disabled
end
diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb
index a3c6cf6..b143345 100644
--- a/test/unit/token_test.rb
+++ b/test/unit/token_test.rb
@@ -14,17 +14,22 @@ class ClientCertificateTest < ActiveSupport::TestCase
assert_equal @user, sample.authenticate
end
- test "token id is secure" do
+ test "token is secure" do
sample = Token.new(:user_id => @user.id)
other = Token.new(:user_id => @user.id)
- assert sample.id,
- "id is set on initialization"
- assert sample.id[0..10] != other.id[0..10],
- "token id prefixes should not repeat"
- assert /[g-zG-Z]/.match(sample.id),
- "should use non hex chars in the token id"
- assert sample.id.size > 16,
- "token id should be more than 16 chars long"
+ assert sample.token,
+ "token is set on initialization"
+ assert sample.token[0..10] != other.token[0..10],
+ "token prefixes should not repeat"
+ assert /[g-zG-Z]/.match(sample.token),
+ "should use non hex chars in the token"
+ assert sample.token.size > 16,
+ "token should be more than 16 chars long"
+ end
+
+ test "token id is hash of the token" do
+ sample = Token.new(:user_id => @user.id)
+ assert_equal Digest::SHA512.hexdigest(sample.token), sample.id
end
test "token checks for user" do
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index ffbb7d8..b3c831b 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -65,4 +65,11 @@ class UserTest < ActiveSupport::TestCase
assert_equal key, @user.public_key
end
+ #
+ ## Regression tests
+ #
+ test "make sure valid does not crash" do
+ assert !User.new.valid?
+ end
+
end