diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/factories.rb | 4 | ||||
-rw-r--r-- | test/functional/token_auth_test.rb | 40 | ||||
-rw-r--r-- | test/functional/v1/identities_controller_test.rb | 24 | ||||
-rw-r--r-- | test/functional/v1/users_controller_test.rb | 52 | ||||
-rw-r--r-- | test/integration/api/signup_test.rb | 4 | ||||
-rw-r--r-- | test/integration/api/tmp_user_test.rb | 2 | ||||
-rw-r--r-- | test/integration/api/token_test.rb | 3 | ||||
-rw-r--r-- | test/support/auth_test_helper.rb | 15 | ||||
-rw-r--r-- | test/unit/api_token_test.rb | 28 | ||||
-rw-r--r-- | test/unit/tmp_user_test.rb | 4 |
10 files changed, 169 insertions, 7 deletions
diff --git a/test/factories.rb b/test/factories.rb index b6e1475..5d49729 100644 --- a/test/factories.rb +++ b/test/factories.rb @@ -26,6 +26,10 @@ FactoryGirl.define do end end + factory :test_user do + login {"test_user_" + Faker::Internet.user_name + '_' + SecureRandom.hex(4)} + end + factory :premium_user do effective_service_level_code 2 end diff --git a/test/functional/token_auth_test.rb b/test/functional/token_auth_test.rb new file mode 100644 index 0000000..53d5fb3 --- /dev/null +++ b/test/functional/token_auth_test.rb @@ -0,0 +1,40 @@ +# +# tests for authenticating an admin or monitor user +# via static configured tokens. +# + +require_relative '../test_helper' + +class TokenAuthTest < ActionController::TestCase + tests V1::ConfigsController + + def test_login_via_api_token + with_config(:allow_anonymous_certs => false) do + monitor_auth do + get :index + assert assigns(:token), 'should have authenticated via api token' + assert assigns(:token).is_a? ApiToken + assert @controller.send(:current_user).is_a? ApiMonitorUser + end + end + end + + def test_fail_api_auth_when_ip_not_allowed + with_config(:allow_anonymous_certs => false) do + allowed = "99.99.99.99" + new_config = {api_tokens: APP_CONFIG["api_tokens"].merge(allowed_ips: [allowed])} + with_config(new_config) do + monitor_auth do + request.env['REMOTE_ADDR'] = "1.1.1.1" + get :index + assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" + request.env['REMOTE_ADDR'] = allowed + get :index + assert assigns(:token), "should have authenticated via api token" + end + end + end + end + +end + diff --git a/test/functional/v1/identities_controller_test.rb b/test/functional/v1/identities_controller_test.rb new file mode 100644 index 0000000..6410c44 --- /dev/null +++ b/test/functional/v1/identities_controller_test.rb @@ -0,0 +1,24 @@ +require_relative '../../test_helper' + +class V1::IdentitiesControllerTest < ActionController::TestCase + + test "api monitor can fetch identity" do + monitor_auth do + identity = FactoryGirl.create :identity + get :show, :id => identity.address, :format => 'json' + assert_response :success + assert_equal identity, assigns(:identity) + + get :show, :id => "blahblahblah", :format => 'json' + assert_response :not_found + end + end + + + test "anonymous cannot fetch identity" do + identity = FactoryGirl.create :identity + get :show, :id => identity.address, :format => 'json' + assert_response :forbidden + end + +end diff --git a/test/functional/v1/users_controller_test.rb b/test/functional/v1/users_controller_test.rb index ffe2484..7afbb02 100644 --- a/test/functional/v1/users_controller_test.rb +++ b/test/functional/v1/users_controller_test.rb @@ -1,4 +1,4 @@ -require 'test_helper' +require_relative '../../test_helper' class V1::UsersControllerTest < ActionController::TestCase @@ -81,4 +81,54 @@ class V1::UsersControllerTest < ActionController::TestCase end end + test "admin can show user" do + user = FactoryGirl.create :user + login :is_admin? => true + get :show, :id => 0, :login => user.login, :format => :json + assert_response :success + assert_json_response user + get :show, :id => user.id, :format => :json + assert_response :success + assert_json_response user + get :show, :id => "0", :format => :json + assert_response :not_found + end + + test "normal users cannot show user" do + user = find_record :user + login + get :show, :id => 0, :login => user.login, :format => :json + assert_access_denied + end + + test "api monitor auth can create and destroy test users" do + with_config(allow_registration: false) do + monitor_auth do + user_attribs = record_attributes_for :test_user + post :create, :user => user_attribs, :format => :json + assert_response :success + delete :destroy, :id => assigns(:user).id, :format => :json + assert_response :success + end + end + end + + test "api monitor auth cannot create normal users" do + monitor_auth do + user_attribs = record_attributes_for :user + post :create, :user => user_attribs, :format => :json + assert_response :forbidden + end + end + + test "api monitor auth cannot delete normal users" do + post :create, :user => record_attributes_for(:user), :format => :json + assert_response :success + normal_user_id = assigns(:user).id + monitor_auth do + delete :destroy, :id => normal_user_id, :format => :json + assert_response :forbidden + end + end + end diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb index 236c547..7216496 100644 --- a/test/integration/api/signup_test.rb +++ b/test/integration/api/signup_test.rb @@ -1,4 +1,4 @@ -require 'test_helper' +require_relative '../../test_helper' require_relative 'srp_test' class SignupTest < SrpTest @@ -8,7 +8,7 @@ class SignupTest < SrpTest end test "signup response" do - assert_json_response :login => @login, :ok => true + assert_json_response :login => @login, :ok => true, :id => @user.id, :enabled => true assert last_response.successful? end diff --git a/test/integration/api/tmp_user_test.rb b/test/integration/api/tmp_user_test.rb index 4c1e659..bf5f99d 100644 --- a/test/integration/api/tmp_user_test.rb +++ b/test/integration/api/tmp_user_test.rb @@ -4,7 +4,7 @@ require_relative 'srp_test' class TmpUserTest < SrpTest setup do - register_user('test_user_'+SecureRandom.hex(5)) + register_user('tmp_user_'+SecureRandom.hex(5)) end test "login with srp" do diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb index ad3ac22..dafbfb7 100644 --- a/test/integration/api/token_test.rb +++ b/test/integration/api/token_test.rb @@ -1,4 +1,4 @@ -require 'test_helper' +require_relative '../../test_helper' require_relative 'srp_test' class TokenTest < SrpTest @@ -12,4 +12,5 @@ class TokenTest < SrpTest token = server_auth['token'] assert Token.find(Digest::SHA512.hexdigest(token)) end + end diff --git a/test/support/auth_test_helper.rb b/test/support/auth_test_helper.rb index 7af3341..acc6076 100644 --- a/test/support/auth_test_helper.rb +++ b/test/support/auth_test_helper.rb @@ -29,6 +29,21 @@ module AuthTestHelper @token.expects(:destroy) if @token end + # authenticate as the api monitor + def monitor_auth(&block) + token_auth(APP_CONFIG['api_tokens']['monitor'], &block) + end + + # authenticate with a token + def token_auth(token_str) + original = request.env['HTTP_AUTHORIZATION'] + request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Token.encode_credentials(token_str) + if block_given? + yield + request.env['HTTP_AUTHORIZATION'] = original + end + end + protected def header_for_token_auth diff --git a/test/unit/api_token_test.rb b/test/unit/api_token_test.rb new file mode 100644 index 0000000..266a370 --- /dev/null +++ b/test/unit/api_token_test.rb @@ -0,0 +1,28 @@ +require_relative '../test_helper' + +class ApiTokenTest < ActiveSupport::TestCase + + setup do + end + + test "api token only authenticates ApiUser" do + token_string = APP_CONFIG['api_tokens']['monitor'] + assert !token_string.nil?, 'monitor token should be configured' + assert !token_string.empty? + token = ApiToken.find_by_token(token_string) + user = token.authenticate + assert user, 'api token should authenticate' + assert user.is_a?(ApiUser), 'api token should return api user' + assert user.is_monitor?, 'api monitor token should return monitor user' + assert !user.is_admin?, 'api monitor token should not return admin user' + end + + test "invalid api tokens can't authenticate" do + assert_nil ApiToken.find_by_token("not a token") + with_config({"api_tokens" => {"test" => ""}}) do + assert_equal "", APP_CONFIG['api_tokens']['test'] + assert_nil ApiToken.find_by_token("") + end + end + +end
\ No newline at end of file diff --git a/test/unit/tmp_user_test.rb b/test/unit/tmp_user_test.rb index 9494377..1dea5f9 100644 --- a/test/unit/tmp_user_test.rb +++ b/test/unit/tmp_user_test.rb @@ -6,7 +6,7 @@ class TmpUserTest < ActiveSupport::TestCase InviteCodeValidator.any_instance.stubs(:validate) end - test "test_user saved to tmp_users" do + test "tmp_user saved to tmp_users" do begin assert User.ancestors.include?(TemporaryUser) @@ -17,7 +17,7 @@ class TmpUserTest < ActiveSupport::TestCase end assert_difference('User.tmp_database.info["doc_count"]') do - tmp_user = User.create!(:login => 'test_user_'+SecureRandom.hex(5).downcase, + tmp_user = User.create!(:login => 'tmp_user_'+SecureRandom.hex(5).downcase, :password_verifier => 'ABCDEF0010101', :password_salt => 'ABCDEF') assert tmp_user.database.to_s.include?('tmp') end |