summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/factories.rb4
-rw-r--r--test/functional/token_auth_test.rb40
-rw-r--r--test/functional/v1/identities_controller_test.rb24
-rw-r--r--test/functional/v1/users_controller_test.rb52
-rw-r--r--test/integration/api/signup_test.rb4
-rw-r--r--test/integration/api/tmp_user_test.rb2
-rw-r--r--test/integration/api/token_test.rb3
-rw-r--r--test/support/auth_test_helper.rb15
-rw-r--r--test/unit/api_token_test.rb28
-rw-r--r--test/unit/tmp_user_test.rb4
10 files changed, 169 insertions, 7 deletions
diff --git a/test/factories.rb b/test/factories.rb
index b6e1475..5d49729 100644
--- a/test/factories.rb
+++ b/test/factories.rb
@@ -26,6 +26,10 @@ FactoryGirl.define do
end
end
+ factory :test_user do
+ login {"test_user_" + Faker::Internet.user_name + '_' + SecureRandom.hex(4)}
+ end
+
factory :premium_user do
effective_service_level_code 2
end
diff --git a/test/functional/token_auth_test.rb b/test/functional/token_auth_test.rb
new file mode 100644
index 0000000..53d5fb3
--- /dev/null
+++ b/test/functional/token_auth_test.rb
@@ -0,0 +1,40 @@
+#
+# tests for authenticating an admin or monitor user
+# via static configured tokens.
+#
+
+require_relative '../test_helper'
+
+class TokenAuthTest < ActionController::TestCase
+ tests V1::ConfigsController
+
+ def test_login_via_api_token
+ with_config(:allow_anonymous_certs => false) do
+ monitor_auth do
+ get :index
+ assert assigns(:token), 'should have authenticated via api token'
+ assert assigns(:token).is_a? ApiToken
+ assert @controller.send(:current_user).is_a? ApiMonitorUser
+ end
+ end
+ end
+
+ def test_fail_api_auth_when_ip_not_allowed
+ with_config(:allow_anonymous_certs => false) do
+ allowed = "99.99.99.99"
+ new_config = {api_tokens: APP_CONFIG["api_tokens"].merge(allowed_ips: [allowed])}
+ with_config(new_config) do
+ monitor_auth do
+ request.env['REMOTE_ADDR'] = "1.1.1.1"
+ get :index
+ assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it"
+ request.env['REMOTE_ADDR'] = allowed
+ get :index
+ assert assigns(:token), "should have authenticated via api token"
+ end
+ end
+ end
+ end
+
+end
+
diff --git a/test/functional/v1/identities_controller_test.rb b/test/functional/v1/identities_controller_test.rb
new file mode 100644
index 0000000..6410c44
--- /dev/null
+++ b/test/functional/v1/identities_controller_test.rb
@@ -0,0 +1,24 @@
+require_relative '../../test_helper'
+
+class V1::IdentitiesControllerTest < ActionController::TestCase
+
+ test "api monitor can fetch identity" do
+ monitor_auth do
+ identity = FactoryGirl.create :identity
+ get :show, :id => identity.address, :format => 'json'
+ assert_response :success
+ assert_equal identity, assigns(:identity)
+
+ get :show, :id => "blahblahblah", :format => 'json'
+ assert_response :not_found
+ end
+ end
+
+
+ test "anonymous cannot fetch identity" do
+ identity = FactoryGirl.create :identity
+ get :show, :id => identity.address, :format => 'json'
+ assert_response :forbidden
+ end
+
+end
diff --git a/test/functional/v1/users_controller_test.rb b/test/functional/v1/users_controller_test.rb
index ffe2484..7afbb02 100644
--- a/test/functional/v1/users_controller_test.rb
+++ b/test/functional/v1/users_controller_test.rb
@@ -1,4 +1,4 @@
-require 'test_helper'
+require_relative '../../test_helper'
class V1::UsersControllerTest < ActionController::TestCase
@@ -81,4 +81,54 @@ class V1::UsersControllerTest < ActionController::TestCase
end
end
+ test "admin can show user" do
+ user = FactoryGirl.create :user
+ login :is_admin? => true
+ get :show, :id => 0, :login => user.login, :format => :json
+ assert_response :success
+ assert_json_response user
+ get :show, :id => user.id, :format => :json
+ assert_response :success
+ assert_json_response user
+ get :show, :id => "0", :format => :json
+ assert_response :not_found
+ end
+
+ test "normal users cannot show user" do
+ user = find_record :user
+ login
+ get :show, :id => 0, :login => user.login, :format => :json
+ assert_access_denied
+ end
+
+ test "api monitor auth can create and destroy test users" do
+ with_config(allow_registration: false) do
+ monitor_auth do
+ user_attribs = record_attributes_for :test_user
+ post :create, :user => user_attribs, :format => :json
+ assert_response :success
+ delete :destroy, :id => assigns(:user).id, :format => :json
+ assert_response :success
+ end
+ end
+ end
+
+ test "api monitor auth cannot create normal users" do
+ monitor_auth do
+ user_attribs = record_attributes_for :user
+ post :create, :user => user_attribs, :format => :json
+ assert_response :forbidden
+ end
+ end
+
+ test "api monitor auth cannot delete normal users" do
+ post :create, :user => record_attributes_for(:user), :format => :json
+ assert_response :success
+ normal_user_id = assigns(:user).id
+ monitor_auth do
+ delete :destroy, :id => normal_user_id, :format => :json
+ assert_response :forbidden
+ end
+ end
+
end
diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb
index 236c547..7216496 100644
--- a/test/integration/api/signup_test.rb
+++ b/test/integration/api/signup_test.rb
@@ -1,4 +1,4 @@
-require 'test_helper'
+require_relative '../../test_helper'
require_relative 'srp_test'
class SignupTest < SrpTest
@@ -8,7 +8,7 @@ class SignupTest < SrpTest
end
test "signup response" do
- assert_json_response :login => @login, :ok => true
+ assert_json_response :login => @login, :ok => true, :id => @user.id, :enabled => true
assert last_response.successful?
end
diff --git a/test/integration/api/tmp_user_test.rb b/test/integration/api/tmp_user_test.rb
index 4c1e659..bf5f99d 100644
--- a/test/integration/api/tmp_user_test.rb
+++ b/test/integration/api/tmp_user_test.rb
@@ -4,7 +4,7 @@ require_relative 'srp_test'
class TmpUserTest < SrpTest
setup do
- register_user('test_user_'+SecureRandom.hex(5))
+ register_user('tmp_user_'+SecureRandom.hex(5))
end
test "login with srp" do
diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb
index ad3ac22..dafbfb7 100644
--- a/test/integration/api/token_test.rb
+++ b/test/integration/api/token_test.rb
@@ -1,4 +1,4 @@
-require 'test_helper'
+require_relative '../../test_helper'
require_relative 'srp_test'
class TokenTest < SrpTest
@@ -12,4 +12,5 @@ class TokenTest < SrpTest
token = server_auth['token']
assert Token.find(Digest::SHA512.hexdigest(token))
end
+
end
diff --git a/test/support/auth_test_helper.rb b/test/support/auth_test_helper.rb
index 7af3341..acc6076 100644
--- a/test/support/auth_test_helper.rb
+++ b/test/support/auth_test_helper.rb
@@ -29,6 +29,21 @@ module AuthTestHelper
@token.expects(:destroy) if @token
end
+ # authenticate as the api monitor
+ def monitor_auth(&block)
+ token_auth(APP_CONFIG['api_tokens']['monitor'], &block)
+ end
+
+ # authenticate with a token
+ def token_auth(token_str)
+ original = request.env['HTTP_AUTHORIZATION']
+ request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Token.encode_credentials(token_str)
+ if block_given?
+ yield
+ request.env['HTTP_AUTHORIZATION'] = original
+ end
+ end
+
protected
def header_for_token_auth
diff --git a/test/unit/api_token_test.rb b/test/unit/api_token_test.rb
new file mode 100644
index 0000000..266a370
--- /dev/null
+++ b/test/unit/api_token_test.rb
@@ -0,0 +1,28 @@
+require_relative '../test_helper'
+
+class ApiTokenTest < ActiveSupport::TestCase
+
+ setup do
+ end
+
+ test "api token only authenticates ApiUser" do
+ token_string = APP_CONFIG['api_tokens']['monitor']
+ assert !token_string.nil?, 'monitor token should be configured'
+ assert !token_string.empty?
+ token = ApiToken.find_by_token(token_string)
+ user = token.authenticate
+ assert user, 'api token should authenticate'
+ assert user.is_a?(ApiUser), 'api token should return api user'
+ assert user.is_monitor?, 'api monitor token should return monitor user'
+ assert !user.is_admin?, 'api monitor token should not return admin user'
+ end
+
+ test "invalid api tokens can't authenticate" do
+ assert_nil ApiToken.find_by_token("not a token")
+ with_config({"api_tokens" => {"test" => ""}}) do
+ assert_equal "", APP_CONFIG['api_tokens']['test']
+ assert_nil ApiToken.find_by_token("")
+ end
+ end
+
+end \ No newline at end of file
diff --git a/test/unit/tmp_user_test.rb b/test/unit/tmp_user_test.rb
index 9494377..1dea5f9 100644
--- a/test/unit/tmp_user_test.rb
+++ b/test/unit/tmp_user_test.rb
@@ -6,7 +6,7 @@ class TmpUserTest < ActiveSupport::TestCase
InviteCodeValidator.any_instance.stubs(:validate)
end
- test "test_user saved to tmp_users" do
+ test "tmp_user saved to tmp_users" do
begin
assert User.ancestors.include?(TemporaryUser)
@@ -17,7 +17,7 @@ class TmpUserTest < ActiveSupport::TestCase
end
assert_difference('User.tmp_database.info["doc_count"]') do
- tmp_user = User.create!(:login => 'test_user_'+SecureRandom.hex(5).downcase,
+ tmp_user = User.create!(:login => 'tmp_user_'+SecureRandom.hex(5).downcase,
:password_verifier => 'ABCDEF0010101', :password_salt => 'ABCDEF')
assert tmp_user.database.to_s.include?('tmp')
end