diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/functional/api/certs_controller_test.rb | 6 | ||||
| -rw-r--r-- | test/functional/api/sessions_controller_test.rb | 3 | ||||
| -rw-r--r-- | test/integration/api/smtp_cert_test.rb | 12 | ||||
| -rw-r--r-- | test/support/api_controller_test.rb | 2 | ||||
| -rw-r--r-- | test/support/api_integration_test.rb | 14 |
5 files changed, 20 insertions, 17 deletions
diff --git a/test/functional/api/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb index f23b4c8..25ceb8e 100644 --- a/test/functional/api/certs_controller_test.rb +++ b/test/functional/api/certs_controller_test.rb @@ -57,4 +57,10 @@ class Api::CertsControllerTest < ApiControllerTest returns(cert) return cert end + + # overwrite defaults from ApiController because we don't do json here. + def add_api_defaults(args) + add_defaults args, version: '2' + end + end diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb index 03a1ef9..06a3c22 100644 --- a/test/functional/api/sessions_controller_test.rb +++ b/test/functional/api/sessions_controller_test.rb @@ -44,7 +44,8 @@ class Api::SessionsControllerTest < ApiControllerTest api_post :update, :id => @user.login, :client_auth => @client_hex - assert_nil session[:handshake] + assert_nil session[:handshake], + 'session should be cleared to prevent session fixation attacks' assert_response :success assert json_response.keys.include?("id") assert json_response.keys.include?("token") diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 53382c1..3adddfd 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -3,13 +3,8 @@ require 'openssl' class SmtpCertTest < ApiIntegrationTest - setup do - @testcode = InviteCode.new - @testcode.save! - end - test "retrieve smtp cert" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -20,7 +15,7 @@ class SmtpCertTest < ApiIntegrationTest end test "cert and key" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -32,7 +27,7 @@ class SmtpCertTest < ApiIntegrationTest end test "fingerprint is stored with identity" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -46,7 +41,6 @@ class SmtpCertTest < ApiIntegrationTest end test "fetching smtp certs requires email account" do - login post smtp_cert_url, {}, RACK_ENV assert_access_denied diff --git a/test/support/api_controller_test.rb b/test/support/api_controller_test.rb index 06cb46a..97d86fc 100644 --- a/test/support/api_controller_test.rb +++ b/test/support/api_controller_test.rb @@ -17,7 +17,7 @@ class ApiControllerTest < ActionController::TestCase end def add_api_defaults(args) - add_defaults args, version: '2' + add_defaults args, version: '2', format: :json end def add_defaults(args, defaults) diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index cea480c..7942558 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -7,13 +7,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest 2 end - setup do - @testcode = InviteCode.new - @testcode.save! - end - def login(user = nil) - @user ||= user ||= FactoryGirl.create(:user, :invite_code => @testcode.invite_code) + @user ||= user ||= create_invited_user # DUMMY_TOKEN will be frozen. So let's use a dup @token ||= DUMMY_TOKEN.dup # make sure @token is up to date if it already exists @@ -23,6 +18,13 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest @token.save end + def create_invited_user(options = {}) + @testcode = InviteCode.new + @testcode.save! + options.reverse_merge! invite_code: @testcode.invite_code + FactoryGirl.create :user, options + end + teardown do if @user && @user.persisted? @user.destroy_identities |