summaryrefslogtreecommitdiff
path: root/users/test/integration/api
diff options
context:
space:
mode:
Diffstat (limited to 'users/test/integration/api')
-rw-r--r--users/test/integration/api/Readme.md23
-rw-r--r--users/test/integration/api/account_flow_test.rb69
-rwxr-xr-xusers/test/integration/api/python/login_wrong_username.py19
-rwxr-xr-xusers/test/integration/api/python/signup.py20
-rwxr-xr-xusers/test/integration/api/python/signup_and_login.py48
-rwxr-xr-xusers/test/integration/api/python/signup_and_login_wrong_password.py43
6 files changed, 222 insertions, 0 deletions
diff --git a/users/test/integration/api/Readme.md b/users/test/integration/api/Readme.md
new file mode 100644
index 0000000..3a91f3d
--- /dev/null
+++ b/users/test/integration/api/Readme.md
@@ -0,0 +1,23 @@
+API tests
+==========
+
+
+Testing the restful api from a simple python client as that's what we'll be using.
+
+This test so far mostly demoes the API. We have no SRP calc in there.
+
+TODO: keep track of the cookies during login. The server uses the session to keep track of the random numbers A and B.
+
+The output of signup_and_login_wrong_password pretty well describes the SRP API:
+
+```
+POST: http://localhost:9292/users.json
+ {"user[password_salt]": "54321", "user[password_verifier]": "12345", "user[login]": "SWQ055"}
+ -> {"password_salt":"54321","login":"SWQ055"}
+POST: http://localhost:9292/sessions
+ {"A": "12345", "login": "SWQ055"}
+ -> {"B":"1778367531e93a4c7713c76f67649f35a4211ebc520926ae8c3848cd66171651"}
+PUT: http://localhost:9292/sessions/SWQ055
+ {"M": "123ABC"}
+ -> {"field":"password","error":"wrong password"}
+```
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
new file mode 100644
index 0000000..e20bcf6
--- /dev/null
+++ b/users/test/integration/api/account_flow_test.rb
@@ -0,0 +1,69 @@
+require 'test_helper'
+
+class AccountFlowTest < ActionDispatch::IntegrationTest
+
+ # this test wraps the api and implements the interface the ruby-srp client.
+ def handshake(login, aa)
+ post "sessions", :login => login, 'A' => aa.to_s(16)
+ assert_response :success
+ response = JSON.parse(@response.body)
+ if response['errors']
+ raise RECORD_NOT_FOUND.new(response['errors'])
+ else
+ return response['B'].hex
+ end
+ end
+
+ def validate(m)
+ put "sessions/" + @login, :client_auth => m.to_s(16)
+ assert_response :success
+ return JSON.parse(@response.body)
+ end
+
+ def setup
+ @login = "integration_test_user"
+ User.find_by_login(@login).tap{|u| u.destroy if u}
+ @password = "srp, verify me!"
+ @srp = SRP::Client.new(@login, @password)
+ @user_params = {
+ :login => @login,
+ :password_verifier => @srp.verifier.to_s(16),
+ :password_salt => @srp.salt.to_s(16)
+ }
+ end
+
+ def teardown
+ @user.destroy if @user # make sure we can run this test again
+ end
+
+ test "signup and login with srp via api" do
+ post '/users.json', :user => @user_params
+ @user = User.find_by_param(@login)
+ assert_json_response @user_params.slice(:login, :password_salt)
+ assert_response :success
+ server_auth = @srp.authenticate(self, @login, @password)
+ assert_nil server_auth["errors"]
+ assert server_auth["M2"]
+ end
+
+ test "signup and wrong password login attempt" do
+ post '/users.json', :user => @user_params
+ @user = User.find_by_param(@login)
+ assert_json_response @user_params.slice(:login, :password_salt)
+ assert_response :success
+ server_auth = @srp.authenticate(self, @login, "wrong password")
+ assert_equal ["wrong password"], server_auth["errors"]['password']
+ assert_nil server_auth["M2"]
+ end
+
+ test "signup and wrong username login attempt" do
+ post '/users.json', :user => @user_params
+ @user = User.find_by_param(@login)
+ assert_json_response @user_params.slice(:login, :password_salt)
+ assert_response :success
+ assert_raises RECORD_NOT_FOUND do
+ server_auth = @srp.authenticate(self, "wronglogin", @password)
+ end
+ end
+
+end
diff --git a/users/test/integration/api/python/login_wrong_username.py b/users/test/integration/api/python/login_wrong_username.py
new file mode 100755
index 0000000..390f250
--- /dev/null
+++ b/users/test/integration/api/python/login_wrong_username.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:3000'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+ return ''.join(random.choice(chars) for x in range(size))
+
+params = {
+ 'login': 'python_test_user_'+id_generator(),
+ 'A': '12345',
+ }
+r = requests.post(server + '/sessions', data = params)
+print r.url
+print r.text
diff --git a/users/test/integration/api/python/signup.py b/users/test/integration/api/python/signup.py
new file mode 100755
index 0000000..0d3a4e0
--- /dev/null
+++ b/users/test/integration/api/python/signup.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:3000'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+ return ''.join(random.choice(chars) for x in range(size))
+
+user_params = {
+ 'user[login]': 'python_test_user_'+id_generator(),
+ 'user[password_verifier]': '12345',
+ 'user[password_salt]': '54321'
+ }
+r = requests.post(server + '/users.json', data = user_params)
+print r.url
+print r.text
diff --git a/users/test/integration/api/python/signup_and_login.py b/users/test/integration/api/python/signup_and_login.py
new file mode 100755
index 0000000..2d79688
--- /dev/null
+++ b/users/test/integration/api/python/signup_and_login.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+
+# FAILS
+#
+# This test is currently failing for me because the session is not kept.
+# Played with it a bunch - is probably messed up right now as well.
+
+
+server = 'http://localhost:3000'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+ return ''.join(random.choice(chars) for x in range(size))
+
+def print_and_parse(response):
+ print response.request.method + ': ' + response.url
+ print " " + json.dumps(response.request.data)
+ print " -> " + response.text
+ print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
+ return json.loads(response.text)
+
+def signup(session):
+ user_params = {
+ 'user[login]': id_generator(),
+ 'user[password_verifier]': '12345',
+ 'user[password_salt]': '54321'
+ }
+ return session.post(server + '/users.json', data = user_params)
+
+def authenticate(session, login):
+ params = {
+ 'login': login,
+ 'A': '12345',
+ }
+ init = session.post(server + '/sessions', data = params)
+ cookies = requests.utils.dict_from_cookiejar(init.cookies)
+ init = session.post(server + '/sessions', data = params, cookies = cookies)
+ print "(%) " + json.dumps(cookies)
+ return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}, cookies = cookies)
+
+session = requests.session()
+user = print_and_parse(signup(session))
+# SRP signup would happen here and calculate M hex
+auth = print_and_parse(authenticate(session, user['login']))
diff --git a/users/test/integration/api/python/signup_and_login_wrong_password.py b/users/test/integration/api/python/signup_and_login_wrong_password.py
new file mode 100755
index 0000000..9efffa1
--- /dev/null
+++ b/users/test/integration/api/python/signup_and_login_wrong_password.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:9292'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+ return ''.join(random.choice(chars) for x in range(size))
+
+def print_and_parse(response):
+ print response.request.method + ': ' + response.url
+ print " " + json.dumps(response.request.data)
+ print " -> " + response.text
+# print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
+ return json.loads(response.text)
+
+def signup():
+ user_params = {
+ 'user[login]': id_generator(),
+ 'user[password_verifier]': '12345',
+ 'user[password_salt]': '54321'
+ }
+ return requests.post(server + '/users.json', data = user_params)
+
+def handshake(login):
+ params = {
+ 'login': login,
+ 'A': '12345',
+ }
+ return requests.post(server + '/sessions', data = params)
+
+def authenticate(login, M):
+ return requests.put(server + '/sessions/' + login, data = {'M': M})
+
+
+user = print_and_parse(signup())
+handshake = print_and_parse(handshake(user['login']))
+# SRP signup would happen here and calculate M hex
+M = '123ABC'
+auth = print_and_parse(authenticate(user['login'], M))