diff options
Diffstat (limited to 'users/test')
-rw-r--r-- | users/test/functional/sessions_controller_test.rb | 4 | ||||
-rw-r--r-- | users/test/functional/v1/sessions_controller_test.rb | 68 | ||||
-rwxr-xr-x | users/test/integration/api/python/flow_with_srp.py | 16 |
3 files changed, 79 insertions, 9 deletions
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index 9df4455..f99c0d7 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -47,10 +47,12 @@ class SessionsControllerTest < ActionController::TestCase request.env['warden'].expects(:authenticate!) handshake = stub(:to_json => "JSON") session[:handshake] = handshake + post :update, :id => @user.login, :client_auth => @client_hex + assert_nil session[:handshake] assert_response :success - assert_equal handshake.to_json, @response.body + assert_json_response handshake end test "logout should reset warden user" do diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb new file mode 100644 index 0000000..be085ce --- /dev/null +++ b/users/test/functional/v1/sessions_controller_test.rb @@ -0,0 +1,68 @@ +require 'test_helper' + +# This is a simple controller unit test. +# We're stubbing out both warden and srp. +# There's an integration test testing the full rack stack and srp +class V1::SessionsControllerTest < ActionController::TestCase + + setup do + @request.env['HTTP_HOST'] = 'api.lvh.me' + @user = stub :login => "me", :id => 123 + @client_hex = 'a123' + end + + test "renders json" do + request.env['warden'].expects(:winning_strategy) + get :new, :format => :json + assert_response :success + assert_json_error nil + end + + test "renders warden errors" do + strategy = stub :message => {:field => :translate_me} + request.env['warden'].stubs(:winning_strategy).returns(strategy) + I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") + get :new, :format => :json + assert_response 422 + assert_json_error :field => "translation stub" + end + + # Warden takes care of parsing the params and + # rendering the response. So not much to test here. + test "should perform handshake" do + request.env['warden'].expects(:authenticate!) + # make sure we don't get a template missing error: + @controller.stubs(:render) + post :create, :login => @user.login, 'A' => @client_hex + end + + test "should authorize" do + request.env['warden'].expects(:authenticate!) + @controller.expects(:current_user).returns(@user) + handshake = stub(:to_hash => {h: "ash"}) + session[:handshake] = handshake + + post :update, :id => @user.login, :client_auth => @client_hex + + assert_nil session[:handshake] + assert_response :success + assert_json_response handshake.to_hash.merge(id: @user.id) + end + + test "logout should reset warden user" do + expect_warden_logout + delete :destroy + assert_response :redirect + assert_redirected_to root_url + end + + def expect_warden_logout + raw = mock('raw session') do + expects(:inspect) + end + request.env['warden'].expects(:raw_session).returns(raw) + request.env['warden'].expects(:logout) + end + + +end diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py index df83dfb..7b741d6 100755 --- a/users/test/integration/api/python/flow_with_srp.py +++ b/users/test/integration/api/python/flow_with_srp.py @@ -12,11 +12,11 @@ import binascii safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x) # let's have some random name -def id_generator(size=6, chars=string.ascii_uppercase + string.digits): +def id_generator(size=6, chars=string.ascii_lowercase + string.digits): return ''.join(random.choice(chars) for x in range(size)) # using globals for a start -server = 'http://api.lvh.me:3000/1' +server = 'https://api.bitmask.net:4430/1' login = id_generator() password = id_generator() + id_generator() @@ -25,9 +25,9 @@ password = id_generator() + id_generator() # log the server communication def print_and_parse(response): - # print response.request.method + ': ' + response.url - # print " " + json.dumps(response.request.data) - # print " -> " + response.text + print response.request.method + ': ' + response.url + print " " + json.dumps(response.request.data) + print " -> " + response.text return json.loads(response.text) def signup(session): @@ -39,7 +39,7 @@ def signup(session): 'user[password_verifier]': binascii.hexlify(vkey), 'user[password_salt]': binascii.hexlify(salt) } - return session.post(server + '/users.json', data = user_params) + return session.post(server + '/users.json', data = user_params, verify = False) usr = srp.User( login, password, srp.SHA256, srp.NG_1024 ) @@ -50,12 +50,12 @@ def authenticate(session, login): 'login': uname, 'A': binascii.hexlify(A) } - init = print_and_parse(session.post(server + '/sessions', data = params)) + init = print_and_parse(session.post(server + '/sessions', data = params, verify=False)) # print ' b = "' + init['b'] + '"' # print ' bb = "' + init['B'] + '"' M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) ) # print ' m = "' + binascii.hexlify(M) + '"' - return session.put(server + '/sessions/' + login, + return session.put(server + '/sessions/' + login, verify = False, data = {'client_auth': binascii.hexlify(M)}) session = requests.session() |