diff options
Diffstat (limited to 'users/test')
19 files changed, 409 insertions, 0 deletions
diff --git a/users/test/fixtures/.gitkeep b/users/test/fixtures/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/users/test/fixtures/.gitkeep diff --git a/users/test/functional/.gitkeep b/users/test/functional/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/users/test/functional/.gitkeep diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb new file mode 100644 index 0000000..7876d84 --- /dev/null +++ b/users/test/functional/sessions_controller_test.rb @@ -0,0 +1,73 @@ +require 'test_helper' + +class SessionsControllerTest < ActionController::TestCase + + def setup + @client_hex = 'a123' + @client_rnd = @client_hex.hex + @server_hex = 'b123' + @server_rnd = @server_hex.hex + @server_rnd_exp = 'e123'.hex + @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp + end + + test "should get login screen" do + get :new + assert_response :success + end + + test "should perform handshake" do + user = stub :login => "me", :id => 123 + user.expects(:initialize_auth). + with(@client_rnd). + returns(@server_handshake) + User.expects(:find_by_param).with(user.login).returns(user) + post :create, :login => user.login, 'A' => @client_hex + assert_equal @server_handshake, session[:handshake] + assert_response :success + assert_json_response :B => @server_hex + end + + test "should report user not found" do + unknown = "login_that_does_not_exist" + User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND) + post :create, :login => unknown + assert_response :success + assert_json_response :errors => {"login" => ["unknown user"]} + end + + test "should authorize" do + session[:handshake] = @server_handshake + user = stub :login => "me", :id => 123 + user.expects(:authenticate!). + with(@client_rnd, @server_handshake). + returns(@server_auth) + User.expects(:find_by_param).with(user.login).returns(user) + post :update, :id => user.login, :client_auth => @client_hex + assert_nil session[:handshake] + assert_json_response :M2 => @server_auth + assert_equal user.id, session[:user_id] + end + + test "should report wrong password" do + session[:handshake] = @server_handshake + user = stub :login => "me", :id => 123 + user.expects(:authenticate!). + with(@client_rnd, @server_handshake). + raises(WRONG_PASSWORD) + User.expects(:find_by_param).with(user.login).returns(user) + post :update, :id => user.login, :client_auth => @client_hex + assert_nil session[:handshake] + assert_nil session[:user_id] + assert_json_response :errors => {"password" => ["wrong password"]} + end + + test "logout should reset sessions user_id" do + session[:user_id] = "set" + delete :destroy + assert_nil session[:user_id] + assert_response :redirect + assert_redirected_to root_url + end + +end diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb new file mode 100644 index 0000000..1cb28a6 --- /dev/null +++ b/users/test/functional/users_controller_test.rb @@ -0,0 +1,33 @@ +require 'test_helper' + +class UsersControllerTest < ActionController::TestCase + test "should get new" do + get :new + assert_equal User, assigns(:user).class + assert_response :success + end + + test "should create new user" do + params = User.valid_attributes_hash + user = stub params.merge(:id => 123) + params.stringify_keys! + User.expects(:create!).with(params).returns(user) + post :create, :user => params + assert_nil session[:user_id] + assert_response :redirect + assert_redirected_to root_url + end + + test "should redirect to signup form on failed attempt" do + params = User.valid_attributes_hash.slice(:login) + user = User.new(params) + params.stringify_keys! + User.expects(:create!).with(params).raises(VALIDATION_FAILED.new(user)) + post :create, :user => params + assert_nil session[:user_id] + assert_equal user, assigns[:user] + assert_response :redirect + assert_redirected_to new_user_path + end + +end diff --git a/users/test/integration/.gitkeep b/users/test/integration/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/users/test/integration/.gitkeep diff --git a/users/test/integration/api/Readme.md b/users/test/integration/api/Readme.md new file mode 100644 index 0000000..3a91f3d --- /dev/null +++ b/users/test/integration/api/Readme.md @@ -0,0 +1,23 @@ +API tests +========== + + +Testing the restful api from a simple python client as that's what we'll be using. + +This test so far mostly demoes the API. We have no SRP calc in there. + +TODO: keep track of the cookies during login. The server uses the session to keep track of the random numbers A and B. + +The output of signup_and_login_wrong_password pretty well describes the SRP API: + +``` +POST: http://localhost:9292/users.json + {"user[password_salt]": "54321", "user[password_verifier]": "12345", "user[login]": "SWQ055"} + -> {"password_salt":"54321","login":"SWQ055"} +POST: http://localhost:9292/sessions + {"A": "12345", "login": "SWQ055"} + -> {"B":"1778367531e93a4c7713c76f67649f35a4211ebc520926ae8c3848cd66171651"} +PUT: http://localhost:9292/sessions/SWQ055 + {"M": "123ABC"} + -> {"field":"password","error":"wrong password"} +``` diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb new file mode 100644 index 0000000..e20bcf6 --- /dev/null +++ b/users/test/integration/api/account_flow_test.rb @@ -0,0 +1,69 @@ +require 'test_helper' + +class AccountFlowTest < ActionDispatch::IntegrationTest + + # this test wraps the api and implements the interface the ruby-srp client. + def handshake(login, aa) + post "sessions", :login => login, 'A' => aa.to_s(16) + assert_response :success + response = JSON.parse(@response.body) + if response['errors'] + raise RECORD_NOT_FOUND.new(response['errors']) + else + return response['B'].hex + end + end + + def validate(m) + put "sessions/" + @login, :client_auth => m.to_s(16) + assert_response :success + return JSON.parse(@response.body) + end + + def setup + @login = "integration_test_user" + User.find_by_login(@login).tap{|u| u.destroy if u} + @password = "srp, verify me!" + @srp = SRP::Client.new(@login, @password) + @user_params = { + :login => @login, + :password_verifier => @srp.verifier.to_s(16), + :password_salt => @srp.salt.to_s(16) + } + end + + def teardown + @user.destroy if @user # make sure we can run this test again + end + + test "signup and login with srp via api" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + server_auth = @srp.authenticate(self, @login, @password) + assert_nil server_auth["errors"] + assert server_auth["M2"] + end + + test "signup and wrong password login attempt" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + server_auth = @srp.authenticate(self, @login, "wrong password") + assert_equal ["wrong password"], server_auth["errors"]['password'] + assert_nil server_auth["M2"] + end + + test "signup and wrong username login attempt" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + assert_raises RECORD_NOT_FOUND do + server_auth = @srp.authenticate(self, "wronglogin", @password) + end + end + +end diff --git a/users/test/integration/api/python/login_wrong_username.py b/users/test/integration/api/python/login_wrong_username.py new file mode 100755 index 0000000..390f250 --- /dev/null +++ b/users/test/integration/api/python/login_wrong_username.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python + +server = 'http://localhost:3000' + +import requests +import json +import string +import random + +def id_generator(size=6, chars=string.ascii_uppercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + +params = { + 'login': 'python_test_user_'+id_generator(), + 'A': '12345', + } +r = requests.post(server + '/sessions', data = params) +print r.url +print r.text diff --git a/users/test/integration/api/python/signup.py b/users/test/integration/api/python/signup.py new file mode 100755 index 0000000..0d3a4e0 --- /dev/null +++ b/users/test/integration/api/python/signup.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python + +server = 'http://localhost:3000' + +import requests +import json +import string +import random + +def id_generator(size=6, chars=string.ascii_uppercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + +user_params = { + 'user[login]': 'python_test_user_'+id_generator(), + 'user[password_verifier]': '12345', + 'user[password_salt]': '54321' + } +r = requests.post(server + '/users.json', data = user_params) +print r.url +print r.text diff --git a/users/test/integration/api/python/signup_and_login.py b/users/test/integration/api/python/signup_and_login.py new file mode 100755 index 0000000..2d79688 --- /dev/null +++ b/users/test/integration/api/python/signup_and_login.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +# FAILS +# +# This test is currently failing for me because the session is not kept. +# Played with it a bunch - is probably messed up right now as well. + + +server = 'http://localhost:3000' + +import requests +import json +import string +import random + +def id_generator(size=6, chars=string.ascii_uppercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + +def print_and_parse(response): + print response.request.method + ': ' + response.url + print " " + json.dumps(response.request.data) + print " -> " + response.text + print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies)) + return json.loads(response.text) + +def signup(session): + user_params = { + 'user[login]': id_generator(), + 'user[password_verifier]': '12345', + 'user[password_salt]': '54321' + } + return session.post(server + '/users.json', data = user_params) + +def authenticate(session, login): + params = { + 'login': login, + 'A': '12345', + } + init = session.post(server + '/sessions', data = params) + cookies = requests.utils.dict_from_cookiejar(init.cookies) + init = session.post(server + '/sessions', data = params, cookies = cookies) + print "(%) " + json.dumps(cookies) + return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}, cookies = cookies) + +session = requests.session() +user = print_and_parse(signup(session)) +# SRP signup would happen here and calculate M hex +auth = print_and_parse(authenticate(session, user['login'])) diff --git a/users/test/integration/api/python/signup_and_login_wrong_password.py b/users/test/integration/api/python/signup_and_login_wrong_password.py new file mode 100755 index 0000000..9efffa1 --- /dev/null +++ b/users/test/integration/api/python/signup_and_login_wrong_password.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python + +server = 'http://localhost:9292' + +import requests +import json +import string +import random + +def id_generator(size=6, chars=string.ascii_uppercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + +def print_and_parse(response): + print response.request.method + ': ' + response.url + print " " + json.dumps(response.request.data) + print " -> " + response.text +# print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies)) + return json.loads(response.text) + +def signup(): + user_params = { + 'user[login]': id_generator(), + 'user[password_verifier]': '12345', + 'user[password_salt]': '54321' + } + return requests.post(server + '/users.json', data = user_params) + +def handshake(login): + params = { + 'login': login, + 'A': '12345', + } + return requests.post(server + '/sessions', data = params) + +def authenticate(login, M): + return requests.put(server + '/sessions/' + login, data = {'M': M}) + + +user = print_and_parse(signup()) +handshake = print_and_parse(handshake(user['login'])) +# SRP signup would happen here and calculate M hex +M = '123ABC' +auth = print_and_parse(authenticate(user['login'], M)) diff --git a/users/test/integration/navigation_test.rb b/users/test/integration/navigation_test.rb new file mode 100644 index 0000000..eec8c0e --- /dev/null +++ b/users/test/integration/navigation_test.rb @@ -0,0 +1,9 @@ +require 'test_helper' + +class NavigationTest < ActionDispatch::IntegrationTest + + # test "the truth" do + # assert true + # end +end + diff --git a/users/test/leap_web_users_test.rb b/users/test/leap_web_users_test.rb new file mode 100644 index 0000000..f142e54 --- /dev/null +++ b/users/test/leap_web_users_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class LeapWebUsersTest < ActiveSupport::TestCase + test "module exists" do + assert_kind_of Module, LeapWebUsers + end +end diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb new file mode 100644 index 0000000..b268c51 --- /dev/null +++ b/users/test/test_helper.rb @@ -0,0 +1,10 @@ +ENV["RAILS_ENV"] = "test" +require File.expand_path('../dummy/config/environment', __FILE__) +require 'rails/test_help' +require 'mocha' + +Rails.backtrace_cleaner.remove_silencers! + +# Load support files +Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } + diff --git a/users/test/unit/.gitkeep b/users/test/unit/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/users/test/unit/.gitkeep diff --git a/users/test/unit/helpers/session_helper_test.rb b/users/test/unit/helpers/session_helper_test.rb new file mode 100644 index 0000000..2824733 --- /dev/null +++ b/users/test/unit/helpers/session_helper_test.rb @@ -0,0 +1,4 @@ +require 'test_helper' + +class SessionHelperTest < ActionView::TestCase +end diff --git a/users/test/unit/helpers/users_helper_test.rb b/users/test/unit/helpers/users_helper_test.rb new file mode 100644 index 0000000..96af37a --- /dev/null +++ b/users/test/unit/helpers/users_helper_test.rb @@ -0,0 +1,4 @@ +require 'test_helper' + +class UsersHelperTest < ActionView::TestCase +end diff --git a/users/test/unit/unauthorized_user_test.rb b/users/test/unit/unauthorized_user_test.rb new file mode 100644 index 0000000..5b96ae1 --- /dev/null +++ b/users/test/unit/unauthorized_user_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class UnauthorizedUserTest < ActiveSupport::TestCase + # test "the truth" do + # assert true + # end +end diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb new file mode 100644 index 0000000..870d422 --- /dev/null +++ b/users/test/unit/user_test.rb @@ -0,0 +1,40 @@ +require 'test_helper' + +class UserTest < ActiveSupport::TestCase + + include SRP::Util + test "test set of attributes should be valid" do + user = User.new(User.valid_attributes_hash) + assert user.valid? + end + + test "find_by_param gets User by login" do + user = User.create!(User.valid_attributes_hash) + assert_equal user, User.find_by_param(user.login) + user.destroy + end + + test "to_param gives user login" do + user = User.new(User.valid_attributes_hash) + assert_equal user.login, user.to_param + end + + test "verifier returns number for the hex in password_verifier" do + user = User.new(User.valid_attributes_hash) + assert_equal user.password_verifier.hex, user.verifier + end + + test "salt returns number for the hex in password_salt" do + user = User.new(User.valid_attributes_hash) + assert_equal user.password_salt.hex, user.salt + end + + test "should include SRP::Authentication" do + client_rnd = bigrand(32).hex + user = User.new(User.valid_attributes_hash) + srp_session = user.initialize_auth(client_rnd) + assert srp_session.is_a? SRP::Authentication::Session + assert_equal client_rnd, srp_session.aa + end + +end |