summaryrefslogtreecommitdiff
path: root/users/test
diff options
context:
space:
mode:
Diffstat (limited to 'users/test')
-rw-r--r--users/test/functional/sessions_controller_test.rb4
-rw-r--r--users/test/functional/v1/sessions_controller_test.rb68
-rwxr-xr-xusers/test/integration/api/python/flow_with_srp.py16
3 files changed, 79 insertions, 9 deletions
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 9df4455..f99c0d7 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -47,10 +47,12 @@ class SessionsControllerTest < ActionController::TestCase
request.env['warden'].expects(:authenticate!)
handshake = stub(:to_json => "JSON")
session[:handshake] = handshake
+
post :update, :id => @user.login, :client_auth => @client_hex
+
assert_nil session[:handshake]
assert_response :success
- assert_equal handshake.to_json, @response.body
+ assert_json_response handshake
end
test "logout should reset warden user" do
diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb
new file mode 100644
index 0000000..be085ce
--- /dev/null
+++ b/users/test/functional/v1/sessions_controller_test.rb
@@ -0,0 +1,68 @@
+require 'test_helper'
+
+# This is a simple controller unit test.
+# We're stubbing out both warden and srp.
+# There's an integration test testing the full rack stack and srp
+class V1::SessionsControllerTest < ActionController::TestCase
+
+ setup do
+ @request.env['HTTP_HOST'] = 'api.lvh.me'
+ @user = stub :login => "me", :id => 123
+ @client_hex = 'a123'
+ end
+
+ test "renders json" do
+ request.env['warden'].expects(:winning_strategy)
+ get :new, :format => :json
+ assert_response :success
+ assert_json_error nil
+ end
+
+ test "renders warden errors" do
+ strategy = stub :message => {:field => :translate_me}
+ request.env['warden'].stubs(:winning_strategy).returns(strategy)
+ I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub")
+ get :new, :format => :json
+ assert_response 422
+ assert_json_error :field => "translation stub"
+ end
+
+ # Warden takes care of parsing the params and
+ # rendering the response. So not much to test here.
+ test "should perform handshake" do
+ request.env['warden'].expects(:authenticate!)
+ # make sure we don't get a template missing error:
+ @controller.stubs(:render)
+ post :create, :login => @user.login, 'A' => @client_hex
+ end
+
+ test "should authorize" do
+ request.env['warden'].expects(:authenticate!)
+ @controller.expects(:current_user).returns(@user)
+ handshake = stub(:to_hash => {h: "ash"})
+ session[:handshake] = handshake
+
+ post :update, :id => @user.login, :client_auth => @client_hex
+
+ assert_nil session[:handshake]
+ assert_response :success
+ assert_json_response handshake.to_hash.merge(id: @user.id)
+ end
+
+ test "logout should reset warden user" do
+ expect_warden_logout
+ delete :destroy
+ assert_response :redirect
+ assert_redirected_to root_url
+ end
+
+ def expect_warden_logout
+ raw = mock('raw session') do
+ expects(:inspect)
+ end
+ request.env['warden'].expects(:raw_session).returns(raw)
+ request.env['warden'].expects(:logout)
+ end
+
+
+end
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index df83dfb..7b741d6 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -12,11 +12,11 @@ import binascii
safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
# let's have some random name
-def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
return ''.join(random.choice(chars) for x in range(size))
# using globals for a start
-server = 'http://api.lvh.me:3000/1'
+server = 'https://api.bitmask.net:4430/1'
login = id_generator()
password = id_generator() + id_generator()
@@ -25,9 +25,9 @@ password = id_generator() + id_generator()
# log the server communication
def print_and_parse(response):
- # print response.request.method + ': ' + response.url
- # print " " + json.dumps(response.request.data)
- # print " -> " + response.text
+ print response.request.method + ': ' + response.url
+ print " " + json.dumps(response.request.data)
+ print " -> " + response.text
return json.loads(response.text)
def signup(session):
@@ -39,7 +39,7 @@ def signup(session):
'user[password_verifier]': binascii.hexlify(vkey),
'user[password_salt]': binascii.hexlify(salt)
}
- return session.post(server + '/users.json', data = user_params)
+ return session.post(server + '/users.json', data = user_params, verify = False)
usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
@@ -50,12 +50,12 @@ def authenticate(session, login):
'login': uname,
'A': binascii.hexlify(A)
}
- init = print_and_parse(session.post(server + '/sessions', data = params))
+ init = print_and_parse(session.post(server + '/sessions', data = params, verify=False))
# print ' b = "' + init['b'] + '"'
# print ' bb = "' + init['B'] + '"'
M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
# print ' m = "' + binascii.hexlify(M) + '"'
- return session.put(server + '/sessions/' + login,
+ return session.put(server + '/sessions/' + login, verify = False,
data = {'client_auth': binascii.hexlify(M)})
session = requests.session()