diff options
Diffstat (limited to 'users')
-rw-r--r-- | users/test/functional/sessions_controller_test.rb | 16 | ||||
-rw-r--r-- | users/test/integration/api/account_flow_test.rb | 27 |
2 files changed, 24 insertions, 19 deletions
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index 7876d84..b6e56a7 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -8,7 +8,9 @@ class SessionsControllerTest < ActionController::TestCase @server_hex = 'b123' @server_rnd = @server_hex.hex @server_rnd_exp = 'e123'.hex + @salt = 'stub user salt' @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp + @server_auth = 'adfe' end test "should get login screen" do @@ -21,11 +23,13 @@ class SessionsControllerTest < ActionController::TestCase user.expects(:initialize_auth). with(@client_rnd). returns(@server_handshake) + @server_handshake.expects(:to_json). + returns({'B' => @server_hex, 'salt' => @salt}.to_json) User.expects(:find_by_param).with(user.login).returns(user) post :create, :login => user.login, 'A' => @client_hex assert_equal @server_handshake, session[:handshake] assert_response :success - assert_json_response :B => @server_hex + assert_json_response :B => @server_hex, :salt => @salt end test "should report user not found" do @@ -39,9 +43,11 @@ class SessionsControllerTest < ActionController::TestCase test "should authorize" do session[:handshake] = @server_handshake user = stub :login => "me", :id => 123 - user.expects(:authenticate!). - with(@client_rnd, @server_handshake). + @server_handshake.expects(:authenticate!). + with(@client_rnd). returns(@server_auth) + @server_handshake.expects(:to_json). + returns({:M2 => @server_auth}.to_json) User.expects(:find_by_param).with(user.login).returns(user) post :update, :id => user.login, :client_auth => @client_hex assert_nil session[:handshake] @@ -52,8 +58,8 @@ class SessionsControllerTest < ActionController::TestCase test "should report wrong password" do session[:handshake] = @server_handshake user = stub :login => "me", :id => 123 - user.expects(:authenticate!). - with(@client_rnd, @server_handshake). + @server_handshake.expects(:authenticate!). + with(@client_rnd). raises(WRONG_PASSWORD) User.expects(:find_by_param).with(user.login).returns(user) post :update, :id => user.login, :client_auth => @client_hex diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index e20bcf6..66de1e5 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -30,40 +30,39 @@ class AccountFlowTest < ActionDispatch::IntegrationTest :password_verifier => @srp.verifier.to_s(16), :password_salt => @srp.salt.to_s(16) } + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) end def teardown @user.destroy if @user # make sure we can run this test again end - test "signup and login with srp via api" do - post '/users.json', :user => @user_params - @user = User.find_by_param(@login) + test "signup response" do assert_json_response @user_params.slice(:login, :password_salt) assert_response :success - server_auth = @srp.authenticate(self, @login, @password) + end + + test "signup and login with srp via api" do + server_auth = @srp.authenticate(self) assert_nil server_auth["errors"] assert server_auth["M2"] end test "signup and wrong password login attempt" do - post '/users.json', :user => @user_params - @user = User.find_by_param(@login) - assert_json_response @user_params.slice(:login, :password_salt) - assert_response :success - server_auth = @srp.authenticate(self, @login, "wrong password") + srp = SRP::Client.new(@login, "wrong password") + server_auth = srp.authenticate(self) assert_equal ["wrong password"], server_auth["errors"]['password'] assert_nil server_auth["M2"] end test "signup and wrong username login attempt" do - post '/users.json', :user => @user_params - @user = User.find_by_param(@login) - assert_json_response @user_params.slice(:login, :password_salt) - assert_response :success + srp = SRP::Client.new("wrong_login", @password) + server_auth = nil assert_raises RECORD_NOT_FOUND do - server_auth = @srp.authenticate(self, "wronglogin", @password) + server_auth = srp.authenticate(self) end + assert_nil server_auth end end |