From a314d1265bcf7b0c6dd66d61d03e1d2a7545cfb8 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 25 Feb 2013 12:35:00 +0100 Subject: enable free certs in the controller --- certs/app/controllers/certs_controller.rb | 4 +--- certs/test/functional/certs_controller_test.rb | 10 ++++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb index 6db270c..6099ac0 100644 --- a/certs/app/controllers/certs_controller.rb +++ b/certs/app/controllers/certs_controller.rb @@ -1,10 +1,8 @@ class CertsController < ApplicationController - before_filter :authorize - # GET /cert def show - @cert = ClientCertificate.new + @cert = ClientCertificate.new(free: !logged_in?) render :text => @cert.key + @cert.cert, :content_type => 'text/plain' end diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb index 75256ca..6ebd08e 100644 --- a/certs/test/functional/certs_controller_test.rb +++ b/certs/test/functional/certs_controller_test.rb @@ -4,16 +4,18 @@ class CertsControllerTest < ActionController::TestCase setup do end - test "should require login" do + test "should send free cert without login" do + cert = stub :cert => "free cert", :key => "key" + ClientCertificate.expects(:new).with(free: true).returns(cert) get :show - assert_response :redirect - assert_redirected_to login_url + assert_response :success + assert_equal cert.key + cert.cert, @response.body end test "should send cert" do login cert = stub :cert => "adsf", :key => "key" - ClientCertificate.expects(:new).returns(cert) + ClientCertificate.expects(:new).with(free: false).returns(cert) get :show assert_response :success assert_equal cert.key + cert.cert, @response.body -- cgit v1.2.3 From d99bcf4b0d0b8716ab0da58ea7320fb33bac78bb Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 25 Feb 2013 13:01:07 +0100 Subject: enable free certs with a common name postfix --- certs/app/controllers/certs_controller.rb | 2 +- certs/app/models/client_certificate.rb | 22 +++++++++++++++++----- certs/test/functional/certs_controller_test.rb | 8 ++++---- certs/test/unit/client_certificate_test.rb | 23 +++++++++++++++++------ config/defaults.yml | 1 + 5 files changed, 40 insertions(+), 16 deletions(-) diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb index 6099ac0..3b7d35d 100644 --- a/certs/app/controllers/certs_controller.rb +++ b/certs/app/controllers/certs_controller.rb @@ -3,7 +3,7 @@ class CertsController < ApplicationController # GET /cert def show @cert = ClientCertificate.new(free: !logged_in?) - render :text => @cert.key + @cert.cert, :content_type => 'text/plain' + render text: @cert.to_s, content_type: 'text/plain' end end diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb index be0ac63..3a82d1a 100644 --- a/certs/app/models/client_certificate.rb +++ b/certs/app/models/client_certificate.rb @@ -1,5 +1,5 @@ # -# Model for certificates stored in CouchDB. +# Model for certificates # # This file must be loaded after Config has been loaded. # @@ -17,11 +17,11 @@ class ClientCertificate # # generate the private key and client certificate # - def initialize + def initialize(options = {}) cert = CertificateAuthority::Certificate.new # set subject - cert.subject.common_name = random_common_name + cert.subject.common_name = common_name(options[:free]) # set expiration cert.not_before = yesterday @@ -35,8 +35,12 @@ class ClientCertificate cert.parent = ClientCertificate.root_ca cert.sign! client_signing_profile - self.key = cert.key_material.private_key.to_pem - self.cert = cert.to_pem + self.key = cert.key_material.private_key + self.cert = cert + end + + def to_s + self.key.to_pem + self.cert.to_pem end private @@ -61,6 +65,14 @@ class ClientCertificate Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16) end + def common_name(for_free_cert = false) + if for_free_cert + random_common_name + ' ' + APP_CONFIG[:free_cert_postfix] + else + random_common_name + end + end + # # for the random common name, we need a text string that will be unique across all certs. # ruby 1.8 doesn't have a built-in uuid generator, or we would use SecureRandom.uuid diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb index 6ebd08e..a579a00 100644 --- a/certs/test/functional/certs_controller_test.rb +++ b/certs/test/functional/certs_controller_test.rb @@ -5,19 +5,19 @@ class CertsControllerTest < ActionController::TestCase end test "should send free cert without login" do - cert = stub :cert => "free cert", :key => "key" + cert = stub :to_s => "free cert" ClientCertificate.expects(:new).with(free: true).returns(cert) get :show assert_response :success - assert_equal cert.key + cert.cert, @response.body + assert_equal cert.to_s, @response.body end test "should send cert" do login - cert = stub :cert => "adsf", :key => "key" + cert = stub :to_s => "real cert" ClientCertificate.expects(:new).with(free: false).returns(cert) get :show assert_response :success - assert_equal cert.key + cert.cert, @response.body + assert_equal cert.to_s, @response.body end end diff --git a/certs/test/unit/client_certificate_test.rb b/certs/test/unit/client_certificate_test.rb index 71a1d90..bcc61cc 100644 --- a/certs/test/unit/client_certificate_test.rb +++ b/certs/test/unit/client_certificate_test.rb @@ -2,17 +2,28 @@ require 'test_helper' class ClientCertificateTest < ActiveSupport::TestCase - setup do - @sample = ClientCertificate.new + test "new cert has all we need" do + sample = ClientCertificate.new + assert sample.key + assert sample.cert + assert sample.to_s end - test "new cert has all we need" do - assert @sample.key - assert @sample.cert + test "free cert has configured postfix" do + sample = ClientCertificate.new(free: true) + postfix = APP_CONFIG[:free_cert_postfix] + assert sample.cert.subject.common_name.include?(postfix) + end + + test "real cert has no free cert postfix" do + sample = ClientCertificate.new + postfix = APP_CONFIG[:free_cert_postfix] + assert !sample.cert.subject.common_name.include?(postfix) end test "cert issuer matches ca subject" do - cert = OpenSSL::X509::Certificate.new(@sample.cert) + sample = ClientCertificate.new + cert = OpenSSL::X509::Certificate.new(sample.cert.to_pem) assert_equal ClientCertificate.root_ca.openssl_body.subject, cert.issuer end diff --git a/config/defaults.yml b/config/defaults.yml index cb8a627..18825dd 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -7,6 +7,7 @@ cert_options: &cert_options client_cert_lifespan: 2 client_cert_bit_size: 2024 client_cert_hash: "SHA256" + free_cert_postfix: "*Free Cert*" development: <<: *dev_ca -- cgit v1.2.3 From 494ebdab860a4db792e1c61836f1efcb7593dfe7 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 25 Feb 2013 13:15:50 +0100 Subject: added configuration setting for disabling free certs --- certs/app/controllers/certs_controller.rb | 7 +++++++ certs/test/functional/certs_controller_test.rb | 18 ++++++++++++++---- config/defaults.yml | 1 + 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb index 3b7d35d..977e03e 100644 --- a/certs/app/controllers/certs_controller.rb +++ b/certs/app/controllers/certs_controller.rb @@ -1,9 +1,16 @@ class CertsController < ApplicationController + before_filter :logged_in_or_free_certs + # GET /cert def show @cert = ClientCertificate.new(free: !logged_in?) render text: @cert.to_s, content_type: 'text/plain' end + protected + + def logged_in_or_free_certs + authorize unless APP_CONFIG[:free_certs_enabled] + end end diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb index a579a00..70ca56d 100644 --- a/certs/test/functional/certs_controller_test.rb +++ b/certs/test/functional/certs_controller_test.rb @@ -1,10 +1,8 @@ require 'test_helper' class CertsControllerTest < ActionController::TestCase - setup do - end - test "should send free cert without login" do + test "send free cert without login" do cert = stub :to_s => "free cert" ClientCertificate.expects(:new).with(free: true).returns(cert) get :show @@ -12,7 +10,7 @@ class CertsControllerTest < ActionController::TestCase assert_equal cert.to_s, @response.body end - test "should send cert" do + test "send cert" do login cert = stub :to_s => "real cert" ClientCertificate.expects(:new).with(free: false).returns(cert) @@ -20,4 +18,16 @@ class CertsControllerTest < ActionController::TestCase assert_response :success assert_equal cert.to_s, @response.body end + + test "login required if free certs disabled" do + begin + old_setting = APP_CONFIG[:free_certs_enabled] + APP_CONFIG[:free_certs_enabled] = false + get :show + assert_response :redirect + ensure + APP_CONFIG[:free_certs_enabled] = old_setting + end + end + end diff --git a/config/defaults.yml b/config/defaults.yml index 18825dd..54e4178 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -7,6 +7,7 @@ cert_options: &cert_options client_cert_lifespan: 2 client_cert_bit_size: 2024 client_cert_hash: "SHA256" + free_certs_enabled: true free_cert_postfix: "*Free Cert*" development: -- cgit v1.2.3 From 9c4eb32c22e6bf49d84b6ac1fa4fc5cde5374a7a Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 25 Feb 2013 13:19:23 +0100 Subject: tests refactored with with_config helper also added test for getting paid certs if free certs are disabled --- certs/test/functional/certs_controller_test.rb | 17 ++++++++++++----- core/test/support/with_config_helper.rb | 16 ++++++++++++++++ 2 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 core/test/support/with_config_helper.rb diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb index 70ca56d..7826dd6 100644 --- a/certs/test/functional/certs_controller_test.rb +++ b/certs/test/functional/certs_controller_test.rb @@ -20,13 +20,20 @@ class CertsControllerTest < ActionController::TestCase end test "login required if free certs disabled" do - begin - old_setting = APP_CONFIG[:free_certs_enabled] - APP_CONFIG[:free_certs_enabled] = false + with_config free_certs_enabled: false do get :show assert_response :redirect - ensure - APP_CONFIG[:free_certs_enabled] = old_setting + end + end + + test "get paid cert if free certs disabled" do + with_config free_certs_enabled: false do + login + cert = stub :to_s => "real cert" + ClientCertificate.expects(:new).with(free: false).returns(cert) + get :show + assert_response :success + assert_equal cert.to_s, @response.body end end diff --git a/core/test/support/with_config_helper.rb b/core/test/support/with_config_helper.rb new file mode 100644 index 0000000..65eb7bc --- /dev/null +++ b/core/test/support/with_config_helper.rb @@ -0,0 +1,16 @@ +module WithConfigHelper + extend ActiveSupport::Concern + + def with_config(options) + old_config = APP_CONFIG.dup + APP_CONFIG.merge! options + yield + ensure + APP_CONFIG.replace old_config + end + +end + +class ActiveSupport::TestCase + include WithConfigHelper +end -- cgit v1.2.3 From 2eafc17ea68e75e6b040b6c6677e5eebd3371f0e Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 26 Feb 2013 12:01:56 +0100 Subject: minor: using ?: operator for cert postfix --- certs/app/models/client_certificate.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb index 3a82d1a..1bc34c6 100644 --- a/certs/app/models/client_certificate.rb +++ b/certs/app/models/client_certificate.rb @@ -66,11 +66,8 @@ class ClientCertificate end def common_name(for_free_cert = false) - if for_free_cert - random_common_name + ' ' + APP_CONFIG[:free_cert_postfix] - else - random_common_name - end + random_common_name + + (for_free_cert ? APP_CONFIG[:free_cert_postfix] : '') end # -- cgit v1.2.3