From 758b9a3c30a73fd985943fb7a887f0373be3a833 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 8 Feb 2014 12:29:08 +0100 Subject: split up and expand account integration test --- core/lib/extensions/testing.rb | 2 + core/test/support/rack_test.rb | 24 +++++++++ users/test/integration/api/account_flow_test.rb | 66 ----------------------- users/test/integration/api/login_test.rb | 38 +++++++++++-- users/test/integration/api/signup_test.rb | 20 +++++++ users/test/integration/api/srp_test.rb | 5 ++ users/test/integration/api/update_account_test.rb | 44 +++++++++++++++ 7 files changed, 128 insertions(+), 71 deletions(-) delete mode 100644 users/test/integration/api/account_flow_test.rb create mode 100644 users/test/integration/api/signup_test.rb create mode 100644 users/test/integration/api/update_account_test.rb diff --git a/core/lib/extensions/testing.rb b/core/lib/extensions/testing.rb index aad7fc1..d9b6da8 100644 --- a/core/lib/extensions/testing.rb +++ b/core/lib/extensions/testing.rb @@ -22,6 +22,8 @@ module LeapWebCore end def assert_json_response(object) + assert_equal 'application/json', + get_response.content_type.split(';').first if object.is_a? Hash object.stringify_keys! if object.respond_to? :stringify_keys! assert_equal object, json_response diff --git a/core/test/support/rack_test.rb b/core/test/support/rack_test.rb index 0476cf7..2d8e5c4 100644 --- a/core/test/support/rack_test.rb +++ b/core/test/support/rack_test.rb @@ -10,4 +10,28 @@ class RackTest < ActiveSupport::TestCase OUTER_APP end + def assert_access_denied + assert_json_response('error' => I18n.t(:not_authorized)) + assert_response :unprocessable_entity + end + + # inspired by rails 4 + # -> actionpack/lib/action_dispatch/testing/assertions/response.rb + def assert_response(type, message = nil) + # RackTest does not know @response + response_code = last_response.status + message ||= "Expected response to be a <#{type}>, but was <#{response_code}>" + + if Symbol === type + if [:success, :missing, :redirect, :error].include?(type) + assert last_response.send("#{type}?"), message + else + code = Rack::Utils::SYMBOL_TO_STATUS_CODE[type] + assert_equal code, response_code, message + end + else + assert_equal type, response_code, message + end + end + end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb deleted file mode 100644 index b56d07b..0000000 --- a/users/test/integration/api/account_flow_test.rb +++ /dev/null @@ -1,66 +0,0 @@ -require 'test_helper' -require_relative 'srp_test' - -class AccountFlowTest < SrpTest - - setup do - register_user - end - - test "signup response" do - assert_json_response :login => @login, :ok => true - assert last_response.successful? - end - - test "signup and login with srp via api" do - authenticate - assert last_response.successful? - assert_nil server_auth["errors"] - assert server_auth["M2"] - end - - test "signup and wrong password login attempt" do - authenticate password: "wrong password" - assert_json_error "base" => "Not a valid username/password combination" - assert !last_response.successful? - assert_nil server_auth["M2"] - end - - test "signup and wrong username login attempt" do - assert_raises RECORD_NOT_FOUND do - authenticate login: "wrong login" - end - assert_json_error "base" => "Not a valid username/password combination" - assert !last_response.successful? - assert_nil server_auth - end - - test "update password via api" do - authenticate - update_user password: "No! Verify me instead." - authenticate - assert last_response.successful? - assert_nil server_auth["errors"] - assert server_auth["M2"] - end - - test "change login with password_verifier" do - authenticate - new_login = 'zaph' - cleanup_user new_login - update_user login: new_login, password: @password - assert last_response.successful? - assert_equal new_login, @user.reload.login - end - - test "prevent changing login without changing password_verifier" do - authenticate - original_login = @user.login - new_login = 'zaph' - cleanup_user new_login - update_user login: new_login - assert last_response.successful? - # does not change login if no password_verifier is present - assert_equal original_login, @user.reload.login - end -end diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb index a760d38..82219d0 100644 --- a/users/test/integration/api/login_test.rb +++ b/users/test/integration/api/login_test.rb @@ -1,15 +1,43 @@ require 'test_helper' +require_relative 'srp_test' -class LoginTest < RackTest +class LoginTest < SrpTest setup do - @login = "integration_test_user" + register_user end - test "require json requests" do - put "http://api.lvh.me:3000/1/sessions/" + @login, - :client_auth => "This is not a valid login anyway" + test "requires handshake before validation" do + validate("bla") assert_json_error login: I18n.t(:all_strategies_failed) end + test "login with srp" do + authenticate + assert last_response.successful? + assert_nil server_auth["errors"] + assert server_auth["M2"] + end + + test "wrong password login attempt" do + authenticate password: "wrong password" + assert_json_error "base" => "Not a valid username/password combination" + assert !last_response.successful? + assert_nil server_auth["M2"] + end + + test "wrong username login attempt" do + assert_raises RECORD_NOT_FOUND do + authenticate login: "wrong login" + end + assert_json_error "base" => "Not a valid username/password combination" + assert !last_response.successful? + assert_nil server_auth + end + + test "logout" do + authenticate + logout + assert_equal 204, last_response.status + end end diff --git a/users/test/integration/api/signup_test.rb b/users/test/integration/api/signup_test.rb new file mode 100644 index 0000000..236c547 --- /dev/null +++ b/users/test/integration/api/signup_test.rb @@ -0,0 +1,20 @@ +require 'test_helper' +require_relative 'srp_test' + +class SignupTest < SrpTest + + setup do + register_user + end + + test "signup response" do + assert_json_response :login => @login, :ok => true + assert last_response.successful? + end + + test "signup creates user" do + assert @user + assert_equal @login, @user.login + end +end + diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb index b291269..bb24f5f 100644 --- a/users/test/integration/api/srp_test.rb +++ b/users/test/integration/api/srp_test.rb @@ -52,6 +52,11 @@ class SrpTest < RackTest @server_auth = srp(params).authenticate(self) end + def logout + delete "http://api.lvh.me:3000/1/logout.json", + format: :json + end + def cleanup_user(login = nil) login ||= @user.login Identity.by_address.key(login + '@' + APP_CONFIG[:domain]).each do |identity| diff --git a/users/test/integration/api/update_account_test.rb b/users/test/integration/api/update_account_test.rb new file mode 100644 index 0000000..16c2357 --- /dev/null +++ b/users/test/integration/api/update_account_test.rb @@ -0,0 +1,44 @@ +require 'test_helper' +require_relative 'srp_test' + +class UpdateAccountTest < SrpTest + + setup do + register_user + end + + test "require authentication" do + update_user password: "No! Verify me instead." + assert_access_denied + end + + test "update password via api" do + authenticate + update_user password: "No! Verify me instead." + authenticate + assert last_response.successful? + assert_nil server_auth["errors"] + assert server_auth["M2"] + end + + test "change login with password_verifier" do + authenticate + new_login = 'zaph' + cleanup_user new_login + update_user login: new_login, password: @password + authenticate + assert last_response.successful? + assert_equal new_login, @user.reload.login + end + + test "prevent changing login without changing password_verifier" do + authenticate + original_login = @user.login + new_login = 'zaph' + cleanup_user new_login + update_user login: new_login + assert last_response.successful? + # does not change login if no password_verifier is present + assert_equal original_login, @user.reload.login + end +end -- cgit v1.2.3