From e94b9471c0bc30cd6a1a5bf5b6b22b746d242e31 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 May 2014 16:11:20 +0200 Subject: calculate cert fingerprints to store for leap_mx stelfox.net/blog/2014/04/calculating-rsa-key-fingerprints-in-ruby/ --- app/models/client_certificate.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb index 76b07a2..63de9e1 100644 --- a/app/models/client_certificate.rb +++ b/app/models/client_certificate.rb @@ -43,8 +43,16 @@ class ClientCertificate self.key.to_pem + self.cert.to_pem end + def fingerprint + OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':') + end + private + def openssl_cert + cert.openssl_body + end + def self.root_ca @root_ca ||= begin crt = File.read(APP_CONFIG[:client_ca_cert]) -- cgit v1.2.3 From 1241cb8f13e6d0752b67521e8385b62d7fbcc882 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 15 May 2014 10:40:21 +0200 Subject: basic integration test for cert API --- test/integration/api/cert_test.rb | 30 ++++++++++++++++++++++++++++++ test/support/api_integration_test.rb | 23 +++++++++++++++++++++++ test/support/assert_responses.rb | 30 +++++++++++++++++++++++++----- test/support/browser_integration_test.rb | 1 + 4 files changed, 79 insertions(+), 5 deletions(-) create mode 100644 test/integration/api/cert_test.rb create mode 100644 test/support/api_integration_test.rb diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb new file mode 100644 index 0000000..74d439a --- /dev/null +++ b/test/integration/api/cert_test.rb @@ -0,0 +1,30 @@ +require 'test_helper' + +class CertTest < ApiIntegrationTest + + test "retrieve eip cert" do + login + get '/1/cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + + test "fetching certs requires login by default" do + get '/1/cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + + test "retrieve anonymous eip cert" do + with_config allow_anonymous_certs: true do + get '/1/cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + end +end diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb new file mode 100644 index 0000000..50c528b --- /dev/null +++ b/test/support/api_integration_test.rb @@ -0,0 +1,23 @@ +class ApiIntegrationTest < ActionDispatch::IntegrationTest + + DUMMY_TOKEN = Token.new + RACK_ENV = {'HTTP_AUTHORIZATION' => %Q(Token token="#{DUMMY_TOKEN.to_s}")} + + def login(user = nil) + @user ||= user ||= FactoryGirl.create(:user) + @token ||= DUMMY_TOKEN + @token.user_id = @user.id + @token.last_seen_at = Time.now + @token.save + end + + teardown do + if @user && @user.persisted? + Identity.destroy_all_for @user + @user.reload.destroy + end + if @token && @token.persisted? + @token.reload.destroy + end + end +end diff --git a/test/support/assert_responses.rb b/test/support/assert_responses.rb index b01166f..19c2768 100644 --- a/test/support/assert_responses.rb +++ b/test/support/assert_responses.rb @@ -8,21 +8,27 @@ module AssertResponses @response || last_response end - def assert_attachement_filename(name) - assert_equal %Q(attachment; filename="#{name}"), - get_response.headers["Content-Disposition"] + def content_type + get_response.content_type.to_s.split(';').first end def json_response + return nil unless content_type == 'application/json' response = JSON.parse(get_response.body) response.respond_to?(:with_indifferent_access) ? response.with_indifferent_access : response end + def assert_text_response(body = nil) + assert_equal 'text/plain', content_type + unless body.nil? + assert_equal body, get_response.body + end + end + def assert_json_response(object) - assert_equal 'application/json', - get_response.content_type.to_s.split(';').first + assert_equal 'application/json', content_type if object.is_a? Hash object.stringify_keys! if object.respond_to? :stringify_keys! assert_equal object, json_response @@ -35,6 +41,20 @@ module AssertResponses object.stringify_keys! if object.respond_to? :stringify_keys! assert_json_response :errors => object end + + # checks for the presence of a key in a json response + # or a string in a text response + def assert_response_includes(string_or_key) + response = json_response || get_response.body + assert response.include?(string_or_key), + "response should have included #{string_or_key}" + end + + def assert_attachement_filename(name) + assert_equal %Q(attachment; filename="#{name}"), + get_response.headers["Content-Disposition"] + end + end class ::ActionController::TestCase diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 1c872ff..4fec59f 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -54,6 +54,7 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest end # currently this only works for tests with poltergeist. + # ApiIntegrationTest has a working implementation for RackTest def login(user = nil) @user ||= user ||= FactoryGirl.create(:user) token = Token.create user_id: user.id -- cgit v1.2.3 From 5dd6c1529f8f4fc5089c71b0a44e360acaea900d Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 15 May 2014 11:04:56 +0200 Subject: fix Email so User.new.valid? does not crash Email.new(nil) now returns an invalid email rather than crashing. --- app/models/email.rb | 5 +++++ test/unit/user_test.rb | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/app/models/email.rb b/app/models/email.rb index a9a503f..4090275 100644 --- a/app/models/email.rb +++ b/app/models/email.rb @@ -7,6 +7,11 @@ class Email < String :message => "needs to be a valid email address" } + # Make sure we can call Email.new(nil) and get an invalid email address + def initialize(s) + super(s.to_s) + end + def to_partial_path "emails/email" end diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index ffbb7d8..b3c831b 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -65,4 +65,11 @@ class UserTest < ActiveSupport::TestCase assert_equal key, @user.public_key end + # + ## Regression tests + # + test "make sure valid does not crash" do + assert !User.new.valid? + end + end -- cgit v1.2.3 From 71dcf3f4e5d423b78b47f675297fc98b28ef3442 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 15 May 2014 11:17:47 +0200 Subject: SmtpCertsController, routes and tests --- app/controllers/v1/smtp_certs_controller.rb | 21 ++++++++++ config/routes.rb | 1 + test/functional/v1/smtp_certs_controller_test.rb | 35 ++++++++++++++++ test/integration/api/smtp_cert_test.rb | 51 ++++++++++++++++++++++++ test/support/api_integration_test.rb | 2 + 5 files changed, 110 insertions(+) create mode 100644 app/controllers/v1/smtp_certs_controller.rb create mode 100644 test/functional/v1/smtp_certs_controller_test.rb create mode 100644 test/integration/api/smtp_cert_test.rb diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb new file mode 100644 index 0000000..001425d --- /dev/null +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -0,0 +1,21 @@ +class V1::SmtpCertsController < ApplicationController + + before_filter :require_login + before_filter :require_email_account + + # GET /cert + def show + @cert = ClientCertificate.new prefix: current_user.email_address + render text: @cert.to_s, content_type: 'text/plain' + end + + protected + + def require_email_account + access_denied unless service_level.provides? 'email' + end + + def service_level + current_user.effective_service_level + end +end diff --git a/config/routes.rb b/config/routes.rb index 745b97d..ff2d2cc 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -26,6 +26,7 @@ LeapWeb::Application.routes.draw do resources :users, :only => [:create, :update, :destroy, :index] resources :messages, :only => [:index, :update] resource :cert, :only => [:show] + resource :smtp_cert, :only => [:show] resource :service, :only => [:show] end diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb new file mode 100644 index 0000000..f9ba26f --- /dev/null +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -0,0 +1,35 @@ +require 'test_helper' + +class V1::SmtpCertsControllerTest < ActionController::TestCase + + test "no smtp cert without login" do + with_config allow_anonymous_certs: true do + get :show, format: 'json' + assert_access_denied + end + end + + test "require service level with email" do + login + get :show + assert_access_denied + end + + test "send cert with username" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert(@current_user.email_address) + get :show + assert_response :success + assert_equal cert.to_s, @response.body + end + + protected + + def expect_cert(prefix) + cert = stub :to_s => "#{prefix.downcase} cert" + ClientCertificate.expects(:new). + with(:prefix => prefix). + returns(cert) + return cert + end +end diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb new file mode 100644 index 0000000..a579d93 --- /dev/null +++ b/test/integration/api/smtp_cert_test.rb @@ -0,0 +1,51 @@ +require 'test_helper' +require 'openssl' + +class SmtpCertTest < ApiIntegrationTest + + test "retrieve smtp cert" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + get '/1/smtp_cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + + test "key matches the cert" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + get '/1/smtp_cert', {}, RACK_ENV + assert_text_response + cert = OpenSSL::X509::Certificate.new(get_response.body) + key = OpenSSL::PKey::RSA.new(get_response.body) + assert cert.check_private_key(key) + end + + # we'll store the fingerprint later. + test "fingerprint matches" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + get '/1/smtp_cert', {}, RACK_ENV + assert_text_response + cert = OpenSSL::X509::Certificate.new(get_response.body) + fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') + skip "we're not storing the fingerprints yet" + assert_equal fingerprint, @user.identity.cert_fingerprints.last + end + + test "fetching smtp certs requires email account" do + login + get '/1/smtp_cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + + test "no anonymous smtp certs" do + with_config allow_anonymous_certs: true do + get '/1/smtp_cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + end +end diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index 50c528b..aa9c00d 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -6,6 +6,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest def login(user = nil) @user ||= user ||= FactoryGirl.create(:user) @token ||= DUMMY_TOKEN + # make sure @token is up to date if it already exists + @token.reload if @token.persisted @token.user_id = @user.id @token.last_seen_at = Time.now @token.save -- cgit v1.2.3 From 17b67aeda81dee2273ce1161ac7292a328c3efaa Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 15 May 2014 16:29:49 +0200 Subject: store cert fingerprint with main user identity --- app/controllers/v1/smtp_certs_controller.rb | 2 ++ app/models/identity.rb | 1 + test/integration/api/smtp_cert_test.rb | 8 ++++---- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb index 001425d..258b391 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -6,6 +6,8 @@ class V1::SmtpCertsController < ApplicationController # GET /cert def show @cert = ClientCertificate.new prefix: current_user.email_address + current_user.identity.cert_fingerprints << @cert.fingerprint + current_user.identity.save render text: @cert.to_s, content_type: 'text/plain' end diff --git a/app/models/identity.rb b/app/models/identity.rb index ad8c01e..2f8d4eb 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -8,6 +8,7 @@ class Identity < CouchRest::Model::Base property :address, LocalEmail property :destination, Email property :keys, HashWithIndifferentAccess + property :cert_fingerprints, [String] validate :unique_forward validate :alias_available diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index a579d93..4f0f4a6 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -14,7 +14,7 @@ class SmtpCertTest < ApiIntegrationTest assert_response_includes "END CERTIFICATE" end - test "key matches the cert" do + test "cert and key" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login get '/1/smtp_cert', {}, RACK_ENV @@ -22,17 +22,17 @@ class SmtpCertTest < ApiIntegrationTest cert = OpenSSL::X509::Certificate.new(get_response.body) key = OpenSSL::PKey::RSA.new(get_response.body) assert cert.check_private_key(key) + prefix = "/CN=#{@user.email_address}" + assert_equal prefix, cert.subject.to_s.slice(0,prefix.size) end - # we'll store the fingerprint later. - test "fingerprint matches" do + test "fingerprint is stored with identity" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login get '/1/smtp_cert', {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') - skip "we're not storing the fingerprints yet" assert_equal fingerprint, @user.identity.cert_fingerprints.last end -- cgit v1.2.3 From e8ba98df64cb537e85de8624c0ebb08c4135ccca Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 19 May 2014 14:50:16 +0200 Subject: minor: fix tests --- app/controllers/v1/smtp_certs_controller.rb | 2 +- test/functional/v1/smtp_certs_controller_test.rb | 1 + test/support/api_integration_test.rb | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb index 258b391..533a19a 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -3,7 +3,7 @@ class V1::SmtpCertsController < ApplicationController before_filter :require_login before_filter :require_email_account - # GET /cert + # GET /1/smtp_cert def show @cert = ClientCertificate.new prefix: current_user.email_address current_user.identity.cert_fingerprints << @cert.fingerprint diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index f9ba26f..169f414 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -18,6 +18,7 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase test "send cert with username" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert(@current_user.email_address) + cert.expects(:fingerprint).returns('fingerprint') get :show assert_response :success assert_equal cert.to_s, @response.body diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index aa9c00d..0e8e261 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -7,7 +7,7 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest @user ||= user ||= FactoryGirl.create(:user) @token ||= DUMMY_TOKEN # make sure @token is up to date if it already exists - @token.reload if @token.persisted + @token.reload if @token.persisted? @token.user_id = @user.id @token.last_seen_at = Time.now @token.save -- cgit v1.2.3 From 3a84578cf33685800c9216cfb4da12ea1fb0032f Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 19 May 2014 15:07:02 +0200 Subject: store fingerprints with timestamp Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps --- app/controllers/v1/smtp_certs_controller.rb | 18 ++++++++++++++++-- app/models/identity.rb | 12 +++++++++++- test/integration/api/smtp_cert_test.rb | 3 ++- test/support/api_integration_test.rb | 3 ++- 4 files changed, 31 insertions(+), 5 deletions(-) diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb index 533a19a..fcc00b8 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -2,22 +2,36 @@ class V1::SmtpCertsController < ApplicationController before_filter :require_login before_filter :require_email_account + before_filter :fetch_identity # GET /1/smtp_cert def show @cert = ClientCertificate.new prefix: current_user.email_address - current_user.identity.cert_fingerprints << @cert.fingerprint - current_user.identity.save + @identity.register_cert(@cert) + @identity.save render text: @cert.to_s, content_type: 'text/plain' end protected + # + # Filters + # + def require_email_account access_denied unless service_level.provides? 'email' end + def fetch_identity + @identity = current_user.identity + end + + # + # Helper methods + # + def service_level current_user.effective_service_level end + end diff --git a/app/models/identity.rb b/app/models/identity.rb index 2f8d4eb..a4225e7 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -8,7 +8,7 @@ class Identity < CouchRest::Model::Base property :address, LocalEmail property :destination, Email property :keys, HashWithIndifferentAccess - property :cert_fingerprints, [String] + property :cert_fingerprints, Hash validate :unique_forward validate :alias_available @@ -108,6 +108,16 @@ class Identity < CouchRest::Model::Base write_attribute('keys', keys.merge(type => key.to_s)) end + def cert_fingerprints + read_attribute('cert_fingerprints') || Hash.new + end + + def register_cert(cert) + today = DateTime.now.to_date.to_s + write_attribute 'cert_fingerprints', + cert_fingerprints.merge(cert.fingerprint => today) + end + # for LoginFormatValidation def login self.address.handle diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 4f0f4a6..992249b 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') - assert_equal fingerprint, @user.identity.cert_fingerprints.last + today = DateTime.now.to_date.to_s + assert_equal({fingerprint => today}, @user.identity.cert_fingerprints) end test "fetching smtp certs requires email account" do diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index 0e8e261..bd10f11 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -5,7 +5,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest def login(user = nil) @user ||= user ||= FactoryGirl.create(:user) - @token ||= DUMMY_TOKEN + # DUMMY_TOKEN will be frozen. So let's use a dup + @token ||= DUMMY_TOKEN.dup # make sure @token is up to date if it already exists @token.reload if @token.persisted? @token.user_id = @user.id -- cgit v1.2.3 From 00d5adc90ccadc7f4a2a0d54a5a31a1ad02f05be Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 May 2014 09:31:36 +0200 Subject: change from GET to POST for certs We create them. let's reflect that in the verb. --- app/controllers/v1/certs_controller.rb | 8 ++++++++ app/controllers/v1/smtp_certs_controller.rb | 4 ++-- config/routes.rb | 4 ++-- test/functional/v1/certs_controller_test.rb | 20 ++++++++++++++------ test/functional/v1/smtp_certs_controller_test.rb | 6 +++--- test/integration/api/smtp_cert_test.rb | 10 +++++----- 6 files changed, 34 insertions(+), 18 deletions(-) diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb index 73409ef..b6d1d0b 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/v1/certs_controller.rb @@ -3,7 +3,15 @@ class V1::CertsController < ApplicationController before_filter :require_login, :unless => :anonymous_certs_allowed? # GET /cert + # deprecated - we actually create a new cert and that can + # be reflected in the action. GET /cert will eventually go + # away and be replaced by POST /cert def show + create + end + + # POST /cert + def create @cert = ClientCertificate.new(:prefix => service_level.cert_prefix) render text: @cert.to_s, content_type: 'text/plain' end diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb index fcc00b8..377a49c 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -4,8 +4,8 @@ class V1::SmtpCertsController < ApplicationController before_filter :require_email_account before_filter :fetch_identity - # GET /1/smtp_cert - def show + # POST /1/smtp_cert + def create @cert = ClientCertificate.new prefix: current_user.email_address @identity.register_cert(@cert) @identity.save diff --git a/config/routes.rb b/config/routes.rb index ff2d2cc..2853fbd 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -25,8 +25,8 @@ LeapWeb::Application.routes.draw do delete "logout" => "sessions#destroy", :as => "logout" resources :users, :only => [:create, :update, :destroy, :index] resources :messages, :only => [:index, :update] - resource :cert, :only => [:show] - resource :smtp_cert, :only => [:show] + resource :cert, :only => [:show, :create] + resource :smtp_cert, :only => [:create] resource :service, :only => [:show] end diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb index fb8e9c4..ec34b01 100644 --- a/test/functional/v1/certs_controller_test.rb +++ b/test/functional/v1/certs_controller_test.rb @@ -2,26 +2,34 @@ require 'test_helper' class V1::CertsControllerTest < ActionController::TestCase - test "send unlimited cert without login" do + test "create unlimited cert without login" do with_config allow_anonymous_certs: true do cert = expect_cert('UNLIMITED') - get :show + post :create assert_response :success assert_equal cert.to_s, @response.body end end - test "send limited cert" do + test "create limited cert" do with_config allow_limited_certs: true do login cert = expect_cert('LIMITED') - get :show + post :create assert_response :success assert_equal cert.to_s, @response.body end end - test "send unlimited cert" do + test "create unlimited cert" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert('UNLIMITED') + post :create + assert_response :success + assert_equal cert.to_s, @response.body + end + + test "GET still works as an alias" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert('UNLIMITED') get :show @@ -30,7 +38,7 @@ class V1::CertsControllerTest < ActionController::TestCase end test "redirect if no eip service offered" do - get :show + post :create assert_response :redirect end diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index 169f414..ae1a214 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -4,14 +4,14 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase test "no smtp cert without login" do with_config allow_anonymous_certs: true do - get :show, format: 'json' + post :create assert_access_denied end end test "require service level with email" do login - get :show + post :create assert_access_denied end @@ -19,7 +19,7 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert(@current_user.email_address) cert.expects(:fingerprint).returns('fingerprint') - get :show + post :create assert_response :success assert_equal cert.to_s, @response.body end diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 992249b..04e6f31 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -6,7 +6,7 @@ class SmtpCertTest < ApiIntegrationTest test "retrieve smtp cert" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_text_response assert_response_includes "BEGIN RSA PRIVATE KEY" assert_response_includes "END RSA PRIVATE KEY" @@ -17,7 +17,7 @@ class SmtpCertTest < ApiIntegrationTest test "cert and key" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) key = OpenSSL::PKey::RSA.new(get_response.body) @@ -29,7 +29,7 @@ class SmtpCertTest < ApiIntegrationTest test "fingerprint is stored with identity" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') @@ -39,13 +39,13 @@ class SmtpCertTest < ApiIntegrationTest test "fetching smtp certs requires email account" do login - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_json_response error: I18n.t(:not_authorized) end test "no anonymous smtp certs" do with_config allow_anonymous_certs: true do - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_json_response error: I18n.t(:not_authorized) end end -- cgit v1.2.3 From f221e5313fe54a2efa127b547916c7c812110449 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 May 2014 09:56:11 +0200 Subject: fix test to require login --- test/functional/v1/smtp_certs_controller_test.rb | 2 +- test/support/auth_test_helper.rb | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index ae1a214..9281ae6 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -5,7 +5,7 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase test "no smtp cert without login" do with_config allow_anonymous_certs: true do post :create - assert_access_denied + assert_login_required end end diff --git a/test/support/auth_test_helper.rb b/test/support/auth_test_helper.rb index 57f9f9b..e1961aa 100644 --- a/test/support/auth_test_helper.rb +++ b/test/support/auth_test_helper.rb @@ -19,6 +19,10 @@ module AuthTestHelper return @current_user end + def assert_login_required + assert_access_denied(true, false) + end + def assert_access_denied(denied = true, logged_in = true) if denied if @response.content_type == 'application/json' -- cgit v1.2.3