From 6d9bd6b966ec2370b7f8659b0810b03c5d1568aa Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 09:08:46 +0100 Subject: upgrade: unique test names Rails 4.2 runs all tests mixed together. So unit tests and integration tests may not have conflicting names. --- test/integration/api/token_auth_test.rb | 16 ++++++++++++++++ test/integration/api/token_test.rb | 16 ---------------- 2 files changed, 16 insertions(+), 16 deletions(-) create mode 100644 test/integration/api/token_auth_test.rb delete mode 100644 test/integration/api/token_test.rb (limited to 'test/integration/api') diff --git a/test/integration/api/token_auth_test.rb b/test/integration/api/token_auth_test.rb new file mode 100644 index 0000000..3b83f23 --- /dev/null +++ b/test/integration/api/token_auth_test.rb @@ -0,0 +1,16 @@ +require_relative '../../test_helper' +require_relative 'srp_test' + +class TokenAuthTest < SrpTest + + setup do + register_user + end + + test "stores token SHA512 encoded" do + authenticate + token = server_auth['token'] + assert Token.find(Digest::SHA512.hexdigest(token)) + end + +end diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb deleted file mode 100644 index dafbfb7..0000000 --- a/test/integration/api/token_test.rb +++ /dev/null @@ -1,16 +0,0 @@ -require_relative '../../test_helper' -require_relative 'srp_test' - -class TokenTest < SrpTest - - setup do - register_user - end - - test "stores token SHA512 encoded" do - authenticate - token = server_auth['token'] - assert Token.find(Digest::SHA512.hexdigest(token)) - end - -end -- cgit v1.2.3 From e05a1b0f5ae40a2aa17976b3009cd563b8e4660a Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 1 May 2016 10:55:33 -0300 Subject: api: allow version bumping - bump to 2 --- test/integration/api/cert_test.rb | 11 ++++++++--- test/integration/api/signup_test.rb | 2 +- test/integration/api/smtp_cert_test.rb | 14 +++++++++----- test/integration/api/srp_test.rb | 18 +++++++++++++----- test/integration/api/token_auth_test.rb | 2 +- test/integration/api/update_account_test.rb | 2 +- 6 files changed, 33 insertions(+), 16 deletions(-) (limited to 'test/integration/api') diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb index 772901d..289d3c6 100644 --- a/test/integration/api/cert_test.rb +++ b/test/integration/api/cert_test.rb @@ -5,7 +5,7 @@ class CertTest < ApiIntegrationTest test "retrieve eip cert" do login - get '/1/cert', {}, RACK_ENV + get cert_url, {}, RACK_ENV assert_text_response assert_response_includes "BEGIN RSA PRIVATE KEY" assert_response_includes "END RSA PRIVATE KEY" @@ -14,13 +14,13 @@ class CertTest < ApiIntegrationTest end test "fetching certs requires login by default" do - get '/1/cert', {}, RACK_ENV + get cert_url, {}, RACK_ENV assert_login_required end test "retrieve anonymous eip cert" do with_config allow_anonymous_certs: true do - get '/1/cert', {}, RACK_ENV + get cert_url, {}, RACK_ENV assert_text_response assert_response_includes "BEGIN RSA PRIVATE KEY" assert_response_includes "END RSA PRIVATE KEY" @@ -28,4 +28,9 @@ class CertTest < ApiIntegrationTest assert_response_includes "END CERTIFICATE" end end + + def cert_url + "/#{api_version}/cert" + end + end diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb index 7216496..dc24420 100644 --- a/test/integration/api/signup_test.rb +++ b/test/integration/api/signup_test.rb @@ -1,4 +1,4 @@ -require_relative '../../test_helper' +require 'test_helper' require_relative 'srp_test' class SignupTest < SrpTest diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 681d509..53382c1 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -11,7 +11,7 @@ class SmtpCertTest < ApiIntegrationTest test "retrieve smtp cert" do @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_text_response assert_response_includes "BEGIN RSA PRIVATE KEY" assert_response_includes "END RSA PRIVATE KEY" @@ -22,7 +22,7 @@ class SmtpCertTest < ApiIntegrationTest test "cert and key" do @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) key = OpenSSL::PKey::RSA.new(get_response.body) @@ -34,7 +34,7 @@ class SmtpCertTest < ApiIntegrationTest test "fingerprint is stored with identity" do @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') @@ -48,14 +48,18 @@ class SmtpCertTest < ApiIntegrationTest test "fetching smtp certs requires email account" do login - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_access_denied end test "no anonymous smtp certs" do with_config allow_anonymous_certs: true do - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_login_required end end + + def smtp_cert_url + "/#{api_version}/smtp_cert" + end end diff --git a/test/integration/api/srp_test.rb b/test/integration/api/srp_test.rb index 463abcd..b9605f9 100644 --- a/test/integration/api/srp_test.rb +++ b/test/integration/api/srp_test.rb @@ -14,7 +14,7 @@ class SrpTest < RackTest # this test wraps the api and implements the interface the ruby-srp client. def handshake(login, aa) - post "http://api.lvh.me:3000/1/sessions.json", + post api_url("sessions.json"), :login => login, 'A' => aa, :format => :json @@ -27,7 +27,7 @@ class SrpTest < RackTest end def validate(m) - put "http://api.lvh.me:3000/1/sessions/" + @login + '.json', + put api_url("sessions/#{@login}.json"), :client_auth => m, :format => :json return JSON.parse(last_response.body) @@ -39,7 +39,7 @@ class SrpTest < RackTest def register_user(login = "integration_test", password = 'srp, verify me!', invite_code = @testcode.invite_code) cleanup_user(login) - post 'http://api.lvh.me:3000/1/users.json', + post api_url('users.json'), user_params(login: login, password: password, invite_code: invite_code) assert(@user = User.find_by_login(login), 'user should have been created: %s' % last_response_errors) @login = login @@ -47,7 +47,7 @@ class SrpTest < RackTest end def update_user(params) - put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', + put api_url("users/#{@user.id}.json"), user_params(params), auth_headers end @@ -68,7 +68,7 @@ class SrpTest < RackTest end def logout(params=nil, headers=nil) - delete "http://api.lvh.me:3000/1/logout.json", + delete api_url("logout.json"), params || {format: :json}, headers || auth_headers end @@ -112,4 +112,12 @@ class SrpTest < RackTest rescue "" end + + def api_url(path) + "http://api.lvh.me:3000/#{api_version}/#{path}" + end + + def api_version + 2 + end end diff --git a/test/integration/api/token_auth_test.rb b/test/integration/api/token_auth_test.rb index 3b83f23..7b20b00 100644 --- a/test/integration/api/token_auth_test.rb +++ b/test/integration/api/token_auth_test.rb @@ -1,4 +1,4 @@ -require_relative '../../test_helper' +require 'test_helper' require_relative 'srp_test' class TokenAuthTest < SrpTest diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb index 16bbb8c..1492006 100644 --- a/test/integration/api/update_account_test.rb +++ b/test/integration/api/update_account_test.rb @@ -14,7 +14,7 @@ class UpdateAccountTest < SrpTest test "require token" do authenticate - put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', + put "http://api.lvh.me:3000/2/users/" + @user.id + '.json', user_params(password: "No! Verify me instead.") assert_login_required end -- cgit v1.2.3 From e2f19bcfb6dbce77746c2d61715340525b29a592 Mon Sep 17 00:00:00 2001 From: NavaL Date: Wed, 22 Jun 2016 19:17:15 +0200 Subject: [feature] expose is_admin in the user api So that whoever consumes the API can use this attribute to determine if admin functionalities should be made available to the current user. --- test/integration/api/signup_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/api') diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb index 7216496..05a0abe 100644 --- a/test/integration/api/signup_test.rb +++ b/test/integration/api/signup_test.rb @@ -8,7 +8,7 @@ class SignupTest < SrpTest end test "signup response" do - assert_json_response :login => @login, :ok => true, :id => @user.id, :enabled => true + assert_json_response :login => @login, :ok => true, :is_admin => false, :id => @user.id, :enabled => true assert last_response.successful? end -- cgit v1.2.3 From ab1917c5fe0f03e7719863a5598ad575d9fef302 Mon Sep 17 00:00:00 2001 From: NavaL Date: Thu, 14 Jul 2016 15:06:20 +0200 Subject: [feature] restrict is_admin in the user api, to only allow querying for him/herself So that it we do not expose the is_admin property to anyone else including other admins. --- test/integration/api/signup_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/integration/api') diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb index 2e515c1..dc24420 100644 --- a/test/integration/api/signup_test.rb +++ b/test/integration/api/signup_test.rb @@ -8,7 +8,7 @@ class SignupTest < SrpTest end test "signup response" do - assert_json_response :login => @login, :ok => true, :is_admin => false, :id => @user.id, :enabled => true + assert_json_response :login => @login, :ok => true, :id => @user.id, :enabled => true assert last_response.successful? end -- cgit v1.2.3 From fbad882075e745ab7afbe5f89c67544fb3c607c3 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 18 Aug 2016 11:00:16 +0200 Subject: respond_to on a per controller basis If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves. --- test/integration/api/smtp_cert_test.rb | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'test/integration/api') diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 53382c1..3adddfd 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -3,13 +3,8 @@ require 'openssl' class SmtpCertTest < ApiIntegrationTest - setup do - @testcode = InviteCode.new - @testcode.save! - end - test "retrieve smtp cert" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -20,7 +15,7 @@ class SmtpCertTest < ApiIntegrationTest end test "cert and key" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -32,7 +27,7 @@ class SmtpCertTest < ApiIntegrationTest end test "fingerprint is stored with identity" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -46,7 +41,6 @@ class SmtpCertTest < ApiIntegrationTest end test "fetching smtp certs requires email account" do - login post smtp_cert_url, {}, RACK_ENV assert_access_denied -- cgit v1.2.3