From cc1666d9832415058bf0b22bb5912e432261af4f Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 7 Jul 2014 10:12:53 +0200 Subject: Identity view cert_fingerprints_by_expiry Also move complex identity views into js designs. Includes test. Here's how you would query it from outside rails: ``` $ curl 'localhost:5984/identities/_design/Identity/_view/cert_fingerprints_by_expiry?startkey="2014-07-05"' {"total_rows":4,"offset":1,"rows":[ {"id":"6c9091d4f13eaeaa6062c9d0528fd34d","key":"2014-07-05","value":"fingerprint"}, {"id":"6f3aa93828b4f6978d551f2623b9d103","key":"2014-07-05","value":"fingerprint"}, {"id":"b6cafacfa65042679691cd5065fb19e3","key":"2014-07-07","value":"fp"} ]} ``` Note that the expiry will be used as the key. So you should use the current data (or yesterday) as the startkey to get all fingerprints that have not expired yet. The fingerprint itself is in the value. No need to include docs. --- test/unit/identity_test.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'test') diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb index 49b2075..933b0ff 100644 --- a/test/unit/identity_test.rb +++ b/test/unit/identity_test.rb @@ -136,6 +136,22 @@ class IdentityTest < ActiveSupport::TestCase assert_equal 0, Identity.disabled.count end + test "store cert fingerprint" do + begin + id = Identity.for(@user) + cert = stub expiry: Time.now, fingerprint: "fp" + id.register_cert cert + id.save + entry = {cert.fingerprint => cert.expiry.to_date.to_s} + assert_equal entry, id.cert_fingerprints + row = Identity.cert_fingerprints_by_expiry.descending.rows.first + assert_equal row['key'], cert.expiry.to_date.to_s + assert_equal row['value'], cert.fingerprint + ensure + id.reload.destroy if id && id.persisted? + end + end + def alias_name @alias_name ||= Faker::Internet.user_name end -- cgit v1.2.3 From bdd5060ccc13951524c171e2d3b81eeddec1625d Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 9 Jul 2014 22:53:05 +0200 Subject: fix tests and simplify time calculations --- test/functional/v1/smtp_certs_controller_test.rb | 3 ++- test/integration/api/smtp_cert_test.rb | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index 9281ae6..3427e2d 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -27,7 +27,8 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase protected def expect_cert(prefix) - cert = stub :to_s => "#{prefix.downcase} cert" + cert = stub to_s: "#{prefix.downcase} cert", + expiry: 1.month.from_now.utc.at_midnight ClientCertificate.expects(:new). with(:prefix => prefix). returns(cert) diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index f72362d..7697e44 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -33,8 +33,10 @@ class SmtpCertTest < ApiIntegrationTest assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') - today = DateTime.now.to_date.to_s - assert_equal({fingerprint => today}, @user.reload.identity.cert_fingerprints) + expiry = APP_CONFIG[:client_cert_lifespan].months.from_now.utc.midnight + expiry_string = expiry.to_date.to_s + fingerprints = {fingerprint => expiry_string} + assert_equal fingerprints, @user.reload.identity.cert_fingerprints end test "fetching smtp certs requires email account" do -- cgit v1.2.3 From 3bbfdf29bbc40432c21e34fe84060cf9ae70273f Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 12 Jul 2014 09:55:26 +0200 Subject: allow querying for the expiry of a particular fingerprint --- test/unit/identity_test.rb | 183 +++++++++++++++++++++++++-------------------- 1 file changed, 100 insertions(+), 83 deletions(-) (limited to 'test') diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb index 933b0ff..cb0f6bd 100644 --- a/test/unit/identity_test.rb +++ b/test/unit/identity_test.rb @@ -7,149 +7,161 @@ class IdentityTest < ActiveSupport::TestCase @user = find_record :user end - test "blank identity does not crash on valid?" do - id = Identity.new - assert !id.valid? + teardown do + if @id && @id.persisted? + id = Identity.find(@id.id) + id.destroy if id.present? + end + end + + test "blank @identity does not crash on valid?" do + @id = Identity.new + assert !@id.valid? end - test "enabled identity requires destination" do - id = Identity.new user: @user, address: @user.email_address - assert !id.valid? - assert_equal ["can't be blank"], id.errors[:destination] + test "enabled @identity requires destination" do + @id = Identity.new user: @user, address: @user.email_address + assert !@id.valid? + assert_equal ["can't be blank"], @id.errors[:destination] end - test "disabled identity requires no destination" do - id = Identity.new address: @user.email_address - assert id.valid? + test "disabled @identity requires no destination" do + @id = Identity.new address: @user.email_address + assert @id.valid? end - test "initial identity for a user" do - id = Identity.for(@user) - assert_equal @user.email_address, id.address - assert_equal @user.email_address, id.destination - assert_equal @user, id.user + test "initial @identity for a user" do + @id = Identity.for(@user) + assert_equal @user.email_address, @id.address + assert_equal @user.email_address, @id.destination + assert_equal @user, @id.user end test "add alias" do - id = Identity.for @user, address: alias_name - assert_equal LocalEmail.new(alias_name), id.address - assert_equal @user.email_address, id.destination - assert_equal @user, id.user + @id = Identity.for @user, address: alias_name + assert_equal LocalEmail.new(alias_name), @id.address + assert_equal @user.email_address, @id.destination + assert_equal @user, @id.user end test "add forward" do - id = Identity.for @user, destination: forward_address - assert_equal @user.email_address, id.address - assert_equal Email.new(forward_address), id.destination - assert_equal @user, id.user + @id = Identity.for @user, destination: forward_address + assert_equal @user.email_address, @id.address + assert_equal Email.new(forward_address), @id.destination + assert_equal @user, @id.user end test "forward alias" do - id = Identity.for @user, address: alias_name, destination: forward_address - assert_equal LocalEmail.new(alias_name), id.address - assert_equal Email.new(forward_address), id.destination - assert_equal @user, id.user + @id = Identity.for @user, address: alias_name, destination: forward_address + assert_equal LocalEmail.new(alias_name), @id.address + assert_equal Email.new(forward_address), @id.destination + assert_equal @user, @id.user end test "prevents duplicates" do - id = Identity.create_for @user, address: alias_name, destination: forward_address + @id = Identity.create_for @user, address: alias_name, destination: forward_address dup = Identity.build_for @user, address: alias_name, destination: forward_address assert !dup.valid? assert_equal ["has already been taken"], dup.errors[:destination] - id.destroy end test "validates availability" do other_user = find_record :user - id = Identity.create_for @user, address: alias_name, destination: forward_address + @id = Identity.create_for @user, address: alias_name, destination: forward_address taken = Identity.build_for other_user, address: alias_name assert !taken.valid? assert_equal ["has already been taken"], taken.errors[:address] - id.destroy end test "setting and getting pgp key" do - id = Identity.for(@user) - id.set_key(:pgp, pgp_key_string) - assert_equal pgp_key_string, id.keys[:pgp] + @id = Identity.for(@user) + @id.set_key(:pgp, pgp_key_string) + assert_equal pgp_key_string, @id.keys[:pgp] end test "querying pgp key via couch" do - id = Identity.for(@user) - id.set_key(:pgp, pgp_key_string) - id.save - view = Identity.pgp_key_by_email.key(id.address) + @id = Identity.for(@user) + @id.set_key(:pgp, pgp_key_string) + @id.save + view = Identity.pgp_key_by_email.key(@id.address) assert_equal 1, view.rows.count assert result = view.rows.first - assert_equal id.address, result["key"] - assert_equal id.keys[:pgp], result["value"] - id.destroy + assert_equal @id.address, result["key"] + assert_equal @id.keys[:pgp], result["value"] end - test "fail to add non-local email address as identity address" do - id = Identity.for @user, address: forward_address - assert !id.valid? - assert_match /needs to end in/, id.errors[:address].first + test "fail to add non-local email address as @identity address" do + @id = Identity.for @user, address: forward_address + assert !@id.valid? + assert_match /needs to end in/, @id.errors[:address].first end test "alias must meet same conditions as login" do - id = Identity.create_for @user, address: alias_name.capitalize - assert !id.valid? + @id = Identity.create_for @user, address: alias_name.capitalize + assert !@id.valid? #hacky way to do this, but okay for now: - assert id.errors.messages.flatten(2).include? "Must begin with a lowercase letter" - assert id.errors.messages.flatten(2).include? "Only lowercase letters, digits, . - and _ allowed." + assert @id.errors.messages.flatten(2).include? "Must begin with a lowercase letter" + assert @id.errors.messages.flatten(2).include? "Only lowercase letters, digits, . - and _ allowed." end test "destination must be valid email address" do - id = Identity.create_for @user, address: @user.email_address, destination: 'ASKJDLFJD' - assert !id.valid? - assert id.errors.messages[:destination].include? "needs to be a valid email address" + @id = Identity.create_for @user, address: @user.email_address, destination: 'ASKJDLFJD' + assert !@id.valid? + assert @id.errors.messages[:destination].include? "needs to be a valid email address" end - test "disabled identity" do - id = Identity.for(@user) - id.disable - assert_equal @user.email_address, id.address - assert_equal nil, id.destination - assert_equal nil, id.user - assert !id.enabled? - assert id.valid? + test "disabled @identity" do + @id = Identity.for(@user) + @id.disable + assert_equal @user.email_address, @id.address + assert_equal nil, @id.destination + assert_equal nil, @id.user + assert !@id.enabled? + assert @id.valid? end - test "disabled identity blocks handle" do - id = Identity.for(@user) - id.disable - id.save + test "disabled @identity blocks handle" do + @id = Identity.for(@user) + @id.disable + @id.save other_user = find_record :user - taken = Identity.build_for other_user, address: id.address + taken = Identity.build_for other_user, address: @id.address assert !taken.valid? assert_equal ["has already been taken"], taken.errors[:address] - Identity.destroy_all_disabled end test "destroy all disabled identities" do - id = Identity.for(@user) - id.disable - id.save - assert Identity.count > 0 + @id = Identity.for(@user) + @id.disable + @id.save + assert Identity.disabled.count > 0 Identity.destroy_all_disabled assert_equal 0, Identity.disabled.count end test "store cert fingerprint" do - begin - id = Identity.for(@user) - cert = stub expiry: Time.now, fingerprint: "fp" - id.register_cert cert - id.save - entry = {cert.fingerprint => cert.expiry.to_date.to_s} - assert_equal entry, id.cert_fingerprints - row = Identity.cert_fingerprints_by_expiry.descending.rows.first - assert_equal row['key'], cert.expiry.to_date.to_s - assert_equal row['value'], cert.fingerprint - ensure - id.reload.destroy if id && id.persisted? - end + @id = Identity.for(@user) + @id.register_cert cert_stub + entry = {cert_stub.fingerprint => cert_stub.expiry.to_date.to_s} + assert_equal entry, @id.cert_fingerprints + end + + test "query cert fingerprints by expiry" do + @id = Identity.for(@user) + @id.register_cert cert_stub + @id.save + row = Identity.cert_fingerprints_by_expiry.descending.rows.first + assert_equal row['key'], cert_stub.expiry.to_date.to_s + assert_equal row['value'], cert_stub.fingerprint + end + + test "query cert expiry for a cert fingerprint" do + @id = Identity.for(@user) + @id.register_cert cert_stub + @id.save + row = Identity.cert_expiry_by_fingerprint.key(cert_stub.fingerprint).rows.first + assert_equal row['key'], cert_stub.fingerprint + assert_equal row['value'], cert_stub.expiry.to_date.to_s end def alias_name @@ -163,4 +175,9 @@ class IdentityTest < ActiveSupport::TestCase def pgp_key_string @pgp_key ||= "DUMMY PGP KEY ... "+SecureRandom.base64(4096) end + + def cert_stub + @cert_stub ||= stub expiry: 1.month.from_now, + fingerprint: SecureRandom.hex + end end -- cgit v1.2.3