From 1241cb8f13e6d0752b67521e8385b62d7fbcc882 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 15 May 2014 10:40:21 +0200 Subject: basic integration test for cert API --- test/integration/api/cert_test.rb | 30 ++++++++++++++++++++++++++++++ test/support/api_integration_test.rb | 23 +++++++++++++++++++++++ test/support/assert_responses.rb | 30 +++++++++++++++++++++++++----- test/support/browser_integration_test.rb | 1 + 4 files changed, 79 insertions(+), 5 deletions(-) create mode 100644 test/integration/api/cert_test.rb create mode 100644 test/support/api_integration_test.rb (limited to 'test') diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb new file mode 100644 index 0000000..74d439a --- /dev/null +++ b/test/integration/api/cert_test.rb @@ -0,0 +1,30 @@ +require 'test_helper' + +class CertTest < ApiIntegrationTest + + test "retrieve eip cert" do + login + get '/1/cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + + test "fetching certs requires login by default" do + get '/1/cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + + test "retrieve anonymous eip cert" do + with_config allow_anonymous_certs: true do + get '/1/cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + end +end diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb new file mode 100644 index 0000000..50c528b --- /dev/null +++ b/test/support/api_integration_test.rb @@ -0,0 +1,23 @@ +class ApiIntegrationTest < ActionDispatch::IntegrationTest + + DUMMY_TOKEN = Token.new + RACK_ENV = {'HTTP_AUTHORIZATION' => %Q(Token token="#{DUMMY_TOKEN.to_s}")} + + def login(user = nil) + @user ||= user ||= FactoryGirl.create(:user) + @token ||= DUMMY_TOKEN + @token.user_id = @user.id + @token.last_seen_at = Time.now + @token.save + end + + teardown do + if @user && @user.persisted? + Identity.destroy_all_for @user + @user.reload.destroy + end + if @token && @token.persisted? + @token.reload.destroy + end + end +end diff --git a/test/support/assert_responses.rb b/test/support/assert_responses.rb index b01166f..19c2768 100644 --- a/test/support/assert_responses.rb +++ b/test/support/assert_responses.rb @@ -8,21 +8,27 @@ module AssertResponses @response || last_response end - def assert_attachement_filename(name) - assert_equal %Q(attachment; filename="#{name}"), - get_response.headers["Content-Disposition"] + def content_type + get_response.content_type.to_s.split(';').first end def json_response + return nil unless content_type == 'application/json' response = JSON.parse(get_response.body) response.respond_to?(:with_indifferent_access) ? response.with_indifferent_access : response end + def assert_text_response(body = nil) + assert_equal 'text/plain', content_type + unless body.nil? + assert_equal body, get_response.body + end + end + def assert_json_response(object) - assert_equal 'application/json', - get_response.content_type.to_s.split(';').first + assert_equal 'application/json', content_type if object.is_a? Hash object.stringify_keys! if object.respond_to? :stringify_keys! assert_equal object, json_response @@ -35,6 +41,20 @@ module AssertResponses object.stringify_keys! if object.respond_to? :stringify_keys! assert_json_response :errors => object end + + # checks for the presence of a key in a json response + # or a string in a text response + def assert_response_includes(string_or_key) + response = json_response || get_response.body + assert response.include?(string_or_key), + "response should have included #{string_or_key}" + end + + def assert_attachement_filename(name) + assert_equal %Q(attachment; filename="#{name}"), + get_response.headers["Content-Disposition"] + end + end class ::ActionController::TestCase diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 1c872ff..4fec59f 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -54,6 +54,7 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest end # currently this only works for tests with poltergeist. + # ApiIntegrationTest has a working implementation for RackTest def login(user = nil) @user ||= user ||= FactoryGirl.create(:user) token = Token.create user_id: user.id -- cgit v1.2.3 From 5dd6c1529f8f4fc5089c71b0a44e360acaea900d Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 15 May 2014 11:04:56 +0200 Subject: fix Email so User.new.valid? does not crash Email.new(nil) now returns an invalid email rather than crashing. --- test/unit/user_test.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'test') diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index ffbb7d8..b3c831b 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -65,4 +65,11 @@ class UserTest < ActiveSupport::TestCase assert_equal key, @user.public_key end + # + ## Regression tests + # + test "make sure valid does not crash" do + assert !User.new.valid? + end + end -- cgit v1.2.3 From 71dcf3f4e5d423b78b47f675297fc98b28ef3442 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 15 May 2014 11:17:47 +0200 Subject: SmtpCertsController, routes and tests --- test/functional/v1/smtp_certs_controller_test.rb | 35 ++++++++++++++++ test/integration/api/smtp_cert_test.rb | 51 ++++++++++++++++++++++++ test/support/api_integration_test.rb | 2 + 3 files changed, 88 insertions(+) create mode 100644 test/functional/v1/smtp_certs_controller_test.rb create mode 100644 test/integration/api/smtp_cert_test.rb (limited to 'test') diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb new file mode 100644 index 0000000..f9ba26f --- /dev/null +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -0,0 +1,35 @@ +require 'test_helper' + +class V1::SmtpCertsControllerTest < ActionController::TestCase + + test "no smtp cert without login" do + with_config allow_anonymous_certs: true do + get :show, format: 'json' + assert_access_denied + end + end + + test "require service level with email" do + login + get :show + assert_access_denied + end + + test "send cert with username" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert(@current_user.email_address) + get :show + assert_response :success + assert_equal cert.to_s, @response.body + end + + protected + + def expect_cert(prefix) + cert = stub :to_s => "#{prefix.downcase} cert" + ClientCertificate.expects(:new). + with(:prefix => prefix). + returns(cert) + return cert + end +end diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb new file mode 100644 index 0000000..a579d93 --- /dev/null +++ b/test/integration/api/smtp_cert_test.rb @@ -0,0 +1,51 @@ +require 'test_helper' +require 'openssl' + +class SmtpCertTest < ApiIntegrationTest + + test "retrieve smtp cert" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + get '/1/smtp_cert', {}, RACK_ENV + assert_text_response + assert_response_includes "BEGIN RSA PRIVATE KEY" + assert_response_includes "END RSA PRIVATE KEY" + assert_response_includes "BEGIN CERTIFICATE" + assert_response_includes "END CERTIFICATE" + end + + test "key matches the cert" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + get '/1/smtp_cert', {}, RACK_ENV + assert_text_response + cert = OpenSSL::X509::Certificate.new(get_response.body) + key = OpenSSL::PKey::RSA.new(get_response.body) + assert cert.check_private_key(key) + end + + # we'll store the fingerprint later. + test "fingerprint matches" do + @user = FactoryGirl.create :user, effective_service_level_code: 2 + login + get '/1/smtp_cert', {}, RACK_ENV + assert_text_response + cert = OpenSSL::X509::Certificate.new(get_response.body) + fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') + skip "we're not storing the fingerprints yet" + assert_equal fingerprint, @user.identity.cert_fingerprints.last + end + + test "fetching smtp certs requires email account" do + login + get '/1/smtp_cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + + test "no anonymous smtp certs" do + with_config allow_anonymous_certs: true do + get '/1/smtp_cert', {}, RACK_ENV + assert_json_response error: I18n.t(:not_authorized) + end + end +end diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index 50c528b..aa9c00d 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -6,6 +6,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest def login(user = nil) @user ||= user ||= FactoryGirl.create(:user) @token ||= DUMMY_TOKEN + # make sure @token is up to date if it already exists + @token.reload if @token.persisted @token.user_id = @user.id @token.last_seen_at = Time.now @token.save -- cgit v1.2.3 From 17b67aeda81dee2273ce1161ac7292a328c3efaa Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 15 May 2014 16:29:49 +0200 Subject: store cert fingerprint with main user identity --- test/integration/api/smtp_cert_test.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index a579d93..4f0f4a6 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -14,7 +14,7 @@ class SmtpCertTest < ApiIntegrationTest assert_response_includes "END CERTIFICATE" end - test "key matches the cert" do + test "cert and key" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login get '/1/smtp_cert', {}, RACK_ENV @@ -22,17 +22,17 @@ class SmtpCertTest < ApiIntegrationTest cert = OpenSSL::X509::Certificate.new(get_response.body) key = OpenSSL::PKey::RSA.new(get_response.body) assert cert.check_private_key(key) + prefix = "/CN=#{@user.email_address}" + assert_equal prefix, cert.subject.to_s.slice(0,prefix.size) end - # we'll store the fingerprint later. - test "fingerprint matches" do + test "fingerprint is stored with identity" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login get '/1/smtp_cert', {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') - skip "we're not storing the fingerprints yet" assert_equal fingerprint, @user.identity.cert_fingerprints.last end -- cgit v1.2.3 From e8ba98df64cb537e85de8624c0ebb08c4135ccca Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 19 May 2014 14:50:16 +0200 Subject: minor: fix tests --- test/functional/v1/smtp_certs_controller_test.rb | 1 + test/support/api_integration_test.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index f9ba26f..169f414 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -18,6 +18,7 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase test "send cert with username" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert(@current_user.email_address) + cert.expects(:fingerprint).returns('fingerprint') get :show assert_response :success assert_equal cert.to_s, @response.body diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index aa9c00d..0e8e261 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -7,7 +7,7 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest @user ||= user ||= FactoryGirl.create(:user) @token ||= DUMMY_TOKEN # make sure @token is up to date if it already exists - @token.reload if @token.persisted + @token.reload if @token.persisted? @token.user_id = @user.id @token.last_seen_at = Time.now @token.save -- cgit v1.2.3 From 3a84578cf33685800c9216cfb4da12ea1fb0032f Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 19 May 2014 15:07:02 +0200 Subject: store fingerprints with timestamp Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps --- test/integration/api/smtp_cert_test.rb | 3 ++- test/support/api_integration_test.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 4f0f4a6..992249b 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') - assert_equal fingerprint, @user.identity.cert_fingerprints.last + today = DateTime.now.to_date.to_s + assert_equal({fingerprint => today}, @user.identity.cert_fingerprints) end test "fetching smtp certs requires email account" do diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index 0e8e261..bd10f11 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -5,7 +5,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest def login(user = nil) @user ||= user ||= FactoryGirl.create(:user) - @token ||= DUMMY_TOKEN + # DUMMY_TOKEN will be frozen. So let's use a dup + @token ||= DUMMY_TOKEN.dup # make sure @token is up to date if it already exists @token.reload if @token.persisted? @token.user_id = @user.id -- cgit v1.2.3 From 00d5adc90ccadc7f4a2a0d54a5a31a1ad02f05be Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 May 2014 09:31:36 +0200 Subject: change from GET to POST for certs We create them. let's reflect that in the verb. --- test/functional/v1/certs_controller_test.rb | 20 ++++++++++++++------ test/functional/v1/smtp_certs_controller_test.rb | 6 +++--- test/integration/api/smtp_cert_test.rb | 10 +++++----- 3 files changed, 22 insertions(+), 14 deletions(-) (limited to 'test') diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb index fb8e9c4..ec34b01 100644 --- a/test/functional/v1/certs_controller_test.rb +++ b/test/functional/v1/certs_controller_test.rb @@ -2,26 +2,34 @@ require 'test_helper' class V1::CertsControllerTest < ActionController::TestCase - test "send unlimited cert without login" do + test "create unlimited cert without login" do with_config allow_anonymous_certs: true do cert = expect_cert('UNLIMITED') - get :show + post :create assert_response :success assert_equal cert.to_s, @response.body end end - test "send limited cert" do + test "create limited cert" do with_config allow_limited_certs: true do login cert = expect_cert('LIMITED') - get :show + post :create assert_response :success assert_equal cert.to_s, @response.body end end - test "send unlimited cert" do + test "create unlimited cert" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert('UNLIMITED') + post :create + assert_response :success + assert_equal cert.to_s, @response.body + end + + test "GET still works as an alias" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert('UNLIMITED') get :show @@ -30,7 +38,7 @@ class V1::CertsControllerTest < ActionController::TestCase end test "redirect if no eip service offered" do - get :show + post :create assert_response :redirect end diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index 169f414..ae1a214 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -4,14 +4,14 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase test "no smtp cert without login" do with_config allow_anonymous_certs: true do - get :show, format: 'json' + post :create assert_access_denied end end test "require service level with email" do login - get :show + post :create assert_access_denied end @@ -19,7 +19,7 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert(@current_user.email_address) cert.expects(:fingerprint).returns('fingerprint') - get :show + post :create assert_response :success assert_equal cert.to_s, @response.body end diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 992249b..04e6f31 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -6,7 +6,7 @@ class SmtpCertTest < ApiIntegrationTest test "retrieve smtp cert" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_text_response assert_response_includes "BEGIN RSA PRIVATE KEY" assert_response_includes "END RSA PRIVATE KEY" @@ -17,7 +17,7 @@ class SmtpCertTest < ApiIntegrationTest test "cert and key" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) key = OpenSSL::PKey::RSA.new(get_response.body) @@ -29,7 +29,7 @@ class SmtpCertTest < ApiIntegrationTest test "fingerprint is stored with identity" do @user = FactoryGirl.create :user, effective_service_level_code: 2 login - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') @@ -39,13 +39,13 @@ class SmtpCertTest < ApiIntegrationTest test "fetching smtp certs requires email account" do login - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_json_response error: I18n.t(:not_authorized) end test "no anonymous smtp certs" do with_config allow_anonymous_certs: true do - get '/1/smtp_cert', {}, RACK_ENV + post '/1/smtp_cert', {}, RACK_ENV assert_json_response error: I18n.t(:not_authorized) end end -- cgit v1.2.3 From f221e5313fe54a2efa127b547916c7c812110449 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 May 2014 09:56:11 +0200 Subject: fix test to require login --- test/functional/v1/smtp_certs_controller_test.rb | 2 +- test/support/auth_test_helper.rb | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index ae1a214..9281ae6 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -5,7 +5,7 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase test "no smtp cert without login" do with_config allow_anonymous_certs: true do post :create - assert_access_denied + assert_login_required end end diff --git a/test/support/auth_test_helper.rb b/test/support/auth_test_helper.rb index 57f9f9b..e1961aa 100644 --- a/test/support/auth_test_helper.rb +++ b/test/support/auth_test_helper.rb @@ -19,6 +19,10 @@ module AuthTestHelper return @current_user end + def assert_login_required + assert_access_denied(true, false) + end + def assert_access_denied(denied = true, logged_in = true) if denied if @response.content_type == 'application/json' -- cgit v1.2.3 From 5764daae090227bf4c5967900b708392c967be47 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 1 May 2014 10:45:57 +0200 Subject: hash token with sha512 against timing attacs #3398 --- test/functional/test_helpers_test.rb | 2 +- test/functional/v1/sessions_controller_test.rb | 2 +- test/integration/api/token_test.rb | 15 +++++++++++++++ test/support/auth_test_helper.rb | 5 +++-- test/unit/token_test.rb | 23 ++++++++++++++--------- 5 files changed, 34 insertions(+), 13 deletions(-) create mode 100644 test/integration/api/token_test.rb (limited to 'test') diff --git a/test/functional/test_helpers_test.rb b/test/functional/test_helpers_test.rb index 845e516..ca85482 100644 --- a/test/functional/test_helpers_test.rb +++ b/test/functional/test_helpers_test.rb @@ -27,7 +27,7 @@ class TestHelpersTest < ActionController::TestCase def test_login_adds_token_header login token_present = @controller.authenticate_with_http_token do |token, options| - assert_equal @token.id, token + assert_equal @token.to_s, token end # authenticate_with_http_token just returns nil and does not # execute the block if there is no token. So we have to also diff --git a/test/functional/v1/sessions_controller_test.rb b/test/functional/v1/sessions_controller_test.rb index df0d681..8bb6acd 100644 --- a/test/functional/v1/sessions_controller_test.rb +++ b/test/functional/v1/sessions_controller_test.rb @@ -48,7 +48,7 @@ class V1::SessionsControllerTest < ActionController::TestCase assert_response :success assert json_response.keys.include?("id") assert json_response.keys.include?("token") - assert token = Token.find(json_response['token']) + assert token = Token.find_by_token(json_response['token']) assert_equal @user.id, token.user_id end diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb new file mode 100644 index 0000000..ad3ac22 --- /dev/null +++ b/test/integration/api/token_test.rb @@ -0,0 +1,15 @@ +require 'test_helper' +require_relative 'srp_test' + +class TokenTest < SrpTest + + setup do + register_user + end + + test "stores token SHA512 encoded" do + authenticate + token = server_auth['token'] + assert Token.find(Digest::SHA512.hexdigest(token)) + end +end diff --git a/test/support/auth_test_helper.rb b/test/support/auth_test_helper.rb index 57f9f9b..28e9633 100644 --- a/test/support/auth_test_helper.rb +++ b/test/support/auth_test_helper.rb @@ -46,8 +46,9 @@ module AuthTestHelper protected def header_for_token_auth - @token = find_record(:token, :authenticate => @current_user) - ActionController::HttpAuthentication::Token.encode_credentials @token.id + @token = stub_record(:token, :authenticate => @current_user) + Token.stubs(:find_by_token).with(@token.token).returns(@token) + ActionController::HttpAuthentication::Token.encode_credentials @token.token end def expect_warden_logout diff --git a/test/unit/token_test.rb b/test/unit/token_test.rb index a3c6cf6..b143345 100644 --- a/test/unit/token_test.rb +++ b/test/unit/token_test.rb @@ -14,17 +14,22 @@ class ClientCertificateTest < ActiveSupport::TestCase assert_equal @user, sample.authenticate end - test "token id is secure" do + test "token is secure" do sample = Token.new(:user_id => @user.id) other = Token.new(:user_id => @user.id) - assert sample.id, - "id is set on initialization" - assert sample.id[0..10] != other.id[0..10], - "token id prefixes should not repeat" - assert /[g-zG-Z]/.match(sample.id), - "should use non hex chars in the token id" - assert sample.id.size > 16, - "token id should be more than 16 chars long" + assert sample.token, + "token is set on initialization" + assert sample.token[0..10] != other.token[0..10], + "token prefixes should not repeat" + assert /[g-zG-Z]/.match(sample.token), + "should use non hex chars in the token" + assert sample.token.size > 16, + "token should be more than 16 chars long" + end + + test "token id is hash of the token" do + sample = Token.new(:user_id => @user.id) + assert_equal Digest::SHA512.hexdigest(sample.token), sample.id end test "token checks for user" do -- cgit v1.2.3 From 02426b7f143e82447ff41a604c286b556ab8d3a5 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 20 May 2014 09:06:31 +0200 Subject: use i18n.missing_translations This will print missing translation keys at the end of the tests --- test/test_helper.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'test') diff --git a/test/test_helper.rb b/test/test_helper.rb index d001ac7..7959ddb 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -27,4 +27,6 @@ class ActiveSupport::TestCase File.join(Rails.root, 'test', 'files', name) end + require 'i18n/missing_translations' + at_exit { I18n.missing_translations.dump } end -- cgit v1.2.3 From bbeb4b629dc38d82b3b3200706dd25b8def8892e Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 24 May 2014 13:39:10 +0200 Subject: sorting translation keys some --- test/integration/browser/account_test.rb | 6 +++--- test/integration/browser/session_test.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb index 491a9e1..8dc3043 100644 --- a/test/integration/browser/account_test.rb +++ b/test/integration/browser/account_test.rb @@ -9,7 +9,7 @@ class AccountTest < BrowserIntegrationTest test "signup successfully" do username, password = submit_signup assert page.has_content?("Welcome #{username}") - click_on 'Logout' + click_on 'Log Out' assert page.has_content?("Log In") assert_equal '/', current_path assert user = User.find_by_login(username) @@ -24,7 +24,7 @@ class AccountTest < BrowserIntegrationTest test "successful login" do username, password = submit_signup - click_on 'Logout' + click_on 'Log Out' attempt_login(username, password) assert page.has_content?("Welcome #{username}") within('.sidenav li.active') do @@ -83,7 +83,7 @@ class AccountTest < BrowserIntegrationTest fill_in 'Password confirmation', with: "other password" click_on 'Save' end - click_on 'Logout' + click_on 'Log Out' attempt_login(@user.login, "other password") assert page.has_content?("Welcome #{@user.login}") end diff --git a/test/integration/browser/session_test.rb b/test/integration/browser/session_test.rb index fb20847..d52508a 100644 --- a/test/integration/browser/session_test.rb +++ b/test/integration/browser/session_test.rb @@ -4,7 +4,7 @@ class SessionTest < BrowserIntegrationTest test "valid session" do login - assert page.has_content?("Logout") + assert page.has_content?("Log Out") end test "expired session" do -- cgit v1.2.3 From 154d32bbc7cfe21d83141ff2c9a3d805165231b8 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 28 May 2014 10:45:14 +0200 Subject: use Identity for testing login availability We create an identity alongside each user. Make sure the identity is valid when creating the user. This also ensures that the login picked is available because otherwise the identities address would not be available anymore. --- test/integration/browser/account_test.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'test') diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb index 491a9e1..82bb043 100644 --- a/test/integration/browser/account_test.rb +++ b/test/integration/browser/account_test.rb @@ -22,6 +22,12 @@ class AccountTest < BrowserIntegrationTest assert page.has_content?("Welcome #{username}") end + test "signup with reserved username" do + username = 'certmaster' + submit_signup username + assert page.has_content?("is reserved.") + end + test "successful login" do username, password = submit_signup click_on 'Logout' @@ -44,6 +50,7 @@ class AccountTest < BrowserIntegrationTest click_on I18n.t('account_settings') click_on I18n.t('destroy_my_account') assert page.has_content?(I18n.t('account_destroyed')) + assert_equal 1, Identity.by_address.key("#{username}@test.me").count attempt_login(username, password) assert_invalid_login(page) end -- cgit v1.2.3 From 682b4060cb86c52ffda638f4f9a837f107540610 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 28 May 2014 11:44:12 +0200 Subject: ensure identity is cleared on user.reload - fixes test --- test/integration/browser/account_test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb index 82bb043..8e6d433 100644 --- a/test/integration/browser/account_test.rb +++ b/test/integration/browser/account_test.rb @@ -109,7 +109,8 @@ class AccountTest < BrowserIntegrationTest # at some point we're done: page.assert_no_selector 'input[value="Saving..."]' assert page.has_field? 'Public key', with: pgp_key.to_s - assert_equal pgp_key, @user.reload.public_key + @user.reload + assert_equal pgp_key, @user.public_key end end -- cgit v1.2.3 From 5b601707c8af8454dacf2edd846bc3386e148253 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 28 May 2014 12:29:50 +0200 Subject: adopt tests to new error messages for identities --- test/unit/identity_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb index eca104f..9c938f8 100644 --- a/test/unit/identity_test.rb +++ b/test/unit/identity_test.rb @@ -39,7 +39,7 @@ class IdentityTest < ActiveSupport::TestCase id = Identity.create_for @user, address: alias_name, destination: forward_address dup = Identity.build_for @user, address: alias_name, destination: forward_address assert !dup.valid? - assert_equal ["This alias already exists"], dup.errors[:base] + assert_equal ["has already been taken"], dup.errors[:destination] id.destroy end @@ -48,7 +48,7 @@ class IdentityTest < ActiveSupport::TestCase id = Identity.create_for @user, address: alias_name, destination: forward_address taken = Identity.build_for other_user, address: alias_name assert !taken.valid? - assert_equal ["This email has already been taken"], taken.errors[:base] + assert_equal ["has already been taken"], taken.errors[:address] id.destroy end -- cgit v1.2.3 From e0d31118d6e4110d2c280afa9415cfe9def29deb Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 29 May 2014 10:04:07 +0200 Subject: hand on errors from Email to Identity to User errors.each iterates through all errors for all attrbibutes nicely. --- test/unit/identity_test.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'test') diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb index 9c938f8..54c0657 100644 --- a/test/unit/identity_test.rb +++ b/test/unit/identity_test.rb @@ -107,6 +107,7 @@ class IdentityTest < ActiveSupport::TestCase other_user = find_record :user taken = Identity.build_for other_user, address: id.address assert !taken.valid? + assert_equal ["has already been taken"], taken.errors[:address] Identity.destroy_all_disabled end -- cgit v1.2.3 From bbe7b3b7deb2b44d34f7c39dda2c3db284e2bf10 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 29 May 2014 11:19:21 +0200 Subject: clearify identity validations Identity.new.valid? should not crash. So validate presence where needed and skip the other validations if the value is absent. --- test/integration/api/smtp_cert_test.rb | 2 +- test/unit/identity_test.rb | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 04e6f31..f72362d 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -34,7 +34,7 @@ class SmtpCertTest < ApiIntegrationTest cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') today = DateTime.now.to_date.to_s - assert_equal({fingerprint => today}, @user.identity.cert_fingerprints) + assert_equal({fingerprint => today}, @user.reload.identity.cert_fingerprints) end test "fetching smtp certs requires email account" do diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb index 54c0657..49b2075 100644 --- a/test/unit/identity_test.rb +++ b/test/unit/identity_test.rb @@ -7,6 +7,22 @@ class IdentityTest < ActiveSupport::TestCase @user = find_record :user end + test "blank identity does not crash on valid?" do + id = Identity.new + assert !id.valid? + end + + test "enabled identity requires destination" do + id = Identity.new user: @user, address: @user.email_address + assert !id.valid? + assert_equal ["can't be blank"], id.errors[:destination] + end + + test "disabled identity requires no destination" do + id = Identity.new address: @user.email_address + assert id.valid? + end + test "initial identity for a user" do id = Identity.for(@user) assert_equal @user.email_address, id.address -- cgit v1.2.3