From 52a6dc82305f0268684ceb10557773b862bc611c Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 08:54:38 +0100 Subject: fix browser_integration_test we need to require 'capybara/rails' so that Capybara::DSL is available. ActionController::RecordIdentifier was moved to ActionView --- test/performance/browsing_test.rb | 12 ------------ test/support/browser_integration_test.rb | 3 ++- 2 files changed, 2 insertions(+), 13 deletions(-) delete mode 100644 test/performance/browsing_test.rb (limited to 'test') diff --git a/test/performance/browsing_test.rb b/test/performance/browsing_test.rb deleted file mode 100644 index 3fea27b..0000000 --- a/test/performance/browsing_test.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'test_helper' -require 'rails/performance_test_help' - -class BrowsingTest < ActionDispatch::PerformanceTest - # Refer to the documentation for all available options - # self.profile_options = { :runs => 5, :metrics => [:wall_time, :memory] - # :output => 'tmp/performance', :formats => [:flat] } - - def test_homepage - get '/' - end -end diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 1deb8fa..5455fba 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -3,10 +3,11 @@ # # Use this class for capybara based integration tests for the ui. # +require 'capybara/rails' class BrowserIntegrationTest < ActionDispatch::IntegrationTest # let's use dom_id inorder to identify sections - include ActionController::RecordIdentifier + include ActionView::RecordIdentifier CONFIG_RU = (Rails.root + 'config.ru').to_s OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first -- cgit v1.2.3 From 0ac511a31a6652ab00bbc765079b1c56128b191f Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 09:03:30 +0100 Subject: split up integration account test AccountLivecycleTest -> CRUD accounts SecurityTest -> security specific tests AdminTest -> admin specific tests --- test/integration/browser/account_livecycle_test.rb | 114 +++++++++++++ test/integration/browser/account_test.rb | 176 --------------------- test/integration/browser/admin_test.rb | 18 +++ test/integration/browser/security_test.rb | 52 ++++++ 4 files changed, 184 insertions(+), 176 deletions(-) create mode 100644 test/integration/browser/account_livecycle_test.rb delete mode 100644 test/integration/browser/account_test.rb create mode 100644 test/integration/browser/security_test.rb (limited to 'test') diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb new file mode 100644 index 0000000..604f456 --- /dev/null +++ b/test/integration/browser/account_livecycle_test.rb @@ -0,0 +1,114 @@ +require 'test_helper' + +class AccountLivecycleTest < BrowserIntegrationTest + + teardown do + Identity.destroy_all_orphaned + end + + test "signup successfully when invited" do + username, password = submit_signup + assert page.has_content?("Welcome #{username}") + click_on 'Log Out' + assert page.has_content?("Log In") + assert_equal '/', current_path + assert user = User.find_by_login(username) + user.account.destroy + end + + test "signup successfully without invitation" do + with_config invite_required: false do + + username ||= "test_#{SecureRandom.urlsafe_base64}".downcase + password ||= SecureRandom.base64 + + visit '/users/new' + fill_in 'Username', with: username + fill_in 'Password', with: password + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + + assert page.has_content?("Welcome #{username}") + end + end + + test "signup with username ending in dot json" do + username = Faker::Internet.user_name + '.json' + submit_signup username + assert page.has_content?("Welcome #{username}") + end + + test "signup with reserved username" do + username = 'certmaster' + submit_signup username + assert page.has_content?("is reserved.") + end + + test "successful login" do + username, password = submit_signup + click_on 'Log Out' + attempt_login(username, password) + assert page.has_content?("Welcome #{username}") + within('.sidenav li.active') do + assert page.has_content?("Overview") + end + User.find_by_login(username).account.destroy + end + + test "failed login" do + visit '/' + attempt_login("username", "wrong password") + assert_invalid_login(page) + end + + test "account destruction" do + username, password = submit_signup + + click_on I18n.t('account_settings') + click_on I18n.t('destroy_my_account') + assert page.has_content?(I18n.t('account_destroyed')) + assert_equal 1, Identity.by_address.key("#{username}@test.me").count + attempt_login(username, password) + assert_invalid_login(page) + end + + test "handle blocked after account destruction" do + username, password = submit_signup + click_on I18n.t('account_settings') + click_on I18n.t('destroy_my_account') + submit_signup(username) + assert page.has_content?('has already been taken') + end + + test "change pgp key" do + with_config user_actions: ['change_pgp_key'] do + pgp_key = FactoryGirl.build :pgp_key + login + click_on "Account Settings" + within('#update_pgp_key') do + fill_in 'Public key', with: pgp_key + click_on 'Save' + end + page.assert_selector 'input[value="Saving..."]' + # at some point we're done: + page.assert_no_selector 'input[value="Saving..."]' + assert page.has_field? 'Public key', with: pgp_key.to_s + @user.reload + assert_equal pgp_key, @user.public_key + end + end + + def attempt_login(username, password) + click_on 'Log In' + fill_in 'Username', with: username + fill_in 'Password', with: password + click_on 'Log In' + end + + def assert_invalid_login(page) + assert page.has_selector? '.btn-primary.disabled' + assert page.has_content? I18n.t(:invalid_user_pass) + assert page.has_no_selector? '.btn-primary.disabled' + end + +end diff --git a/test/integration/browser/account_test.rb b/test/integration/browser/account_test.rb deleted file mode 100644 index 50adb23..0000000 --- a/test/integration/browser/account_test.rb +++ /dev/null @@ -1,176 +0,0 @@ -require 'test_helper' - -class AccountTest < BrowserIntegrationTest - - teardown do - Identity.destroy_all_orphaned - end - - test "signup successfully when invited" do - username, password = submit_signup - assert page.has_content?("Welcome #{username}") - click_on 'Log Out' - assert page.has_content?("Log In") - assert_equal '/', current_path - assert user = User.find_by_login(username) - user.account.destroy - end - - test "signup successfully without invitation" do - with_config invite_required: false do - - username ||= "test_#{SecureRandom.urlsafe_base64}".downcase - password ||= SecureRandom.base64 - - visit '/users/new' - fill_in 'Username', with: username - fill_in 'Password', with: password - fill_in 'Password confirmation', with: password - click_on 'Sign Up' - - assert page.has_content?("Welcome #{username}") - end - end - - test "signup with username ending in dot json" do - username = Faker::Internet.user_name + '.json' - submit_signup username - assert page.has_content?("Welcome #{username}") - end - - test "signup with reserved username" do - username = 'certmaster' - submit_signup username - assert page.has_content?("is reserved.") - end - - test "successful login" do - username, password = submit_signup - click_on 'Log Out' - attempt_login(username, password) - assert page.has_content?("Welcome #{username}") - within('.sidenav li.active') do - assert page.has_content?("Overview") - end - User.find_by_login(username).account.destroy - end - - test "failed login" do - visit '/' - attempt_login("username", "wrong password") - assert_invalid_login(page) - end - - test "account destruction" do - username, password = submit_signup - - click_on I18n.t('account_settings') - click_on I18n.t('destroy_my_account') - assert page.has_content?(I18n.t('account_destroyed')) - assert_equal 1, Identity.by_address.key("#{username}@test.me").count - attempt_login(username, password) - assert_invalid_login(page) - end - - test "handle blocked after account destruction" do - username, password = submit_signup - click_on I18n.t('account_settings') - click_on I18n.t('destroy_my_account') - submit_signup(username) - assert page.has_content?('has already been taken') - end - - test "default user actions" do - login - click_on "Account Settings" - assert page.has_content? I18n.t('destroy_my_account') - assert page.has_no_css? '#update_login_and_password' - assert page.has_no_css? '#update_pgp_key' - end - - test "default admin actions" do - login - with_config admins: [@user.login] do - click_on "Account Settings" - assert page.has_content? I18n.t('destroy_my_account') - assert page.has_no_css? '#update_login_and_password' - assert page.has_css? '#update_pgp_key' - end - end - - test "change pgp key" do - with_config user_actions: ['change_pgp_key'] do - pgp_key = FactoryGirl.build :pgp_key - login - click_on "Account Settings" - within('#update_pgp_key') do - fill_in 'Public key', with: pgp_key - click_on 'Save' - end - page.assert_selector 'input[value="Saving..."]' - # at some point we're done: - page.assert_no_selector 'input[value="Saving..."]' - assert page.has_field? 'Public key', with: pgp_key.to_s - @user.reload - assert_equal pgp_key, @user.public_key - end - end - - - # trying to seed an invalid A for srp login - test "detects attempt to circumvent SRP" do - InviteCodeValidator.any_instance.stubs(:validate) - - user = FactoryGirl.create :user - visit '/login' - fill_in 'Username', with: user.login - fill_in 'Password', with: "password" - inject_malicious_js - click_on 'Log In' - assert page.has_content?("Invalid random key") - assert page.has_no_content?("Welcome") - user.destroy - end - - test "reports internal server errors" do - V1::UsersController.any_instance.stubs(:create).raises - submit_signup - assert page.has_content?("server failed") - end - - test "does not render signup form without js" do - Capybara.current_driver = :rack_test # no js - visit '/signup' - assert page.has_no_content?("Username") - assert page.has_no_content?("Password") - end - - test "does not render login form without js" do - Capybara.current_driver = :rack_test # no js - visit '/login' - assert page.has_no_content?("Username") - assert page.has_no_content?("Password") - end - - def attempt_login(username, password) - click_on 'Log In' - fill_in 'Username', with: username - fill_in 'Password', with: password - click_on 'Log In' - end - - def assert_invalid_login(page) - assert page.has_selector? '.btn-primary.disabled' - assert page.has_content? I18n.t(:invalid_user_pass) - assert page.has_no_selector? '.btn-primary.disabled' - end - - def inject_malicious_js - page.execute_script <<-EOJS - var calc = new srp.Calculate(); - calc.A = function(_a) {return "00";}; - calc.S = calc.A; - srp.session = new srp.Session(null, calc); - EOJS - end -end diff --git a/test/integration/browser/admin_test.rb b/test/integration/browser/admin_test.rb index 902c981..0b43c29 100644 --- a/test/integration/browser/admin_test.rb +++ b/test/integration/browser/admin_test.rb @@ -2,6 +2,24 @@ require 'test_helper' class AdminTest < BrowserIntegrationTest + test "default user actions" do + login + click_on "Account Settings" + assert page.has_content? I18n.t('destroy_my_account') + assert page.has_no_css? '#update_login_and_password' + assert page.has_no_css? '#update_pgp_key' + end + + test "default admin actions" do + login + with_config admins: [@user.login] do + click_on "Account Settings" + assert page.has_content? I18n.t('destroy_my_account') + assert page.has_no_css? '#update_login_and_password' + assert page.has_css? '#update_pgp_key' + end + end + test "clear blocked handle" do id = FactoryGirl.create :identity submit_signup(id.login) diff --git a/test/integration/browser/security_test.rb b/test/integration/browser/security_test.rb new file mode 100644 index 0000000..c13acd8 --- /dev/null +++ b/test/integration/browser/security_test.rb @@ -0,0 +1,52 @@ +require 'test_helper' + +class SecurityTest < BrowserIntegrationTest + + teardown do + Identity.destroy_all_orphaned + end + + # trying to seed an invalid A for srp login + test "detects attempt to circumvent SRP" do + InviteCodeValidator.any_instance.stubs(:validate) + + user = FactoryGirl.create :user + visit '/login' + fill_in 'Username', with: user.login + fill_in 'Password', with: "password" + inject_malicious_js + click_on 'Log In' + assert page.has_content?("Invalid random key") + assert page.has_no_content?("Welcome") + user.destroy + end + + test "reports internal server errors" do + V1::UsersController.any_instance.stubs(:create).raises + submit_signup + assert page.has_content?("server failed") + end + + test "does not render signup form without js" do + Capybara.current_driver = :rack_test # no js + visit '/signup' + assert page.has_no_content?("Username") + assert page.has_no_content?("Password") + end + + test "does not render login form without js" do + Capybara.current_driver = :rack_test # no js + visit '/login' + assert page.has_no_content?("Username") + assert page.has_no_content?("Password") + end + + def inject_malicious_js + page.execute_script <<-EOJS + var calc = new srp.Calculate(); + calc.A = function(_a) {return "00";}; + calc.S = calc.A; + srp.session = new srp.Session(null, calc); + EOJS + end +end -- cgit v1.2.3 From 6d9bd6b966ec2370b7f8659b0810b03c5d1568aa Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 09:08:46 +0100 Subject: upgrade: unique test names Rails 4.2 runs all tests mixed together. So unit tests and integration tests may not have conflicting names. --- test/integration/api/token_auth_test.rb | 16 ++++++++++++++++ test/integration/api/token_test.rb | 16 ---------------- test/unit/temporary_user_test.rb | 33 +++++++++++++++++++++++++++++++++ test/unit/tmp_user_test.rb | 33 --------------------------------- 4 files changed, 49 insertions(+), 49 deletions(-) create mode 100644 test/integration/api/token_auth_test.rb delete mode 100644 test/integration/api/token_test.rb create mode 100644 test/unit/temporary_user_test.rb delete mode 100644 test/unit/tmp_user_test.rb (limited to 'test') diff --git a/test/integration/api/token_auth_test.rb b/test/integration/api/token_auth_test.rb new file mode 100644 index 0000000..3b83f23 --- /dev/null +++ b/test/integration/api/token_auth_test.rb @@ -0,0 +1,16 @@ +require_relative '../../test_helper' +require_relative 'srp_test' + +class TokenAuthTest < SrpTest + + setup do + register_user + end + + test "stores token SHA512 encoded" do + authenticate + token = server_auth['token'] + assert Token.find(Digest::SHA512.hexdigest(token)) + end + +end diff --git a/test/integration/api/token_test.rb b/test/integration/api/token_test.rb deleted file mode 100644 index dafbfb7..0000000 --- a/test/integration/api/token_test.rb +++ /dev/null @@ -1,16 +0,0 @@ -require_relative '../../test_helper' -require_relative 'srp_test' - -class TokenTest < SrpTest - - setup do - register_user - end - - test "stores token SHA512 encoded" do - authenticate - token = server_auth['token'] - assert Token.find(Digest::SHA512.hexdigest(token)) - end - -end diff --git a/test/unit/temporary_user_test.rb b/test/unit/temporary_user_test.rb new file mode 100644 index 0000000..38ccd67 --- /dev/null +++ b/test/unit/temporary_user_test.rb @@ -0,0 +1,33 @@ +require 'test_helper' + +class TemporaryUserTest < ActiveSupport::TestCase + + setup do + InviteCodeValidator.any_instance.stubs(:validate) + end + + test "tmp_user saved to tmp_users" do + begin + assert User.ancestors.include?(TemporaryUser) + + assert_difference('User.database.info["doc_count"]') do + normal_user = User.create!(:login => 'a'+SecureRandom.hex(5).downcase, + :password_verifier => 'ABCDEF0010101', :password_salt => 'ABCDEF') + refute normal_user.database.to_s.include?('tmp') + end + + assert_difference('User.tmp_database.info["doc_count"]') do + tmp_user = User.create!(:login => 'tmp_user_'+SecureRandom.hex(5).downcase, + :password_verifier => 'ABCDEF0010101', :password_salt => 'ABCDEF') + assert tmp_user.database.to_s.include?('tmp') + end + ensure + begin + normal_user.destroy + tmp_user.destroy + rescue + end + end + end + +end diff --git a/test/unit/tmp_user_test.rb b/test/unit/tmp_user_test.rb deleted file mode 100644 index 1dea5f9..0000000 --- a/test/unit/tmp_user_test.rb +++ /dev/null @@ -1,33 +0,0 @@ -require 'test_helper' - -class TmpUserTest < ActiveSupport::TestCase - - setup do - InviteCodeValidator.any_instance.stubs(:validate) - end - - test "tmp_user saved to tmp_users" do - begin - assert User.ancestors.include?(TemporaryUser) - - assert_difference('User.database.info["doc_count"]') do - normal_user = User.create!(:login => 'a'+SecureRandom.hex(5).downcase, - :password_verifier => 'ABCDEF0010101', :password_salt => 'ABCDEF') - refute normal_user.database.to_s.include?('tmp') - end - - assert_difference('User.tmp_database.info["doc_count"]') do - tmp_user = User.create!(:login => 'tmp_user_'+SecureRandom.hex(5).downcase, - :password_verifier => 'ABCDEF0010101', :password_salt => 'ABCDEF') - assert tmp_user.database.to_s.include?('tmp') - end - ensure - begin - normal_user.destroy - tmp_user.destroy - rescue - end - end - end - -end -- cgit v1.2.3 From 9b9daf95357f4fa5fd1eb95b16e2cf043937bdc0 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 11:12:55 +0100 Subject: upgrade: default_wait_time -> default_max_wait_time --- test/support/browser_integration_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 5455fba..8201854 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -29,7 +29,7 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest Capybara.app_host = 'http://lvh.me:3003' Capybara.server_port = 3003 Capybara.javascript_driver = :poltergeist - Capybara.default_wait_time = 5 + Capybara.default_max_wait_time = 5 # Make the Capybara DSL available include Capybara::DSL -- cgit v1.2.3 From b11f61b922748949ff0b762ec2aed0558de3c28b Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 11:36:04 +0100 Subject: test: response is blank - not = ' ' --- test/functional/v1/users_controller_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/functional/v1/users_controller_test.rb b/test/functional/v1/users_controller_test.rb index df59c4d..3f7bad3 100644 --- a/test/functional/v1/users_controller_test.rb +++ b/test/functional/v1/users_controller_test.rb @@ -14,7 +14,7 @@ class V1::UsersControllerTest < ActionController::TestCase assert_equal user, assigns[:user] assert_response 204 - assert_equal " ", @response.body + assert @response.body.blank?, "Response should be blank" end test "admin can update user" do -- cgit v1.2.3 From 5d18e8c396181ee8fab3f8579bc19abaee106d52 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 11:39:22 +0100 Subject: test: flash now has string keys --- test/support/assert_responses.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/support/assert_responses.rb b/test/support/assert_responses.rb index 7724fb4..98c9ad2 100644 --- a/test/support/assert_responses.rb +++ b/test/support/assert_responses.rb @@ -85,7 +85,7 @@ module AssertResponses assert_json_response('error' => key.to_s, 'message' => message) assert_response status else - assert_equal({:alert => message}, flash.to_hash) + assert_equal({'alert' => message}, flash.to_hash) end end -- cgit v1.2.3 From 931748ab96aea54e123b0fffd3f12c87bd647fed Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 14:30:41 +0100 Subject: upgrade: test cases now have #name --- test/support/browser_integration_test.rb | 2 +- test/test_helper.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 8201854..84440a1 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -102,7 +102,7 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest File.open(logfile_path, 'w') do |test_log| test_log.puts self.class.name test_log.puts "=========================" - test_log.puts __name__ + test_log.puts name test_log.puts Time.now test_log.puts current_path test_log.puts page.status_code diff --git a/test/test_helper.rb b/test/test_helper.rb index dfc6627..a06f710 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -1,5 +1,5 @@ ENV["RAILS_ENV"] = "test" -require File.expand_path('../../config/environment', __FILE__) +require_relative '../config/environment' require 'rails/test_help' require 'mocha/setup' @@ -16,11 +16,11 @@ class ActiveSupport::TestCase protected def logfile_path - Rails.root + 'tmp' + "#{self.class.name.underscore}.#{__name__}.log" + Rails.root + 'tmp' + "#{self.class.name.underscore}.#{name}.log" end def screenshot_path - Rails.root + 'tmp' + "#{self.class.name.underscore}.#{__name__}.png" + Rails.root + 'tmp' + "#{self.class.name.underscore}.#{name}.png" end def file_path(name) -- cgit v1.2.3 From 7689ff40b24786c808a36e60801ab60ede89a106 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 14:52:16 +0100 Subject: upgrade: use bootstrap3 variable names in leap.scss --- test/leap_web_users_test.rb | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 test/leap_web_users_test.rb (limited to 'test') diff --git a/test/leap_web_users_test.rb b/test/leap_web_users_test.rb deleted file mode 100644 index f142e54..0000000 --- a/test/leap_web_users_test.rb +++ /dev/null @@ -1,7 +0,0 @@ -require 'test_helper' - -class LeapWebUsersTest < ActiveSupport::TestCase - test "module exists" do - assert_kind_of Module, LeapWebUsers - end -end -- cgit v1.2.3 From bef4c747e8a6adbf485dc0f466dbee1d03eab9c0 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 24 Mar 2016 21:44:25 +0100 Subject: test: use assert_error_response in functional test This way the changed flash hash still is recognized. Also changed the generic 'no_such_thing' i18n key to more specific 'no_such_user'. The former is very hard to translate as the gender of thing may affect the translation of the 'no such' part. --- test/functional/users_controller_test.rb | 2 +- test/support/assert_responses.rb | 11 +++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'test') diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index 7b24098..6029c83 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -67,8 +67,8 @@ class UsersControllerTest < ActionController::TestCase nonid = 'thisisnotanexistinguserid' login :is_admin? => true get :show, :id => nonid + assert_error_response :no_such_user assert_response :redirect - assert_equal({:alert => "No such user."}, flash.to_hash) assert_redirected_to users_path end diff --git a/test/support/assert_responses.rb b/test/support/assert_responses.rb index 98c9ad2..6a22642 100644 --- a/test/support/assert_responses.rb +++ b/test/support/assert_responses.rb @@ -71,15 +71,18 @@ module AssertResponses end def assert_login_required - assert_error_response :not_authorized_login, :unauthorized + assert_error_response :not_authorized_login, + status: :unauthorized end def assert_access_denied - assert_error_response :not_authorized, :forbidden + assert_error_response :not_authorized, + status: :forbidden end - def assert_error_response(key, status=nil) - message = I18n.t(key) + def assert_error_response(key, options = {}) + status=options.delete :status + message = I18n.t(key, options) if content_type == 'application/json' status ||= :unprocessable_entity assert_json_response('error' => key.to_s, 'message' => message) -- cgit v1.2.3 From 2d75afb15e005e97a57b68abae0a34f1a2c4a30b Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 25 Mar 2016 11:21:37 +0100 Subject: tests: Validator.new has optional options hash but you may not hand it a nil --- test/unit/invite_code_validator_test.rb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'test') diff --git a/test/unit/invite_code_validator_test.rb b/test/unit/invite_code_validator_test.rb index 62eeae6..934ba2e 100644 --- a/test/unit/invite_code_validator_test.rb +++ b/test/unit/invite_code_validator_test.rb @@ -3,9 +3,9 @@ require 'test_helper' class InviteCodeValidatorTest < ActiveSupport::TestCase test "user should not be created with invalid invite code" do with_config invite_required: true do - invalid_user = FactoryGirl.build(:user) + invalid_user = FactoryGirl.build(:user) - assert !invalid_user.valid? + assert !invalid_user.valid? end end @@ -30,7 +30,7 @@ class InviteCodeValidatorTest < ActiveSupport::TestCase test "Invite count >= invite max uses is not accepted for new account signup" do - validator = InviteCodeValidator.new nil + validator = InviteCodeValidator.new user_code = InviteCode.new user_code.invite_count = 1 @@ -46,7 +46,7 @@ class InviteCodeValidatorTest < ActiveSupport::TestCase end test "Invite count < invite max uses is accepted for new account signup" do - validator = InviteCodeValidator.new nil + validator = InviteCodeValidator.new user_code = InviteCode.create user_code.save @@ -60,7 +60,7 @@ class InviteCodeValidatorTest < ActiveSupport::TestCase end test "Invite count 0 is accepted for new account signup" do - validator = InviteCodeValidator.new nil + validator = InviteCodeValidator.new user_code = InviteCode.create @@ -73,7 +73,7 @@ class InviteCodeValidatorTest < ActiveSupport::TestCase end test "There is an error message if the invite code does not exist" do - validator = InviteCodeValidator.new nil + validator = InviteCodeValidator.new user = FactoryGirl.build :user user.invite_code = "wrongcode" @@ -83,4 +83,4 @@ class InviteCodeValidatorTest < ActiveSupport::TestCase assert_equal ["This is not a valid code"], user.errors[:invite_code] end -end \ No newline at end of file +end -- cgit v1.2.3 From a7718c19ab96648e37063c05bffe21bc2c315325 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 3 May 2016 09:01:18 -0300 Subject: fix type mismatch TokenAuthTest rails 4 mixes model, controller and integration tests. So lets give this one a better name --- .../configs_controller_with_static_tokens_test.rb | 40 ++++++++++++++++++++++ test/functional/token_auth_test.rb | 40 ---------------------- 2 files changed, 40 insertions(+), 40 deletions(-) create mode 100644 test/functional/configs_controller_with_static_tokens_test.rb delete mode 100644 test/functional/token_auth_test.rb (limited to 'test') diff --git a/test/functional/configs_controller_with_static_tokens_test.rb b/test/functional/configs_controller_with_static_tokens_test.rb new file mode 100644 index 0000000..79739fe --- /dev/null +++ b/test/functional/configs_controller_with_static_tokens_test.rb @@ -0,0 +1,40 @@ +# +# tests for authenticating an admin or monitor user +# via static configured tokens. +# + +require 'test_helper' + +class ConfigsControllerWithStaticTokensTest < ActionController::TestCase + tests V1::ConfigsController + + def test_login_via_api_token + with_config(:allow_anonymous_certs => false) do + monitor_auth do + get :index + assert assigns(:token), 'should have authenticated via api token' + assert assigns(:token).is_a? ApiToken + assert @controller.send(:current_user).is_a? ApiMonitorUser + end + end + end + + def test_fail_api_auth_when_ip_not_allowed + with_config(:allow_anonymous_certs => false) do + allowed = "99.99.99.99" + new_config = {api_tokens: APP_CONFIG["api_tokens"].merge(allowed_ips: [allowed])} + with_config(new_config) do + monitor_auth do + request.env['REMOTE_ADDR'] = "1.1.1.1" + get :index + assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" + request.env['REMOTE_ADDR'] = allowed + get :index + assert assigns(:token), "should have authenticated via api token" + end + end + end + end + +end + diff --git a/test/functional/token_auth_test.rb b/test/functional/token_auth_test.rb deleted file mode 100644 index 53d5fb3..0000000 --- a/test/functional/token_auth_test.rb +++ /dev/null @@ -1,40 +0,0 @@ -# -# tests for authenticating an admin or monitor user -# via static configured tokens. -# - -require_relative '../test_helper' - -class TokenAuthTest < ActionController::TestCase - tests V1::ConfigsController - - def test_login_via_api_token - with_config(:allow_anonymous_certs => false) do - monitor_auth do - get :index - assert assigns(:token), 'should have authenticated via api token' - assert assigns(:token).is_a? ApiToken - assert @controller.send(:current_user).is_a? ApiMonitorUser - end - end - end - - def test_fail_api_auth_when_ip_not_allowed - with_config(:allow_anonymous_certs => false) do - allowed = "99.99.99.99" - new_config = {api_tokens: APP_CONFIG["api_tokens"].merge(allowed_ips: [allowed])} - with_config(new_config) do - monitor_auth do - request.env['REMOTE_ADDR'] = "1.1.1.1" - get :index - assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" - request.env['REMOTE_ADDR'] = allowed - get :index - assert assigns(:token), "should have authenticated via api token" - end - end - end - end - -end - -- cgit v1.2.3 From 33e2a52f683697ca8489d856df90b39bfbbe7373 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 3 May 2016 11:29:45 -0300 Subject: use APP_CONFIG[config_file_paths] for provider.json This avoids overwriting the PROVIDER_JSON constant in the StaticConfigController and thus fixes test warnings. Also moved away from using instance variables in the ControllerExtension::JsonFile - instead querying the corresponding functions now - less sideeffects and easier stubbing. --- test/functional/static_config_controller_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/functional/static_config_controller_test.rb b/test/functional/static_config_controller_test.rb index 9c2cfef..7027bf8 100644 --- a/test/functional/static_config_controller_test.rb +++ b/test/functional/static_config_controller_test.rb @@ -1,7 +1,7 @@ require 'test_helper' # use minitest for stubbing, rather than bloated mocha -require 'minitest/stub_const' +require 'minitest/mock' class StaticConfigControllerTest < ActionController::TestCase @@ -9,7 +9,7 @@ class StaticConfigControllerTest < ActionController::TestCase end def test_provider_success - StaticConfigController.stub_const(:PROVIDER_JSON, file_path('provider.json')) do + @controller.stub(:provider_json, file_path('provider.json')) do get :provider, format: :json assert_equal 'application/json', @response.content_type assert_response :success @@ -17,7 +17,7 @@ class StaticConfigControllerTest < ActionController::TestCase end def test_provider_not_modified - StaticConfigController.stub_const(:PROVIDER_JSON, file_path('provider.json')) do + @controller.stub(:provider_json, file_path('provider.json')) do request.env["HTTP_IF_MODIFIED_SINCE"] = File.mtime(file_path('provider.json')).rfc2822() get :provider, format: :json assert_response 304 -- cgit v1.2.3 From 0ab4b26752c7949840f9168a7e8dc94226debd51 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 9 May 2016 08:34:50 +0200 Subject: minor: cleanup debug message in test --- test/functional/v1/messages_controller_test.rb | 1 - 1 file changed, 1 deletion(-) (limited to 'test') diff --git a/test/functional/v1/messages_controller_test.rb b/test/functional/v1/messages_controller_test.rb index 67f34a1..f37cca0 100644 --- a/test/functional/v1/messages_controller_test.rb +++ b/test/functional/v1/messages_controller_test.rb @@ -15,7 +15,6 @@ class V1::MessagesControllerTest < ActionController::TestCase login @user get :index, :locale => 'es' body = JSON.parse(response.body) - p body message1 = "

\"This\" is a very fine message. https://bitmask.net

\n" assert_equal 2, body.size, 'there should be two messages' assert_equal message1, body.first["text"], 'first message text should match files/motd/1.en.md' -- cgit v1.2.3 From 90e2145e33913ff59b99b81a660cb730e3c7efd8 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 9 May 2016 08:54:57 +0200 Subject: test: make identity test locale independent It somehow managed to fail for a certain test order. Seems rather rare though - have not been able to reproduce it in 5 runs. Failed with --seed 60219. --- test/support/record_assertions.rb | 10 ++++++++++ test/unit/identity_test.rb | 9 +++++---- 2 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 test/support/record_assertions.rb (limited to 'test') diff --git a/test/support/record_assertions.rb b/test/support/record_assertions.rb new file mode 100644 index 0000000..30b947f --- /dev/null +++ b/test/support/record_assertions.rb @@ -0,0 +1,10 @@ +module RecordAssertions + + def assert_error(record, options) + options.each do |k, v| + errors = record.errors[k] + assert_equal I18n.t("errors.messages.#{v}"), errors.first + end + end + +end diff --git a/test/unit/identity_test.rb b/test/unit/identity_test.rb index 9d4bc90..e9173af 100644 --- a/test/unit/identity_test.rb +++ b/test/unit/identity_test.rb @@ -2,6 +2,7 @@ require_relative '../test_helper' class IdentityTest < ActiveSupport::TestCase include StubRecordHelper + include RecordAssertions setup do @user = find_record :user @@ -22,7 +23,7 @@ class IdentityTest < ActiveSupport::TestCase test "enabled identity requires destination" do @id = Identity.new user: @user, address: @user.email_address assert !@id.valid? - assert_equal ["can't be blank"], @id.errors[:destination] + assert_error @id, destination: :blank end test "disabled identity requires no destination" do @@ -62,7 +63,7 @@ class IdentityTest < ActiveSupport::TestCase @id = Identity.create_for @user, address: alias_name, destination: forward_address dup = Identity.build_for @user, address: alias_name, destination: forward_address assert !dup.valid? - assert_equal ["has already been taken"], dup.errors[:destination] + assert_error dup, destination: :taken end test "validates availability" do @@ -70,7 +71,7 @@ class IdentityTest < ActiveSupport::TestCase @id = Identity.create_for @user, address: alias_name, destination: forward_address taken = Identity.build_for other_user, address: alias_name assert !taken.valid? - assert_equal ["has already been taken"], taken.errors[:address] + assert_error taken, address: :taken end test "setting and getting pgp key" do @@ -133,7 +134,7 @@ class IdentityTest < ActiveSupport::TestCase other_user = find_record :user taken = Identity.build_for other_user, address: @id.address assert !taken.valid? - assert_equal ["has already been taken"], taken.errors[:address] + assert_error taken, address: :taken end test "destroy all orphaned identities" do -- cgit v1.2.3 From e05a1b0f5ae40a2aa17976b3009cd563b8e4660a Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 1 May 2016 10:55:33 -0300 Subject: api: allow version bumping - bump to 2 --- test/functional/api/certs_controller_test.rb | 60 ++++++++ test/functional/api/identities_controller_test.rb | 24 ++++ test/functional/api/messages_controller_test.rb | 99 +++++++++++++ test/functional/api/services_controller_test.rb | 28 ++++ test/functional/api/sessions_controller_test.rb | 62 +++++++++ test/functional/api/smtp_certs_controller_test.rb | 43 ++++++ test/functional/api/token_auth_test.rb | 40 ++++++ test/functional/api/users_controller_test.rb | 135 ++++++++++++++++++ .../configs_controller_with_static_tokens_test.rb | 40 ------ test/functional/v1/certs_controller_test.rb | 60 -------- test/functional/v1/identities_controller_test.rb | 24 ---- test/functional/v1/messages_controller_test.rb | 99 ------------- test/functional/v1/services_controller_test.rb | 28 ---- test/functional/v1/sessions_controller_test.rb | 62 --------- test/functional/v1/smtp_certs_controller_test.rb | 43 ------ test/functional/v1/users_controller_test.rb | 135 ------------------ test/integration/api/cert_test.rb | 11 +- test/integration/api/signup_test.rb | 2 +- test/integration/api/smtp_cert_test.rb | 14 +- test/integration/api/srp_test.rb | 18 ++- test/integration/api/token_auth_test.rb | 2 +- test/integration/api/update_account_test.rb | 2 +- .../browser/account_livecycle_test.rb.orig | 153 +++++++++++++++++++++ test/integration/browser/security_test.rb | 2 +- test/support/api_integration_test.rb | 4 + 25 files changed, 682 insertions(+), 508 deletions(-) create mode 100644 test/functional/api/certs_controller_test.rb create mode 100644 test/functional/api/identities_controller_test.rb create mode 100644 test/functional/api/messages_controller_test.rb create mode 100644 test/functional/api/services_controller_test.rb create mode 100644 test/functional/api/sessions_controller_test.rb create mode 100644 test/functional/api/smtp_certs_controller_test.rb create mode 100644 test/functional/api/token_auth_test.rb create mode 100644 test/functional/api/users_controller_test.rb delete mode 100644 test/functional/configs_controller_with_static_tokens_test.rb delete mode 100644 test/functional/v1/certs_controller_test.rb delete mode 100644 test/functional/v1/identities_controller_test.rb delete mode 100644 test/functional/v1/messages_controller_test.rb delete mode 100644 test/functional/v1/services_controller_test.rb delete mode 100644 test/functional/v1/sessions_controller_test.rb delete mode 100644 test/functional/v1/smtp_certs_controller_test.rb delete mode 100644 test/functional/v1/users_controller_test.rb create mode 100644 test/integration/browser/account_livecycle_test.rb.orig (limited to 'test') diff --git a/test/functional/api/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb new file mode 100644 index 0000000..137ed92 --- /dev/null +++ b/test/functional/api/certs_controller_test.rb @@ -0,0 +1,60 @@ +require_relative '../../test_helper' + +class Api::CertsControllerTest < ActionController::TestCase + + test "create unlimited cert without login" do + with_config allow_anonymous_certs: true do + cert = expect_cert('UNLIMITED') + post :create + assert_response :success + assert_equal cert.to_s, @response.body + end + end + + test "create limited cert" do + with_config allow_limited_certs: true do + login + cert = expect_cert('LIMITED') + post :create + assert_response :success + assert_equal cert.to_s, @response.body + end + end + + test "fail to create cert when disabled" do + login :enabled? => false + post :create + assert_access_denied + end + + test "create unlimited cert" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert('UNLIMITED') + post :create + assert_response :success + assert_equal cert.to_s, @response.body + end + + test "GET still works as an alias" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert('UNLIMITED') + get :show + assert_response :success + assert_equal cert.to_s, @response.body + end + + test "redirect if no eip service offered" do + post :create + assert_response :redirect + end + + protected + + def expect_cert(prefix) + cert = stub :to_s => "#{prefix.downcase} cert" + ClientCertificate.expects(:new). + with(:prefix => prefix). + returns(cert) + return cert + end +end diff --git a/test/functional/api/identities_controller_test.rb b/test/functional/api/identities_controller_test.rb new file mode 100644 index 0000000..e803ee7 --- /dev/null +++ b/test/functional/api/identities_controller_test.rb @@ -0,0 +1,24 @@ +require_relative '../../test_helper' + +class Api::IdentitiesControllerTest < ActionController::TestCase + + test "api monitor can fetch identity" do + monitor_auth do + identity = FactoryGirl.create :identity + get :show, :id => identity.address, :format => 'json' + assert_response :success + assert_equal identity, assigns(:identity) + + get :show, :id => "blahblahblah", :format => 'json' + assert_response :not_found + end + end + + + test "anonymous cannot fetch identity" do + identity = FactoryGirl.create :identity + get :show, :id => identity.address, :format => 'json' + assert_response :forbidden + end + +end diff --git a/test/functional/api/messages_controller_test.rb b/test/functional/api/messages_controller_test.rb new file mode 100644 index 0000000..01641d4 --- /dev/null +++ b/test/functional/api/messages_controller_test.rb @@ -0,0 +1,99 @@ +require 'test_helper' + +class Api::MessagesControllerTest < ActionController::TestCase + + setup do + @user = FactoryGirl.build(:user) + @user.save + end + + # NOTE: the available languages for test are :en and :de + # so :es will result in english response. + + test "get the motd" do + with_config("customization_directory" => Rails.root+'test/files') do + login @user + get :index, :locale => 'es' + body = JSON.parse(response.body) + message1 = "

\"This\" is a very fine message. https://bitmask.net

\n" + assert_equal 2, body.size, 'there should be two messages' + assert_equal message1, body.first["text"], 'first message text should match files/motd/1.en.md' + end + end + + test "get localized motd" do + with_config("customization_directory" => Rails.root+'test/files') do + login @user + get :index, :locale => 'de' + body = JSON.parse(response.body) + message1 = "

Dies ist eine sehr feine Nachricht. https://bitmask.net

\n" + assert_equal message1, body.first["text"], 'first message text should match files/motd/1.de.md' + end + end + + test "get empty motd" do + login @user + get :index + assert_equal "[]", response.body, "motd response should be empty if no motd directory exists" + end + + ## + ## For now, only the static file MOTD is supported, not messages in the db. + ## so, this is disabled: + ## +=begin + setup do + InviteCodeValidator.any_instance.stubs(:validate) + @user = FactoryGirl.build(:user) + @user.save + @message = Message.new(:text => 'a test message') + @message.user_ids_to_show << @user.id + @message.save + end + + teardown do + @message.destroy + @user.destroy + end + + test "get messages for user" do + login @user + get :index + assert response.body.include? @message.text + assert response.body.include? @message.id + end + + test "mark message read for user" do + login @user + assert @message.user_ids_to_show.include?(@user.id) + assert !@message.user_ids_have_shown.include?(@user.id) + put :update, :id => @message.id + @message.reload + assert !@message.user_ids_to_show.include?(@user.id) + assert @message.user_ids_have_shown.include?(@user.id) + assert_success :marked_as_read + end + + test "do not get seen messages" do + login @user + put :update, :id => @message.id + @message.reload + get :index + assert !(response.body.include? @message.text) + assert !(response.body.include? @message.id) + end + + + test "mark read responds even with bad inputs" do + login @user + put :update, :id => 'more nonsense' + assert_not_found + end + + test "fails if not authenticated" do + get :index, :format => :json + assert_login_required + end +=end + +end diff --git a/test/functional/api/services_controller_test.rb b/test/functional/api/services_controller_test.rb new file mode 100644 index 0000000..b1dc9f3 --- /dev/null +++ b/test/functional/api/services_controller_test.rb @@ -0,0 +1,28 @@ +require 'test_helper' + +class Api::ServicesControllerTest < ActionController::TestCase + + test "anonymous user gets login required service info" do + get :show, format: :json + assert_json_response error: 'not_authorized_login', + message: 'Please log in to perform that action.' + end + + test "anonymous user gets vpn service info" do + with_config allow_anonymous_certs: true do + get :show, format: :json + assert_json_response name: 'anonymous', + eip_rate_limit: false, + description: 'anonymous access to the VPN' + end + end + + test "user can see their service info" do + login + get :show, format: :json + default_level = APP_CONFIG[:default_service_level] + assert_json_response APP_CONFIG[:service_levels][default_level] + end + +end + diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb new file mode 100644 index 0000000..0633578 --- /dev/null +++ b/test/functional/api/sessions_controller_test.rb @@ -0,0 +1,62 @@ +require 'test_helper' + +# This is a simple controller unit test. +# We're stubbing out both warden and srp. +# There's an integration test testing the full rack stack and srp +class Api::SessionsControllerTest < ActionController::TestCase + + setup do + @request.env['HTTP_HOST'] = 'api.lvh.me' + @user = stub_record :user, {}, true + @client_hex = 'a123' + end + + test "renders json" do + get :new, :format => :json + assert_response :success + assert_json_error nil + end + + test "renders warden errors" do + request.env['warden.options'] = {attempted_path: 'path/to/controller'} + strategy = stub :message => {:field => :translate_me} + request.env['warden'].stubs(:winning_strategy).returns(strategy) + I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") + get :new, :format => :json + assert_response 422 + assert_json_error :field => "translation stub" + end + + # Warden takes care of parsing the params and + # rendering the response. So not much to test here. + test "should perform handshake" do + request.env['warden'].expects(:authenticate!) + # make sure we don't get a template missing error: + @controller.stubs(:render) + post :create, :login => @user.login, 'A' => @client_hex + end + + test "should authenticate" do + request.env['warden'].expects(:authenticate!) + @controller.stubs(:current_user).returns(@user) + handshake = stub(:to_hash => {h: "ash"}) + session[:handshake] = handshake + + post :update, :id => @user.login, :client_auth => @client_hex + + assert_nil session[:handshake] + assert_response :success + assert json_response.keys.include?("id") + assert json_response.keys.include?("token") + assert token = Token.find_by_token(json_response['token']) + assert_equal @user.id, token.user_id + end + + test "destroy should logout" do + login + expect_logout + delete :destroy + assert_response 204 + end + +end diff --git a/test/functional/api/smtp_certs_controller_test.rb b/test/functional/api/smtp_certs_controller_test.rb new file mode 100644 index 0000000..2142675 --- /dev/null +++ b/test/functional/api/smtp_certs_controller_test.rb @@ -0,0 +1,43 @@ +require 'test_helper' + +class Api::SmtpCertsControllerTest < ActionController::TestCase + + test "no smtp cert without login" do + with_config allow_anonymous_certs: true do + post :create + assert_login_required + end + end + + test "require service level with email" do + login + post :create + assert_access_denied + end + + test "send cert with username" do + login effective_service_level: ServiceLevel.new(id: 2) + cert = expect_cert(@current_user.email_address) + cert.expects(:fingerprint).returns('fingerprint') + post :create + assert_response :success + assert_equal cert.to_s, @response.body + end + + test "fail to create cert when disabled" do + login :enabled? => false + post :create + assert_access_denied + end + + protected + + def expect_cert(email) + cert = stub to_s: "#{email.downcase} cert", + expiry: 1.month.from_now.utc.at_midnight + ClientCertificate.expects(:new). + with(:common_name => email). + returns(cert) + return cert + end +end diff --git a/test/functional/api/token_auth_test.rb b/test/functional/api/token_auth_test.rb new file mode 100644 index 0000000..17a4775 --- /dev/null +++ b/test/functional/api/token_auth_test.rb @@ -0,0 +1,40 @@ +# +# tests for authenticating an admin or monitor user +# via static configured tokens. +# + +require 'test_helper' + +class Api::TokenAuthTest < ActionController::TestCase + tests Api::ConfigsController + + def test_login_via_api_token + with_config(:allow_anonymous_certs => false) do + monitor_auth do + get :index + assert assigns(:token), 'should have authenticated via api token' + assert assigns(:token).is_a? ApiToken + assert @controller.send(:current_user).is_a? ApiMonitorUser + end + end + end + + def test_fail_api_auth_when_ip_not_allowed + with_config(:allow_anonymous_certs => false) do + allowed = "99.99.99.99" + new_config = {api_tokens: APP_CONFIG["api_tokens"].merge(allowed_ips: [allowed])} + with_config(new_config) do + monitor_auth do + request.env['REMOTE_ADDR'] = "1.1.1.1" + get :index + assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" + request.env['REMOTE_ADDR'] = allowed + get :index + assert assigns(:token), "should have authenticated via api token" + end + end + end + end + +end + diff --git a/test/functional/api/users_controller_test.rb b/test/functional/api/users_controller_test.rb new file mode 100644 index 0000000..bc2e312 --- /dev/null +++ b/test/functional/api/users_controller_test.rb @@ -0,0 +1,135 @@ +require_relative '../../test_helper' + +class Api::UsersControllerTest < ActionController::TestCase + + test "user can change settings" do + user = find_record :user + changed_attribs = record_attributes_for :user_with_settings + account_settings = stub + account_settings.expects(:update).with(changed_attribs) + Account.expects(:new).with(user).returns(account_settings) + + login user + put :update, :user => changed_attribs, :id => user.id, :format => :json + + assert_equal user, assigns[:user] + assert_response 204 + assert @response.body.blank?, "Response should be blank" + end + + test "admin can update user" do + user = find_record :user + changed_attribs = record_attributes_for :user_with_settings + account_settings = stub + account_settings.expects(:update).with(changed_attribs) + Account.expects(:new).with(user).returns(account_settings) + + login :is_admin? => true + put :update, :user => changed_attribs, :id => user.id, :format => :json + + assert_equal user, assigns[:user] + assert_response 204 + end + + test "user cannot update other user" do + user = find_record :user + login + put :update, id: user.id, + user: record_attributes_for(:user_with_settings), + :format => :json + assert_access_denied + end + + test "should create new user" do + user_attribs = record_attributes_for :user + user = User.new(user_attribs) + Account.expects(:create).with(user_attribs).returns(user) + + post :create, :user => user_attribs, :format => :json + + assert_nil session[:user_id] + assert_json_response user + assert_response :success + end + + test "should redirect to signup form on failed attempt" do + user_attribs = record_attributes_for :user + user_attribs.slice!('login') + user = User.new(user_attribs) + assert !user.valid? + Account.expects(:create).with(user_attribs).returns(user) + + post :create, :user => user_attribs, :format => :json + + assert_json_error user.errors.messages + assert_response 422 + end + + test "admin can autocomplete users" do + login :is_admin? => true + get :index, :query => 'a', :format => :json + + assert_response :success + assert assigns(:users) + end + + test "create returns forbidden if registration is closed" do + user_attribs = record_attributes_for :user + with_config(allow_registration: false) do + post :create, :user => user_attribs, :format => :json + assert_response :forbidden + end + end + + test "admin can show user" do + user = FactoryGirl.create :user + login :is_admin? => true + get :show, :id => 0, :login => user.login, :format => :json + assert_response :success + assert_json_response user + get :show, :id => user.id, :format => :json + assert_response :success + assert_json_response user + get :show, :id => "0", :format => :json + assert_response :not_found + end + + test "normal users cannot show user" do + user = find_record :user + login + get :show, :id => 0, :login => user.login, :format => :json + assert_access_denied + end + + test "api monitor auth can create and destroy test users" do + # should work even with registration off and/or invites required + with_config(allow_registration: false, invite_required: true) do + monitor_auth do + user_attribs = record_attributes_for :test_user + post :create, :user => user_attribs, :format => :json + assert_response :success + delete :destroy, :id => assigns(:user).id, :format => :json + assert_response :success + end + end + end + + test "api monitor auth cannot create normal users" do + monitor_auth do + user_attribs = record_attributes_for :user + post :create, :user => user_attribs, :format => :json + assert_response :forbidden + end + end + + test "api monitor auth cannot delete normal users" do + post :create, :user => record_attributes_for(:user), :format => :json + assert_response :success + normal_user_id = assigns(:user).id + monitor_auth do + delete :destroy, :id => normal_user_id, :format => :json + assert_response :forbidden + end + end + +end diff --git a/test/functional/configs_controller_with_static_tokens_test.rb b/test/functional/configs_controller_with_static_tokens_test.rb deleted file mode 100644 index 79739fe..0000000 --- a/test/functional/configs_controller_with_static_tokens_test.rb +++ /dev/null @@ -1,40 +0,0 @@ -# -# tests for authenticating an admin or monitor user -# via static configured tokens. -# - -require 'test_helper' - -class ConfigsControllerWithStaticTokensTest < ActionController::TestCase - tests V1::ConfigsController - - def test_login_via_api_token - with_config(:allow_anonymous_certs => false) do - monitor_auth do - get :index - assert assigns(:token), 'should have authenticated via api token' - assert assigns(:token).is_a? ApiToken - assert @controller.send(:current_user).is_a? ApiMonitorUser - end - end - end - - def test_fail_api_auth_when_ip_not_allowed - with_config(:allow_anonymous_certs => false) do - allowed = "99.99.99.99" - new_config = {api_tokens: APP_CONFIG["api_tokens"].merge(allowed_ips: [allowed])} - with_config(new_config) do - monitor_auth do - request.env['REMOTE_ADDR'] = "1.1.1.1" - get :index - assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" - request.env['REMOTE_ADDR'] = allowed - get :index - assert assigns(:token), "should have authenticated via api token" - end - end - end - end - -end - diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb deleted file mode 100644 index 04c1c86..0000000 --- a/test/functional/v1/certs_controller_test.rb +++ /dev/null @@ -1,60 +0,0 @@ -require_relative '../../test_helper' - -class V1::CertsControllerTest < ActionController::TestCase - - test "create unlimited cert without login" do - with_config allow_anonymous_certs: true do - cert = expect_cert('UNLIMITED') - post :create - assert_response :success - assert_equal cert.to_s, @response.body - end - end - - test "create limited cert" do - with_config allow_limited_certs: true do - login - cert = expect_cert('LIMITED') - post :create - assert_response :success - assert_equal cert.to_s, @response.body - end - end - - test "fail to create cert when disabled" do - login :enabled? => false - post :create - assert_access_denied - end - - test "create unlimited cert" do - login effective_service_level: ServiceLevel.new(id: 2) - cert = expect_cert('UNLIMITED') - post :create - assert_response :success - assert_equal cert.to_s, @response.body - end - - test "GET still works as an alias" do - login effective_service_level: ServiceLevel.new(id: 2) - cert = expect_cert('UNLIMITED') - get :show - assert_response :success - assert_equal cert.to_s, @response.body - end - - test "redirect if no eip service offered" do - post :create - assert_response :redirect - end - - protected - - def expect_cert(prefix) - cert = stub :to_s => "#{prefix.downcase} cert" - ClientCertificate.expects(:new). - with(:prefix => prefix). - returns(cert) - return cert - end -end diff --git a/test/functional/v1/identities_controller_test.rb b/test/functional/v1/identities_controller_test.rb deleted file mode 100644 index 6410c44..0000000 --- a/test/functional/v1/identities_controller_test.rb +++ /dev/null @@ -1,24 +0,0 @@ -require_relative '../../test_helper' - -class V1::IdentitiesControllerTest < ActionController::TestCase - - test "api monitor can fetch identity" do - monitor_auth do - identity = FactoryGirl.create :identity - get :show, :id => identity.address, :format => 'json' - assert_response :success - assert_equal identity, assigns(:identity) - - get :show, :id => "blahblahblah", :format => 'json' - assert_response :not_found - end - end - - - test "anonymous cannot fetch identity" do - identity = FactoryGirl.create :identity - get :show, :id => identity.address, :format => 'json' - assert_response :forbidden - end - -end diff --git a/test/functional/v1/messages_controller_test.rb b/test/functional/v1/messages_controller_test.rb deleted file mode 100644 index f37cca0..0000000 --- a/test/functional/v1/messages_controller_test.rb +++ /dev/null @@ -1,99 +0,0 @@ -require 'test_helper' - -class V1::MessagesControllerTest < ActionController::TestCase - - setup do - @user = FactoryGirl.build(:user) - @user.save - end - - # NOTE: the available languages for test are :en and :de - # so :es will result in english response. - - test "get the motd" do - with_config("customization_directory" => Rails.root+'test/files') do - login @user - get :index, :locale => 'es' - body = JSON.parse(response.body) - message1 = "

\"This\" is a very fine message. https://bitmask.net

\n" - assert_equal 2, body.size, 'there should be two messages' - assert_equal message1, body.first["text"], 'first message text should match files/motd/1.en.md' - end - end - - test "get localized motd" do - with_config("customization_directory" => Rails.root+'test/files') do - login @user - get :index, :locale => 'de' - body = JSON.parse(response.body) - message1 = "

Dies ist eine sehr feine Nachricht. https://bitmask.net

\n" - assert_equal message1, body.first["text"], 'first message text should match files/motd/1.de.md' - end - end - - test "get empty motd" do - login @user - get :index - assert_equal "[]", response.body, "motd response should be empty if no motd directory exists" - end - - ## - ## For now, only the static file MOTD is supported, not messages in the db. - ## so, this is disabled: - ## -=begin - setup do - InviteCodeValidator.any_instance.stubs(:validate) - @user = FactoryGirl.build(:user) - @user.save - @message = Message.new(:text => 'a test message') - @message.user_ids_to_show << @user.id - @message.save - end - - teardown do - @message.destroy - @user.destroy - end - - test "get messages for user" do - login @user - get :index - assert response.body.include? @message.text - assert response.body.include? @message.id - end - - test "mark message read for user" do - login @user - assert @message.user_ids_to_show.include?(@user.id) - assert !@message.user_ids_have_shown.include?(@user.id) - put :update, :id => @message.id - @message.reload - assert !@message.user_ids_to_show.include?(@user.id) - assert @message.user_ids_have_shown.include?(@user.id) - assert_success :marked_as_read - end - - test "do not get seen messages" do - login @user - put :update, :id => @message.id - @message.reload - get :index - assert !(response.body.include? @message.text) - assert !(response.body.include? @message.id) - end - - - test "mark read responds even with bad inputs" do - login @user - put :update, :id => 'more nonsense' - assert_not_found - end - - test "fails if not authenticated" do - get :index, :format => :json - assert_login_required - end -=end - -end diff --git a/test/functional/v1/services_controller_test.rb b/test/functional/v1/services_controller_test.rb deleted file mode 100644 index 039eb27..0000000 --- a/test/functional/v1/services_controller_test.rb +++ /dev/null @@ -1,28 +0,0 @@ -require 'test_helper' - -class V1::ServicesControllerTest < ActionController::TestCase - - test "anonymous user gets login required service info" do - get :show, format: :json - assert_json_response error: 'not_authorized_login', - message: 'Please log in to perform that action.' - end - - test "anonymous user gets vpn service info" do - with_config allow_anonymous_certs: true do - get :show, format: :json - assert_json_response name: 'anonymous', - eip_rate_limit: false, - description: 'anonymous access to the VPN' - end - end - - test "user can see their service info" do - login - get :show, format: :json - default_level = APP_CONFIG[:default_service_level] - assert_json_response APP_CONFIG[:service_levels][default_level] - end - -end - diff --git a/test/functional/v1/sessions_controller_test.rb b/test/functional/v1/sessions_controller_test.rb deleted file mode 100644 index 8bb6acd..0000000 --- a/test/functional/v1/sessions_controller_test.rb +++ /dev/null @@ -1,62 +0,0 @@ -require 'test_helper' - -# This is a simple controller unit test. -# We're stubbing out both warden and srp. -# There's an integration test testing the full rack stack and srp -class V1::SessionsControllerTest < ActionController::TestCase - - setup do - @request.env['HTTP_HOST'] = 'api.lvh.me' - @user = stub_record :user, {}, true - @client_hex = 'a123' - end - - test "renders json" do - get :new, :format => :json - assert_response :success - assert_json_error nil - end - - test "renders warden errors" do - request.env['warden.options'] = {attempted_path: 'path/to/controller'} - strategy = stub :message => {:field => :translate_me} - request.env['warden'].stubs(:winning_strategy).returns(strategy) - I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") - get :new, :format => :json - assert_response 422 - assert_json_error :field => "translation stub" - end - - # Warden takes care of parsing the params and - # rendering the response. So not much to test here. - test "should perform handshake" do - request.env['warden'].expects(:authenticate!) - # make sure we don't get a template missing error: - @controller.stubs(:render) - post :create, :login => @user.login, 'A' => @client_hex - end - - test "should authenticate" do - request.env['warden'].expects(:authenticate!) - @controller.stubs(:current_user).returns(@user) - handshake = stub(:to_hash => {h: "ash"}) - session[:handshake] = handshake - - post :update, :id => @user.login, :client_auth => @client_hex - - assert_nil session[:handshake] - assert_response :success - assert json_response.keys.include?("id") - assert json_response.keys.include?("token") - assert token = Token.find_by_token(json_response['token']) - assert_equal @user.id, token.user_id - end - - test "destroy should logout" do - login - expect_logout - delete :destroy - assert_response 204 - end - -end diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb deleted file mode 100644 index 1b03995..0000000 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ /dev/null @@ -1,43 +0,0 @@ -require 'test_helper' - -class V1::SmtpCertsControllerTest < ActionController::TestCase - - test "no smtp cert without login" do - with_config allow_anonymous_certs: true do - post :create - assert_login_required - end - end - - test "require service level with email" do - login - post :create - assert_access_denied - end - - test "send cert with username" do - login effective_service_level: ServiceLevel.new(id: 2) - cert = expect_cert(@current_user.email_address) - cert.expects(:fingerprint).returns('fingerprint') - post :create - assert_response :success - assert_equal cert.to_s, @response.body - end - - test "fail to create cert when disabled" do - login :enabled? => false - post :create - assert_access_denied - end - - protected - - def expect_cert(email) - cert = stub to_s: "#{email.downcase} cert", - expiry: 1.month.from_now.utc.at_midnight - ClientCertificate.expects(:new). - with(:common_name => email). - returns(cert) - return cert - end -end diff --git a/test/functional/v1/users_controller_test.rb b/test/functional/v1/users_controller_test.rb deleted file mode 100644 index 3f7bad3..0000000 --- a/test/functional/v1/users_controller_test.rb +++ /dev/null @@ -1,135 +0,0 @@ -require_relative '../../test_helper' - -class V1::UsersControllerTest < ActionController::TestCase - - test "user can change settings" do - user = find_record :user - changed_attribs = record_attributes_for :user_with_settings - account_settings = stub - account_settings.expects(:update).with(changed_attribs) - Account.expects(:new).with(user).returns(account_settings) - - login user - put :update, :user => changed_attribs, :id => user.id, :format => :json - - assert_equal user, assigns[:user] - assert_response 204 - assert @response.body.blank?, "Response should be blank" - end - - test "admin can update user" do - user = find_record :user - changed_attribs = record_attributes_for :user_with_settings - account_settings = stub - account_settings.expects(:update).with(changed_attribs) - Account.expects(:new).with(user).returns(account_settings) - - login :is_admin? => true - put :update, :user => changed_attribs, :id => user.id, :format => :json - - assert_equal user, assigns[:user] - assert_response 204 - end - - test "user cannot update other user" do - user = find_record :user - login - put :update, id: user.id, - user: record_attributes_for(:user_with_settings), - :format => :json - assert_access_denied - end - - test "should create new user" do - user_attribs = record_attributes_for :user - user = User.new(user_attribs) - Account.expects(:create).with(user_attribs).returns(user) - - post :create, :user => user_attribs, :format => :json - - assert_nil session[:user_id] - assert_json_response user - assert_response :success - end - - test "should redirect to signup form on failed attempt" do - user_attribs = record_attributes_for :user - user_attribs.slice!('login') - user = User.new(user_attribs) - assert !user.valid? - Account.expects(:create).with(user_attribs).returns(user) - - post :create, :user => user_attribs, :format => :json - - assert_json_error user.errors.messages - assert_response 422 - end - - test "admin can autocomplete users" do - login :is_admin? => true - get :index, :query => 'a', :format => :json - - assert_response :success - assert assigns(:users) - end - - test "create returns forbidden if registration is closed" do - user_attribs = record_attributes_for :user - with_config(allow_registration: false) do - post :create, :user => user_attribs, :format => :json - assert_response :forbidden - end - end - - test "admin can show user" do - user = FactoryGirl.create :user - login :is_admin? => true - get :show, :id => 0, :login => user.login, :format => :json - assert_response :success - assert_json_response user - get :show, :id => user.id, :format => :json - assert_response :success - assert_json_response user - get :show, :id => "0", :format => :json - assert_response :not_found - end - - test "normal users cannot show user" do - user = find_record :user - login - get :show, :id => 0, :login => user.login, :format => :json - assert_access_denied - end - - test "api monitor auth can create and destroy test users" do - # should work even with registration off and/or invites required - with_config(allow_registration: false, invite_required: true) do - monitor_auth do - user_attribs = record_attributes_for :test_user - post :create, :user => user_attribs, :format => :json - assert_response :success - delete :destroy, :id => assigns(:user).id, :format => :json - assert_response :success - end - end - end - - test "api monitor auth cannot create normal users" do - monitor_auth do - user_attribs = record_attributes_for :user - post :create, :user => user_attribs, :format => :json - assert_response :forbidden - end - end - - test "api monitor auth cannot delete normal users" do - post :create, :user => record_attributes_for(:user), :format => :json - assert_response :success - normal_user_id = assigns(:user).id - monitor_auth do - delete :destroy, :id => normal_user_id, :format => :json - assert_response :forbidden - end - end - -end diff --git a/test/integration/api/cert_test.rb b/test/integration/api/cert_test.rb index 772901d..289d3c6 100644 --- a/test/integration/api/cert_test.rb +++ b/test/integration/api/cert_test.rb @@ -5,7 +5,7 @@ class CertTest < ApiIntegrationTest test "retrieve eip cert" do login - get '/1/cert', {}, RACK_ENV + get cert_url, {}, RACK_ENV assert_text_response assert_response_includes "BEGIN RSA PRIVATE KEY" assert_response_includes "END RSA PRIVATE KEY" @@ -14,13 +14,13 @@ class CertTest < ApiIntegrationTest end test "fetching certs requires login by default" do - get '/1/cert', {}, RACK_ENV + get cert_url, {}, RACK_ENV assert_login_required end test "retrieve anonymous eip cert" do with_config allow_anonymous_certs: true do - get '/1/cert', {}, RACK_ENV + get cert_url, {}, RACK_ENV assert_text_response assert_response_includes "BEGIN RSA PRIVATE KEY" assert_response_includes "END RSA PRIVATE KEY" @@ -28,4 +28,9 @@ class CertTest < ApiIntegrationTest assert_response_includes "END CERTIFICATE" end end + + def cert_url + "/#{api_version}/cert" + end + end diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb index 7216496..dc24420 100644 --- a/test/integration/api/signup_test.rb +++ b/test/integration/api/signup_test.rb @@ -1,4 +1,4 @@ -require_relative '../../test_helper' +require 'test_helper' require_relative 'srp_test' class SignupTest < SrpTest diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 681d509..53382c1 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -11,7 +11,7 @@ class SmtpCertTest < ApiIntegrationTest test "retrieve smtp cert" do @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_text_response assert_response_includes "BEGIN RSA PRIVATE KEY" assert_response_includes "END RSA PRIVATE KEY" @@ -22,7 +22,7 @@ class SmtpCertTest < ApiIntegrationTest test "cert and key" do @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) key = OpenSSL::PKey::RSA.new(get_response.body) @@ -34,7 +34,7 @@ class SmtpCertTest < ApiIntegrationTest test "fingerprint is stored with identity" do @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code login - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') @@ -48,14 +48,18 @@ class SmtpCertTest < ApiIntegrationTest test "fetching smtp certs requires email account" do login - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_access_denied end test "no anonymous smtp certs" do with_config allow_anonymous_certs: true do - post '/1/smtp_cert', {}, RACK_ENV + post smtp_cert_url, {}, RACK_ENV assert_login_required end end + + def smtp_cert_url + "/#{api_version}/smtp_cert" + end end diff --git a/test/integration/api/srp_test.rb b/test/integration/api/srp_test.rb index 463abcd..b9605f9 100644 --- a/test/integration/api/srp_test.rb +++ b/test/integration/api/srp_test.rb @@ -14,7 +14,7 @@ class SrpTest < RackTest # this test wraps the api and implements the interface the ruby-srp client. def handshake(login, aa) - post "http://api.lvh.me:3000/1/sessions.json", + post api_url("sessions.json"), :login => login, 'A' => aa, :format => :json @@ -27,7 +27,7 @@ class SrpTest < RackTest end def validate(m) - put "http://api.lvh.me:3000/1/sessions/" + @login + '.json', + put api_url("sessions/#{@login}.json"), :client_auth => m, :format => :json return JSON.parse(last_response.body) @@ -39,7 +39,7 @@ class SrpTest < RackTest def register_user(login = "integration_test", password = 'srp, verify me!', invite_code = @testcode.invite_code) cleanup_user(login) - post 'http://api.lvh.me:3000/1/users.json', + post api_url('users.json'), user_params(login: login, password: password, invite_code: invite_code) assert(@user = User.find_by_login(login), 'user should have been created: %s' % last_response_errors) @login = login @@ -47,7 +47,7 @@ class SrpTest < RackTest end def update_user(params) - put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', + put api_url("users/#{@user.id}.json"), user_params(params), auth_headers end @@ -68,7 +68,7 @@ class SrpTest < RackTest end def logout(params=nil, headers=nil) - delete "http://api.lvh.me:3000/1/logout.json", + delete api_url("logout.json"), params || {format: :json}, headers || auth_headers end @@ -112,4 +112,12 @@ class SrpTest < RackTest rescue "" end + + def api_url(path) + "http://api.lvh.me:3000/#{api_version}/#{path}" + end + + def api_version + 2 + end end diff --git a/test/integration/api/token_auth_test.rb b/test/integration/api/token_auth_test.rb index 3b83f23..7b20b00 100644 --- a/test/integration/api/token_auth_test.rb +++ b/test/integration/api/token_auth_test.rb @@ -1,4 +1,4 @@ -require_relative '../../test_helper' +require 'test_helper' require_relative 'srp_test' class TokenAuthTest < SrpTest diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb index 16bbb8c..1492006 100644 --- a/test/integration/api/update_account_test.rb +++ b/test/integration/api/update_account_test.rb @@ -14,7 +14,7 @@ class UpdateAccountTest < SrpTest test "require token" do authenticate - put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', + put "http://api.lvh.me:3000/2/users/" + @user.id + '.json', user_params(password: "No! Verify me instead.") assert_login_required end diff --git a/test/integration/browser/account_livecycle_test.rb.orig b/test/integration/browser/account_livecycle_test.rb.orig new file mode 100644 index 0000000..d1f800b --- /dev/null +++ b/test/integration/browser/account_livecycle_test.rb.orig @@ -0,0 +1,153 @@ +require 'test_helper' + +class AccountLivecycleTest < BrowserIntegrationTest + + teardown do + Identity.destroy_all_orphaned + end + + test "signup successfully when invited" do + username, password = submit_signup + assert page.has_content?("Welcome #{username}") + click_on 'Log Out' + assert page.has_content?("Log In") + assert_equal '/', current_path + assert user = User.find_by_login(username) + user.account.destroy + end + + test "signup successfully without invitation" do + with_config invite_required: false do + + username ||= "test_#{SecureRandom.urlsafe_base64}".downcase + password ||= SecureRandom.base64 + + visit '/users/new' + fill_in 'Username', with: username + fill_in 'Password', with: password + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + + assert page.has_content?("Welcome #{username}") + end + end + + test "signup with username ending in dot json" do + username = Faker::Internet.user_name + '.json' + submit_signup username + assert page.has_content?("Welcome #{username}") + end + + test "signup with reserved username" do + username = 'certmaster' + submit_signup username + assert page.has_content?("is reserved.") + end + + test "successful login" do + username, password = submit_signup + click_on 'Log Out' + attempt_login(username, password) + assert page.has_content?("Welcome #{username}") + within('.sidenav li.active') do + assert page.has_content?("Overview") + end + User.find_by_login(username).account.destroy + end + + test "failed login" do + visit '/' + attempt_login("username", "wrong password") + assert_invalid_login(page) + end + + test "account destruction" do + username, password = submit_signup + + click_on I18n.t('account_settings') + click_on I18n.t('destroy_my_account') + assert page.has_content?(I18n.t('account_destroyed')) + assert_equal 1, Identity.by_address.key("#{username}@test.me").count + attempt_login(username, password) + assert_invalid_login(page) + end + + test "handle blocked after account destruction" do + username, password = submit_signup + click_on I18n.t('account_settings') + click_on I18n.t('destroy_my_account') + submit_signup(username) + assert page.has_content?('has already been taken') + end + + test "change pgp key" do + with_config user_actions: ['change_pgp_key'] do + pgp_key = FactoryGirl.build :pgp_key + login + click_on "Account Settings" + within('#update_pgp_key') do + fill_in 'Public key', with: pgp_key + click_on 'Save' + end + page.assert_selector 'input[value="Saving..."]' + # at some point we're done: + page.assert_no_selector 'input[value="Saving..."]' + assert page.has_field? 'Public key', with: pgp_key.to_s + @user.reload + assert_equal pgp_key, @user.public_key + end + end + +<<<<<<< HEAD:test/integration/browser/account_livecycle_test.rb +======= + + # trying to seed an invalid A for srp login + test "detects attempt to circumvent SRP" do + InviteCodeValidator.any_instance.stubs(:validate) + + user = FactoryGirl.create :user + visit '/login' + fill_in 'Username', with: user.login + fill_in 'Password', with: "password" + inject_malicious_js + click_on 'Log In' + assert page.has_content?("Invalid random key") + assert page.has_no_content?("Welcome") + user.destroy + end + + test "reports internal server errors" do + Api::UsersController.any_instance.stubs(:create).raises + submit_signup + assert page.has_content?("server failed") + end + + test "does not render signup form without js" do + Capybara.current_driver = :rack_test # no js + visit '/signup' + assert page.has_no_content?("Username") + assert page.has_no_content?("Password") + end + + test "does not render login form without js" do + Capybara.current_driver = :rack_test # no js + visit '/login' + assert page.has_no_content?("Username") + assert page.has_no_content?("Password") + end + +>>>>>>> api: allow version bumping - bump to 2:test/integration/browser/account_test.rb + def attempt_login(username, password) + click_on 'Log In' + fill_in 'Username', with: username + fill_in 'Password', with: password + click_on 'Log In' + end + + def assert_invalid_login(page) + assert page.has_selector? '.btn-primary.disabled' + assert page.has_content? I18n.t(:invalid_user_pass) + assert page.has_no_selector? '.btn-primary.disabled' + end + +end diff --git a/test/integration/browser/security_test.rb b/test/integration/browser/security_test.rb index c13acd8..825d50b 100644 --- a/test/integration/browser/security_test.rb +++ b/test/integration/browser/security_test.rb @@ -22,7 +22,7 @@ class SecurityTest < BrowserIntegrationTest end test "reports internal server errors" do - V1::UsersController.any_instance.stubs(:create).raises + Api::UsersController.any_instance.stubs(:create).raises submit_signup assert page.has_content?("server failed") end diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index 3b3481b..cea480c 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -3,6 +3,10 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest DUMMY_TOKEN = Token.new RACK_ENV = {'HTTP_AUTHORIZATION' => %Q(Token token="#{DUMMY_TOKEN.to_s}")} + def api_version + 2 + end + setup do @testcode = InviteCode.new @testcode.save! -- cgit v1.2.3 From e542a3056c27fd662ef767b6720861035f6dbb1c Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 18 May 2016 21:00:42 +0200 Subject: api: set defaults for version in routes This way we do not need to specify it all the times. In the functional tests defaults do not get added automatically. Introduced api_{get,put,post,delete} to add format and version default. One to two functional tests failing, everything else passes. --- test/functional/api/certs_controller_test.rb | 16 +++++----- test/functional/api/identities_controller_test.rb | 8 ++--- test/functional/api/messages_controller_test.rb | 14 ++++----- test/functional/api/services_controller_test.rb | 8 ++--- test/functional/api/sessions_controller_test.rb | 12 +++---- test/functional/api/smtp_certs_controller_test.rb | 10 +++--- test/functional/api/token_auth_test.rb | 8 ++--- test/functional/api/users_controller_test.rb | 38 +++++++++++------------ test/support/api_controller_test.rb | 29 +++++++++++++++++ 9 files changed, 86 insertions(+), 57 deletions(-) create mode 100644 test/support/api_controller_test.rb (limited to 'test') diff --git a/test/functional/api/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb index 137ed92..f23b4c8 100644 --- a/test/functional/api/certs_controller_test.rb +++ b/test/functional/api/certs_controller_test.rb @@ -1,11 +1,11 @@ -require_relative '../../test_helper' +require 'test_helper' -class Api::CertsControllerTest < ActionController::TestCase +class Api::CertsControllerTest < ApiControllerTest test "create unlimited cert without login" do with_config allow_anonymous_certs: true do cert = expect_cert('UNLIMITED') - post :create + api_post :create assert_response :success assert_equal cert.to_s, @response.body end @@ -15,7 +15,7 @@ class Api::CertsControllerTest < ActionController::TestCase with_config allow_limited_certs: true do login cert = expect_cert('LIMITED') - post :create + api_post :create assert_response :success assert_equal cert.to_s, @response.body end @@ -23,14 +23,14 @@ class Api::CertsControllerTest < ActionController::TestCase test "fail to create cert when disabled" do login :enabled? => false - post :create + api_post :create assert_access_denied end test "create unlimited cert" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert('UNLIMITED') - post :create + api_post :create assert_response :success assert_equal cert.to_s, @response.body end @@ -38,13 +38,13 @@ class Api::CertsControllerTest < ActionController::TestCase test "GET still works as an alias" do login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert('UNLIMITED') - get :show + api_get :show assert_response :success assert_equal cert.to_s, @response.body end test "redirect if no eip service offered" do - post :create + api_post :create assert_response :redirect end diff --git a/test/functional/api/identities_controller_test.rb b/test/functional/api/identities_controller_test.rb index e803ee7..57345c8 100644 --- a/test/functional/api/identities_controller_test.rb +++ b/test/functional/api/identities_controller_test.rb @@ -1,15 +1,15 @@ require_relative '../../test_helper' -class Api::IdentitiesControllerTest < ActionController::TestCase +class Api::IdentitiesControllerTest < ApiControllerTest test "api monitor can fetch identity" do monitor_auth do identity = FactoryGirl.create :identity - get :show, :id => identity.address, :format => 'json' + api_get :show, :id => identity.address, :format => 'json' assert_response :success assert_equal identity, assigns(:identity) - get :show, :id => "blahblahblah", :format => 'json' + api_get :show, :id => "blahblahblah", :format => 'json' assert_response :not_found end end @@ -17,7 +17,7 @@ class Api::IdentitiesControllerTest < ActionController::TestCase test "anonymous cannot fetch identity" do identity = FactoryGirl.create :identity - get :show, :id => identity.address, :format => 'json' + api_get :show, :id => identity.address, :format => 'json' assert_response :forbidden end diff --git a/test/functional/api/messages_controller_test.rb b/test/functional/api/messages_controller_test.rb index 01641d4..e586980 100644 --- a/test/functional/api/messages_controller_test.rb +++ b/test/functional/api/messages_controller_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class Api::MessagesControllerTest < ActionController::TestCase +class Api::MessagesControllerTest < ApiControllerTest setup do @user = FactoryGirl.build(:user) @@ -13,7 +13,7 @@ class Api::MessagesControllerTest < ActionController::TestCase test "get the motd" do with_config("customization_directory" => Rails.root+'test/files') do login @user - get :index, :locale => 'es' + api_get :index, :locale => 'es' body = JSON.parse(response.body) message1 = "

\"This\" is a very fine message. https://bitmask.net

\n" assert_equal 2, body.size, 'there should be two messages' @@ -24,7 +24,7 @@ class Api::MessagesControllerTest < ActionController::TestCase test "get localized motd" do with_config("customization_directory" => Rails.root+'test/files') do login @user - get :index, :locale => 'de' + api_get :index, :locale => 'de' body = JSON.parse(response.body) message1 = "

Dies ist eine sehr feine Nachricht. https://bitmask.net

\n" assert_equal message1, body.first["text"], 'first message text should match files/motd/1.de.md' @@ -33,7 +33,7 @@ class Api::MessagesControllerTest < ActionController::TestCase test "get empty motd" do login @user - get :index + api_get :index assert_equal "[]", response.body, "motd response should be empty if no motd directory exists" end @@ -58,7 +58,7 @@ class Api::MessagesControllerTest < ActionController::TestCase test "get messages for user" do login @user - get :index + api_get :index assert response.body.include? @message.text assert response.body.include? @message.id end @@ -78,7 +78,7 @@ class Api::MessagesControllerTest < ActionController::TestCase login @user put :update, :id => @message.id @message.reload - get :index + api_get :index assert !(response.body.include? @message.text) assert !(response.body.include? @message.id) end @@ -91,7 +91,7 @@ class Api::MessagesControllerTest < ActionController::TestCase end test "fails if not authenticated" do - get :index, :format => :json + api_get :index, :format => :json assert_login_required end =end diff --git a/test/functional/api/services_controller_test.rb b/test/functional/api/services_controller_test.rb index b1dc9f3..cb85edf 100644 --- a/test/functional/api/services_controller_test.rb +++ b/test/functional/api/services_controller_test.rb @@ -1,16 +1,16 @@ require 'test_helper' -class Api::ServicesControllerTest < ActionController::TestCase +class Api::ServicesControllerTest < ApiControllerTest test "anonymous user gets login required service info" do - get :show, format: :json + api_get :show, format: :json assert_json_response error: 'not_authorized_login', message: 'Please log in to perform that action.' end test "anonymous user gets vpn service info" do with_config allow_anonymous_certs: true do - get :show, format: :json + api_get :show, format: :json assert_json_response name: 'anonymous', eip_rate_limit: false, description: 'anonymous access to the VPN' @@ -19,7 +19,7 @@ class Api::ServicesControllerTest < ActionController::TestCase test "user can see their service info" do login - get :show, format: :json + api_get :show, format: :json default_level = APP_CONFIG[:default_service_level] assert_json_response APP_CONFIG[:service_levels][default_level] end diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb index 0633578..03a1ef9 100644 --- a/test/functional/api/sessions_controller_test.rb +++ b/test/functional/api/sessions_controller_test.rb @@ -3,7 +3,7 @@ require 'test_helper' # This is a simple controller unit test. # We're stubbing out both warden and srp. # There's an integration test testing the full rack stack and srp -class Api::SessionsControllerTest < ActionController::TestCase +class Api::SessionsControllerTest < ApiControllerTest setup do @request.env['HTTP_HOST'] = 'api.lvh.me' @@ -12,7 +12,7 @@ class Api::SessionsControllerTest < ActionController::TestCase end test "renders json" do - get :new, :format => :json + api_get :new, :format => :json assert_response :success assert_json_error nil end @@ -22,7 +22,7 @@ class Api::SessionsControllerTest < ActionController::TestCase strategy = stub :message => {:field => :translate_me} request.env['warden'].stubs(:winning_strategy).returns(strategy) I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") - get :new, :format => :json + api_get :new, :format => :json assert_response 422 assert_json_error :field => "translation stub" end @@ -33,7 +33,7 @@ class Api::SessionsControllerTest < ActionController::TestCase request.env['warden'].expects(:authenticate!) # make sure we don't get a template missing error: @controller.stubs(:render) - post :create, :login => @user.login, 'A' => @client_hex + api_post :create, :login => @user.login, 'A' => @client_hex end test "should authenticate" do @@ -42,7 +42,7 @@ class Api::SessionsControllerTest < ActionController::TestCase handshake = stub(:to_hash => {h: "ash"}) session[:handshake] = handshake - post :update, :id => @user.login, :client_auth => @client_hex + api_post :update, :id => @user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_response :success @@ -55,7 +55,7 @@ class Api::SessionsControllerTest < ActionController::TestCase test "destroy should logout" do login expect_logout - delete :destroy + api_delete :destroy assert_response 204 end diff --git a/test/functional/api/smtp_certs_controller_test.rb b/test/functional/api/smtp_certs_controller_test.rb index 2142675..393f090 100644 --- a/test/functional/api/smtp_certs_controller_test.rb +++ b/test/functional/api/smtp_certs_controller_test.rb @@ -1,17 +1,17 @@ require 'test_helper' -class Api::SmtpCertsControllerTest < ActionController::TestCase +class Api::SmtpCertsControllerTest < ApiControllerTest test "no smtp cert without login" do with_config allow_anonymous_certs: true do - post :create + api_post :create assert_login_required end end test "require service level with email" do login - post :create + api_post :create assert_access_denied end @@ -19,14 +19,14 @@ class Api::SmtpCertsControllerTest < ActionController::TestCase login effective_service_level: ServiceLevel.new(id: 2) cert = expect_cert(@current_user.email_address) cert.expects(:fingerprint).returns('fingerprint') - post :create + api_post :create assert_response :success assert_equal cert.to_s, @response.body end test "fail to create cert when disabled" do login :enabled? => false - post :create + api_post :create assert_access_denied end diff --git a/test/functional/api/token_auth_test.rb b/test/functional/api/token_auth_test.rb index 17a4775..c7f91c7 100644 --- a/test/functional/api/token_auth_test.rb +++ b/test/functional/api/token_auth_test.rb @@ -5,13 +5,13 @@ require 'test_helper' -class Api::TokenAuthTest < ActionController::TestCase +class Api::TokenAuthTest < ApiControllerTest tests Api::ConfigsController def test_login_via_api_token with_config(:allow_anonymous_certs => false) do monitor_auth do - get :index + api_get :index assert assigns(:token), 'should have authenticated via api token' assert assigns(:token).is_a? ApiToken assert @controller.send(:current_user).is_a? ApiMonitorUser @@ -26,10 +26,10 @@ class Api::TokenAuthTest < ActionController::TestCase with_config(new_config) do monitor_auth do request.env['REMOTE_ADDR'] = "1.1.1.1" - get :index + api_get :index assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" request.env['REMOTE_ADDR'] = allowed - get :index + api_get :index assert assigns(:token), "should have authenticated via api token" end end diff --git a/test/functional/api/users_controller_test.rb b/test/functional/api/users_controller_test.rb index bc2e312..32afd0a 100644 --- a/test/functional/api/users_controller_test.rb +++ b/test/functional/api/users_controller_test.rb @@ -1,6 +1,6 @@ -require_relative '../../test_helper' +require 'test_helper' -class Api::UsersControllerTest < ActionController::TestCase +class Api::UsersControllerTest < ApiControllerTest test "user can change settings" do user = find_record :user @@ -10,7 +10,7 @@ class Api::UsersControllerTest < ActionController::TestCase Account.expects(:new).with(user).returns(account_settings) login user - put :update, :user => changed_attribs, :id => user.id, :format => :json + api_put :update, :user => changed_attribs, :id => user.id, :format => :json assert_equal user, assigns[:user] assert_response 204 @@ -25,7 +25,7 @@ class Api::UsersControllerTest < ActionController::TestCase Account.expects(:new).with(user).returns(account_settings) login :is_admin? => true - put :update, :user => changed_attribs, :id => user.id, :format => :json + api_put :update, :user => changed_attribs, :id => user.id, :format => :json assert_equal user, assigns[:user] assert_response 204 @@ -34,7 +34,7 @@ class Api::UsersControllerTest < ActionController::TestCase test "user cannot update other user" do user = find_record :user login - put :update, id: user.id, + api_put :update, id: user.id, user: record_attributes_for(:user_with_settings), :format => :json assert_access_denied @@ -45,7 +45,7 @@ class Api::UsersControllerTest < ActionController::TestCase user = User.new(user_attribs) Account.expects(:create).with(user_attribs).returns(user) - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_nil session[:user_id] assert_json_response user @@ -59,7 +59,7 @@ class Api::UsersControllerTest < ActionController::TestCase assert !user.valid? Account.expects(:create).with(user_attribs).returns(user) - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_json_error user.errors.messages assert_response 422 @@ -67,7 +67,7 @@ class Api::UsersControllerTest < ActionController::TestCase test "admin can autocomplete users" do login :is_admin? => true - get :index, :query => 'a', :format => :json + api_get :index, :query => 'a', :format => :json assert_response :success assert assigns(:users) @@ -76,7 +76,7 @@ class Api::UsersControllerTest < ActionController::TestCase test "create returns forbidden if registration is closed" do user_attribs = record_attributes_for :user with_config(allow_registration: false) do - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_response :forbidden end end @@ -84,20 +84,20 @@ class Api::UsersControllerTest < ActionController::TestCase test "admin can show user" do user = FactoryGirl.create :user login :is_admin? => true - get :show, :id => 0, :login => user.login, :format => :json + api_get :show, :id => 0, :login => user.login, :format => :json assert_response :success assert_json_response user - get :show, :id => user.id, :format => :json + api_get :show, :id => user.id, :format => :json assert_response :success assert_json_response user - get :show, :id => "0", :format => :json + api_get :show, :id => "0", :format => :json assert_response :not_found end test "normal users cannot show user" do user = find_record :user login - get :show, :id => 0, :login => user.login, :format => :json + api_get :show, :id => 0, :login => user.login, :format => :json assert_access_denied end @@ -106,9 +106,9 @@ class Api::UsersControllerTest < ActionController::TestCase with_config(allow_registration: false, invite_required: true) do monitor_auth do user_attribs = record_attributes_for :test_user - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_response :success - delete :destroy, :id => assigns(:user).id, :format => :json + api_delete :destroy, :id => assigns(:user).id, :format => :json assert_response :success end end @@ -117,17 +117,17 @@ class Api::UsersControllerTest < ActionController::TestCase test "api monitor auth cannot create normal users" do monitor_auth do user_attribs = record_attributes_for :user - post :create, :user => user_attribs, :format => :json + api_post :create, :user => user_attribs, :format => :json assert_response :forbidden end end - test "api monitor auth cannot delete normal users" do - post :create, :user => record_attributes_for(:user), :format => :json + test "api monitor auth cannot api_delete normal users" do + api_post :create, :user => record_attributes_for(:user), :format => :json assert_response :success normal_user_id = assigns(:user).id monitor_auth do - delete :destroy, :id => normal_user_id, :format => :json + api_delete :destroy, :id => normal_user_id, :format => :json assert_response :forbidden end end diff --git a/test/support/api_controller_test.rb b/test/support/api_controller_test.rb new file mode 100644 index 0000000..06cb46a --- /dev/null +++ b/test/support/api_controller_test.rb @@ -0,0 +1,29 @@ +class ApiControllerTest < ActionController::TestCase + + def api_get(*args) + get *add_api_defaults(args) + end + + def api_post(*args) + post *add_api_defaults(args) + end + + def api_delete(*args) + delete *add_api_defaults(args) + end + + def api_put(*args) + put *add_api_defaults(args) + end + + def add_api_defaults(args) + add_defaults args, version: '2' + end + + def add_defaults(args, defaults) + opts = args.extract_options! + opts.reverse_merge! defaults + args << opts + args + end +end -- cgit v1.2.3 From f20ecdfb249128ba79da069407dce32f6f7e2fca Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 20 May 2016 11:47:38 +0200 Subject: include engine tests in default test --- test/integration/navigation_test.rb | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 test/integration/navigation_test.rb (limited to 'test') diff --git a/test/integration/navigation_test.rb b/test/integration/navigation_test.rb deleted file mode 100644 index eec8c0e..0000000 --- a/test/integration/navigation_test.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'test_helper' - -class NavigationTest < ActionDispatch::IntegrationTest - - # test "the truth" do - # assert true - # end -end - -- cgit v1.2.3 From da00a2068ae8b6129384f06baafdc039bdaab003 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 21 May 2016 06:48:31 +0200 Subject: tests: reset I18n.locale after locale_path_test Otherwise this will mess up other tests. --- test/integration/locale_path_test.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/locale_path_test.rb b/test/integration/locale_path_test.rb index 738e7f5..22293dc 100644 --- a/test/integration/locale_path_test.rb +++ b/test/integration/locale_path_test.rb @@ -21,6 +21,11 @@ require 'test_helper' # class LocalePathTest < ActionDispatch::IntegrationTest + + teardown do + I18n.locale = 'en' + end + test "redirect if accept-language is not default locale" do get_via_redirect '/', {}, 'HTTP_ACCEPT_LANGUAGE' => 'de' assert_equal '/de', path @@ -55,4 +60,4 @@ class LocalePathTest < ActionDispatch::IntegrationTest @controller.send(:default_url_options) end -end \ No newline at end of file +end -- cgit v1.2.3 From f47fc9d6522886cf81cfea26ec1f396219c539ba Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 23 May 2016 12:17:31 +0200 Subject: move signup from users to account_controller There was a lot of special case handling going on in the users_controller for this. Lot simpler this way. --- test/functional/account_controller_test.rb | 26 ++++++++++++++++++++++ test/functional/users_controller_test.rb | 22 +----------------- test/integration/browser/account_livecycle_test.rb | 2 +- .../browser/password_validation_test.rb | 8 +++---- test/support/browser_integration_test.rb | 4 ++-- 5 files changed, 34 insertions(+), 28 deletions(-) create mode 100644 test/functional/account_controller_test.rb (limited to 'test') diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb new file mode 100644 index 0000000..f5f1446 --- /dev/null +++ b/test/functional/account_controller_test.rb @@ -0,0 +1,26 @@ +require 'test_helper' + +class AccountControllerTest < ActionController::TestCase + + test "should get new" do + get :new + assert_equal User, assigns(:user).class + assert_response :success + end + + test "new should redirect logged in users" do + login + get :new + assert_response :redirect + assert_redirected_to home_path + end + + test "new redirects if registration is closed" do + with_config(allow_registration: false) do + get :new + assert_response :redirect + assert_redirected_to home_path + end + end +end + diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index 6029c83..2794422 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -1,20 +1,7 @@ -require_relative '../test_helper' +require 'test_helper' class UsersControllerTest < ActionController::TestCase - test "should get new" do - get :new - assert_equal User, assigns(:user).class - assert_response :success - end - - test "new should redirect logged in users" do - login - get :new - assert_response :redirect - assert_redirected_to home_path - end - test "failed show without login" do user = find_record :user get :show, :id => user.id @@ -163,11 +150,4 @@ class UsersControllerTest < ActionController::TestCase assert !assigns(:user).enabled? end - test "new redirects if registration is closed" do - with_config(allow_registration: false) do - get :new - assert_response :redirect - assert_redirected_to home_path - end - end end diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb index 604f456..85dbf13 100644 --- a/test/integration/browser/account_livecycle_test.rb +++ b/test/integration/browser/account_livecycle_test.rb @@ -22,7 +22,7 @@ class AccountLivecycleTest < BrowserIntegrationTest username ||= "test_#{SecureRandom.urlsafe_base64}".downcase password ||= SecureRandom.base64 - visit '/users/new' + visit '/signup' fill_in 'Username', with: username fill_in 'Password', with: password fill_in 'Password confirmation', with: password diff --git a/test/integration/browser/password_validation_test.rb b/test/integration/browser/password_validation_test.rb index 45eb0bf..51fcc5d 100644 --- a/test/integration/browser/password_validation_test.rb +++ b/test/integration/browser/password_validation_test.rb @@ -5,26 +5,26 @@ class PasswordValidationTest < BrowserIntegrationTest test "password confirmation is validated" do username ||= "test_#{SecureRandom.urlsafe_base64}".downcase password ||= SecureRandom.base64 - visit '/users/new' + visit '/signup' fill_in 'Username', with: username fill_in 'Password', with: password fill_in 'Password confirmation', with: password + "-typo" click_on 'Sign Up' assert page.has_content? "does not match." - assert_equal '/users/new', current_path + assert_equal '/signup', current_path assert page.has_selector? ".error #srp_password_confirmation" end test "password needs to be at least 8 chars long" do username ||= "test_#{SecureRandom.urlsafe_base64}".downcase password ||= SecureRandom.base64[0,7] - visit '/users/new' + visit '/signup' fill_in 'Username', with: username fill_in 'Password', with: password fill_in 'Password confirmation', with: password click_on 'Sign Up' assert page.has_content? "needs to be at least 8 characters long" - assert_equal '/users/new', current_path + assert_equal '/signup', current_path assert page.has_selector? ".error #srp_password" end end diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 84440a1..70161f9 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -52,7 +52,7 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest username ||= "test_#{SecureRandom.urlsafe_base64}".downcase password ||= SecureRandom.base64 - visit '/users/new' + visit '/signup' fill_in 'Username', with: username fill_in 'Password', with: password fill_in 'Invite code', with: @testcode.invite_code @@ -65,7 +65,7 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest username ||= "test_#{SecureRandom.urlsafe_base64}".downcase password ||= SecureRandom.base64 - visit '/users/new' + visit '/signup' fill_in 'Username', with: username fill_in 'Password', with: password fill_in 'Password confirmation', with: password -- cgit v1.2.3 From 30da8e6ffa1eefafb9762645efb85e0beed236c6 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 23 May 2016 12:53:23 +0200 Subject: fix config check in submit_signup with_config is not mean to test the current config. It will set the config. So instead we need to look into APP_CONFIG. --- test/support/browser_integration_test.rb | 33 +++++++++----------------------- 1 file changed, 9 insertions(+), 24 deletions(-) (limited to 'test') diff --git a/test/support/browser_integration_test.rb b/test/support/browser_integration_test.rb index 70161f9..1f5e3d2 100644 --- a/test/support/browser_integration_test.rb +++ b/test/support/browser_integration_test.rb @@ -47,32 +47,17 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest end def submit_signup(username = nil, password = nil) - - with_config invite_required: true do - - username ||= "test_#{SecureRandom.urlsafe_base64}".downcase - password ||= SecureRandom.base64 - visit '/signup' - fill_in 'Username', with: username - fill_in 'Password', with: password + username ||= "test_#{SecureRandom.urlsafe_base64}".downcase + password ||= SecureRandom.base64 + visit '/signup' + fill_in 'Username', with: username + fill_in 'Password', with: password + if APP_CONFIG[:invite_required] fill_in 'Invite code', with: @testcode.invite_code - fill_in 'Password confirmation', with: password - click_on 'Sign Up' - return username, password - end - - with_config invite_required: false do - - username ||= "test_#{SecureRandom.urlsafe_base64}".downcase - password ||= SecureRandom.base64 - visit '/signup' - fill_in 'Username', with: username - fill_in 'Password', with: password - fill_in 'Password confirmation', with: password - click_on 'Sign Up' - return username, password end - + fill_in 'Password confirmation', with: password + click_on 'Sign Up' + return username, password end # currently this only works for tests with poltergeist. -- cgit v1.2.3 From e2f19bcfb6dbce77746c2d61715340525b29a592 Mon Sep 17 00:00:00 2001 From: NavaL Date: Wed, 22 Jun 2016 19:17:15 +0200 Subject: [feature] expose is_admin in the user api So that whoever consumes the API can use this attribute to determine if admin functionalities should be made available to the current user. --- test/integration/api/signup_test.rb | 2 +- test/unit/user_test.rb | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb index 7216496..05a0abe 100644 --- a/test/integration/api/signup_test.rb +++ b/test/integration/api/signup_test.rb @@ -8,7 +8,7 @@ class SignupTest < SrpTest end test "signup response" do - assert_json_response :login => @login, :ok => true, :id => @user.id, :enabled => true + assert_json_response :login => @login, :ok => true, :is_admin => false, :id => @user.id, :enabled => true assert last_response.successful? end diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 9501d34..55d0648 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -71,6 +71,14 @@ class UserTest < ActiveSupport::TestCase assert_equal key, @user.public_key end + test "user to json includes id, login, valid, is_admin and enabled" do + json_content = JSON.parse @user.to_json + assert_equal @user.id, json_content["id"] + assert_equal @user.valid?, json_content["ok"] + assert_equal @user.login, json_content["login"] + assert_equal @user.enabled?, json_content["enabled"] + assert_equal @user.is_admin?, json_content["is_admin"] + end # -- cgit v1.2.3 From bf77b0b1f53753ba239ef8c2668bc76603cd96e5 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 5 Jul 2016 09:18:43 +0200 Subject: fix email unit test - need to require now --- test/unit/email_test.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'test') diff --git a/test/unit/email_test.rb b/test/unit/email_test.rb index e858bd5..739b43e 100644 --- a/test/unit/email_test.rb +++ b/test/unit/email_test.rb @@ -1,4 +1,5 @@ require 'test_helper' +require 'email' class EmailTest < ActiveSupport::TestCase -- cgit v1.2.3 From ab1917c5fe0f03e7719863a5598ad575d9fef302 Mon Sep 17 00:00:00 2001 From: NavaL Date: Thu, 14 Jul 2016 15:06:20 +0200 Subject: [feature] restrict is_admin in the user api, to only allow querying for him/herself So that it we do not expose the is_admin property to anyone else including other admins. --- test/functional/api/users_controller_test.rb | 12 ++++++++++-- test/integration/api/signup_test.rb | 2 +- test/unit/user_test.rb | 13 ++++++------- 3 files changed, 17 insertions(+), 10 deletions(-) (limited to 'test') diff --git a/test/functional/api/users_controller_test.rb b/test/functional/api/users_controller_test.rb index 32afd0a..b69770d 100644 --- a/test/functional/api/users_controller_test.rb +++ b/test/functional/api/users_controller_test.rb @@ -86,14 +86,22 @@ class Api::UsersControllerTest < ApiControllerTest login :is_admin? => true api_get :show, :id => 0, :login => user.login, :format => :json assert_response :success - assert_json_response user + assert_json_response user.to_hash api_get :show, :id => user.id, :format => :json assert_response :success - assert_json_response user + assert_json_response user.to_hash api_get :show, :id => "0", :format => :json assert_response :not_found end + test "admin can show is_admin property" do + user = FactoryGirl.create :user, login: "admin2" + login user + api_get :show, :id => user.id, :format => :json + assert_response :success + assert_json_response user.to_hash.merge(:is_admin => true) + end + test "normal users cannot show user" do user = find_record :user login diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb index 2e515c1..dc24420 100644 --- a/test/integration/api/signup_test.rb +++ b/test/integration/api/signup_test.rb @@ -8,7 +8,7 @@ class SignupTest < SrpTest end test "signup response" do - assert_json_response :login => @login, :ok => true, :is_admin => false, :id => @user.id, :enabled => true + assert_json_response :login => @login, :ok => true, :id => @user.id, :enabled => true assert last_response.successful? end diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 55d0648..02e94df 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -71,13 +71,12 @@ class UserTest < ActiveSupport::TestCase assert_equal key, @user.public_key end - test "user to json includes id, login, valid, is_admin and enabled" do - json_content = JSON.parse @user.to_json - assert_equal @user.id, json_content["id"] - assert_equal @user.valid?, json_content["ok"] - assert_equal @user.login, json_content["login"] - assert_equal @user.enabled?, json_content["enabled"] - assert_equal @user.is_admin?, json_content["is_admin"] + test "user to hash includes id, login, valid and enabled" do + hash = @user.to_hash + assert_equal @user.id, hash[:id] + assert_equal @user.valid?, hash[:ok] + assert_equal @user.login, hash[:login] + assert_equal @user.enabled?, hash[:enabled] end -- cgit v1.2.3 From bef746ae7b215db78be088657bbfaf47c774f943 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 8 Aug 2016 10:25:54 +0200 Subject: [ci] setup couch for gitlab Couch docker image will be available on the host called couchdb. So we use curl to check for it and display the version string. And then we move a couchdb.yml config file into place so the right host will be used. --- test/config/couchdb.admin.yml | 6 ------ test/config/couchdb.yml | 5 ----- test/config/gitlab/couchdb.yml | 4 ++++ test/config/travis/couchdb.admin.yml | 6 ++++++ test/config/travis/couchdb.yml | 5 +++++ test/config/travis/ruby-version | 1 + test/config/travis/setup_couch.sh | 17 +++++++++++++++++ test/travis/ruby-version | 1 - test/travis/setup_couch.sh | 17 ----------------- 9 files changed, 33 insertions(+), 29 deletions(-) delete mode 100644 test/config/couchdb.admin.yml delete mode 100644 test/config/couchdb.yml create mode 100644 test/config/gitlab/couchdb.yml create mode 100644 test/config/travis/couchdb.admin.yml create mode 100644 test/config/travis/couchdb.yml create mode 100644 test/config/travis/ruby-version create mode 100755 test/config/travis/setup_couch.sh delete mode 100644 test/travis/ruby-version delete mode 100755 test/travis/setup_couch.sh (limited to 'test') diff --git a/test/config/couchdb.admin.yml b/test/config/couchdb.admin.yml deleted file mode 100644 index 0988bc1..0000000 --- a/test/config/couchdb.admin.yml +++ /dev/null @@ -1,6 +0,0 @@ -test: - auto_update_design_doc: false - username: "anna" - password: "secret" - prefix: "" - diff --git a/test/config/couchdb.yml b/test/config/couchdb.yml deleted file mode 100644 index 9c8b67b..0000000 --- a/test/config/couchdb.yml +++ /dev/null @@ -1,5 +0,0 @@ -test: - auto_update_design_doc: false - username: "me" - password: "pwd" - prefix: "" diff --git a/test/config/gitlab/couchdb.yml b/test/config/gitlab/couchdb.yml new file mode 100644 index 0000000..5d4f71f --- /dev/null +++ b/test/config/gitlab/couchdb.yml @@ -0,0 +1,4 @@ +test: + auto_update_design_doc: false + host: "couchdb" + prefix: "" diff --git a/test/config/travis/couchdb.admin.yml b/test/config/travis/couchdb.admin.yml new file mode 100644 index 0000000..7c9584c --- /dev/null +++ b/test/config/travis/couchdb.admin.yml @@ -0,0 +1,6 @@ +test: + auto_update_design_doc: false + username: "anna" + password: "secret" + prefix: "" + diff --git a/test/config/travis/couchdb.yml b/test/config/travis/couchdb.yml new file mode 100644 index 0000000..9c8b67b --- /dev/null +++ b/test/config/travis/couchdb.yml @@ -0,0 +1,5 @@ +test: + auto_update_design_doc: false + username: "me" + password: "pwd" + prefix: "" diff --git a/test/config/travis/ruby-version b/test/config/travis/ruby-version new file mode 100644 index 0000000..68b3a4c --- /dev/null +++ b/test/config/travis/ruby-version @@ -0,0 +1 @@ +1.9.3-p551 diff --git a/test/config/travis/setup_couch.sh b/test/config/travis/setup_couch.sh new file mode 100755 index 0000000..0502c12 --- /dev/null +++ b/test/config/travis/setup_couch.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +HOST="http://localhost:5984" +echo "couch version :" +curl -X GET $HOST +echo "creating user :" +curl -HContent-Type:application/json -XPUT $HOST/_users/org.couchdb.user:me --data-binary '{"_id": "org.couchdb.user:me","name": "me","roles": [],"type": "user","password": "pwd"}' +echo "creating databases :" +curl -X PUT $HOST/sessions +curl -X PUT $HOST/users +curl -X PUT $HOST/tickets +echo "restricting database access :" +curl -X PUT $HOST/sessions/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' +curl -X PUT $HOST/users/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' +curl -X PUT $HOST/tickets/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' +echo "adding admin :" +curl -X PUT $HOST/_config/admins/anna -d '"secret"' diff --git a/test/travis/ruby-version b/test/travis/ruby-version deleted file mode 100644 index 68b3a4c..0000000 --- a/test/travis/ruby-version +++ /dev/null @@ -1 +0,0 @@ -1.9.3-p551 diff --git a/test/travis/setup_couch.sh b/test/travis/setup_couch.sh deleted file mode 100755 index 0502c12..0000000 --- a/test/travis/setup_couch.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -HOST="http://localhost:5984" -echo "couch version :" -curl -X GET $HOST -echo "creating user :" -curl -HContent-Type:application/json -XPUT $HOST/_users/org.couchdb.user:me --data-binary '{"_id": "org.couchdb.user:me","name": "me","roles": [],"type": "user","password": "pwd"}' -echo "creating databases :" -curl -X PUT $HOST/sessions -curl -X PUT $HOST/users -curl -X PUT $HOST/tickets -echo "restricting database access :" -curl -X PUT $HOST/sessions/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' -curl -X PUT $HOST/users/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' -curl -X PUT $HOST/tickets/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' -echo "adding admin :" -curl -X PUT $HOST/_config/admins/anna -d '"secret"' -- cgit v1.2.3 From 8fbe70729da1d308a118c930e8f938837484a61c Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 12 Aug 2016 17:26:51 +0200 Subject: [db] def database on users instead of use_database use_database affects all uses of prepare_database - so also the one in tmp_database. In order to avoid that we do not use_database but just overwrite the database method itself. --- test/unit/temporary_user_test.rb | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/unit/temporary_user_test.rb b/test/unit/temporary_user_test.rb index 38ccd67..2c9e70f 100644 --- a/test/unit/temporary_user_test.rb +++ b/test/unit/temporary_user_test.rb @@ -6,16 +6,37 @@ class TemporaryUserTest < ActiveSupport::TestCase InviteCodeValidator.any_instance.stubs(:validate) end - test "tmp_user saved to tmp_users" do - begin - assert User.ancestors.include?(TemporaryUser) + test "TemporaryUser concern is applied" do + assert User.ancestors.include?(TemporaryUser) + end + + test "temporary user has tmp_users as db" do + tmp_user = User.new :login => 'tmp_user_'+SecureRandom.hex(5).downcase + assert_equal 'leap_web_tmp_users', tmp_user.database.name + end + test "normal user has users as db" do + user = User.new :login => 'a'+SecureRandom.hex(5).downcase + assert_equal 'leap_web_users', user.database.name + end + + test "user saved to users" do + begin assert_difference('User.database.info["doc_count"]') do normal_user = User.create!(:login => 'a'+SecureRandom.hex(5).downcase, :password_verifier => 'ABCDEF0010101', :password_salt => 'ABCDEF') refute normal_user.database.to_s.include?('tmp') end + ensure + begin + normal_user.destroy + rescue + end + end + end + test "tmp_user saved to tmp_users" do + begin assert_difference('User.tmp_database.info["doc_count"]') do tmp_user = User.create!(:login => 'tmp_user_'+SecureRandom.hex(5).downcase, :password_verifier => 'ABCDEF0010101', :password_salt => 'ABCDEF') @@ -23,7 +44,6 @@ class TemporaryUserTest < ActiveSupport::TestCase end ensure begin - normal_user.destroy tmp_user.destroy rescue end -- cgit v1.2.3 From 75c037e5d6d8b8f2b98477bdd0359f5687bd7517 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 12 Aug 2016 23:10:50 +0200 Subject: [ci] use default db prefix on gitlab and travis This makes writing the tests for database names easier as they should be the same strings on gitlab, travis and locally. --- test/config/gitlab/couchdb.yml | 1 - test/config/travis/couchdb.admin.yml | 1 - test/config/travis/couchdb.yml | 1 - 3 files changed, 3 deletions(-) (limited to 'test') diff --git a/test/config/gitlab/couchdb.yml b/test/config/gitlab/couchdb.yml index 5d4f71f..68761dc 100644 --- a/test/config/gitlab/couchdb.yml +++ b/test/config/gitlab/couchdb.yml @@ -1,4 +1,3 @@ test: auto_update_design_doc: false host: "couchdb" - prefix: "" diff --git a/test/config/travis/couchdb.admin.yml b/test/config/travis/couchdb.admin.yml index 7c9584c..a7677f9 100644 --- a/test/config/travis/couchdb.admin.yml +++ b/test/config/travis/couchdb.admin.yml @@ -2,5 +2,4 @@ test: auto_update_design_doc: false username: "anna" password: "secret" - prefix: "" diff --git a/test/config/travis/couchdb.yml b/test/config/travis/couchdb.yml index 9c8b67b..a57b888 100644 --- a/test/config/travis/couchdb.yml +++ b/test/config/travis/couchdb.yml @@ -2,4 +2,3 @@ test: auto_update_design_doc: false username: "me" password: "pwd" - prefix: "" -- cgit v1.2.3 From 58c63cac98cdacc6ec7230e1133bcb35f0f22582 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Aug 2016 11:31:40 +0200 Subject: [ci] move configs into config dir --- test/config/README | 17 ----------------- test/config/gitlab/couchdb.yml | 3 --- test/config/travis/couchdb.admin.yml | 5 ----- test/config/travis/couchdb.yml | 4 ---- test/config/travis/ruby-version | 1 - test/config/travis/setup_couch.sh | 17 ----------------- 6 files changed, 47 deletions(-) delete mode 100644 test/config/README delete mode 100644 test/config/gitlab/couchdb.yml delete mode 100644 test/config/travis/couchdb.admin.yml delete mode 100644 test/config/travis/couchdb.yml delete mode 100644 test/config/travis/ruby-version delete mode 100755 test/config/travis/setup_couch.sh (limited to 'test') diff --git a/test/config/README b/test/config/README deleted file mode 100644 index 58e37b2..0000000 --- a/test/config/README +++ /dev/null @@ -1,17 +0,0 @@ -These files are used for Travis tests to test admin and user permissions: - -couchdb.yml.admin: - - when activated, leap_web has admin permissions (e.g. ability to create - databases, upload design docs). - -couchdb.yml.user: - - when activited, leap_web has normal permissions (e.g. can modify all the - records). - -The term 'user' here is misleading. It is really two different types of admin -permissions. - -Rails or rake must be run with 'test' environment for these configs to be -used. diff --git a/test/config/gitlab/couchdb.yml b/test/config/gitlab/couchdb.yml deleted file mode 100644 index 68761dc..0000000 --- a/test/config/gitlab/couchdb.yml +++ /dev/null @@ -1,3 +0,0 @@ -test: - auto_update_design_doc: false - host: "couchdb" diff --git a/test/config/travis/couchdb.admin.yml b/test/config/travis/couchdb.admin.yml deleted file mode 100644 index a7677f9..0000000 --- a/test/config/travis/couchdb.admin.yml +++ /dev/null @@ -1,5 +0,0 @@ -test: - auto_update_design_doc: false - username: "anna" - password: "secret" - diff --git a/test/config/travis/couchdb.yml b/test/config/travis/couchdb.yml deleted file mode 100644 index a57b888..0000000 --- a/test/config/travis/couchdb.yml +++ /dev/null @@ -1,4 +0,0 @@ -test: - auto_update_design_doc: false - username: "me" - password: "pwd" diff --git a/test/config/travis/ruby-version b/test/config/travis/ruby-version deleted file mode 100644 index 68b3a4c..0000000 --- a/test/config/travis/ruby-version +++ /dev/null @@ -1 +0,0 @@ -1.9.3-p551 diff --git a/test/config/travis/setup_couch.sh b/test/config/travis/setup_couch.sh deleted file mode 100755 index 0502c12..0000000 --- a/test/config/travis/setup_couch.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -HOST="http://localhost:5984" -echo "couch version :" -curl -X GET $HOST -echo "creating user :" -curl -HContent-Type:application/json -XPUT $HOST/_users/org.couchdb.user:me --data-binary '{"_id": "org.couchdb.user:me","name": "me","roles": [],"type": "user","password": "pwd"}' -echo "creating databases :" -curl -X PUT $HOST/sessions -curl -X PUT $HOST/users -curl -X PUT $HOST/tickets -echo "restricting database access :" -curl -X PUT $HOST/sessions/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' -curl -X PUT $HOST/users/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' -curl -X PUT $HOST/tickets/_security -Hcontent-type:application/json --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}' -echo "adding admin :" -curl -X PUT $HOST/_config/admins/anna -d '"secret"' -- cgit v1.2.3 From 20bb76848b852bba9ab3c99b1c2a68464585bd56 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 17 Aug 2016 16:11:46 +0200 Subject: bugfix: send 406 if an unexpected format is asked for It used to run the action and then trigger a 500 because the template was not found. fixes !3 . --- test/functional/home_controller_test.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 test/functional/home_controller_test.rb (limited to 'test') diff --git a/test/functional/home_controller_test.rb b/test/functional/home_controller_test.rb new file mode 100644 index 0000000..cafaac5 --- /dev/null +++ b/test/functional/home_controller_test.rb @@ -0,0 +1,16 @@ +require 'test_helper' + +class HomeControllerTest < ActionController::TestCase + + def test_renders_okay + get :index + assert_response :success + end + + def test_other_formats_trigger_406 + assert_raises ActionController::UnknownFormat do + get :index, format: :xml + end + end + +end -- cgit v1.2.3 From fbad882075e745ab7afbe5f89c67544fb3c607c3 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 18 Aug 2016 11:00:16 +0200 Subject: respond_to on a per controller basis If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves. --- test/functional/api/certs_controller_test.rb | 6 ++++++ test/functional/api/sessions_controller_test.rb | 3 ++- test/integration/api/smtp_cert_test.rb | 12 +++--------- test/support/api_controller_test.rb | 2 +- test/support/api_integration_test.rb | 14 ++++++++------ 5 files changed, 20 insertions(+), 17 deletions(-) (limited to 'test') diff --git a/test/functional/api/certs_controller_test.rb b/test/functional/api/certs_controller_test.rb index f23b4c8..25ceb8e 100644 --- a/test/functional/api/certs_controller_test.rb +++ b/test/functional/api/certs_controller_test.rb @@ -57,4 +57,10 @@ class Api::CertsControllerTest < ApiControllerTest returns(cert) return cert end + + # overwrite defaults from ApiController because we don't do json here. + def add_api_defaults(args) + add_defaults args, version: '2' + end + end diff --git a/test/functional/api/sessions_controller_test.rb b/test/functional/api/sessions_controller_test.rb index 03a1ef9..06a3c22 100644 --- a/test/functional/api/sessions_controller_test.rb +++ b/test/functional/api/sessions_controller_test.rb @@ -44,7 +44,8 @@ class Api::SessionsControllerTest < ApiControllerTest api_post :update, :id => @user.login, :client_auth => @client_hex - assert_nil session[:handshake] + assert_nil session[:handshake], + 'session should be cleared to prevent session fixation attacks' assert_response :success assert json_response.keys.include?("id") assert json_response.keys.include?("token") diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index 53382c1..3adddfd 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -3,13 +3,8 @@ require 'openssl' class SmtpCertTest < ApiIntegrationTest - setup do - @testcode = InviteCode.new - @testcode.save! - end - test "retrieve smtp cert" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -20,7 +15,7 @@ class SmtpCertTest < ApiIntegrationTest end test "cert and key" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -32,7 +27,7 @@ class SmtpCertTest < ApiIntegrationTest end test "fingerprint is stored with identity" do - @user = FactoryGirl.create :user, effective_service_level_code: 2, :invite_code => @testcode.invite_code + @user = create_invited_user effective_service_level_code: 2 login post smtp_cert_url, {}, RACK_ENV assert_text_response @@ -46,7 +41,6 @@ class SmtpCertTest < ApiIntegrationTest end test "fetching smtp certs requires email account" do - login post smtp_cert_url, {}, RACK_ENV assert_access_denied diff --git a/test/support/api_controller_test.rb b/test/support/api_controller_test.rb index 06cb46a..97d86fc 100644 --- a/test/support/api_controller_test.rb +++ b/test/support/api_controller_test.rb @@ -17,7 +17,7 @@ class ApiControllerTest < ActionController::TestCase end def add_api_defaults(args) - add_defaults args, version: '2' + add_defaults args, version: '2', format: :json end def add_defaults(args, defaults) diff --git a/test/support/api_integration_test.rb b/test/support/api_integration_test.rb index cea480c..7942558 100644 --- a/test/support/api_integration_test.rb +++ b/test/support/api_integration_test.rb @@ -7,13 +7,8 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest 2 end - setup do - @testcode = InviteCode.new - @testcode.save! - end - def login(user = nil) - @user ||= user ||= FactoryGirl.create(:user, :invite_code => @testcode.invite_code) + @user ||= user ||= create_invited_user # DUMMY_TOKEN will be frozen. So let's use a dup @token ||= DUMMY_TOKEN.dup # make sure @token is up to date if it already exists @@ -23,6 +18,13 @@ class ApiIntegrationTest < ActionDispatch::IntegrationTest @token.save end + def create_invited_user(options = {}) + @testcode = InviteCode.new + @testcode.save! + options.reverse_merge! invite_code: @testcode.invite_code + FactoryGirl.create :user, options + end + teardown do if @user && @user.persisted? @user.destroy_identities -- cgit v1.2.3