From 67f17e65b9e9e8ad2991b9c4002dba5203baa77f Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 11:13:10 +0100
Subject: refactor tests to ease the testing of token only auth

---
 users/test/integration/api/srp_test.rb | 83 ++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 users/test/integration/api/srp_test.rb

(limited to 'users/test/integration/api/srp_test.rb')

diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb
new file mode 100644
index 0000000..b291269
--- /dev/null
+++ b/users/test/integration/api/srp_test.rb
@@ -0,0 +1,83 @@
+class SrpTest < RackTest
+
+  teardown do
+    if @user
+      cleanup_user
+    end
+    Warden.test_reset!
+  end
+
+  # this test wraps the api and implements the interface the ruby-srp client.
+  def handshake(login, aa)
+    post "http://api.lvh.me:3000/1/sessions.json",
+      :login => login,
+      'A' => aa,
+      :format => :json
+    response = JSON.parse(last_response.body)
+    if response['errors']
+      raise RECORD_NOT_FOUND.new(response['errors'])
+    else
+      return response['B']
+    end
+  end
+
+  def validate(m)
+    put "http://api.lvh.me:3000/1/sessions/" + @login + '.json',
+      :client_auth => m,
+      :format => :json
+    return JSON.parse(last_response.body)
+  end
+
+  protected
+
+  attr_reader :server_auth
+
+  def register_user(login = "integration_test_user", password = 'srp, verify me!')
+    cleanup_user(login)
+    post 'http://api.lvh.me:3000/1/users.json',
+      user: user_params(login: login, password: password),
+      format: :json
+    @user = User.find_by_login(login)
+    @login = login
+    @password = password
+  end
+
+  def update_user(params)
+    put "http://api.lvh.me:3000/1/users/" + @user.id + '.json',
+      :user => user_params(params),
+      :format => :json
+  end
+
+  def authenticate(params = nil)
+    @server_auth = srp(params).authenticate(self)
+  end
+
+  def cleanup_user(login = nil)
+    login ||= @user.login
+    Identity.by_address.key(login + '@' + APP_CONFIG[:domain]).each do |identity|
+      identity.destroy
+    end
+    if user = User.find_by_login(login)
+      user.destroy
+    end
+  end
+
+  def user_params(params)
+    # if there is no srp magic needed just return the params
+    return params unless params.keys.include?(:password)
+    params.reverse_merge! login: @login, salt: @salt
+    @srp = SRP::Client.new params[:login], password: params.delete(:password)
+    @salt = srp.salt.to_s(16)
+    params.merge :password_verifier => srp.verifier.to_s(16),
+      :password_salt => @salt
+  end
+
+  def srp(params = nil)
+    if params.nil?
+      @srp
+    else
+      params.reverse_merge! password: @password
+      SRP::Client.new(params.delete(:login) || @login, params)
+    end
+  end
+end
-- 
cgit v1.2.3