From 67f17e65b9e9e8ad2991b9c4002dba5203baa77f Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 11:13:10 +0100
Subject: refactor tests to ease the testing of token only auth

---
 users/test/integration/api/srp_test.rb | 83 ++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 users/test/integration/api/srp_test.rb

(limited to 'users/test/integration/api/srp_test.rb')

diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb
new file mode 100644
index 0000000..b291269
--- /dev/null
+++ b/users/test/integration/api/srp_test.rb
@@ -0,0 +1,83 @@
+class SrpTest < RackTest
+
+  teardown do
+    if @user
+      cleanup_user
+    end
+    Warden.test_reset!
+  end
+
+  # this test wraps the api and implements the interface the ruby-srp client.
+  def handshake(login, aa)
+    post "http://api.lvh.me:3000/1/sessions.json",
+      :login => login,
+      'A' => aa,
+      :format => :json
+    response = JSON.parse(last_response.body)
+    if response['errors']
+      raise RECORD_NOT_FOUND.new(response['errors'])
+    else
+      return response['B']
+    end
+  end
+
+  def validate(m)
+    put "http://api.lvh.me:3000/1/sessions/" + @login + '.json',
+      :client_auth => m,
+      :format => :json
+    return JSON.parse(last_response.body)
+  end
+
+  protected
+
+  attr_reader :server_auth
+
+  def register_user(login = "integration_test_user", password = 'srp, verify me!')
+    cleanup_user(login)
+    post 'http://api.lvh.me:3000/1/users.json',
+      user: user_params(login: login, password: password),
+      format: :json
+    @user = User.find_by_login(login)
+    @login = login
+    @password = password
+  end
+
+  def update_user(params)
+    put "http://api.lvh.me:3000/1/users/" + @user.id + '.json',
+      :user => user_params(params),
+      :format => :json
+  end
+
+  def authenticate(params = nil)
+    @server_auth = srp(params).authenticate(self)
+  end
+
+  def cleanup_user(login = nil)
+    login ||= @user.login
+    Identity.by_address.key(login + '@' + APP_CONFIG[:domain]).each do |identity|
+      identity.destroy
+    end
+    if user = User.find_by_login(login)
+      user.destroy
+    end
+  end
+
+  def user_params(params)
+    # if there is no srp magic needed just return the params
+    return params unless params.keys.include?(:password)
+    params.reverse_merge! login: @login, salt: @salt
+    @srp = SRP::Client.new params[:login], password: params.delete(:password)
+    @salt = srp.salt.to_s(16)
+    params.merge :password_verifier => srp.verifier.to_s(16),
+      :password_salt => @salt
+  end
+
+  def srp(params = nil)
+    if params.nil?
+      @srp
+    else
+      params.reverse_merge! password: @password
+      SRP::Client.new(params.delete(:login) || @login, params)
+    end
+  end
+end
-- 
cgit v1.2.3


From 758b9a3c30a73fd985943fb7a887f0373be3a833 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 12:29:08 +0100
Subject: split up and expand account integration test

---
 users/test/integration/api/srp_test.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'users/test/integration/api/srp_test.rb')

diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb
index b291269..bb24f5f 100644
--- a/users/test/integration/api/srp_test.rb
+++ b/users/test/integration/api/srp_test.rb
@@ -52,6 +52,11 @@ class SrpTest < RackTest
     @server_auth = srp(params).authenticate(self)
   end
 
+  def logout
+    delete "http://api.lvh.me:3000/1/logout.json",
+      format: :json
+  end
+
   def cleanup_user(login = nil)
     login ||= @user.login
     Identity.by_address.key(login + '@' + APP_CONFIG[:domain]).each do |identity|
-- 
cgit v1.2.3


From cbd757cf151cd61bfdd5637d09f43e4831fec3bb Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 16:15:46 +0100
Subject: require token when updating user via API

---
 users/test/integration/api/srp_test.rb | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

(limited to 'users/test/integration/api/srp_test.rb')

diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb
index bb24f5f..fcda187 100644
--- a/users/test/integration/api/srp_test.rb
+++ b/users/test/integration/api/srp_test.rb
@@ -35,8 +35,7 @@ class SrpTest < RackTest
   def register_user(login = "integration_test_user", password = 'srp, verify me!')
     cleanup_user(login)
     post 'http://api.lvh.me:3000/1/users.json',
-      user: user_params(login: login, password: password),
-      format: :json
+      user_params(login: login, password: password)
     @user = User.find_by_login(login)
     @login = login
     @password = password
@@ -44,14 +43,25 @@ class SrpTest < RackTest
 
   def update_user(params)
     put "http://api.lvh.me:3000/1/users/" + @user.id + '.json',
-      :user => user_params(params),
-      :format => :json
+      user_params(params),
+      auth_headers
   end
 
   def authenticate(params = nil)
     @server_auth = srp(params).authenticate(self)
   end
 
+  def auth_headers
+    return {} if @server_auth.nil?
+    {
+      "HTTP_AUTHORIZATION" => encoded_token
+    }
+  end
+
+  def encoded_token
+    ActionController::HttpAuthentication::Token.encode_credentials(server_auth["token"])
+  end
+
   def logout
     delete "http://api.lvh.me:3000/1/logout.json",
       format: :json
@@ -68,12 +78,17 @@ class SrpTest < RackTest
   end
 
   def user_params(params)
-    # if there is no srp magic needed just return the params
-    return params unless params.keys.include?(:password)
+    if params.keys.include?(:password)
+      srp_process_password(params)
+    end
+    return { user: params, format: :json }
+  end
+
+  def srp_process_password(params)
     params.reverse_merge! login: @login, salt: @salt
     @srp = SRP::Client.new params[:login], password: params.delete(:password)
     @salt = srp.salt.to_s(16)
-    params.merge :password_verifier => srp.verifier.to_s(16),
+    params.merge! :password_verifier => srp.verifier.to_s(16),
       :password_salt => @salt
   end
 
-- 
cgit v1.2.3


From c8fcd0d26c3ad5c1c3cfbaf6b57239f907925ed6 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 8 Feb 2014 16:20:37 +0100
Subject: require token when logging out via API

---
 users/test/integration/api/srp_test.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'users/test/integration/api/srp_test.rb')

diff --git a/users/test/integration/api/srp_test.rb b/users/test/integration/api/srp_test.rb
index fcda187..946450e 100644
--- a/users/test/integration/api/srp_test.rb
+++ b/users/test/integration/api/srp_test.rb
@@ -62,9 +62,10 @@ class SrpTest < RackTest
     ActionController::HttpAuthentication::Token.encode_credentials(server_auth["token"])
   end
 
-  def logout
+  def logout(params=nil, headers=nil)
     delete "http://api.lvh.me:3000/1/logout.json",
-      format: :json
+      params || {format: :json},
+      headers || auth_headers
   end
 
   def cleanup_user(login = nil)
-- 
cgit v1.2.3