From ebbfe3d77efddbe8f97fa82c171632ac4cfcf6da Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 27 Sep 2012 22:39:08 +0200 Subject: added in leap web users - one repo to rule them all --- users/test/integration/.gitkeep | 0 users/test/integration/api/Readme.md | 23 ++++++++ users/test/integration/api/account_flow_test.rb | 69 ++++++++++++++++++++++ .../integration/api/python/login_wrong_username.py | 19 ++++++ users/test/integration/api/python/signup.py | 20 +++++++ .../integration/api/python/signup_and_login.py | 48 +++++++++++++++ .../api/python/signup_and_login_wrong_password.py | 43 ++++++++++++++ users/test/integration/navigation_test.rb | 9 +++ 8 files changed, 231 insertions(+) create mode 100644 users/test/integration/.gitkeep create mode 100644 users/test/integration/api/Readme.md create mode 100644 users/test/integration/api/account_flow_test.rb create mode 100755 users/test/integration/api/python/login_wrong_username.py create mode 100755 users/test/integration/api/python/signup.py create mode 100755 users/test/integration/api/python/signup_and_login.py create mode 100755 users/test/integration/api/python/signup_and_login_wrong_password.py create mode 100644 users/test/integration/navigation_test.rb (limited to 'users/test/integration') diff --git a/users/test/integration/.gitkeep b/users/test/integration/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/users/test/integration/api/Readme.md b/users/test/integration/api/Readme.md new file mode 100644 index 0000000..3a91f3d --- /dev/null +++ b/users/test/integration/api/Readme.md @@ -0,0 +1,23 @@ +API tests +========== + + +Testing the restful api from a simple python client as that's what we'll be using. + +This test so far mostly demoes the API. We have no SRP calc in there. + +TODO: keep track of the cookies during login. The server uses the session to keep track of the random numbers A and B. + +The output of signup_and_login_wrong_password pretty well describes the SRP API: + +``` +POST: http://localhost:9292/users.json + {"user[password_salt]": "54321", "user[password_verifier]": "12345", "user[login]": "SWQ055"} + -> {"password_salt":"54321","login":"SWQ055"} +POST: http://localhost:9292/sessions + {"A": "12345", "login": "SWQ055"} + -> {"B":"1778367531e93a4c7713c76f67649f35a4211ebc520926ae8c3848cd66171651"} +PUT: http://localhost:9292/sessions/SWQ055 + {"M": "123ABC"} + -> {"field":"password","error":"wrong password"} +``` diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb new file mode 100644 index 0000000..e20bcf6 --- /dev/null +++ b/users/test/integration/api/account_flow_test.rb @@ -0,0 +1,69 @@ +require 'test_helper' + +class AccountFlowTest < ActionDispatch::IntegrationTest + + # this test wraps the api and implements the interface the ruby-srp client. + def handshake(login, aa) + post "sessions", :login => login, 'A' => aa.to_s(16) + assert_response :success + response = JSON.parse(@response.body) + if response['errors'] + raise RECORD_NOT_FOUND.new(response['errors']) + else + return response['B'].hex + end + end + + def validate(m) + put "sessions/" + @login, :client_auth => m.to_s(16) + assert_response :success + return JSON.parse(@response.body) + end + + def setup + @login = "integration_test_user" + User.find_by_login(@login).tap{|u| u.destroy if u} + @password = "srp, verify me!" + @srp = SRP::Client.new(@login, @password) + @user_params = { + :login => @login, + :password_verifier => @srp.verifier.to_s(16), + :password_salt => @srp.salt.to_s(16) + } + end + + def teardown + @user.destroy if @user # make sure we can run this test again + end + + test "signup and login with srp via api" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + server_auth = @srp.authenticate(self, @login, @password) + assert_nil server_auth["errors"] + assert server_auth["M2"] + end + + test "signup and wrong password login attempt" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + server_auth = @srp.authenticate(self, @login, "wrong password") + assert_equal ["wrong password"], server_auth["errors"]['password'] + assert_nil server_auth["M2"] + end + + test "signup and wrong username login attempt" do + post '/users.json', :user => @user_params + @user = User.find_by_param(@login) + assert_json_response @user_params.slice(:login, :password_salt) + assert_response :success + assert_raises RECORD_NOT_FOUND do + server_auth = @srp.authenticate(self, "wronglogin", @password) + end + end + +end diff --git a/users/test/integration/api/python/login_wrong_username.py b/users/test/integration/api/python/login_wrong_username.py new file mode 100755 index 0000000..390f250 --- /dev/null +++ b/users/test/integration/api/python/login_wrong_username.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python + +server = 'http://localhost:3000' + +import requests +import json +import string +import random + +def id_generator(size=6, chars=string.ascii_uppercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + +params = { + 'login': 'python_test_user_'+id_generator(), + 'A': '12345', + } +r = requests.post(server + '/sessions', data = params) +print r.url +print r.text diff --git a/users/test/integration/api/python/signup.py b/users/test/integration/api/python/signup.py new file mode 100755 index 0000000..0d3a4e0 --- /dev/null +++ b/users/test/integration/api/python/signup.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python + +server = 'http://localhost:3000' + +import requests +import json +import string +import random + +def id_generator(size=6, chars=string.ascii_uppercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + +user_params = { + 'user[login]': 'python_test_user_'+id_generator(), + 'user[password_verifier]': '12345', + 'user[password_salt]': '54321' + } +r = requests.post(server + '/users.json', data = user_params) +print r.url +print r.text diff --git a/users/test/integration/api/python/signup_and_login.py b/users/test/integration/api/python/signup_and_login.py new file mode 100755 index 0000000..2d79688 --- /dev/null +++ b/users/test/integration/api/python/signup_and_login.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +# FAILS +# +# This test is currently failing for me because the session is not kept. +# Played with it a bunch - is probably messed up right now as well. + + +server = 'http://localhost:3000' + +import requests +import json +import string +import random + +def id_generator(size=6, chars=string.ascii_uppercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + +def print_and_parse(response): + print response.request.method + ': ' + response.url + print " " + json.dumps(response.request.data) + print " -> " + response.text + print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies)) + return json.loads(response.text) + +def signup(session): + user_params = { + 'user[login]': id_generator(), + 'user[password_verifier]': '12345', + 'user[password_salt]': '54321' + } + return session.post(server + '/users.json', data = user_params) + +def authenticate(session, login): + params = { + 'login': login, + 'A': '12345', + } + init = session.post(server + '/sessions', data = params) + cookies = requests.utils.dict_from_cookiejar(init.cookies) + init = session.post(server + '/sessions', data = params, cookies = cookies) + print "(%) " + json.dumps(cookies) + return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}, cookies = cookies) + +session = requests.session() +user = print_and_parse(signup(session)) +# SRP signup would happen here and calculate M hex +auth = print_and_parse(authenticate(session, user['login'])) diff --git a/users/test/integration/api/python/signup_and_login_wrong_password.py b/users/test/integration/api/python/signup_and_login_wrong_password.py new file mode 100755 index 0000000..9efffa1 --- /dev/null +++ b/users/test/integration/api/python/signup_and_login_wrong_password.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python + +server = 'http://localhost:9292' + +import requests +import json +import string +import random + +def id_generator(size=6, chars=string.ascii_uppercase + string.digits): + return ''.join(random.choice(chars) for x in range(size)) + +def print_and_parse(response): + print response.request.method + ': ' + response.url + print " " + json.dumps(response.request.data) + print " -> " + response.text +# print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies)) + return json.loads(response.text) + +def signup(): + user_params = { + 'user[login]': id_generator(), + 'user[password_verifier]': '12345', + 'user[password_salt]': '54321' + } + return requests.post(server + '/users.json', data = user_params) + +def handshake(login): + params = { + 'login': login, + 'A': '12345', + } + return requests.post(server + '/sessions', data = params) + +def authenticate(login, M): + return requests.put(server + '/sessions/' + login, data = {'M': M}) + + +user = print_and_parse(signup()) +handshake = print_and_parse(handshake(user['login'])) +# SRP signup would happen here and calculate M hex +M = '123ABC' +auth = print_and_parse(authenticate(user['login'], M)) diff --git a/users/test/integration/navigation_test.rb b/users/test/integration/navigation_test.rb new file mode 100644 index 0000000..eec8c0e --- /dev/null +++ b/users/test/integration/navigation_test.rb @@ -0,0 +1,9 @@ +require 'test_helper' + +class NavigationTest < ActionDispatch::IntegrationTest + + # test "the truth" do + # assert true + # end +end + -- cgit v1.2.3