From 62c48c5a14ea0c1221216c3e40eb82ef594f2771 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 2 Apr 2013 14:20:55 +0200 Subject: send salt on Session#create without srp ephemeral A --- users/test/functional/v1/sessions_controller_test.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'users/test') diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb index be085ce..535da52 100644 --- a/users/test/functional/v1/sessions_controller_test.rb +++ b/users/test/functional/v1/sessions_controller_test.rb @@ -7,7 +7,7 @@ class V1::SessionsControllerTest < ActionController::TestCase setup do @request.env['HTTP_HOST'] = 'api.lvh.me' - @user = stub :login => "me", :id => 123 + @user = stub_record :user @client_hex = 'a123' end @@ -36,6 +36,15 @@ class V1::SessionsControllerTest < ActionController::TestCase post :create, :login => @user.login, 'A' => @client_hex end + test "should send salt" do + User.expects(:find_by_login).with(@user.login).returns(@user) + + post :create, :login => @user.login + + assert_equal @user, assigns(:user) + assert_json_response salt: @user.salt + end + test "should authorize" do request.env['warden'].expects(:authenticate!) @controller.expects(:current_user).returns(@user) -- cgit v1.2.3 From d781dbdd61d1d24ec4828859a28815b55310154d Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 2 Apr 2013 16:56:11 +0200 Subject: send more meaningful error message on completely failed login attempt --- users/test/functional/sessions_controller_test.rb | 11 ++++++++-- .../test/functional/v1/sessions_controller_test.rb | 16 -------------- users/test/integration/api/account_flow_test.rb | 6 ++++-- users/test/integration/api/login_test.rb | 25 ++++++++++++++++++++++ 4 files changed, 38 insertions(+), 20 deletions(-) create mode 100644 users/test/integration/api/login_test.rb (limited to 'users/test') diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index f99c0d7..b22c3a3 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -11,7 +11,6 @@ class SessionsControllerTest < ActionController::TestCase end test "should get login screen" do - request.env['warden'].expects(:winning_strategy) get :new assert_response :success assert_equal "text/html", response.content_type @@ -19,13 +18,13 @@ class SessionsControllerTest < ActionController::TestCase end test "renders json" do - request.env['warden'].expects(:winning_strategy) get :new, :format => :json assert_response :success assert_json_error nil end test "renders warden errors" do + request.env['warden.options'] = {attempted_path: '/1/sessions/asdf.json'} strategy = stub :message => {:field => :translate_me} request.env['warden'].stubs(:winning_strategy).returns(strategy) I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") @@ -34,6 +33,14 @@ class SessionsControllerTest < ActionController::TestCase assert_json_error :field => "translation stub" end + test "renders failed attempt message" do + request.env['warden.options'] = {attempted_path: '/1/sessions/asdf.json'} + request.env['warden'].stubs(:winning_strategy).returns(nil) + get :new, :format => :json + assert_response 422 + assert_json_error :login => I18n.t(:all_strategies_failed) + end + # Warden takes care of parsing the params and # rendering the response. So not much to test here. test "should perform handshake" do diff --git a/users/test/functional/v1/sessions_controller_test.rb b/users/test/functional/v1/sessions_controller_test.rb index 535da52..1226c9d 100644 --- a/users/test/functional/v1/sessions_controller_test.rb +++ b/users/test/functional/v1/sessions_controller_test.rb @@ -11,22 +11,6 @@ class V1::SessionsControllerTest < ActionController::TestCase @client_hex = 'a123' end - test "renders json" do - request.env['warden'].expects(:winning_strategy) - get :new, :format => :json - assert_response :success - assert_json_error nil - end - - test "renders warden errors" do - strategy = stub :message => {:field => :translate_me} - request.env['warden'].stubs(:winning_strategy).returns(strategy) - I18n.expects(:t).with(:translate_me).at_least_once.returns("translation stub") - get :new, :format => :json - assert_response 422 - assert_json_error :field => "translation stub" - end - # Warden takes care of parsing the params and # rendering the response. So not much to test here. test "should perform handshake" do diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index e618541..d1a97e9 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -75,7 +75,8 @@ class AccountFlowTest < ActiveSupport::TestCase test "signup and wrong password login attempt" do srp = SRP::Client.new @login, :password => "wrong password" server_auth = srp.authenticate(self) - assert_json_error({:login => "Not a valid username/password combination", :password => "Not a valid username/password combination"}) + assert_json_error login: "Not a valid username/password combination", + password: "Not a valid username/password combination" assert !last_response.successful? assert_nil server_auth["M2"] end @@ -86,7 +87,8 @@ class AccountFlowTest < ActiveSupport::TestCase assert_raises RECORD_NOT_FOUND do server_auth = srp.authenticate(self) end - assert_json_error({:login => "Not a valid username/password combination", :password => "Not a valid username/password combination"}) + assert_json_error login: "Not a valid username/password combination", + password: "Not a valid username/password combination" assert !last_response.successful? assert_nil server_auth end diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb new file mode 100644 index 0000000..ba82c8e --- /dev/null +++ b/users/test/integration/api/login_test.rb @@ -0,0 +1,25 @@ +require 'test_helper' + +CONFIG_RU = (Rails.root + 'config.ru').to_s +OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first + +class AccountFlowTest < ActiveSupport::TestCase + include Rack::Test::Methods + include Warden::Test::Helpers + include LeapWebCore::AssertResponses + + def app + OUTER_APP + end + + def setup + @login = "integration_test_user" + end + + test "require json requests" do + put "http://api.lvh.me:3000/1/sessions/" + @login, + :client_auth => "This is not a valid login anyway" + assert_json_error login: I18n.t(:all_strategies_failed) + end + +end -- cgit v1.2.3 From f4172ac9ea7a484659fa2019119533bc9569880f Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 3 Apr 2013 11:21:00 +0200 Subject: fixed tests to use setup and teardown blocks --- users/test/integration/api/account_flow_test.rb | 17 ++++------------- users/test/integration/api/login_test.rb | 15 +++------------ 2 files changed, 7 insertions(+), 25 deletions(-) (limited to 'users/test') diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index d1a97e9..1698105 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -1,18 +1,9 @@ require 'test_helper' +require_relative 'rack_test' -CONFIG_RU = (Rails.root + 'config.ru').to_s -OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first +class AccountFlowTest < RackTest -class AccountFlowTest < ActiveSupport::TestCase - include Rack::Test::Methods - include Warden::Test::Helpers - include LeapWebCore::AssertResponses - - def app - OUTER_APP - end - - def setup + setup do @login = "integration_test_user" User.find_by_login(@login).tap{|u| u.destroy if u} @password = "srp, verify me!" @@ -26,7 +17,7 @@ class AccountFlowTest < ActiveSupport::TestCase @user = User.find_by_login(@login) end - def teardown + teardown do @user.destroy if @user Warden.test_reset! end diff --git a/users/test/integration/api/login_test.rb b/users/test/integration/api/login_test.rb index ba82c8e..fb761e5 100644 --- a/users/test/integration/api/login_test.rb +++ b/users/test/integration/api/login_test.rb @@ -1,18 +1,9 @@ require 'test_helper' +require_relative 'rack_test' -CONFIG_RU = (Rails.root + 'config.ru').to_s -OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first +class AccountFlowTest < RackTest -class AccountFlowTest < ActiveSupport::TestCase - include Rack::Test::Methods - include Warden::Test::Helpers - include LeapWebCore::AssertResponses - - def app - OUTER_APP - end - - def setup + setup do @login = "integration_test_user" end -- cgit v1.2.3 From 654ab25fa4659119d5ddaa9ae116fce69a386ab1 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 3 Apr 2013 11:22:16 +0200 Subject: make sure user tests also run when run from users subdir * The APP_CONFIG needs to be initialized in core so that is required from other engines * paths for load_views need to be relative to the model - not to rails root. --- users/test/integration/api/rack_test.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 users/test/integration/api/rack_test.rb (limited to 'users/test') diff --git a/users/test/integration/api/rack_test.rb b/users/test/integration/api/rack_test.rb new file mode 100644 index 0000000..da960f2 --- /dev/null +++ b/users/test/integration/api/rack_test.rb @@ -0,0 +1,12 @@ +CONFIG_RU = (Rails.root + 'config.ru').to_s +OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first + +class RackTest < ActiveSupport::TestCase + include Rack::Test::Methods + include Warden::Test::Helpers + include LeapWebCore::AssertResponses + + def app + OUTER_APP + end +end -- cgit v1.2.3