From e1fc3f4850ee73e0591bd67a92b104db4f63e4cb Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 21:01:27 +0100 Subject: stubbing current_user the warden way --- .../test/functional/application_controller_test.rb | 7 +++---- users/test/functional/helper_methods_test.rb | 15 ++++++--------- users/test/integration/api/account_flow_test.rb | 4 ++-- users/test/support/auth_test_helper.rb | 21 +++++++++++---------- 4 files changed, 22 insertions(+), 25 deletions(-) (limited to 'users/test') diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb index 69bcb2f..857bae5 100644 --- a/users/test/functional/application_controller_test.rb +++ b/users/test/functional/application_controller_test.rb @@ -8,20 +8,19 @@ class ApplicationControllerTest < ActionController::TestCase end def test_authorize_redirect - stub_logged_out @controller.send(:authorize) assert_access_denied end def test_authorized - @user = stub_logged_in + login @controller.send(:authorize) assert_access_denied(false) end def test_authorize_admin - @user = stub_logged_in - @user.expects(:is_admin?).returns(false) + login + @current_user.expects(:is_admin?).returns(false) @controller.send(:authorize_admin) assert_access_denied end diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb index c0eaf61..2b2375c 100644 --- a/users/test/functional/helper_methods_test.rb +++ b/users/test/functional/helper_methods_test.rb @@ -16,26 +16,23 @@ class HelperMethodsTest < ActionController::TestCase @controller end - def test_current_user_with_caching - @user = stub_logged_in - assert_equal @user, current_user - assert_equal @user, current_user # tests caching + def test_current_user + login + assert_equal @current_user, current_user end def test_logged_in - @user = stub_logged_in + login assert logged_in? end def test_logged_out - stub_logged_out assert !logged_in? end def test_admin - bool = stub - @user = stub_logged_in - @user.expects(:is_admin?).returns(bool) + login + @current_user.expects(:is_admin?).returns(bool = stub) assert_equal bool, admin? end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 5800d46..69e0599 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -4,7 +4,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest # this test wraps the api and implements the interface the ruby-srp client. def handshake(login, aa) - post "sessions", :login => login, 'A' => aa.to_s(16) + post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json assert_response :success response = JSON.parse(@response.body) if response['errors'] @@ -15,7 +15,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest end def validate(m) - put "sessions/" + @login, :client_auth => m.to_s(16) + put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json assert_response :success return JSON.parse(@response.body) end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb index 9412058..f211597 100644 --- a/users/test/support/auth_test_helper.rb +++ b/users/test/support/auth_test_helper.rb @@ -1,17 +1,18 @@ module AuthTestHelper + extend ActiveSupport::Concern - def stub_logged_in - @user_id = stub - @user = stub - session[:user_id] = @user_id - User.expects(:find).once.with(@user_id).returns(@user) - return @user + # Controller will fetch current user from warden. + # Make it pick up our current_user + included do + setup do + request.env['warden'] ||= stub :user => nil + end end - def stub_logged_out - @user_id = stub - session[:user_id] = @user_id - User.expects(:find).once.with(@user_id).returns(nil) + def login(user = nil) + @current_user = user || stub + request.env['warden'] = stub :user => @current_user + return @current_user end def assert_access_denied(denied = true) -- cgit v1.2.3 From ef90c45998b33ba8606c3786875e21496ace4686 Mon Sep 17 00:00:00 2001 From: Azul Date: Sun, 4 Nov 2012 22:14:13 +0100 Subject: fixed functional tests --- users/test/functional/sessions_controller_test.rb | 85 +++++++++++------------ users/test/integration/api/account_flow_test.rb | 7 +- 2 files changed, 45 insertions(+), 47 deletions(-) (limited to 'users/test') diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index 47d7052..4bad12f 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -2,74 +2,67 @@ require 'test_helper' class SessionsControllerTest < ActionController::TestCase - def setup + setup do @user = stub :login => "me", :id => 123 @client_hex = 'a123' - @client_rnd = @client_hex.hex - @server_hex = 'b123' - @server_rnd = @server_hex.hex - @server_rnd_exp = 'e123'.hex - @salt = 'stub user salt' - @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp - @server_auth = 'adfe' end test "should get login screen" do + request.env['warden'].expects(:winning_strategy) get :new assert_response :success + assert_equal "text/html", response.content_type + assert_template "sessions/new" end - test "should perform handshake" do - @user.expects(:initialize_auth). - with(@client_rnd). - returns(@server_handshake) - @server_handshake.expects(:to_json). - returns({'B' => @server_hex, 'salt' => @salt}.to_json) - User.expects(:find_by_param).with(@user.login).returns(@user) - post :create, :login => @user.login, 'A' => @client_hex - assert_equal @server_handshake, session[:handshake] + test "renders json" do + request.env['warden'].expects(:winning_strategy) + get :new, :format => :json assert_response :success - assert_json_response :B => @server_hex, :salt => @salt + assert_json_response :errors => nil end - test "should report user not found" do - unknown = "login_that_does_not_exist" - User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND) - post :create, :login => unknown + test "renders warden errors" do + strategy = stub :message => "Warden auth did not work" + request.env['warden'].expects(:winning_strategy).returns(strategy) + get :new, :format => :json assert_response :success - assert_json_response :errors => {"login" => ["unknown user"]} + assert_json_response :errors => strategy.message end - test "should authorize" do - session[:handshake] = @server_handshake - @server_handshake.expects(:authenticate!). - with(@client_rnd). - returns(@user) - @server_handshake.expects(:to_json). - returns({:M2 => @server_auth}.to_json) - post :update, :id => @user.login, :client_auth => @client_hex - assert_nil session[:handshake] - assert_json_response :M2 => @server_auth - assert_equal @user.id, session[:user_id] + test "should perform handshake" do + assert_raises ActionView::MissingTemplate do + request.env['warden'].expects(:authenticate!) + post :create, :login => @user.login, 'A' => @client_hex + assert params['A'] + assert params['login'] + end end - test "should report wrong password" do - session[:handshake] = @server_handshake - @server_handshake.expects(:authenticate!). - with(@client_rnd). - raises(WRONG_PASSWORD) - post :update, :id => @user.login, :client_auth => @client_hex - assert_nil session[:handshake] - assert_nil session[:user_id] - assert_json_response :errors => {"password" => ["wrong password"]} + test "should authorize" do + assert_raises ActionView::MissingTemplate do + request.env['warden'].expects(:authenticate!) + session[:handshake] = stub + post :update, :id => @user.login, :client_auth => @client_hex + assert params['client_auth'] + assert session[:handshake] + end end - test "logout should reset sessions user_id" do - session[:user_id] = "set" + test "logout should reset warden user" do + expect_warden_logout delete :destroy - assert_nil session[:user_id] assert_response :redirect assert_redirected_to root_url end + def expect_warden_logout + raw = mock('raw session') do + expects(:inspect) + end + request.env['warden'].expects(:raw_session).returns(raw) + request.env['warden'].expects(:logout) + end + + end diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 69e0599..dc475b5 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -1,6 +1,11 @@ require 'test_helper' class AccountFlowTest < ActionDispatch::IntegrationTest + include Warden::Test::Helpers + + def teardown + Warden.test_reset! + end # this test wraps the api and implements the interface the ruby-srp client. def handshake(login, aa) @@ -52,7 +57,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest test "signup and wrong password login attempt" do srp = SRP::Client.new(@login, "wrong password") server_auth = srp.authenticate(self) - assert_equal ["wrong password"], server_auth["errors"]['password'] + assert_equal "Could not log in", server_auth["errors"]['password'] assert_nil server_auth["M2"] end -- cgit v1.2.3 From da2804c8f8a800851fa1863f579e2b8e9a57b4cc Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 6 Nov 2012 11:51:10 +0100 Subject: first steps towards warden srp testing --- users/test/integration/api/account_flow_test.rb | 26 ++++++--- .../warden_strategy_secure_remote_password_test.rb | 61 ++++++++++++++++++++++ 2 files changed, 79 insertions(+), 8 deletions(-) create mode 100644 users/test/unit/warden_strategy_secure_remote_password_test.rb (limited to 'users/test') diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index dc475b5..4dcca24 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -1,7 +1,16 @@ require 'test_helper' -class AccountFlowTest < ActionDispatch::IntegrationTest +CONFIG_RU = (Rails.root + 'config.ru').to_s +OUTER_APP = Rack::Builder.parse_file(CONFIG_RU).first + +class AccountFlowTest < ActiveSupport::TestCase + include Rack::Test::Methods include Warden::Test::Helpers + include LeapWebCore::AssertResponses + + def app + OUTER_APP + end def teardown Warden.test_reset! @@ -9,9 +18,9 @@ class AccountFlowTest < ActionDispatch::IntegrationTest # this test wraps the api and implements the interface the ruby-srp client. def handshake(login, aa) - post "sessions", :login => login, 'A' => aa.to_s(16), :format => :json - assert_response :success - response = JSON.parse(@response.body) + post "/sessions.json", :login => login, 'A' => aa.to_s(16), :format => :json + assert last_response.successful? + response = JSON.parse(last_response.body) if response['errors'] raise RECORD_NOT_FOUND.new(response['errors']) else @@ -20,9 +29,10 @@ class AccountFlowTest < ActionDispatch::IntegrationTest end def validate(m) - put "sessions/" + @login, :client_auth => m.to_s(16), :format => :json - assert_response :success - return JSON.parse(@response.body) + debugger + put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json + assert last_response.successful? + return JSON.parse(last_response.body) end def setup @@ -45,7 +55,7 @@ class AccountFlowTest < ActionDispatch::IntegrationTest test "signup response" do assert_json_response :login => @login, :ok => true - assert_response :success + assert last_response.successful? end test "signup and login with srp via api" do diff --git a/users/test/unit/warden_strategy_secure_remote_password_test.rb b/users/test/unit/warden_strategy_secure_remote_password_test.rb new file mode 100644 index 0000000..ee68fe7 --- /dev/null +++ b/users/test/unit/warden_strategy_secure_remote_password_test.rb @@ -0,0 +1,61 @@ +class WardenStrategySecureRemotePasswordTest < ActiveSupport::TestCase + + setup do + @user = stub :login => "me", :id => 123 + @client_hex = 'a123' + @client_rnd = @client_hex.hex + @server_hex = 'b123' + @server_rnd = @server_hex.hex + @server_rnd_exp = 'e123'.hex + @salt = 'stub user salt' + @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp + @server_auth = 'adfe' + end + + + test "should perform handshake" do + @user.expects(:initialize_auth). + with(@client_rnd). + returns(@server_handshake) + @server_handshake.expects(:to_json). + returns({'B' => @server_hex, 'salt' => @salt}.to_json) + User.expects(:find_by_param).with(@user.login).returns(@user) + assert_equal @server_handshake, session[:handshake] + assert_response :success + assert_json_response :B => @server_hex, :salt => @salt + end + + test "should report user not found" do + unknown = "login_that_does_not_exist" + User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND) + post :create, :login => unknown + assert_response :success + assert_json_response :errors => {"login" => ["unknown user"]} + end + + test "should authorize" do + session[:handshake] = @server_handshake + @server_handshake.expects(:authenticate!). + with(@client_rnd). + returns(@user) + @server_handshake.expects(:to_json). + returns({:M2 => @server_auth}.to_json) + post :update, :id => @user.login, :client_auth => @client_hex + assert_nil session[:handshake] + assert_json_response :M2 => @server_auth + assert_equal @user.id, session[:user_id] + end + + test "should report wrong password" do + session[:handshake] = @server_handshake + @server_handshake.expects(:authenticate!). + with(@client_rnd). + raises(WRONG_PASSWORD) + post :update, :id => @user.login, :client_auth => @client_hex + assert_nil session[:handshake] + assert_nil session[:user_id] + assert_json_response :errors => {"password" => ["wrong password"]} + end + + +end -- cgit v1.2.3 From 63c5b2cafdefbd9b13297faa57ee2f18a5c07bf5 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 16:05:22 +0100 Subject: got integration test and login flow to work --- users/test/integration/api/account_flow_test.rb | 1 - 1 file changed, 1 deletion(-) (limited to 'users/test') diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb index 4dcca24..c9a7109 100644 --- a/users/test/integration/api/account_flow_test.rb +++ b/users/test/integration/api/account_flow_test.rb @@ -29,7 +29,6 @@ class AccountFlowTest < ActiveSupport::TestCase end def validate(m) - debugger put "/sessions/" + @login + '.json', :client_auth => m.to_s(16), :format => :json assert last_response.successful? return JSON.parse(last_response.body) -- cgit v1.2.3 From 5b300b554682c232c0955bdb0dd3d8263dde901e Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 9 Nov 2012 16:45:54 +0100 Subject: seperated the warden classes from the initializer also commented the sessions controller test a bit and fixed it --- users/test/functional/sessions_controller_test.rb | 29 +++++++++++++---------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'users/test') diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb index 4bad12f..8f2d95c 100644 --- a/users/test/functional/sessions_controller_test.rb +++ b/users/test/functional/sessions_controller_test.rb @@ -1,5 +1,8 @@ require 'test_helper' +# This is a simple controller unit test. +# We're stubbing out both warden and srp. +# There's an integration test testing the full rack stack and srp class SessionsControllerTest < ActionController::TestCase setup do @@ -30,23 +33,23 @@ class SessionsControllerTest < ActionController::TestCase assert_json_response :errors => strategy.message end + # Warden takes care of parsing the params and + # rendering the response. So not much to test here. test "should perform handshake" do - assert_raises ActionView::MissingTemplate do - request.env['warden'].expects(:authenticate!) - post :create, :login => @user.login, 'A' => @client_hex - assert params['A'] - assert params['login'] - end + request.env['warden'].expects(:authenticate!) + # make sure we don't get a template missing error: + @controller.stubs(:render) + post :create, :login => @user.login, 'A' => @client_hex end test "should authorize" do - assert_raises ActionView::MissingTemplate do - request.env['warden'].expects(:authenticate!) - session[:handshake] = stub - post :update, :id => @user.login, :client_auth => @client_hex - assert params['client_auth'] - assert session[:handshake] - end + request.env['warden'].expects(:authenticate!) + handshake = stub(:to_json => "JSON") + session[:handshake] = handshake + post :update, :id => @user.login, :client_auth => @client_hex + assert_nil session[:handshake] + assert_response :success + assert_equal handshake.to_json, @response.body end test "logout should reset warden user" do -- cgit v1.2.3