require 'test_helper' class SessionsControllerTest < ActionController::TestCase def setup @client_hex = 'a123' @client_rnd = @client_hex.hex @server_hex = 'b123' @server_rnd = @server_hex.hex @server_rnd_exp = 'e123'.hex @salt = 'stub user salt' @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp @server_auth = 'adfe' end test "should get login screen" do get :new assert_response :success end test "should perform handshake" do user = stub :login => "me", :id => 123 user.expects(:initialize_auth). with(@client_rnd). returns(@server_handshake) @server_handshake.expects(:to_json). returns({'B' => @server_hex, 'salt' => @salt}.to_json) User.expects(:find_by_param).with(user.login).returns(user) post :create, :login => user.login, 'A' => @client_hex assert_equal @server_handshake, session[:handshake] assert_response :success assert_json_response :B => @server_hex, :salt => @salt end test "should report user not found" do unknown = "login_that_does_not_exist" User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND) post :create, :login => unknown assert_response :success assert_json_response :errors => {"login" => ["unknown user"]} end test "should authorize" do session[:handshake] = @server_handshake user = stub :login => "me", :id => 123 @server_handshake.expects(:authenticate!). with(@client_rnd). returns(@server_auth) @server_handshake.expects(:to_json). returns({:M2 => @server_auth}.to_json) User.expects(:find_by_param).with(user.login).returns(user) post :update, :id => user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_json_response :M2 => @server_auth assert_equal user.id, session[:user_id] end test "should report wrong password" do session[:handshake] = @server_handshake user = stub :login => "me", :id => 123 @server_handshake.expects(:authenticate!). with(@client_rnd). raises(WRONG_PASSWORD) User.expects(:find_by_param).with(user.login).returns(user) post :update, :id => user.login, :client_auth => @client_hex assert_nil session[:handshake] assert_nil session[:user_id] assert_json_response :errors => {"password" => ["wrong password"]} end test "logout should reset sessions user_id" do session[:user_id] = "set" delete :destroy assert_nil session[:user_id] assert_response :redirect assert_redirected_to root_url end end