diff options
| author | Patrick J Cherry <patrick@bytemark.co.uk> | 2012-04-21 13:37:12 +0100 |
|---|---|---|
| committer | Patrick J Cherry <patrick@bytemark.co.uk> | 2012-04-21 13:37:12 +0100 |
| commit | 84b1abf30fe79032209cb0fcd0bfa9d6aaf37721 (patch) | |
| tree | 403433b040d2b51b5d40c56b10a530e7fcf2aef4 | |
| parent | 392a87cfa181a762bf4b3244aa3c6d065ef15253 (diff) | |
Overhaul of authentication.
* Added new configuration options:
** bytemark_calendar_url
** bytemark_auth_url
** remote_https_verify_mode
** remote_http_timeout
** failed_login_delay
* Added authentication tests
* Removed remote auth tests in from the web interface tests.
* If no bytemark_auth_url is set, then no remote auth takes place.
* SSL peer cert validation now takes place by default.
* Removed old logic tests
* Tidied the way tests take place a little.
| -rw-r--r-- | lib/mauve/authentication.rb | 71 | ||||
| -rw-r--r-- | lib/mauve/configuration_builders/server.rb | 27 | ||||
| -rw-r--r-- | lib/mauve/server.rb | 98 | ||||
| -rw-r--r-- | test/alert_and_notification_logic.rb | 391 | ||||
| -rw-r--r-- | test/tc_mauve_authentication.rb | 168 | ||||
| -rw-r--r-- | test/tc_mauve_web_interface.rb | 18 | ||||
| -rw-r--r-- | test/test_mauve.rb | 21 | ||||
| -rw-r--r-- | test/th_mauve.rb | 4 |
8 files changed, 325 insertions, 473 deletions
diff --git a/lib/mauve/authentication.rb b/lib/mauve/authentication.rb index 0fc6823..c467a1d 100644 --- a/lib/mauve/authentication.rb +++ b/lib/mauve/authentication.rb @@ -1,7 +1,6 @@ # encoding: UTF-8 require 'sha1' require 'xmlrpc/client' -require 'timeout' # # This allows poking of the SSL attributes of the http client. @@ -28,8 +27,6 @@ module Mauve raise ArgumentError.new("Password must be a string, not a #{password.class}") if String != password.class raise ArgumentError.new("Login or/and password is/are empty.") if login.empty? || password.empty? - return false unless Mauve::Configuration.current.people.has_key?(login) - false end @@ -73,7 +70,7 @@ module Mauve unless true == result logger.info "Authentication for #{login} failed" # Rate limit - sleep 5 + sleep Server.instance.failed_login_delay end result @@ -88,45 +85,6 @@ module Mauve Mauve::Authentication::ORDER << self - # Set up the Bytemark authenticator - # - # @todo allow configuration of where the server is. - # - # @param [String] srv Authentication server name - # @param [String] port Port overwhich authentication should take place - # - # @return [Mauve::AuthBytemark] - # - def initialize (srv='auth.bytemark.co.uk', port=443) - raise ArgumentError.new("Server must be a String, not a #{srv.class}") if String != srv.class - raise ArgumentError.new("Port must be a Fixnum, not a #{port.class}") if Fixnum != port.class - @srv = srv - @port = port - @timeout = 7 - - self - end - - # Tests to see if a server is alive, alive-o. - # - # @deprecated Not really needed. - # - # @return [Boolean] - def ping - begin - Timeout.timeout(@timeout) do - s = TCPSocket.open(@srv, @port) - s.close() - return true - end - rescue Timeout::Error => ex - return false - rescue => ex - return false - end - return false - end - # Authenticate against the Bytemark server # # @param [String] login @@ -136,14 +94,27 @@ module Mauve def authenticate(login, password) super - client = XMLRPC::Client.new(@srv,"/",@port,nil,nil,nil,nil,true,@timeout) + # + # Don't bother checking if no auth_url has been set. + # + return false unless Server.instance.bytemark_auth_url.is_a?(URI) + + # + # Don't bother checking if the person doesn't exist. + # + return false unless Mauve::Configuration.current.people.has_key?(login) + + uri = Server.instance.bytemark_auth_url + timeout = Server.instance.remote_http_timeout + # host=nil, path=nil, port=nil, proxy_host=nil, proxy_port=nil, user=nil, password=nil, use_ssl=nil, timeout=nil) + client = XMLRPC::Client.new(uri.host, uri.path, uri.port, nil, nil, uri.user, uri.password, uri.scheme == "https", timeout) # # Make sure we verify our peer before attempting login. # if client.http.use_ssl? client.http.ca_path = "/etc/ssl/certs/" - client.http.verify_mode = OpenSSL::SSL::VERIFY_PEER + client.http.verify_mode = Server.instance.remote_https_verify_mode end begin @@ -179,6 +150,16 @@ module Mauve # @return [Boolean] def authenticate(login,password) super + # + # Don't bother checking if the person doesn't exist. + # + return false unless Mauve::Configuration.current.people.has_key?(login) + + # + # Don't bother checking if no password has been set. + # + return false if Mauve::Configuration.current.people[login].password.nil? + if ( Digest::SHA1.hexdigest(password) == Mauve::Configuration.current.people[login].password ) return true else diff --git a/lib/mauve/configuration_builders/server.rb b/lib/mauve/configuration_builders/server.rb index feb75b8..d22ed87 100644 --- a/lib/mauve/configuration_builders/server.rb +++ b/lib/mauve/configuration_builders/server.rb @@ -170,7 +170,32 @@ module Mauve # is_attribute "use_packet_buffer" is_attribute "use_notification_buffer" - + + # + # This is where the calendar is located. The request paths are hard-coded. + # + is_attribute "bytemark_calendar_url" + + # + # This is where the Bytemark authentication server is located. + # + is_attribute "bytemark_auth_url" + + # + # This is the level of SSL verification used when making external HTTPS connections. + # + is_attribute "remote_https_verify_mode" + + # + # This is the default timeout when making remote HTTP requests + # + is_attribute "remote_http_timeout" + + # + # This is the default sleep time after an authentication attempt has failed. + # + is_attribute "failed_login_delay" + def builder_setup @result = Mauve::Server.instance end diff --git a/lib/mauve/server.rb b/lib/mauve/server.rb index db5fda6..2b0e101 100644 --- a/lib/mauve/server.rb +++ b/lib/mauve/server.rb @@ -27,6 +27,7 @@ module Mauve attr_reader :hostname, :database, :initial_sleep attr_reader :packet_buffer, :notification_buffer, :started_at + attr_reader :bytemark_auth_url, :bytemark_calendar_url, :remote_http_timeout, :remote_https_verify_mode, :failed_login_delay include Singleton @@ -49,6 +50,23 @@ module Mauve @notification_buffer = [] # + # Set the auth/calendar URLs + # + @bytemark_auth_url = nil + @bytemark_calendar_url = nil + + # + # Set a couple of params for remote HTTP requests. + # + @remote_http_timeout = 5 + @remote_https_verify_mode = OpenSSL::SSL::VERIFY_PEER + + # + # Rate limit login attempts to limit the success of brute-forcing. + # + @failed_login_delay = 1 + + # # Set up a blank config. # Configuration.current = Configuration.new if Mauve::Configuration.current.nil? @@ -70,14 +88,12 @@ module Mauve @database = d end - # # Sets up the packet buffer (or not). The argument can be "false" or "no" # or a FalseClass object for no. Anything else makes no change. # # @param [String] arg # @return [Array or nil] def use_packet_buffer=(arg) - logger.debug(arg) if arg.is_a?(FalseClass) or arg =~ /^(n(o)?|f(alse)?)$/i @packet_buffer = nil end @@ -85,14 +101,12 @@ module Mauve @packet_buffer end - # # Sets up the notification buffer (or not). The argument can be "false" or # "no" or a FalseClass object for no. Anything else makes no change. # # @param [String] arg # @return [Array or nil] def use_notification_buffer=(arg) - logger.debug(arg) if arg.is_a?(FalseClass) or arg =~ /^(n(o)?|f(alse)?)$/i @notification_buffer = nil end @@ -100,6 +114,82 @@ module Mauve @notification_buffer end + # Set the calendar URL. + # + # @param [String] arg + # @return [URI] + def bytemark_calendar_url=(arg) + raise ArgumentError, "bytemark_calendar_url must be a string" unless arg.is_a?(String) + + @bytemark_calendar_url = URI.parse(arg) + + # + # Make sure we get an HTTP URL. + # + raise ArgumentError, "bytemark_calendar_url must be an HTTP(S) URL." unless %w(http https).include?(@bytemark_calendar_url.scheme) + + # + # Set a default request path, if none was given + # + @bytemark_calendar_url.path="/" if @bytemark_calendar_url.path.empty? + + @bytemark_calendar_url + end + + # Set the Bytemark Authentication URL + # + # @param [String] arg + # @return [URI] + def bytemark_auth_url=(arg) + raise ArgumentError, "bytemark_auth_url must be a string" unless arg.is_a?(String) + + @bytemark_auth_url = URI.parse(arg) + # + # Make sure we get an HTTP URL. + # + raise ArgumentError, "bytemark_auth_url must be an HTTP(S) URL." unless %w(http https).include?(@bytemark_auth_url.scheme) + + # + # Set a default request path, if none was given + # + @bytemark_auth_url.path="/" if @bytemark_auth_url.path.empty? + + @bytemark_auth_url + end + + # Sets the timeout when making remote HTTP requests + # + # @param [Integer] arg + # @return [Integer] + def remote_http_timeout=(arg) + raise ArgumentError, "initial_sleep must be an integer" unless s.is_a?(Integer) + @remote_http_timeout = arg + end + + # Sets the SSL verification mode when makeing remote HTTPS requests + # + # @param [String] arg must be one of "none" or "peer" + # @return [Constant] + def remote_https_verify_mode=(arg) + @remote_https_verify_mode = case arg + when "peer" + OpenSSL::SSL::VERIFY_PEER + when "none" + OpenSSL::SSL::VERIFY_NONE + else + raise ArgumentError, "remote_https_verify_mode must be either 'peer' or 'none'" + end + end + + # Set the delay added following a failed login attempt. + # + # @param [Numeric] arg Number of seconds to delay following a failed login attempt + # @return [Numeric] + # + def failed_login_delay=(arg) + raise ArgumentError, "initial_sleep must be numeric" unless arg.is_a?(Numeric) + @failed_login_delay = arg + end # Set the sleep period during which notifications about old alerts are # suppressed. diff --git a/test/alert_and_notification_logic.rb b/test/alert_and_notification_logic.rb deleted file mode 100644 index 19b2478..0000000 --- a/test/alert_and_notification_logic.rb +++ /dev/null @@ -1,391 +0,0 @@ -# Mauve server tests - alerts and notification logic. Define the basic workings -# so that we know what should happen when we send sequences of alerts at -# different times. -# -# These aren't really unit tests, just narrative specifications as to what -# should happen under what stimuli. I suspect I will break these down into -# smaller units if things break under otherwise difficult conditions. -# - -$: << __FILE__.split("/")[0..-2].join("/") -require 'test/unit' -require 'mauve_test_helper' -require 'mauve_time' - -class AlertAndNotificationLogic < Test::Unit::TestCase - include MauveTestHelper - - def configuration_template - <<-TEMPLATE - # This is the head of all the configuration files. Filenames are relative - # to the cwd, which is assumed to be a fleeting test directory. - - server { - ip "127.0.0.1" - port #{@port_alerts ||= 44444} - log_file ENV['TEST_LOG'] ? STDOUT : "#{dir}/log" - log_level 0 - database "sqlite3:///#{dir}/mauve_test.db" - transmission_id_expire_time 600 - - # doesn't restart nicely at the moment - #web_interface { - # port #{@port_web ||= 44444} - #} - } - - # - # All notifications are sent to files which we can open up and check during - # our tests. Network delivery is not tested in this script. - # - - notification_method("xmpp") { - deliver_to_queue AlertAndNotificationLogic::Notifications - deliver_to_file "#{dir}/xmpp.txt" - disable_normal_delivery! - - jid "mauveserv@chat.bytemark.co.uk" - password "foo" - } - - notification_method("email") { - deliver_to_queue AlertAndNotificationLogic::Notifications - deliver_to_file "#{dir}/email.txt" - disable_normal_delivery! - - # add in SMTP server, username, password etc. - # default to sending through localhost - from "matthew@bytemark.co.uk" - server "bytemail.bytemark.co.uk" - subject_prefix "[Bytemark alerts] " - - } - - notification_method("sms") { - provider "AQL" - deliver_to_queue AlertAndNotificationLogic::Notifications - deliver_to_file "#{dir}/sms.txt" - disable_normal_delivery! - - username "x" - password "x" - from "01904890890" - max_messages_per_alert 3 - } - - # a person common to all our tests - - person("joe_bloggs") { - urgent { sms("12345") } - normal { email("12345@joe_bloggs.email") } - low { xmpp("12345@joe_bloggs.xmpp") } - } - - person("jimmy_junior") { - urgent { sms("66666") } - normal { email("jimmy@junior.email") } - low { email("jimmy@junior.email") } - } - - alert_group { - includes { source == "rare-and-important" } - acknowledgement_time 60.minutes - level URGENT - - notify("joe_bloggs") { every 10.minutes } - } - - alert_group { - includes { source == "noisy-and-annoying" || alert_id == "whine" } - acknowledgement_time 24.hours - level LOW - - notify("jimmy_junior") { every 2.hours } - notify("joe_bloggs") { - every 30.minutes - during { - unacknowledged 6.hours - } - } - } - - alert_group { - includes { source == "can-wait-until-monday" } - level NORMAL - - notify("jimmy_junior") { - every 30.minutes - during { days_in_week(1..5) && hours_in_day(9..5) } - } - notify("joe_bloggs") { - every 2.hours - during { days_in_week(1..5) && hours_in_day(9..5) } - } - } - - # catch-all - alert_group { - acknowledgement_time 1.minute - level NORMAL - - notify("joe_bloggs") { every 1.hour } - } - TEMPLATE - end - - def setup - start_server(configuration_template) - end - - def teardown - stop_server - # no tests should leave notifications on the stack - assert_no_notification - end - - # Raise one alert, check representation in database, and that alert is - # received as expected. - # - def test_basic_fields_are_recognised - mauvesend("-o my_source -i alert1 -s \"alert1 summary\" -d \"alert1 detail\" -u \"alert1 subject\"") - - assert_not_nil(alert = Alert.first) - assert_equal("my_source", alert.source) - assert_equal("alert1", alert.alert_id) - assert_equal("alert1 summary", alert.summary) - assert_equal("alert1 detail", alert.detail) - assert_equal("alert1 subject", alert.subject) - assert(alert.raised?) - assert(!alert.cleared?) - assert(!alert.acknowledged?) - - with_next_notification do |destination, this_alert, other_alerts| - assert_equal("12345@joe_bloggs.email", destination) - assert_equal(Alert.first, this_alert) - assert_equal([Alert.first], other_alerts) - end - - end - - # Check that a simple automatic raise, acknowledge & auto-clear request - # work properly. - # - def test_auto_raise_and_clear - # Raise the alert, wait for it to be processed - mauvesend("-o my_source -i alert1 -s \"alert1 summary\" -d \"alert1 detail\" -u \"alert1 subject\" -r +5m -c +10m") - - # Check internal state - # - assert(!Alert.first.raised?, "Auto-raising alert raised early") - assert(!Alert.first.cleared?, "Auto-clearing alert cleared early") - assert(!Alert.first.acknowledged?, "Alert acknowledged when I didn't expect it") - - # We asked for it to be raised in 5 minutes, so no alert yet... - # - assert_no_notification - - # Push forward to when the alert should be raised, check it has been - # - Time.advance(5.minutes) - assert(Alert.first.raised?, "#{Alert.first.inspect} should be raised by now") - assert(!Alert.first.cleared?, "#{Alert.first.inspect} should not be cleared") - - # Check that we have a notification - # - with_next_notification do |destination, this_alert, other_alerts| - assert_equal("12345@joe_bloggs.email", destination) - assert_equal(Alert.first, this_alert) - assert_equal('raised', this_alert.update_type) - end - - # Simulate manual acknowledgement - # - Alert.first.acknowledge!(Configuration.current.people["joe_bloggs"]) - Timers.restart_and_then_wait_until_idle - assert(Alert.first.acknowledged?, "Acknowledgement didn't work") - - # Check that the acknowledgement has caused a notification - # - with_next_notification do |destination, this_alert, other_alerts| - assert_equal("12345@joe_bloggs.email", destination) - assert_equal(Alert.first, this_alert) - assert_equal('acknowledged', this_alert.update_type, this_alert.inspect) - end - assert(Alert.first.acknowledged?) - assert(Alert.first.raised?) - assert(!Alert.first.cleared?) - - # Now with the config set to un-acknowledge alerts after only 1 minute, - # try winding time on and check that this happens. - # - Time.advance(2.minutes) - with_next_notification do |destination, this_alert, other_alerts| - assert_equal("12345@joe_bloggs.email", destination) - assert_equal(Alert.first, this_alert) - assert_equal('raised', this_alert.update_type, this_alert.inspect) - end - - # Check that auto-clearing works four minutes later - # - Time.advance(5.minutes) - assert(Alert.first.cleared?) - assert(!Alert.first.raised?) - - # Finally check for a notification that auto-clearing has happened - # - with_next_notification do |destination, this_alert, other_alerts| - assert_equal("12345@joe_bloggs.email", destination) - assert_equal(Alert.first, this_alert) - assert_equal('cleared', this_alert.update_type, this_alert.inspect) - end - - # And see that no further reminders are sent a while later - Time.advance(1.day) - assert_no_notification - end - - def test_one_alert_changes_from_outside - # Raise our test alert, wait for it to be processed - mauvesend("-o my_source -i alert1 -s \"alert1 summary\" -d \"alert1 detail\" -u \"alert1 subject\"") - - # Check internal representation, external notification - # - assert(Alert.first.raised?) - assert(!Alert.first.cleared?) - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('raised', this_alert.update_type, this_alert.inspect) - end - - # Check we get reminders every hour, and no more - # - 12.times do - Time.advance(1.hour) - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('raised', this_alert.update_type, this_alert.inspect) - end - assert_no_notification - end - - # Clear the alert, wait for it to be processed - mauvesend("-o my_source -i alert1 -c now") - assert(!Alert.first.raised?) - assert(Alert.first.cleared?) - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('cleared', this_alert.update_type, this_alert.inspect) - end - - # Check we can raise the same alert again - Time.advance(1.minute) - mauvesend("-o my_source -i alert1 -s \"alert1 summary\" -d \"alert1 detail\" -u \"alert1 subject\" -r now") - assert(Alert.first.raised?, Alert.first.inspect) - assert(!Alert.first.cleared?, Alert.first.inspect) - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('raised', this_alert.update_type, this_alert.inspect) - end - end - - def test_alert_groups - # check that this alert is reminded more often than normal - mauvesend("-o rare-and-important -i alert1 -s \"rare and important alert\"") - assert(Alert.first.raised?) - assert(!Alert.first.cleared?) - - 10.times do - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('raised', this_alert.update_type, this_alert.inspect) - assert_equal('12345', destination) - Time.advance(10.minutes) - end - end - discard_next_notification - end - - def test_future_raising - mauvesend("-i heartbeat -c now -r +10m -s \"raise in the future\"") - assert(!Alert.first.raised?) - assert(Alert.first.cleared?) - assert_no_notification - - # Check the future alert goes off - # - Time.advance(10.minutes) - assert(Alert.first.raised?) - assert(!Alert.first.cleared?) - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('raised', this_alert.update_type, this_alert.inspect) - end - - # Check that a repeat of the "heartbeat" update clears it, and we get - # a notification. - # - mauvesend("-i heartbeat -c now -r +10m -s \"raise in the future\"") - assert(!Alert.first.raised?) - assert(Alert.first.cleared?) - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('cleared', this_alert.update_type, this_alert.inspect) - end - - # Check that a re-send of the same clear alert doesn't send another - # notification - # - Time.advance(1.minute) - mauvesend("-i heartbeat -c now -r +10m -s \"raise in the future\"") - assert(!Alert.first.raised?) - assert(Alert.first.cleared?) - assert_no_notification - - # Check that a skewed resend doesn't confuse it - # - mauvesend("-i heartbeat -c +1m -r +11m -s \"raise in the future\"") - assert(!Alert.first.raised?) - assert(Alert.first.cleared?) - Time.advance(1.minute) - assert(!Alert.first.raised?) - assert(Alert.first.cleared?) - assert_no_notification - end - - # Make sure that using the "replace all flag" works as expected. - # - def test_replace_flag - mauvesend("-p") - #mauvesend("-p") - assert_no_notification - - mauvesend("-i test1 -s\"\test1\"") - assert(Alert.first.raised?) - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('raised', this_alert.update_type, this_alert.inspect) - end - assert_no_notification - - mauvesend("-p") - #mauvesend("-p") - with_next_notification do |destination, this_alert, other_alerts| - assert_equal('cleared', this_alert.update_type, this_alert.inspect) - end - assert_no_notification - end - - def test_earliest_date - alert = Alert.create!( - :alert_id => "test_id", - :source => "test1", - :subject => "test subject", - :summary => "test summary", - :raised_at => nil, - :will_raise_at => Time.now + 60, - :will_clear_at => Time.now + 120, - :update_type => "cleared", - :updated_at => Time.now - ) - assert(alert) - - assert(AlertEarliestDate.first.alert == alert) - end - -end - - - - diff --git a/test/tc_mauve_authentication.rb b/test/tc_mauve_authentication.rb new file mode 100644 index 0000000..d0f2d4f --- /dev/null +++ b/test/tc_mauve_authentication.rb @@ -0,0 +1,168 @@ +$:.unshift "../lib" + + +require 'th_mauve' +require 'th_mauve_resolv' + +require 'mauve/server' +require 'mauve/authentication' +require 'mauve/configuration' +require 'mauve/configuration_builder' +require 'mauve/configuration_builders' + +class TcMauveAuthentication < Mauve::UnitTest + include Mauve + + + def setup + super + setup_database + end + + def teardown + teardown_database + super + end + + def test_default_auth_always_fails + config=<<EOF +server { + failed_login_delay 0 +} +EOF + + Configuration.current = ConfigurationBuilder.parse(config) + Server.instance.setup + assert_equal(false, Authentication.authenticate("test","password")) + # + # No warning + # + assert_nil(logger_shift) + + end + + def test_local_auth + config=<<EOF +server { + failed_login_delay 0 +} + +person ("test") { + password "#{Digest::SHA1.new.hexdigest("password")}" + all { true } +} +EOF + + Configuration.current = ConfigurationBuilder.parse(config) + Server.instance.setup + assert(!Authentication.authenticate("test","badpassword")) + # + # Should warn that a bad password has been used. + # + assert_match(/AuthLocal for test failed/, logger_shift) + assert(Authentication.authenticate("test","password")) + # + # No warnings + # + assert_nil(logger_shift) + end + + + def test_local_auth + config=<<EOF +server { + failed_login_delay 0 +} + +person ("nopass") { } + +person ("test") { + password "#{Digest::SHA1.new.hexdigest("password")}" +} +EOF + + Configuration.current = ConfigurationBuilder.parse(config) + Server.instance.setup + assert(!Authentication.authenticate("nopass","badpassword")) + logger_shift + assert(!Authentication.authenticate("test","badpassword")) + logger_shift + assert(Authentication.authenticate("test","password")) + end + + def test_bytemark_auth + # + # BytemarkAuth test users are: + # test1: ummVRu7qF + # test2: POKvBqLT7 + # + config=<<EOF +server { + failed_login_delay 0 + bytemark_auth_url "https://auth.bytemark.co.uk/" +} + +person ("test1") { } + +person ("test2") { + password "#{Digest::SHA1.new.hexdigest("password")}" +} + +person ("test3") { + password "#{Digest::SHA1.new.hexdigest("password")}" +} +EOF + + Configuration.current = ConfigurationBuilder.parse(config) + Server.instance.setup + + # + # Test to make sure auth can fail + # + assert(!Authentication.authenticate("test1","password")) + # + # Should issue a warning for just bytemark auth failing, and no more. + # + assert_match(/AuthBytemark for test1 failed/, logger_shift) + assert_nil(logger_shift) + + assert(Authentication.authenticate("test1","ummVRu7qF")) + # + # Shouldn't issue any warnings. + # + assert_nil(logger_shift) + + # + # Test to make sure that in the event of failure we fall back to local + # auth, which should also fail in this case. + # + assert(!Authentication.authenticate("test2","badpassword")) + assert_match(/AuthBytemark for test2 failed/, logger_shift) + assert_match(/AuthLocal for test2 failed/, logger_shift) + + # + # Test to make sure that in the event of failure we fall back to local + # auth, which should pass in this case. + # + assert(Authentication.authenticate("test2","password")) + # + # Should issue a warning for just bytemark auth failing, and no more. + # + assert_match(/AuthBytemark for test2 failed/, logger_shift) + assert_nil(logger_shift) + + # + # Finally test to make sure local-only still works + # + assert(Authentication.authenticate("test3","password")) + # + # Should issue a warning for just bytemark auth failing, and no more. + # + assert_match(/AuthBytemark for test3 failed/, logger_shift) + assert_nil(logger_shift) + + end + + + +end diff --git a/test/tc_mauve_web_interface.rb b/test/tc_mauve_web_interface.rb index 69828e9..54c9697 100644 --- a/test/tc_mauve_web_interface.rb +++ b/test/tc_mauve_web_interface.rb @@ -53,12 +53,6 @@ class WebInterfaceTest < Mauve::UnitTest super setup_database - # - # BytemarkAuth test users are: - # - # test1: ummVRu7qF - # test2: POKvBqLT7 - # config =<<EOF server { hostname "localhost" @@ -70,13 +64,8 @@ server { } } -person ("test0") { - password "#{Digest::SHA1.new.hexdigest("password")}" - all { true } -} - person ("test1") { - password "#{Digest::SHA1.new.hexdigest("ummVRu7qF")}" + password "#{Digest::SHA1.new.hexdigest("goodpassword")}" all { true } } @@ -156,9 +145,10 @@ EOF # logger_pop ; logger_pop - post '/login', :username => 'test1', :password => 'ummVRu7qF' + post '/login', :username => 'test1', :password => 'goodpassword' follow_redirect! while last_response.redirect? assert last_response.body.include?('Mauve: ') + assert last_response.ok? get '/logout' follow_redirect! while last_response.redirect? @@ -166,7 +156,7 @@ EOF end def test_alerts_show_subject - post '/login', :username => 'test1', :password => 'ummVRu7qF' + post '/login', :username => 'test1', :password => 'goodpassword' follow_redirect! while last_response.redirect? assert last_response.body.include?('Mauve: ') diff --git a/test/test_mauve.rb b/test/test_mauve.rb index ce83c6c..a0531d7 100644 --- a/test/test_mauve.rb +++ b/test/test_mauve.rb @@ -8,24 +8,9 @@ require 'pp' require 'test/unit' require 'th_mauve' -%w( -tc_mauve_alert_changed.rb -tc_mauve_alert_group.rb -tc_mauve_alert.rb -tc_mauve_configuration_builder.rb -tc_mauve_configuration_builders_alert_group.rb -tc_mauve_configuration_builders_logger.rb -tc_mauve_configuration_builders_notification_method.rb -tc_mauve_configuration_builders_person.rb -tc_mauve_configuration_builders_server.rb -tc_mauve_history.rb -tc_mauve_notification.rb -tc_mauve_people_list.rb -tc_mauve_person.rb -tc_mauve_source_list.rb -tc_mauve_time.rb -tc_mauve_web_interface.rb -).each do |s| +%w(. test).each do |dir| +Dir.glob(File.join(dir,"tc_*.rb")).each do |s| require s end +end diff --git a/test/th_mauve.rb b/test/th_mauve.rb index 2b97e64..ce29e11 100644 --- a/test/th_mauve.rb +++ b/test/th_mauve.rb @@ -77,6 +77,10 @@ module Mauve def logger_pop @outputter.pop end + + def logger_shift + @outputter.shift + end def teardown_logger logger = Log4r::Logger['Mauve'] |