From dc443284c4b5f59a4447797f88730d9fe1bc0b45 Mon Sep 17 00:00:00 2001 From: Patrick J Cherry Date: Thu, 22 Mar 2012 17:40:38 +0000 Subject: Tidied up login authentication + tests (woo!) --- test/tc_mauve_web_interface.rb | 175 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 test/tc_mauve_web_interface.rb (limited to 'test/tc_mauve_web_interface.rb') diff --git a/test/tc_mauve_web_interface.rb b/test/tc_mauve_web_interface.rb new file mode 100644 index 0000000..a120c37 --- /dev/null +++ b/test/tc_mauve_web_interface.rb @@ -0,0 +1,175 @@ +$:.unshift "../lib" + +require 'th_mauve' +require 'th_mauve_resolv' + +require 'mauve/alert' +require 'mauve/proto' +require 'mauve/server' +require 'mauve/configuration' +require 'mauve/configuration_builder' +require 'mauve/configuration_builders' + +require 'rack/test' + +ENV['RACK_ENV'] = 'test' + +class WebInterfaceTest < Mauve::UnitTest + include Rack::Test::Methods + include Mauve + + SESSION_KEY="mauvealert" + + class SessionData + def initialize(cookies) + @cookies = cookies + @data = cookies[WebInterfaceTest::SESSION_KEY] + if @data + @data = @data.unpack("m*").first + @data = Marshal.load(@data) + else + @data = {} + end + end + + def [](key) + @data[key] + end + + def []=(key, value) + @data[key] = value + session_data = Marshal.dump(@data) + session_data = [session_data].pack("m*") + @cookies.merge("#{WebInterfaceTest::SESSION_KEY}=#{Rack::Utils.escape(session_data)}", URI.parse("//example.org//")) + raise "session variable not set" unless @cookies[WebInterfaceTest::SESSION_KEY] == session_data + end + end + + def session + SessionData.new(rack_test_session.instance_variable_get(:@rack_mock_session).cookie_jar) + end + + def setup + super + setup_database + + # + # BytemarkAuth test users are: + # + # test1: ummVRu7qF + # test2: POKvBqLT7 + # + config =< WebInterfaceTest::SESSION_KEY, :secret => "testing-1234") + end + + def test_log_in + # Check we get the login page when going to "/" before logging in. + get '/' + follow_redirect! while last_response.redirect? + assert last_response.ok? + assert last_response.body.include?("Mauve: Login") + assert session['__FLASH__'].empty? + + # Check we can access this page before logging in. + get '/alerts' + assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set following forbidden access") + follow_redirect! while last_response.redirect? + assert_equal(403, last_response.status, "The HTTP status wasn't 403") + assert last_response.body.include?("Mauve: Login") + assert session['__FLASH__'].empty? + + # + # Try to falsify our login. + # + session['username'] = "test1" + get '/alerts' + assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set following forbidden access") + follow_redirect! while last_response.redirect? + assert_equal(403, last_response.status, "The HTTP status wasn't 403") + assert last_response.body.include?("Mauve: Login") + assert session['__FLASH__'].empty? + + # + # OK login with a bad password + # + post '/login', :username => 'test1', :password => 'badpassword' + assert_equal(401, last_response.status, "A bad login did not produce a 401 response") + assert(last_response.body.include?("Mauve: Login")) + assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set") + + post '/login', :username => 'test1', :password => 'ummVRu7qF' + follow_redirect! while last_response.redirect? + assert last_response.body.include?('Mauve: ') + + get '/logout' + follow_redirect! while last_response.redirect? + assert last_response.ok? + end + + def test_alerts_show_subject + post '/login', :username => 'test1', :password => 'ummVRu7qF' + follow_redirect! while last_response.redirect? + assert last_response.body.include?('Mauve: ') + + a = Alert.new(:source => "www.example.com", :alert_id => "test_raise!") + a.raise! + + get '/alerts/raised/subject' + end + +end + + -- cgit v1.2.1