1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
$:.unshift "../lib"
require 'th_mauve'
require 'th_mauve_resolv'
require 'mauve/alert'
require 'mauve/proto'
require 'mauve/server'
require 'mauve/configuration'
require 'mauve/configuration_builder'
require 'mauve/configuration_builders'
require 'rack/test'
ENV['RACK_ENV'] = 'test'
class WebInterfaceTest < Mauve::UnitTest
include Rack::Test::Methods
include Mauve
SESSION_KEY="mauvealert"
class SessionData
def initialize(cookies)
@cookies = cookies
@data = cookies[WebInterfaceTest::SESSION_KEY]
if @data
@data = @data.unpack("m*").first
@data = Marshal.load(@data)
else
@data = {}
end
end
def [](key)
@data[key]
end
def []=(key, value)
@data[key] = value
session_data = Marshal.dump(@data)
session_data = [session_data].pack("m*")
@cookies.merge("#{WebInterfaceTest::SESSION_KEY}=#{Rack::Utils.escape(session_data)}", URI.parse("//example.org//"))
raise "session variable not set" unless @cookies[WebInterfaceTest::SESSION_KEY] == session_data
end
end
def session
SessionData.new(rack_test_session.instance_variable_get(:@rack_mock_session).cookie_jar)
end
def setup
super
setup_database
config =<<EOF
server {
hostname "localhost"
database "sqlite::memory:"
initial_sleep 0
web_interface {
document_root "#{File.expand_path(File.join(File.dirname(__FILE__),".."))}"
}
}
person ("test1") {
password "#{Digest::SHA1.new.hexdigest("goodpassword")}"
all { true }
}
source_list "example_hosts", %w(test-1.example.com test-2.example.com www.example.com www2.example.com)
alert_group("test") {
includes{ in_source_list?("example_hosts") }
level LOW
notify("test1") {
every 10.minutes
}
}
alert_group("default") {
level URGENT
notify("test1") {
every 10.minutes
}
}
EOF
Configuration.current = ConfigurationBuilder.parse(config)
Server.instance.setup
end
def teardown
teardown_database
super
end
def app
Rack::Session::Cookie.new(WebInterface.new, :key => WebInterfaceTest::SESSION_KEY, :secret => "testing-1234")
end
def test_log_in
# Check we get the login page when going to "/" before logging in.
get '/'
follow_redirect! while last_response.redirect?
assert last_response.ok?
assert last_response.body.include?("Mauve: Login")
assert session['__FLASH__'].empty?
# Check we can't access this page before logging in.
get '/alerts'
assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set following forbidden access")
follow_redirect! while last_response.redirect?
assert_equal(403, last_response.status, "The HTTP status wasn't 403")
assert last_response.body.include?("Mauve: Login")
assert session['__FLASH__'].empty?
# Check we can't access AJAX requests before logging in.
get '/ajax/alerts_table/raised/subject', {}, {:xhr => true}
refute(session['__FLASH__'].has_key?(:error), "The flash error shouldn't have been set from an AJAX call")
follow_redirect! while last_response.redirect?
assert_equal(403, last_response.status, "The HTTP status wasn't 403")
assert last_response.body.include?('You must be logged in to access this page')
assert session['__FLASH__'].empty?
#
# Try to falsify our login.
#
session['username'] = "test1"
get '/alerts'
assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set following forbidden access")
follow_redirect! while last_response.redirect?
assert_equal(403, last_response.status, "The HTTP status wasn't 403")
assert last_response.body.include?("Mauve: Login")
assert session['__FLASH__'].empty?
#
# OK login with a bad password
#
post '/login', :username => 'test1', :password => 'badpassword'
assert_equal(401, last_response.status, "A bad login did not produce a 401 response")
assert(last_response.body.include?("Mauve: Login"))
assert(session['__FLASH__'].has_key?(:error),"The flash error wasn't set")
#
# This last login attempt produces two warning messages (one for each auth
# type), so pop them both off the logger.
#
logger_pop ; logger_pop
post '/login', :username => 'test1', :password => 'goodpassword'
follow_redirect! while last_response.redirect?
assert last_response.body.include?('Mauve: ')
assert last_response.ok?
get '/logout'
follow_redirect! while last_response.redirect?
assert last_response.ok?
end
def test_alerts_show_subject
post '/login', :username => 'test1', :password => 'goodpassword'
follow_redirect! while last_response.redirect?
assert last_response.body.include?('Mauve: ')
a = Alert.new(:source => "www.example.com", :alert_id => "test_raise!")
a.raise!
get '/alerts/raised/subject'
end
end
|