zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-27 21:16:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Added integration tests for user certificate validation

Browse source
This commit is contained in:
Sergei Tsoganov 2023-07-13 13:03:10 +03:00
parent 684f80891a
commit 52b3b3a6cf
2 changed files with 46 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/repp/v1/base_controller.rb
View file

@ -162,10 +162,7 @@ module Repp
end end
def skip_webclient_user_cert_validation? def skip_webclient_user_cert_validation?
Rails.env.development? || !webclient_request? || request.headers['Requester'] == 'tara'
Rails.env.test? ||
!webclient_request? ||
request.headers['Requester'] == 'tara'
end end
def auth_values_to_data(registrar:) def auth_values_to_data(registrar:)

45
test/integration/repp/v1/base_test.rb
View file

@ -77,6 +77,43 @@ class ReppV1BaseTest < ActionDispatch::IntegrationTest
Setting.registrar_ip_whitelist_enabled = false Setting.registrar_ip_whitelist_enabled = false
end end
def test_validates_webclient_user_certificate_ok
cert = certificates(:registrar)
@auth_headers.merge!({ 'User-Certificate' => cert.crt, 'User-Certificate-CN' => cert.common_name })
Repp::V1::BaseController.stub_any_instance(:webclient_request?, true) do
Repp::V1::BaseController.stub_any_instance(:validate_webclient_ca, true) do
get repp_v1_registrar_auth_index_path, headers: @auth_headers
end
end
assert_response :ok
end
def test_validates_webclient_user_certificate_if_missing
Repp::V1::BaseController.stub_any_instance(:webclient_request?, true) do
Repp::V1::BaseController.stub_any_instance(:validate_webclient_ca, true) do
get repp_v1_registrar_auth_index_path, headers: @auth_headers
end
end
assert_unauthorized_user_cert
end
def test_validates_webclient_user_certificate_if_revoked
cert = certificates(:registrar)
cert.update(revoked: true)
@auth_headers.merge!({ 'User-Certificate' => cert.crt, 'User-Certificate-CN' => cert.common_name })
Repp::V1::BaseController.stub_any_instance(:webclient_request?, true) do
Repp::V1::BaseController.stub_any_instance(:validate_webclient_ca, true) do
get repp_v1_registrar_auth_index_path, headers: @auth_headers
end
end
assert_unauthorized_user_cert
end
private private
def assert_unauthorized_ip def assert_unauthorized_ip
@ -86,4 +123,12 @@ class ReppV1BaseTest < ActionDispatch::IntegrationTest
assert_equal 2202, response_json[:code] assert_equal 2202, response_json[:code]
assert response_json[:message].include? 'Access denied from IP' assert response_json[:message].include? 'Access denied from IP'
end end
def assert_unauthorized_user_cert
response_json = JSON.parse(response.body, symbolize_names: true)
assert_response :unauthorized
assert_equal 2202, response_json[:code]
assert response_json[:message].include? 'Invalid user certificate'
end
end end