mirror of
https://github.com/internetee/registry.git
synced 2025-07-23 19:20:37 +02:00
Merge branch 'registry-918' into registry-922
This commit is contained in:
commit
5c39cb6917
9 changed files with 352 additions and 16 deletions
1
test/fixtures/users.yml
vendored
1
test/fixtures/users.yml
vendored
|
@ -26,3 +26,4 @@ admin:
|
|||
registrant:
|
||||
type: RegistrantUser
|
||||
registrant_ident: US-1234
|
||||
username: Registrant User
|
||||
|
|
|
@ -0,0 +1,58 @@
|
|||
require 'test_helper'
|
||||
|
||||
class RegistrantApiAuthenticationTest < ActionDispatch::IntegrationTest
|
||||
def setup
|
||||
super
|
||||
|
||||
@user_hash = {ident: '37010100049', first_name: 'Adam', last_name: 'Baker'}
|
||||
@existing_user = RegistrantUser.find_or_create_by_api_data(@user_hash)
|
||||
end
|
||||
|
||||
def teardown
|
||||
super
|
||||
|
||||
end
|
||||
|
||||
def test_request_creates_user_when_one_does_not_exist
|
||||
params = {
|
||||
ident: '30110100103',
|
||||
first_name: 'John',
|
||||
last_name: 'Smith',
|
||||
}
|
||||
|
||||
post '/api/v1/registrant/auth/eid', params
|
||||
assert(User.find_by(registrant_ident: 'EE-30110100103'))
|
||||
|
||||
json = JSON.parse(response.body, symbolize_names: true)
|
||||
assert_equal([:access_token, :expires_at, :type], json.keys)
|
||||
end
|
||||
|
||||
def test_request_returns_existing_user
|
||||
assert_no_changes User.count do
|
||||
post '/api/v1/registrant/auth/eid', @user_hash
|
||||
end
|
||||
end
|
||||
|
||||
def test_request_returns_401_from_a_not_whitelisted_ip
|
||||
params = { foo: :bar, test: :test }
|
||||
@original_whitelist_ip = ENV['registrant_api_auth_allowed_ips']
|
||||
ENV['registrant_api_auth_allowed_ips'] = '1.2.3.4'
|
||||
|
||||
post '/api/v1/registrant/auth/eid', params
|
||||
assert_equal(401, response.status)
|
||||
json_body = JSON.parse(response.body, symbolize_names: true)
|
||||
|
||||
assert_equal({ errors: ['Not authorized'] }, json_body)
|
||||
|
||||
ENV['registrant_api_auth_allowed_ips'] = @original_whitelist_ip
|
||||
end
|
||||
|
||||
def test_request_documented_parameters_are_required
|
||||
params = { foo: :bar, test: :test }
|
||||
|
||||
post '/api/v1/registrant/auth/eid', params
|
||||
json = JSON.parse(response.body, symbolize_names: true)
|
||||
assert_equal({ errors: [{ ident: ['parameter is required'] }] }, json)
|
||||
assert_equal(422, response.status)
|
||||
end
|
||||
end
|
53
test/lib/auth_token/auth_token_creator_test.rb
Normal file
53
test/lib/auth_token/auth_token_creator_test.rb
Normal file
|
@ -0,0 +1,53 @@
|
|||
require 'test_helper'
|
||||
require 'openssl'
|
||||
require_relative '../../../lib/auth_token/auth_token_creator'
|
||||
|
||||
class AuthTokenCreatorTest < ActiveSupport::TestCase
|
||||
def setup
|
||||
super
|
||||
|
||||
@user = users(:registrant)
|
||||
time = Time.zone.parse('2010-07-05 00:30:00 +0000')
|
||||
@random_bytes = SecureRandom.random_bytes(64)
|
||||
@token_creator = AuthTokenCreator.new(@user, @random_bytes, time)
|
||||
end
|
||||
|
||||
def test_hashable_is_constructed_as_expected
|
||||
expected_hashable = { user_ident: 'US-1234', user_username: 'Registrant User',
|
||||
expires_at: '2010-07-05 00:30:00 UTC' }.to_json
|
||||
|
||||
assert_equal(expected_hashable, @token_creator.hashable)
|
||||
end
|
||||
|
||||
def test_encrypted_token_is_decryptable
|
||||
encryptor = OpenSSL::Cipher::AES.new(256, :CBC)
|
||||
encryptor.decrypt
|
||||
encryptor.key = @random_bytes
|
||||
|
||||
base64_decoded = Base64.urlsafe_decode64(@token_creator.encrypted_token)
|
||||
result = encryptor.update(base64_decoded) + encryptor.final
|
||||
|
||||
hashable = { user_ident: 'US-1234', user_username: 'Registrant User',
|
||||
expires_at: '2010-07-05 00:30:00 UTC' }.to_json
|
||||
|
||||
assert_equal(hashable, result)
|
||||
end
|
||||
|
||||
def test_token_in_json_returns_expected_values
|
||||
@token_creator.stub(:encrypted_token, 'super_secure_token') do
|
||||
token = @token_creator.token_in_hash
|
||||
assert_equal('2010-07-05 00:30:00 UTC', token[:expires_at])
|
||||
assert_equal('Bearer', token[:type])
|
||||
end
|
||||
end
|
||||
|
||||
def test_create_with_defaults_injects_values
|
||||
travel_to Time.zone.parse('2010-07-05 00:30:00 +0000')
|
||||
|
||||
token_creator_with_defaults = AuthTokenCreator.create_with_defaults(@user)
|
||||
assert_equal(Rails.application.config.secret_key_base, token_creator_with_defaults.key)
|
||||
assert_equal('2010-07-05 02:30:00 UTC', token_creator_with_defaults.expires_at)
|
||||
|
||||
travel_back
|
||||
end
|
||||
end
|
82
test/lib/auth_token/auth_token_decryptor_test.rb
Normal file
82
test/lib/auth_token/auth_token_decryptor_test.rb
Normal file
|
@ -0,0 +1,82 @@
|
|||
require 'test_helper'
|
||||
require_relative '../../../lib/auth_token/auth_token_decryptor'
|
||||
require_relative '../../../lib/auth_token/auth_token_creator'
|
||||
|
||||
class AuthTokenDecryptorTest < ActiveSupport::TestCase
|
||||
def setup
|
||||
super
|
||||
|
||||
travel_to Time.parse("2010-07-05 00:15:00 UTC")
|
||||
@user = users(:registrant)
|
||||
|
||||
# For testing purposes, the token needs to be random and long enough, hence:
|
||||
@key = "b8+PtSq1+iXzUVnGEqciKsITNR0KmLl7uPiSTHbteqCoEBdbMLUl3GXlIDWD\nDZp1hIgKWnIMPNEgbuCa/7qccA==\n"
|
||||
@faulty_key = "FALSE+iXzUVnGEqciKsITNR0KmLl7uPiSTHbteqCoEBdbMLUl3GXlIDWD\nDZp1hIgKWnIMPNEgbuCa/7qccA==\n"
|
||||
|
||||
# this token corresponds to:
|
||||
# {:user_ident=>"US-1234", :user_username=>"Registrant User", :expires_at=>"2010-07-05 02:15:00 UTC"}
|
||||
@access_token = "q27NWIsKD5snWj9vZzJ0RcOYvgocEyu7H9yCaDjfmGi54sogovpBeALMPWTZHMcdFQzSiq6b4cI0p5tO0_5UEOHic2jRzNW7mkhi-bn-Y2Wlnw7jhMpxw6VwJR8QEoDzjkcNxnKBN6OKF4nssa60ZQ=="
|
||||
end
|
||||
|
||||
def teardown
|
||||
super
|
||||
|
||||
travel_back
|
||||
end
|
||||
|
||||
def test_decrypt_token_returns_a_hash_when_token_is_valid
|
||||
decryptor = AuthTokenDecryptor.new(@access_token, @key)
|
||||
|
||||
assert(decryptor.decrypt_token.is_a?(Hash))
|
||||
end
|
||||
|
||||
def test_decrypt_token_return_false_when_token_is_invalid
|
||||
faulty_decryptor = AuthTokenDecryptor.new(@access_token, @faulty_key)
|
||||
refute(faulty_decryptor.decrypt_token)
|
||||
end
|
||||
|
||||
def test_decrypt_token_return_false_when_token_is_nil
|
||||
faulty_decryptor = AuthTokenDecryptor.new(nil, @key)
|
||||
refute(faulty_decryptor.decrypt_token)
|
||||
end
|
||||
|
||||
def test_valid_returns_true_for_valid_token
|
||||
decryptor = AuthTokenDecryptor.new(@access_token, @key)
|
||||
decryptor.decrypt_token
|
||||
|
||||
assert(decryptor.valid?)
|
||||
end
|
||||
|
||||
def test_valid_returns_false_for_invalid_token
|
||||
faulty_decryptor = AuthTokenDecryptor.new(@access_token, @faulty_key)
|
||||
faulty_decryptor.decrypt_token
|
||||
|
||||
refute(faulty_decryptor.valid?)
|
||||
end
|
||||
|
||||
def test_valid_returns_false_for_expired_token
|
||||
travel_to Time.parse("2010-07-05 10:15:00 UTC")
|
||||
|
||||
decryptor = AuthTokenDecryptor.new(@access_token, @key)
|
||||
decryptor.decrypt_token
|
||||
|
||||
refute(decryptor.valid?)
|
||||
end
|
||||
|
||||
def test_returns_false_for_non_existing_user
|
||||
# This token was created from an admin user and @key. Decrypted, it corresponds to:
|
||||
# {:user_ident=>nil, :user_username=>"test", :expires_at=>"2010-07-05 00:15:00 UTC"}
|
||||
other_token = "rMkjgpyRcj2xOnHVwvvQ5RAS0yQepUSrw3XM5BrwM4TMH-h-TBeLve9InC_zaPneMMnCs0NHQHt1EpH95A2Yhdk6Ge6HQ-4gN5L0THDywCO2vHKGucPxbd6g6wOSaOnR"
|
||||
|
||||
decryptor = AuthTokenDecryptor.new(other_token, @key)
|
||||
decryptor.decrypt_token
|
||||
|
||||
refute(decryptor.valid?)
|
||||
end
|
||||
|
||||
def test_create_with_defaults_injects_values
|
||||
decryptor = AuthTokenDecryptor.create_with_defaults(@access_token)
|
||||
|
||||
assert_equal(Rails.application.config.secret_key_base, decryptor.key)
|
||||
end
|
||||
end
|
62
test/models/registrant_user_test.rb
Normal file
62
test/models/registrant_user_test.rb
Normal file
|
@ -0,0 +1,62 @@
|
|||
class RegistrantUserTest < ActiveSupport::TestCase
|
||||
def setup
|
||||
super
|
||||
end
|
||||
|
||||
def teardown
|
||||
super
|
||||
end
|
||||
|
||||
def test_find_or_create_by_api_data_creates_a_user
|
||||
user_data = {
|
||||
ident: '37710100070',
|
||||
first_name: 'JOHN',
|
||||
last_name: 'SMITH'
|
||||
}
|
||||
|
||||
RegistrantUser.find_or_create_by_api_data(user_data)
|
||||
|
||||
user = User.find_by(registrant_ident: 'EE-37710100070')
|
||||
assert_equal('JOHN SMITH', user.username)
|
||||
end
|
||||
|
||||
def test_find_or_create_by_api_data_creates_a_user_after_upcasing_input
|
||||
user_data = {
|
||||
ident: '37710100070',
|
||||
first_name: 'John',
|
||||
last_name: 'Smith'
|
||||
}
|
||||
|
||||
RegistrantUser.find_or_create_by_api_data(user_data)
|
||||
|
||||
user = User.find_by(registrant_ident: 'EE-37710100070')
|
||||
assert_equal('JOHN SMITH', user.username)
|
||||
end
|
||||
|
||||
def test_find_or_create_by_mid_data_creates_a_user
|
||||
user_data = OpenStruct.new(user_country: 'EE', user_id_code: '37710100070',
|
||||
user_givenname: 'JOHN', user_surname: 'SMITH')
|
||||
|
||||
RegistrantUser.find_or_create_by_mid_data(user_data)
|
||||
user = User.find_by(registrant_ident: 'EE-37710100070')
|
||||
assert_equal('JOHN SMITH', user.username)
|
||||
end
|
||||
|
||||
def test_find_or_create_by_idc_with_legacy_header_creates_a_user
|
||||
header = '/C=EE/O=ESTEID/OU=authentication/CN=SMITH,JOHN,37710100070/SN=SMITH/GN=JOHN/serialNumber=37710100070'
|
||||
|
||||
RegistrantUser.find_or_create_by_idc_data(header, RegistrantUser::ACCEPTED_ISSUER)
|
||||
|
||||
user = User.find_by(registrant_ident: 'EE-37710100070')
|
||||
assert_equal('JOHN SMITH', user.username)
|
||||
end
|
||||
|
||||
def test_find_or_create_by_idc_with_rfc2253_header_creates_a_user
|
||||
header = 'serialNumber=37710100070,GN=JOHN,SN=SMITH,CN=SMITH\\,JOHN\\,37710100070,OU=authentication,O=ESTEID,C=EE'
|
||||
|
||||
RegistrantUser.find_or_create_by_idc_data(header, RegistrantUser::ACCEPTED_ISSUER)
|
||||
|
||||
user = User.find_by(registrant_ident: 'EE-37710100070')
|
||||
assert_equal('JOHN SMITH', user.username)
|
||||
end
|
||||
end
|
Loading…
Add table
Add a link
Reference in a new issue