zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-22 10:45:58 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add tests

Browse source
This commit is contained in:
Alex Sherman 2020-09-30 19:18:57 +05:00
parent 40af20ef47
commit eeffb7ee22
10 changed files with 49 additions and 212 deletions
Download patch file Download diff file Expand all files Collapse all files

96
app/controllers/registrar/sessions_controller.rb
View file

@ -49,102 +49,6 @@ class Registrar
end end
end end
def id_card
self.resource = warden.authenticate!(auth_options)
restricted_ip = Authorization::RestrictedIP.new(request.ip)
ip_allowed = restricted_ip.can_access_registrar_area?(resource.registrar)
unless ip_allowed
render plain: t('registrar.authorization.ip_not_allowed', ip: request.ip)
warden.logout(:registrar_user)
return
end
set_flash_message!(:notice, :signed_in)
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
end
def login_mid
@user = User.new
end
def mid
phone = params[:user][:phone]
endpoint = "#{ENV['sk_digi_doc_service_endpoint']}"
client = Digidoc::Client.new(endpoint)
client.logger = Rails.application.config.logger unless Rails.env.test?
# country_codes = {'+372' => 'EST'}
phone.gsub!('+372', '')
response = client.authenticate(
phone: "+372#{phone}",
message_to_display: 'Authenticating',
service_name: ENV['sk_digi_doc_service_name'] || 'Testing'
)
if response.faultcode
render json: { message: response.detail.message }, status: :unauthorized
return
end
if Setting.registrar_ip_whitelist_enabled
@user = find_user_by_idc_and_allowed(response.user_id_code)
else
@user = find_user_by_idc(response.user_id_code)
end
if @user.persisted?
session[:user_id_code] = response.user_id_code
session[:mid_session_code] = client.session_code
render json: {
message: t(:confirmation_sms_was_sent_to_your_phone_verification_code_is, { code: response.challenge_id })
}, status: :ok
else
render json: { message: t(:no_such_user) }, status: :unauthorized
end
end
def mid_status
endpoint = "#{ENV['sk_digi_doc_service_endpoint']}"
client = Digidoc::Client.new(endpoint)
client.logger = Rails.application.config.logger unless Rails.env.test?
client.session_code = session[:mid_session_code]
auth_status = client.authentication_status
case auth_status.status
when 'OUTSTANDING_TRANSACTION'
render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
when 'USER_AUTHENTICATED'
@user = find_user_by_idc_and_allowed(session[:user_id_code])
sign_in(:registrar_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{after_sign_in_path_for(@user)}'"
when 'NOT_VALID'
render json: { message: t(:user_signature_is_invalid) }, status: :bad_request
when 'EXPIRED_TRANSACTION'
render json: { message: t(:session_timeout) }, status: :bad_request
when 'USER_CANCEL'
render json: { message: t(:user_cancelled) }, status: :bad_request
when 'MID_NOT_READY'
render json: { message: t(:mid_not_ready) }, status: :bad_request
when 'PHONE_ABSENT'
render json: { message: t(:phone_absent) }, status: :bad_request
when 'SENDING_ERROR'
render json: { message: t(:sending_error) }, status: :bad_request
when 'SIM_ERROR'
render json: { message: t(:sim_error) }, status: :bad_request
when 'INTERNAL_ERROR'
render json: { message: t(:internal_error) }, status: :bad_request
else
render json: { message: t(:internal_error) }, status: :bad_request
end
end
private private
def depp_controller? def depp_controller?

1
app/controllers/registrar/tara_controller.rb
View file

@ -8,6 +8,7 @@ class Registrar
@api_user = ApiUser.from_omniauth(user_hash) @api_user = ApiUser.from_omniauth(user_hash)
if @api_user if @api_user
flash[:notice] = t(:signed_in_successfully)
sign_in_and_redirect(:registrar_user, @api_user) sign_in_and_redirect(:registrar_user, @api_user)
else else
show_error and return show_error and return

3
app/errors/tampering_detected.rb
View file

@ -1,3 +0,0 @@
module Errors
class TamperingDetected < ActionController::BadRequest; end
end

3
app/models/user.rb
View file

@ -1,9 +1,6 @@
class User < ApplicationRecord class User < ApplicationRecord
include Versions # version/user_version.rb include Versions # version/user_version.rb
ESTONIAN_COUNTRY_CODE = 'EE'.freeze
TARA_PROVIDER = 'tara'.freeze
has_many :actions, dependent: :restrict_with_exception has_many :actions, dependent: :restrict_with_exception
attr_accessor :phone attr_accessor :phone

2
config/locales/account_activities.en.yml
View file

@ -2,4 +2,4 @@ en:
activerecord: activerecord:
attributes: attributes:
account_activity: account_activity:
created_at: Receipt date created_at: Receipt date

2
config/locales/en.yml
View file

@ -660,3 +660,5 @@ en:
ipv6: IPv6 ipv6: IPv6
reference_no: Reference number reference_no: Reference number
iban: IBAN iban: IBAN
sign_in: "Sign in"
signed_in_successfully: "Signed in successfully"

9
config/routes.rb
View file

@ -77,15 +77,6 @@ Rails.application.routes.draw do
devise_for :users, path: '', class_name: 'ApiUser', skip: %i[sessions] devise_for :users, path: '', class_name: 'ApiUser', skip: %i[sessions]
devise_scope :registrar_user do devise_scope :registrar_user do
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
# /registrar/id path is hardcoded in Apache config for authentication with Estonian ID-card
post 'id' => 'sessions#id_card', as: :id_card_sign_in
post 'mid' => 'sessions#mid'
match '/open_id/callback', via: %i[get post], to: 'tara#callback', as: :tara_callback match '/open_id/callback', via: %i[get post], to: 'tara#callback', as: :tara_callback
match '/open_id/cancel', via: %i[get post delete], to: 'tara#cancel', match '/open_id/cancel', via: %i[get post delete], to: 'tara#cancel',
as: :tara_cancel as: :tara_cancel

65
test/integration/registrar_area/sign_in/id_card_test.rb
View file

@ -1,65 +0,0 @@
require 'test_helper'
class RegistrarAreaIdCardSignInTest < ApplicationIntegrationTest
# setup do
# @user = users(:api_bestnames)
# @original_registrar_area_ip_whitelist = Setting.registrar_ip_whitelist_enabled
# end
#
# teardown do
# Setting.registrar_ip_whitelist_enabled = @original_registrar_area_ip_whitelist
# end
#
# def test_signs_in_a_user_when_id_card_owner_is_found
# assert_equal '1234', @user.identity_code
#
# post registrar_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => 'DOE,JOHN,1234' }
# follow_redirect!
#
# assert_response :ok
# assert_equal registrar_root_path, path
# assert_not_nil controller.current_registrar_user
# end
#
# def test_does_not_sign_in_a_user_when_id_card_owner_is_not_found
# post registrar_id_card_sign_in_path,
# headers: { 'SSL_CLIENT_S_DN_CN' => 'DOE,JOHN,unacceptable-personal-code' }
#
# assert_nil controller.current_registrar_user
# assert_equal registrar_id_card_sign_in_path, path
# assert_includes response.body, 'Failed to Login'
# end
#
# def test_does_not_sign_in_a_user_when_id_card_owner_is_found_but_ip_is_not_allowed
# allow_access_to_sign_in_page
# assert_equal '127.0.0.1', white_ips(:one).ipv4
# assert_equal '1234', @user.identity_code
#
# Setting.registrar_ip_whitelist_enabled = true
#
# post registrar_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => 'DOE,JOHN,1234',
# 'REMOTE_ADDR' => '127.0.0.2' }
#
# assert_equal registrar_id_card_sign_in_path, path
# assert_equal 'Access denied from IP 127.0.0.2', response.body
#
# get registrar_root_path
# assert_redirected_to new_registrar_user_session_path
# end
#
# def test_does_not_sign_in_a_user_when_certificate_is_absent
# post registrar_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => '' }
#
# assert_nil controller.current_registrar_user
# assert_equal registrar_id_card_sign_in_path, path
# end
#
# private
#
# def allow_access_to_sign_in_page
# another_registrar_white_ip = white_ips(:one).dup
# another_registrar_white_ip.ipv4 = '127.0.0.2'
# another_registrar_white_ip.registrar = registrars(:goodnames)
# another_registrar_white_ip.save!
# end
end

35
test/system/registrar_area/sign_in/mobile_id_test.rb
View file

@ -1,35 +0,0 @@
require 'application_system_test_case'
class RegistrarAreaMobileIDSignInTest < JavaScriptApplicationSystemTestCase
# def setup
# super
# WebMock.allow_net_connect!
#
# @user = users(:api_bestnames)
# @user.identity_code = '1234'
# @user.save
# end
#
# def test_valid_phone_number
# mock_client = Minitest::Mock.new
# mock_client.expect(:authenticate,
# OpenStruct.new(user_id_code: '1234', challenge_id: '1234'),
# [{ phone: "+3721234",
# message_to_display: "Authenticating",
# service_name: "Testimine" }])
# mock_client.expect(:session_code, 1234)
#
# Digidoc::Client.stub(:new, mock_client) do
# visit new_registrar_user_session_path
#
# click_on 'login-with-mobile-id-btn'
#
# fill_in 'user[phone]', with: '1234'
# click_button 'Login'
#
# flash_message = page.find('div.bg-success')
# assert_equal('Confirmation sms was sent to your phone. Verification code is 1234.',
# flash_message.text)
# end
# end
end

45
test/system/registrar_area/tara/tara_users_test.rb Normal file
View file

@ -0,0 +1,45 @@
require 'application_system_test_case'
class TaraUsersTest < ApplicationSystemTestCase
def setup
super
OmniAuth.config.test_mode = true
@user = users(:api_bestnames)
@existing_user_hash = {
'provider' => 'tara',
'uid' => "EE" + @user.identity_code
}
@new_user_hash = {
'provider' => 'tara',
'uid' => 'EE51007050604'
}
end
def teardown
super
OmniAuth.config.test_mode = false
OmniAuth.config.mock_auth['tara'] = nil
end
def test_existing_user_gets_signed_in
OmniAuth.config.mock_auth[:tara] = OmniAuth::AuthHash.new(@existing_user_hash)
visit new_registrar_user_session_path
click_link('Sign in')
assert_text('Signed in successfully')
end
def test_nonexisting_user_gets_error_message
OmniAuth.config.mock_auth[:tara] = OmniAuth::AuthHash.new(@new_user_hash)
visit new_registrar_user_session_path
click_link('Sign in')
assert_text('No such user')
end
end