require 'test_helper' class EppLoginTest < EppTestCase setup do @original_sessions_per_registrar_setting = EppSession.sessions_per_registrar end teardown do EppSession.sessions_per_registrar = @original_sessions_per_registrar_setting end def test_logging_in_with_correct_credentials_creates_new_session user = users(:api_bestnames) new_session_id = 'new-session-id' request_xml = <<-XML #{user.username} #{user.plain_text_password} 1.0 en #{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')} #{Xsd::Schema.filename(for_prefix: 'contact-ee', for_version: '1.1')} urn:ietf:params:xml:ns:host-1.0 urn:ietf:params:xml:ns:keyrelay-1.0 XML assert_difference 'EppSession.count' do post '/epp/session/login', params: { frame: request_xml }, headers: { 'HTTP_COOKIE' => "session=#{new_session_id}" } end assert_epp_response :completed_successfully session = EppSession.last assert_equal new_session_id, session.session_id assert_equal user, session.user end def test_user_cannot_login_again session = epp_sessions(:api_bestnames) user = session.user request_xml = <<-XML #{user.username} #{user.plain_text_password} 1.0 en #{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')} #{Xsd::Schema.filename(for_prefix: 'contact-ee', for_version: '1.1')} urn:ietf:params:xml:ns:host-1.0 urn:ietf:params:xml:ns:keyrelay-1.0 XML assert_no_difference 'EppSession.count' do post '/epp/session/login', params: { frame: request_xml }, headers: { HTTP_COOKIE: "session=#{session.session_id}" } end assert_epp_response :use_error end def test_user_cannot_login_with_wrong_credentials user = users(:api_bestnames) wrong_password = 'a' * ApiUser.min_password_length assert_not_equal wrong_password, user.plain_text_password request_xml = <<-XML #{user.username} #{wrong_password} 1.0 en #{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')} #{Xsd::Schema.filename(for_prefix: 'contact-ee', for_version: '1.1')} urn:ietf:params:xml:ns:host-1.0 urn:ietf:params:xml:ns:keyrelay-1.0 XML assert_no_difference 'EppSession.count' do post '/epp/session/login', params: { frame: request_xml }, headers: { 'HTTP_COOKIE' => 'session=new-session-id' } end assert_epp_response :authentication_error_server_closing_connection end def test_password_change user = users(:api_bestnames) new_password = 'a' * ApiUser.min_password_length assert_not_equal new_password, user.plain_text_password request_xml = <<-XML #{user.username} #{user.plain_text_password} #{new_password} 1.0 en #{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')} #{Xsd::Schema.filename(for_prefix: 'contact-ee', for_version: '1.1')} urn:ietf:params:xml:ns:host-1.0 urn:ietf:params:xml:ns:keyrelay-1.0 XML post '/epp/session/login', params: { frame: request_xml }, headers: { 'HTTP_COOKIE' => 'session=new-session-id' } user.reload assert_epp_response :completed_successfully assert_equal new_password, user.plain_text_password end def test_user_cannot_login_when_max_allowed_sessions_per_registrar_is_exceeded user = users(:api_bestnames) eliminate_effect_of_existing_epp_sessions EppSession.sessions_per_registrar = 1 EppSession.create!(session_id: 'any', user: user) request_xml = <<-XML #{user.username} #{user.plain_text_password} 1.0 en #{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')} #{Xsd::Schema.filename(for_prefix: 'contact-ee', for_version: '1.1')} urn:ietf:params:xml:ns:host-1.0 urn:ietf:params:xml:ns:keyrelay-1.0 XML assert_no_difference 'EppSession.count' do post '/epp/session/login', params: { frame: request_xml }, headers: { 'HTTP_COOKIE' => 'session=new-session-id' } end assert_epp_response :session_limit_exceeded_server_closing_connection end private def eliminate_effect_of_existing_epp_sessions EppSession.delete_all end end