booth 0.0.1 → 0.0.2

data/lib/booth/syntaxes/otp.rb

@@ -1,57 +0,0 @@
-module Booth
-  module Syntaxes
-    class Otp
-      include ::Booth::Logging
-      include ::Booth::MethodObject
-
-      param :input
-
-      def call
-        check_blank.on_success { check_characters }
-                   .on_success { check_length }
-      end
-
-      private
-
-      def check_blank
-        return Tron.success :otp_present if input.present?
-
-        debug { "OTP #{input.inspect} is blank." }
-        Tron.failure :blank_otp,
-                     normalized_otp: nil,
-                     public_message: I18n.t('booth.blank_otp')
-      end
-
-      def check_characters
-        return Tron.success :otp_consists_of_digits if input_without_spaces.match?(allowed_regexp)
-
-        debug { "OTP #{input.inspect} contains invalid characters" }
-        Tron.failure :invalid_otp_format,
-                     normalized_otp: nil,
-                     public_message: I18n.t('booth.invalid_otp_format')
-      end
-
-      def check_length
-        if input_without_spaces.to_s.length == ::Booth.config.otp_digits
-          return Tron.success :valid_otp_syntax,
-                              normalized_otp: input_without_spaces
-        end
-
-        debug { "OTP #{input.inspect} is not #{::Booth.config.otp_digits} characters long." }
-        Tron.failure :wrong_otp_length,
-                     normalized_otp: nil,
-                     public_message: I18n.t('booth.wrong_otp_length', digits: ::Booth.config.otp_digits)
-      end
-
-      # Helpers
-
-      def input_without_spaces
-        input.to_s.delete(' ')
-      end
-
-      def allowed_regexp
-        /\A\d+\z/
-      end
-    end
-  end
-end

data/lib/booth/syntaxes/scope_comparison.rb

@@ -1,28 +0,0 @@
-module Booth
-  module Syntaxes
-    class ScopeComparison
-      include ::Booth::Logging
-      include ::Booth::MethodObject
-
-      option :this, as: :raw_this
-      option :that, as: :raw_that
-
-      def call
-        return Tron.success(:identical_scopes) if this == that
-
-        debug { "The requested scope #{this.inspect} does not match what's on record #{that.inspect}" }
-        Tron.failure :mismatching_scopes, this:, that:
-      end
-
-      private
-
-      def this
-        ::Booth::Syntaxes::Scope.call(raw_this).normalized_scope
-      end
-
-      def that
-        ::Booth::Syntaxes::Scope.call(raw_that).normalized_scope
-      end
-    end
-  end
-end

data/lib/booth/test/helpers.rb

@@ -1,63 +0,0 @@
-require 'active_support/testing/time_helpers'
-
-require_relative 'support/assert_all_partials_were_covered'
-require_relative 'support/assert_logged_in'
-require_relative 'support/assert_logged_out'
-require_relative 'support/assert_partial'
-require_relative 'support/get_session_value'
-require_relative 'support/otp_code_from_session'
-require_relative 'support/soft_reset_session'
-require_relative 'webauthn/disable'
-require_relative 'webauthn/enable'
-require_relative 'webauthn/virtual_authenticators/create'
-require_relative 'webauthn/virtual_authenticators/destroy'
-
-module Booth
-  module Test
-    module Helpers
-      extend ActiveSupport::Concern
-
-      included do
-        include ActiveSupport::Testing::TimeHelpers
-      end
-
-      def assert_logged_out
-        ::Booth::Test::Support::AssertLoggedOut.call(page:, scope:)
-      end
-
-      def assert_logged_in(credential:)
-        ::Booth::Test::Support::AssertLoggedIn.call(page:, scope:, credential:)
-      end
-
-      def assert_userland_partial(controller:, step:)
-        ::Booth::Test::Support::AssertPartial.call(page:, namespace: :userland, controller:, step:)
-      end
-
-      def extract_otp_secret_key_and_generate_code
-        secret_key = page.body.split('?secret=').last.split('&').first
-        raise 'Expected an OTP secret but found none' if secret_key.blank?
-
-        code = ::Booth::Models::Credential.new(otp_secret_key: secret_key).otp_code
-        Booth.config.logger&.debug(to_s) { "Extracted OTP secret #{secret_key} and derived the code #{code}" }
-        code
-      end
-
-      def soft_reset_session
-        ::Booth::Test::Support::SoftResetSession.call(page:)
-      end
-
-      def setup_virtual_authenticator_environment
-        # For some reason, the Chrome Virtual Authenticator Environment often leaks from one test to the next.
-        # All kinds of errors in Webauth only cause one single generic `NotAllowedError` for privacy reasons
-        # So it's impossible to debug the actual cause. I just found out after many hours that disabling first, works.
-        ::Booth::Test::Webauthn::Disable.call devtools: page.driver.browser.devtools
-        ::Booth::Test::Webauthn::Enable.call devtools: page.driver.browser.devtools
-      end
-
-      def create_virtual_authenticator(has_user_verification: true)
-        setup_virtual_authenticator_environment
-        ::Booth::Test::Webauthn::VirtualAuthenticators::Create.call(page:, has_user_verification:)
-      end
-    end
-  end
-end

data/lib/booth/test/support/assert_all_partials_were_covered.rb

@@ -1,63 +0,0 @@
-module Booth
-  module Test
-    module Support
-      class AssertAllPartialsWereCovered
-        include ::Booth::MethodObject
-
-        def call
-          return if missing_partials.empty?
-
-          raise "Expected these partials to be covered: #{missing_partials}"
-        end
-
-        private
-
-        def missing_partials
-          (expected_partials - covered_partials)
-        end
-
-        def expected_partials # rubocop:disable Metrics/MethodLength
-          %w[
-            userland/login/enter_otp
-            userland/login/enter_password
-            userland/login/enter_username
-            userland/login/enter_webauth
-            userland/login/needs_onboarding
-            userland/login/no_authenticators
-            userland/login/remote_session_available
-            userland/onboarding/already_logged_in
-            userland/onboarding/choose_password
-            userland/onboarding/choose_webauth_nickname
-            userland/onboarding/completed
-            userland/onboarding/confirm_otp
-            userland/onboarding/confirm_password
-            userland/onboarding/confirm_webauth
-            userland/onboarding/register_otp
-            userland/onboarding/register_webauth
-            userland/onboarding/timed_out
-            userland/otp/add
-            userland/otp/confirm
-            userland/otp/register
-            userland/otp/show
-            userland/otp/successfully_changed
-            userland/otp/sudo
-            userland/password_reset/check_your_mail
-            userland/password_reset/choose_password
-            userland/password_reset/completed
-            userland/password_reset/confirm_password
-            userland/password_reset/logout_first
-            userland/password_reset/new
-            userland/password_reset/revoked
-            userland/password_reset/throttled
-            userland/password_reset/timed_out
-            userland/password_reset/wrong_user_logged_in
-          ]
-        end
-
-        def covered_partials
-          Booth::Test::Support::AssertPartial.asserted_partials.to_a
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/support/assert_logged_in.rb

@@ -1,49 +0,0 @@
-module Booth
-  module Test
-    module Support
-      class AssertLoggedIn
-        class AssertionFailedError < StandardError; end
-
-        include ::Booth::MethodObject
-        include ::Booth::Logging
-
-        option :page
-        option :scope
-        option :credential
-
-        def call
-          tries ||= 0
-          ::Capybara::Lockstep.synchronize
-
-          active_sessions.each do |session|
-            browser_session_id = ::Booth::Test::Support::GetSessionValue.call(page:, key:)
-            return true if browser_session_id == session.id.to_s
-          end
-
-          raise AssertionFailedError, "Expected Credential `#{credential.id}` to be logged in with a session of: #{active_sessions.map(&:id)}"
-
-        # With the Webauth pingpong it sometimes takes a little longer.
-        # And Capybara Lockstep doesn't seem to be able to detect that.
-        rescue AssertionFailedError
-          if (tries += 1) < 3
-            debug { 'Trying again...' }
-            sleep 1
-            retry
-          end
-
-          raise
-        end
-
-        private
-
-        def active_sessions
-          credential.sessions.active_scope.sorted_scope
-        end
-
-        def key
-          "warden.user.#{scope}.key"
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/support/assert_partial.rb

@@ -1,29 +0,0 @@
-module Booth
-  module Test
-    module Support
-      class AssertPartial
-        include ::Booth::MethodObject
-
-        cattr_accessor :asserted_partials, instance_accessor: false, default: Set.new
-
-        option :page
-        option :namespace
-        option :controller
-        option :step
-
-        def call
-          ::Capybara::Lockstep.synchronize
-
-          page.find "[data-booth='#{partial}']", visible: :all
-
-          self.class.asserted_partials << partial
-          nil
-        end
-
-        def partial
-          "#{namespace}/#{controller}/#{step}"
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/support/otp_code_from_session.rb

@@ -1,30 +0,0 @@
-module Booth
-  module Test
-    module Support
-      class OtpCodeFromSession
-        include ::Booth::MethodObject
-
-        option :page
-        option :scope
-
-        def call
-          secret_key = load_secret_key
-          raise 'No OTP secret key found in session' if secret_key.blank?
-
-          dummy = ::Booth::Models::Credential.new otp_secret_key: secret_key
-          dummy.otp_code
-        end
-
-        private
-
-        def load_secret_key
-          ::Booth::Test::Support::GetSessionValue.call(page:, key:)
-        end
-
-        def key
-          "booth.#{scope}.otp.secret_key"
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/support/soft_reset_session.rb

@@ -1,22 +0,0 @@
-module Booth
-  module Test
-    module Support
-      # Essentially resets the session cookie, but without removing
-      # Chrome's Virtual Authenticator Enviroment.
-      class SoftResetSession
-        include ::Booth::MethodObject
-
-        option :page
-
-        def call
-          ::Capybara::Lockstep.synchronize
-
-          keys = page.get_rack_session.keys
-          nilified_keys = keys.index_with { nil }
-
-          page.set_rack_session(**nilified_keys)
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/userland/logins/missing_authenticators.rb

@@ -1,72 +0,0 @@
-module Booth
-  module Test
-    module Userland
-      module Logins
-        class MissingAuthenticators
-          include ::Booth::MethodObject
-          include ::Booth::Test::Helpers
-
-          option :page
-          option :scope
-          option :show_onboarding_path
-          option :new_login_path
-
-          def call
-            credential = ::Booth::Models::Credential.create!(
-              username: 'alice',
-              password: 'qwrasfyxv',
-              scope:,
-              mode: :username_and_webauth,
-              allowed_modes: [:username_and_webauth]
-            )
-
-            onboarding = ::Booth::Models::Onboarding.create!(
-              credential_id: credential.id,
-              mode: :username_and_webauth
-            )
-
-            page.visit show_onboarding_path.sub('ID', onboarding.secret_key)
-
-            create_virtual_authenticator
-
-            assert_userland_partial controller: :onboarding, step: :register_webauth
-
-            page.click_on :register
-
-            assert_userland_partial controller: :onboarding, step: :choose_webauth_nickname
-
-            page.fill_in :nickname, with: 'Yubikey'
-            page.click_on :submit
-
-            assert_userland_partial controller: :onboarding, step: :confirm_webauth
-
-            page.click_on :authenticate
-
-            assert_userland_partial controller: :onboarding, step: :completed
-            assert_logged_in credential: credential
-
-            soft_reset_session
-            assert_logged_out
-
-            credential.authenticators.delete_all
-
-            # Login
-
-            page.visit new_login_path
-
-            assert_userland_partial controller: :login, step: :enter_username
-
-            page.fill_in :username, with: 'alice'
-            page.click_on :submit
-
-            assert_userland_partial controller: :login, step: :remote_session_available
-
-            page.click_on :skip
-
-            assert_userland_partial controller: :login, step: :no_authenticators
-          end
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/userland/logins/missing_onboarding.rb

@@ -1,35 +0,0 @@
-module Booth
-  module Test
-    module Userland
-      module Logins
-        class MissingOnboarding
-          include ::Booth::MethodObject
-          include ::Booth::Test::Helpers
-
-          option :page
-          option :scope
-          option :new_login_path
-
-          def call
-            ::Booth::Models::Credential.create!(
-              username: 'alice',
-              password: 'qwrasfyxv',
-              scope:,
-              mode: :first_time,
-              allowed_modes: [:username_and_password]
-            )
-
-            page.visit new_login_path
-
-            assert_userland_partial controller: :login, step: :enter_username
-
-            page.fill_in :username, with: 'alice'
-            page.click_on :submit
-
-            assert_userland_partial controller: :login, step: :needs_onboarding
-          end
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/userland/logins/username_and_password.rb

@@ -1,40 +0,0 @@
-module Booth
-  module Test
-    module Userland
-      module Logins
-        class UsernameAndPassword
-          include ::Booth::MethodObject
-          include ::Booth::Test::Helpers
-
-          option :page
-          option :scope
-          option :new_login_path
-
-          def call
-            credential = ::Booth::Models::Credential.create!(
-              username: 'alice',
-              password: 'qwrasfyxv',
-              scope:,
-              mode: :username_and_password,
-              allowed_modes: [:username_and_password]
-            )
-
-            page.visit new_login_path
-
-            assert_userland_partial controller: :login, step: :enter_username
-
-            page.fill_in :username, with: 'alice'
-            page.click_on :submit
-
-            assert_userland_partial controller: :login, step: :enter_password
-
-            page.fill_in :password, with: 'qwrasfyxv'
-            page.click_on :submit
-
-            assert_logged_in credential:
-          end
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/userland/logins/username_and_webauth.rb

@@ -1,75 +0,0 @@
-module Booth
-  module Test
-    module Userland
-      module Logins
-        class UsernameAndWebauth
-          include ::Booth::MethodObject
-          include ::Booth::Test::Helpers
-
-          option :page
-          option :scope
-          option :show_onboarding_path
-          option :new_login_path
-          option :after_credential, default: -> {}
-
-          def call
-            credential = ::Booth::Models::Credential.create!(
-              username: 'alice',
-              password: 'qwrasfyxv',
-              scope:,
-              mode: :username_and_webauth,
-              allowed_modes: [:username_and_webauth]
-            )
-            after_credential&.call(credential.id)
-
-            onboarding = ::Booth::Models::Onboarding.create!(
-              credential_id: credential.id,
-              mode: :username_and_webauth
-            )
-
-            page.visit show_onboarding_path.sub('ID', onboarding.secret_key)
-            create_virtual_authenticator
-
-            assert_userland_partial controller: :onboarding, step: :register_webauth
-
-            page.click_on :register
-
-            assert_userland_partial controller: :onboarding, step: :choose_webauth_nickname
-
-            page.fill_in :nickname, with: 'Yubikey'
-            page.click_on :submit
-
-            assert_userland_partial controller: :onboarding, step: :confirm_webauth
-
-            page.click_on :authenticate
-
-            assert_userland_partial controller: :onboarding, step: :completed
-            assert_logged_in credential: credential
-
-            soft_reset_session
-            assert_logged_out
-
-            # Login
-
-            page.visit new_login_path
-
-            assert_userland_partial controller: :login, step: :enter_username
-
-            page.fill_in :username, with: 'alice'
-            page.click_on :submit
-
-            assert_userland_partial controller: :login, step: :remote_session_available
-
-            page.click_on :skip
-
-            assert_userland_partial controller: :login, step: :enter_webauth
-
-            page.click_on :authenticate
-
-            assert_logged_in credential:
-          end
-        end
-      end
-    end
-  end
-end

data/lib/booth/test/userland/logins/username_password_and_otp.rb

@@ -1,45 +0,0 @@
-module Booth
-  module Test
-    module Userland
-      module Logins
-        class UsernamePasswordAndOtp
-          include ::Booth::MethodObject
-          include ::Booth::Test::Helpers
-
-          option :page
-          option :scope
-          option :new_login_path
-
-          def call
-            credential = ::Booth::Models::Credential.create!(
-              username: 'alice',
-              password: 'qwrasfyxv',
-              scope:,
-              mode: :username_password_and_otp,
-              allowed_modes: [:username_password_and_otp]
-            )
-
-            page.visit new_login_path
-
-            assert_userland_partial controller: :login, step: :enter_username
-
-            page.fill_in :username, with: 'alice'
-            page.click_on :submit
-
-            assert_userland_partial controller: :login, step: :enter_password
-
-            page.fill_in :password, with: 'qwrasfyxv'
-            page.click_on :submit
-
-            assert_userland_partial controller: :login, step: :enter_otp
-
-            page.fill_in :code, with: credential.otp_code
-            page.click_on :submit
-
-            assert_logged_in credential:
-          end
-        end
-      end
-    end
-  end
-end