diaspora-vines 0.1.26 → 0.1.27

data/test/store_test.rb

@@ -120,7 +120,7 @@ describe Vines::Store do
 
   def certificate(domain, altname=nil)
     # Use small key so tests are fast.
-    key = OpenSSL::PKey::RSA.generate(256)
+    key = OpenSSL::PKey::RSA.generate(512)
 
     name = OpenSSL::X509::Name.parse("/C=US/ST=Colorado/L=Denver/O=Test/CN=#{domain}")
     cert = OpenSSL::X509::Certificate.new
@@ -142,6 +142,8 @@ describe Vines::Store do
       ].map {|k, v| factory.create_ext(k, v) }
     end
 
+    cert.sign key, OpenSSL::Digest::SHA1.new
+
     Pair.new(cert.to_pem, key.to_pem)
   end
 

data/test/stream/server/auth_method_test.rb

@@ -0,0 +1,101 @@
+# encoding: UTF-8
+
+require 'test_helper'
+
+class OperatorWrapper
+  def <<(stream)
+    [stream]
+  end
+end
+
+describe Vines::Stream::Server::AuthMethod do
+  before do
+    @result = {
+      from: 'hostA.org',
+      to: 'hostB.org',
+      token: '1234'
+    }
+    @stream = MiniTest::Mock.new
+    @state = Vines::Stream::Server::AuthMethod.new(@stream)
+  end
+
+  def test_invalid_element
+    node = node('<message/>')
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_invalid_tls_element
+    node = node(%Q{<message xmlns="#{Vines::NAMESPACES[:tls]}"/>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_invalid_dialback_element
+    node = node(%Q{<message xmlns:db="#{Vines::NAMESPACES[:legacy_dialback]}"/>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_missing_tls_namespace
+    node = node('<starttls/>')
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_no_dialback_payload
+    node = node('<db:result/>')
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_invalid_tls_namespace
+    node = node(%Q{<starttls xmlns="#{Vines::NAMESPACES[:legacy_dialback]}"/>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_missing_tls_certificate
+    @stream.expect(:encrypt?, false)
+    @stream.expect(:close_connection_after_writing, nil)
+    failure = %Q{<failure xmlns="#{Vines::NAMESPACES[:tls]}"/>}
+    node = node(%Q{<starttls xmlns="#{Vines::NAMESPACES[:tls]}"/>})
+    @stream.expect(:write, nil, [failure])
+    @stream.expect(:write, nil, ['</stream:stream>'])
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  def test_valid_tls
+    @stream.expect(:encrypt?, true)
+    @stream.expect(:encrypt, nil)
+    @stream.expect(:reset, nil)
+    @stream.expect(:advance, nil, [Vines::Stream::Server::AuthRestart.new(@stream)])
+    success = %Q{<proceed xmlns="#{Vines::NAMESPACES[:tls]}"/>}
+    node = node(%Q{<starttls xmlns="#{Vines::NAMESPACES[:tls]}"/>})
+    @stream.expect(:write, nil, [success])
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  def test_valid_dialback
+    @stream.expect(:config, Vines::Config)
+    @stream.expect(:router, OperatorWrapper.new)
+    @stream.expect(:close_connection_after_writing, nil)
+    node = node(%Q{
+      <db:result xmlns:db="#{Vines::NAMESPACES[:legacy_dialback]}" from="#{@result[:from]}" to="#{@result[:to]}">
+        #{@result[:token]}
+      </db:result>
+    })
+    assert_nothing_raised do
+      @state.node(node)
+    end.must_equal(true)
+  end
+
+  private
+
+  def assert_nothing_raised
+    yield
+      true
+  rescue
+    $!
+  end
+
+  def node(xml)
+    Nokogiri::XML(xml).root
+  end
+end

data/test/stream/server/outbound/auth_dialback_result_test.rb

@@ -0,0 +1,37 @@
+# encoding: UTF-8
+
+require 'test_helper'
+
+describe Vines::Stream::Server::Outbound::AuthDialbackResult do
+  before do
+    @stream = MiniTest::Mock.new
+    @state = Vines::Stream::Server::Outbound::AuthDialbackResult.new(@stream)
+  end
+
+  def test_invalid_stanza
+    node = node('<message/>')
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    assert @stream.verify
+  end
+
+  def test_invalid_result
+    node = node(%Q{<db:result xmlns:db="#{Vines::NAMESPACES[:legacy_dialback]}" from="remote.host" to="local.host" type="invalid"/>})
+    @stream.expect(:close_connection, nil)
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  def test_valid_result
+    node = node(%Q{<db:result xmlns:db="#{Vines::NAMESPACES[:legacy_dialback]}" from="remote.host" to="local.host" type="valid"/>})
+    @stream.expect(:advance, nil, [Vines::Stream::Server::Ready])
+    @stream.expect(:notify_connected, nil)
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  private
+
+  def node(xml)
+    Nokogiri::XML(xml).root
+  end
+end

data/test/stream/server/outbound/auth_external_test.rb

@@ -0,0 +1,75 @@
+# encoding: UTF-8
+
+require 'test_helper'
+
+describe Vines::Stream::Server::Outbound::AuthExternal do
+  before do
+    @stream = MiniTest::Mock.new
+    @state = Vines::Stream::Server::Outbound::AuthExternal.new(@stream)
+  end
+
+  def test_invalid_element
+    node = node('<message/>')
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_invalid_sasl_element
+    node = node(%Q{<message xmlns="#{Vines::NAMESPACES[:sasl]}"/>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_missing_namespace
+    node = node('<stream:features/>')
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_invalid_namespace
+    node = node('<stream:features xmlns="bogus"/>')
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_missing_mechanisms
+    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams"/>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_missing_mechanisms_namespace
+    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams"><mechanisms/></stream:features>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_missing_mechanism
+    mechanisms = %q{<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>}
+    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams">#{mechanisms}</stream:features>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_missing_mechanism_text
+    mechanisms = %q{<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism></mechanism></mechanisms>}
+    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams">#{mechanisms}</stream:features>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_invalid_mechanism_text
+    mechanisms = %q{<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>BOGUS</mechanism></mechanisms>}
+    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams">#{mechanisms}</stream:features>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_valid_mechanism
+    @stream.expect(:domain, 'wonderland.lit')
+    expected = %Q{<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="EXTERNAL">d29uZGVybGFuZC5saXQ=</auth>}
+    @stream.expect(:write, nil, [expected])
+    @stream.expect(:advance, nil, [Vines::Stream::Server::Outbound::AuthExternalResult.new(@stream)])
+    mechanisms = %q{<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>EXTERNAL</mechanism></mechanisms>}
+    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams">#{mechanisms}</stream:features>})
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  private
+
+  def node(xml)
+    Nokogiri::XML(xml).root
+  end
+end

data/test/stream/server/outbound/auth_restart_test.rb

@@ -0,0 +1,53 @@
+# encoding: UTF-8
+
+require 'test_helper'
+
+describe Vines::Stream::Server::Outbound::AuthRestart do
+  before do
+    @stream = MiniTest::Mock.new
+    @state = Vines::Stream::Server::Outbound::AuthRestart.new(@stream)
+  end
+
+  def test_missing_namespace
+    node = node('<stream:stream/>')
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    assert @stream.verify
+  end
+
+  def test_invalid_namespace
+    node = node(%Q{<stream:stream xmlns="#{Vines::NAMESPACES[:stream]}"/>})
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  end
+
+  def test_valid_stream
+    node = node(%Q{<stream:stream xmlns='jabber:client' xmlns:stream='#{Vines::NAMESPACES[:stream]}' xml:lang='en' id='1234' from='host.com' version='1.0'>})
+    @stream.expect(:advance, nil, [Vines::Stream::Server::Outbound::AuthExternal])
+    @stream.expect(:dialback_retry?, false)
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  def test_valid_stream_restart
+    node = node(%Q{<stream:stream xmlns='jabber:client' xmlns:stream='#{Vines::NAMESPACES[:stream]}' xml:lang='en' id='1234' from='host.com' version='1.0'>})
+    @stream.expect(:advance, nil, [Vines::Stream::Server::Outbound::Auth])
+    @stream.expect(:outbound_tls_required?, false)
+    @stream.expect(:dialback_retry?, true)
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  def test_valid_stream_required_tls
+    node = node(%Q{<stream:stream xmlns='jabber:client' xmlns:stream='#{Vines::NAMESPACES[:stream]}' xml:lang='en' id='1234' from='host.com' version='1.0'>})
+    @stream.expect(:close_connection, nil)
+    @stream.expect(:outbound_tls_required?, true)
+    @stream.expect(:dialback_retry?, true)
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  private
+
+  def node(xml)
+    Nokogiri::XML(xml).root
+  end
+end

data/test/stream/server/outbound/auth_test.rb

@@ -2,67 +2,83 @@
 
 require 'test_helper'
 
-describe Vines::Stream::Server::Outbound::Auth do
-  before do
-    @stream = MiniTest::Mock.new
-    @state = Vines::Stream::Server::Outbound::Auth.new(@stream)
-  end
-
-  def test_invalid_element
-    node = node('<message/>')
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+class OperatorWrapper
+  def <<(stream)
+    [stream]
   end
+end
 
-  def test_invalid_sasl_element
-    node = node(%Q{<message xmlns="#{Vines::NAMESPACES[:sasl]}"/>})
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
-  end
+class StateWrapper
+  def dialback_secret=(secret); end
+end
 
-  def test_missing_namespace
-    node = node('<stream:features/>')
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+module Vines
+  module Kit
+    def auth_token; "1234"; end
   end
+end
 
-  def test_invalid_namespace
-    node = node('<stream:features xmlns="bogus"/>')
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
-  end
+module Boolean; end
+class TrueClass; include Boolean; end
+class FalseClass; include Boolean; end
+class NilClass; include Boolean; end
 
-  def test_missing_mechanisms
-    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams"/>})
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+describe Vines::Stream::Server::Outbound::Auth do
+  before do
+    @stream = MiniTest::Mock.new
+    @state = Vines::Stream::Server::Outbound::Auth.new(@stream)
   end
 
-  def test_missing_mechanisms_namespace
-    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams"><mechanisms/></stream:features>})
+  def test_missing_children
+    node = node('<stream:features/>')
+    @stream.expect(:dialback_verify_key?, false)
+    @stream.expect(:outbound_tls_required, nil, [Boolean])
     assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    assert @stream.verify
   end
 
-  def test_missing_mechanism
-    mechanisms = %q{<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>}
-    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams">#{mechanisms}</stream:features>})
+  def test_invalid_children
+    node = node(%Q{<stream:features><message/></stream:features>})
+    @stream.expect(:dialback_verify_key?, false)
+    @stream.expect(:outbound_tls_required, nil, [Boolean])
     assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    assert @stream.verify
   end
 
-  def test_missing_mechanism_text
-    mechanisms = %q{<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism></mechanism></mechanisms>}
-    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams">#{mechanisms}</stream:features>})
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  def test_valid_stream_features
+    node = node(%Q{<stream:features xmlns:stream="#{Vines::NAMESPACES[:stream]}"><starttls xmlns="#{Vines::NAMESPACES[:tls]}"><required/></starttls><dialback xmlns="#{Vines::NAMESPACES[:dialback]}"/></stream:features>})
+    starttls = "<starttls xmlns='#{Vines::NAMESPACES[:tls]}'/>"
+    @stream.expect(:dialback_verify_key?, false)
+    @stream.expect(:outbound_tls_required, nil, [Boolean])
+    @stream.expect(:advance, nil, [Vines::Stream::Server::Outbound::TLSResult])
+    @stream.expect(:write, nil, [starttls])
+    @state.node(node)
+    assert @stream.verify
   end
 
-  def test_invalid_mechanism_text
-    mechanisms = %q{<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>BOGUS</mechanism></mechanisms>}
-    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams">#{mechanisms}</stream:features>})
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+  def test_dialback_feature_only
+    node = node(%Q{<stream:features xmlns:stream="#{Vines::NAMESPACES[:stream]}"><dialback xmlns="#{Vines::NAMESPACES[:dialback]}"/></stream:features>})
+    @stream.expect(:dialback_verify_key?, false)
+    @stream.expect(:router, OperatorWrapper.new)
+    @stream.expect(:domain, "local.host")
+    @stream.expect(:remote_domain, "remote.host")
+    @stream.expect(:domain, "local.host")
+    @stream.expect(:remote_domain, "remote.host")
+    @stream.expect(:id, "1234")
+    @stream.expect(:write, nil, [String])
+    @stream.expect(:outbound_tls_required, nil, [Boolean])
+    @stream.expect(:advance, nil, [Vines::Stream::Server::Outbound::AuthDialbackResult])
+    @stream.expect(:state, StateWrapper.new)
+    @state.node(node)
+    assert @stream.verify
   end
 
-  def test_valid_mechanism
-    @stream.expect(:domain, 'wonderland.lit')
-    expected = %Q{<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="EXTERNAL">d29uZGVybGFuZC5saXQ=</auth>}
-    @stream.expect(:write, nil, [expected])
-    @stream.expect(:advance, nil, [Vines::Stream::Server::Outbound::AuthResult.new(@stream)])
-    mechanisms = %q{<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>EXTERNAL</mechanism></mechanisms>}
-    node = node(%Q{<stream:features xmlns:stream="http://etherx.jabber.org/streams">#{mechanisms}</stream:features>})
+  def test_dialback_verify_key
+    node = node('<stream:stream/>')
+    @stream.expect(:advance, nil, [Vines::Stream::Server::Outbound::Authoritative])
+    @stream.expect(:dialback_verify_key?, true)
+    @stream.expect(:callback!, nil)
+    @stream.expect(:outbound_tls_required, nil, [Boolean])
     @state.node(node)
     assert @stream.verify
   end

data/test/stream/server/outbound/authoritative_test.rb

@@ -0,0 +1,66 @@
+# encoding: UTF-8
+
+require 'test_helper'
+
+class RouterWrapper
+  def initialize(stream); @stream = stream; end
+  def stream_by_id(id); @stream; end
+end
+
+describe Vines::Stream::Server::Outbound::Authoritative do
+  before do
+    @stream = MiniTest::Mock.new
+    @router = RouterWrapper.new(@stream)
+    @state = Vines::Stream::Server::Outbound::Authoritative.new(@stream)
+  end
+
+  def test_invalid_stanza
+    node = node('<message/>')
+    @stream.expect(:router, @router)
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    assert @stream.verify
+  end
+
+  def test_invalid_token
+    node = node('<db:verify/>')
+    router = RouterWrapper.new(nil)
+    @stream.expect(:router, router)
+    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    assert @stream.verify
+  end
+
+  def test_valid_verification
+    node = node(%Q{<db:verify xmlns:db="#{Vines::NAMESPACES[:legacy_dialback]}" from="remote.host" to="local.host" id="1234" type="valid"/>})
+    result = "<db:result xmlns:db='#{Vines::NAMESPACES[:legacy_dialback]}' from='#{node[:to]}' to='#{node[:from]}' type='#{node[:type]}'/>"
+    @stream.expect(:router, @router)
+    # NOTE this tests the 'inbound' stream var
+    @stream.expect(:write, nil, [result])
+    @stream.expect(:advance, nil, [Vines::Stream::Server::Ready])
+    @stream.expect(:notify_connected, nil)
+    # end
+    @stream.expect(:nil?, false)
+    @stream.expect(:close_connection, nil)
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  def test_invalid_verification
+    node = node(%Q{<db:verify xmlns:db="#{Vines::NAMESPACES[:legacy_dialback]}" from="remote.host" to="local.host" id="1234" type="invalid"/>})
+    result = "<db:result xmlns:db='#{Vines::NAMESPACES[:legacy_dialback]}' from='#{node[:to]}' to='#{node[:from]}' type='#{node[:type]}'/>"
+    @stream.expect(:router, @router)
+    # NOTE this tests the 'inbound' stream var
+    @stream.expect(:close_connection_after_writing, nil)
+    @stream.expect(:write, nil, [result])
+    # end
+    @stream.expect(:nil?, false)
+    @stream.expect(:close_connection, nil)
+    @state.node(node)
+    assert @stream.verify
+  end
+
+  private
+
+  def node(xml)
+    Nokogiri::XML(xml).root
+  end
+end