RubyGems - kensa - Versions diffs - 1.2.0rc7 → 1.2.0 - Mend

kensa 1.2.0rc7 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

data/.gitignore +1 -1
data/Gemfile +5 -4
data/Gemfile.lock +21 -27
data/README.md +1 -1
data/Rakefile +18 -10
data/bin/kensa +10 -30
data/kensa.gemspec +27 -20
data/lib/heroku/kensa.rb +7 -9
data/lib/heroku/kensa/check.rb +499 -0
data/lib/heroku/kensa/client.rb +67 -89
data/lib/heroku/kensa/git.rb +39 -0
data/lib/heroku/kensa/manifest.rb +41 -8
data/lib/heroku/kensa/screen.rb +37 -0
data/lib/heroku/kensa/sso.rb +22 -22
data/lib/heroku/kensa/version.rb +1 -2
data/test/all_check_test.rb +25 -0
data/test/create_test.rb +40 -6
data/test/deprovision_check_test.rb +39 -0
data/test/helper.rb +74 -11
data/test/init_test.rb +54 -0
data/test/manifest_check_test.rb +94 -0
data/test/manifest_test.rb +37 -33
data/test/plan_change_check_test.rb +31 -0
data/test/provision_check_test.rb +51 -0
data/test/provision_response_check_test.rb +81 -0
data/test/resources/runner.rb +1 -0
data/test/resources/server.rb +227 -0
data/test/sso_check_test.rb +58 -0
data/test/sso_test.rb +113 -53
metadata +97 -91
data/test.rb +0 -1
data/test/deprovision_test.rb +0 -30
data/test/lib/dependencies.rb +0 -12
data/test/lib/formatter.rb +0 -84
data/test/lib/http.rb +0 -60
data/test/lib/response.rb +0 -12
data/test/manifest_generation_test.rb +0 -32
data/test/plan_change_test.rb +0 -30
data/test/provision_test.rb +0 -84
data/test/resources/provider_server.rb +0 -81
data/test/resources/views/index.haml +0 -6
data/test/sso_launch_test.rb +0 -130

data/test/plan_change_check_test.rb ADDED Viewed

@@ -0,0 +1,31 @@
+require 'test/helper'
+class PlanChangeCheckTest < Test::Unit::TestCase
+  include Heroku::Kensa
+  %w{get post}.each do |method|
+    context "with sso #{method}" do
+      setup do
+        @data = Manifest.new(:method => method).skeleton.merge :id => 123, :plan => 'premium'
+        @data['api']['password'] = 'secret'
+      end
+      def check ; PlanChangeCheck ; end
+      test "working plan change call" do
+        use_provider_endpoint "working"
+        assert_valid
+      end
+      test "detects invalid status" do
+        use_provider_endpoint "invalid-status"
+        assert_invalid
+      end
+      test "detects missing auth" do
+        use_provider_endpoint "invalid-missing-auth"
+        assert_invalid
+      end
+    end
+  end
+end

data/test/provision_check_test.rb ADDED Viewed

@@ -0,0 +1,51 @@
+require 'test/helper'
+class ProvisionCheckTest < Test::Unit::TestCase
+  include Heroku::Kensa
+  def check ; ProvisionCheck ; end
+  ['get', 'post'].each do |method|
+    context "with sso #{method}" do
+      setup do
+        @data = Manifest.new(:method => method).skeleton
+        @data['api']['password'] = 'secret'
+      end
+      test "trims url" do
+        c = check.new(@data)
+        assert_equal c.url, 'http://localhost:4567'
+      end
+      test "working provision call" do
+        use_provider_endpoint "working"
+        assert_valid
+      end
+      test "detects invalid JSON" do
+        use_provider_endpoint "invalid-json"
+        assert_invalid
+      end
+      test "detects invalid response" do
+        use_provider_endpoint "invalid-response"
+        assert_invalid
+      end
+      test "detects invalid status" do
+        use_provider_endpoint "invalid-status"
+        assert_invalid
+      end
+      test "detects missing id" do
+        use_provider_endpoint "invalid-missing-id"
+        assert_invalid
+      end
+      test "detects missing auth" do
+        use_provider_endpoint "invalid-missing-auth"
+        assert_invalid
+      end
+    end
+  end
+end

data/test/provision_response_check_test.rb ADDED Viewed

@@ -0,0 +1,81 @@
+require 'test/helper'
+class ProvisionResponseCheckTest < Test::Unit::TestCase
+  include Heroku::Kensa
+  def check ; ProvisionResponseCheck ; end
+  setup do
+    @response = { "id" => "123",
+                  "config" => {
+                    "MYADDON_URL" => "http://example.com/resource",
+                    "MYADDON_CONFIG" => "value"
+                }}
+    @data = Manifest.new.skeleton.merge(:provision_response => @response)
+    @data['api']['config_vars'] << "MYADDON_CONFIG"
+  end
+  test "is valid if no errors" do
+    assert_valid
+  end
+  test "has an id" do
+    @response.delete("id")
+    assert_invalid
+  end
+  describe "when config is present" do
+    test "is a hash" do
+      @response["config"] = ""
+      assert_invalid
+    end
+    test "each key is previously set in the manifest" do
+      @response["config"]["MYSQL_URL"] = "http://..."
+      assert_invalid
+    end
+    test "each value is a string" do
+      @response["config"]["MYADDON_URL"] = {}
+      assert_invalid
+    end
+    test "asserts _URL vars are valid URIs" do
+      @response["config"]["MYADDON_URL"] = "abc:"
+      assert_invalid
+    end
+    test "asserts _URL vars have a host" do
+      @response["config"]["MYADDON_URL"] = "path"
+      assert_invalid
+    end
+    test "asserts _URL vars have a scheme" do
+      @response["config"]["MYADDON_URL"] = "//host/path"
+      assert_invalid
+    end
+    test "doesn't run URI test against other vars" do
+      @response["config"]['MYADDON_CONFIG'] = "abc:"
+      assert_valid
+    end
+    test "doesn't allow localhost URIs on production" do
+      @data[:env] = 'production'
+      @response["config"]["MYADDON_URL"] = "http://localhost/abc"
+      assert_invalid
+    end
+    test "asserts all vars in manifest are in response" do
+      @response["config"].delete('MYADDON_CONFIG')
+      assert_invalid
+    end
+    test "is valid otherwise" do
+      @response["config"]["MYADDON_URL"] = "http://localhost/abc"
+      assert_valid
+    end
+  end
+end

data/test/resources/runner.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ exit(1) if ARGV.first == 'fail'

data/test/resources/server.rb ADDED Viewed

@@ -0,0 +1,227 @@
+require 'rubygems'
+require 'sinatra'
+require 'json'
+enable :sessions
+helpers do
+  def heroku_only!
+    unless auth_heroku?
+      response['WWW-Authenticate'] = %(Basic realm="Kensa Test Server")
+      unauthorized!(401)
+    end
+  end
+  def auth_heroku?
+    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
+    @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['myaddon', 'secret']
+  end
+  def unauthorized!(status=403)
+    throw(:halt, [status, "Not authorized\n"])
+  end
+  def make_token
+    Digest::SHA1.hexdigest([params[:id], 'SSO_SALT', params[:timestamp]].join(':'))
+  end
+  def json_must_include(keys)
+    params = JSON.parse(request.body.read)
+    keys.each do |param|
+      raise "#{param} not included with request" unless params.keys.include? param
+    end
+  end
+  def login(heroku_user=true)
+    session.clear
+    session[:logged_in] = true
+    session[:heroku]    = heroku_user
+    redirect '/'
+  end
+end
+post '/heroku/resources' do
+  heroku_only!
+  { :id => 123 }.to_json
+end
+post '/working/heroku/resources' do
+  json_must_include(%w{heroku_id plan callback_url logplex_token options})
+  heroku_only!
+  { :id => 123 }.to_json
+end
+post '/cmd-line-options/heroku/resources' do
+  heroku_only!
+  { :id => 123 }.to_json
+end
+post '/invalid-json/heroku/resources' do
+  heroku_only!
+  'invalidjson'
+end
+post '/invalid-response/heroku/resources' do
+  heroku_only!
+  nil.to_json
+end
+post '/invalid-status/heroku/resources' do
+  heroku_only!
+  status 422
+  { :id => 123 }.to_json
+end
+post '/invalid-missing-id/heroku/resources' do
+  heroku_only!
+  { :noid => 123 }.to_json
+end
+post '/invalid-missing-auth/heroku/resources' do
+  { :id => 123 }.to_json
+end
+put '/working/heroku/resources/:id' do
+  json_must_include(%w{heroku_id plan})
+  heroku_only!
+  {}.to_json
+end
+put '/invalid-missing-auth/heroku/resources/:id' do
+  { :id => 123 }.to_json
+end
+put '/invalid-status/heroku/resources/:id' do
+  heroku_only!
+  status 422
+  {}.to_json
+end
+delete '/working/heroku/resources/:id' do
+  heroku_only!
+  "Ok"
+end
+def sso
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  response.set_cookie('heroku-nav-data', params['nav-data'])
+  login
+end
+get '/working/heroku/resources/:id' do
+  sso
+end
+post '/working/sso/login' do
+  puts params.inspect
+  sso
+end
+def notoken
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  response.set_cookie('heroku-nav-data', params['nav-data'])
+  login
+end
+get '/notoken/heroku/resources/:id' do
+  notoken
+end
+post '/notoken/sso/login' do
+  notoken
+end
+def notimestamp
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:token] == make_token
+  response.set_cookie('heroku-nav-data', params['nav-data'])
+  login
+end
+get '/notimestamp/heroku/resources/:id' do
+  notimestamp
+end
+post '/notimestamp/sso/login' do
+  notimestamp
+end
+def nolayout
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  response.set_cookie('heroku-nav-data', params['nav-data'])
+  login(false)
+end
+get '/nolayout/heroku/resources/:id' do
+  nolayout
+end
+post '/nolayout/sso/login' do
+  nolayout
+end
+def nocookie
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  login
+end
+get '/nocookie/heroku/resources/:id' do
+  nocookie
+end
+post '/nocookie/sso/login' do
+  nocookie
+end
+def badcookie
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  response.set_cookie('heroku-nav-data', 'wrong value')
+  login
+end
+get '/badcookie/heroku/resources/:id' do
+  badcookie
+end
+post '/badcookie/sso/login' do
+  badcookie
+end
+def sso_user
+  head 404 unless params[:email] == 'username@example.com'
+  sso
+end
+get '/user/heroku/resources/:id' do
+  sso_user
+end
+post '/user/sso/login' do
+  sso_user
+end
+get '/' do
+  unauthorized! unless session[:logged_in]
+  haml :index
+end
+__END__
+@@ index
+%html
+  %body
+    - if session[:heroku]
+      #heroku-header
+        %h1 Heroku
+    %h1 Sample Addon

data/test/sso_check_test.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require 'test/helper'
+class SsoCheckTest < Test::Unit::TestCase
+  include Heroku::Kensa
+  def check ; SsoCheck ; end
+  %w{get post}.each do |method|
+    context "via #{method}" do
+      setup do
+        @data = Manifest.new(:sso => true, :method => method).
+          skeleton.merge :id => 123
+        @data['api']['sso_salt'] = 'SSO_SALT'
+      end
+      test "working sso request" do
+        use_provider_endpoint('working', 'sso')
+        assert_valid
+      end
+      test "rejects bad token" do
+        use_provider_endpoint("notoken", 'sso')
+        assert_invalid
+      end
+      test "rejects old timestamp" do
+        use_provider_endpoint("notimestamp", 'sso')
+        assert_invalid
+      end
+      test "reject omitted sso salt" do
+        @data['api'].delete 'sso_salt'
+        use_provider_endpoint("working", 'sso')
+        assert_invalid
+      end
+      test "reject missing heroku layout" do
+        use_provider_endpoint("nolayout", 'sso')
+        assert_invalid
+      end
+      test "reject missing cookie" do
+        use_provider_endpoint("nocookie", 'sso')
+        assert_invalid
+      end
+      test "reject invalid cookie value" do
+        use_provider_endpoint("badcookie", 'sso')
+        assert_invalid
+      end
+      test "sends email param" do
+        use_provider_endpoint("user", 'sso')
+        assert_valid
+      end
+    end
+  end
+end