RubyGems - kensa - Versions diffs - 1.2.0rc7 → 1.2.0 - Mend

kensa 1.2.0rc7 → 1.2.0

Files changed (42) hide show

data/.gitignore +1 -1
data/Gemfile +5 -4
data/Gemfile.lock +21 -27
data/README.md +1 -1
data/Rakefile +18 -10
data/bin/kensa +10 -30
data/kensa.gemspec +27 -20
data/lib/heroku/kensa.rb +7 -9
data/lib/heroku/kensa/check.rb +499 -0
data/lib/heroku/kensa/client.rb +67 -89
data/lib/heroku/kensa/git.rb +39 -0
data/lib/heroku/kensa/manifest.rb +41 -8
data/lib/heroku/kensa/screen.rb +37 -0
data/lib/heroku/kensa/sso.rb +22 -22
data/lib/heroku/kensa/version.rb +1 -2
data/test/all_check_test.rb +25 -0
data/test/create_test.rb +40 -6
data/test/deprovision_check_test.rb +39 -0
data/test/helper.rb +74 -11
data/test/init_test.rb +54 -0
data/test/manifest_check_test.rb +94 -0
data/test/manifest_test.rb +37 -33
data/test/plan_change_check_test.rb +31 -0
data/test/provision_check_test.rb +51 -0
data/test/provision_response_check_test.rb +81 -0
data/test/resources/runner.rb +1 -0
data/test/resources/server.rb +227 -0
data/test/sso_check_test.rb +58 -0
data/test/sso_test.rb +113 -53
metadata +97 -91
data/test.rb +0 -1
data/test/deprovision_test.rb +0 -30
data/test/lib/dependencies.rb +0 -12
data/test/lib/formatter.rb +0 -84
data/test/lib/http.rb +0 -60
data/test/lib/response.rb +0 -12
data/test/manifest_generation_test.rb +0 -32
data/test/plan_change_test.rb +0 -30
data/test/provision_test.rb +0 -84
data/test/resources/provider_server.rb +0 -81
data/test/resources/views/index.haml +0 -6
data/test/sso_launch_test.rb +0 -130

data/test/plan_change_check_test.rb ADDED Viewed

@@ -0,0 +1,31 @@
+require 'test/helper'
+class PlanChangeCheckTest < Test::Unit::TestCase
+  include Heroku::Kensa
+  %w{get post}.each do |method|
+    context "with sso #{method}" do
+      setup do
+        @data = Manifest.new(:method => method).skeleton.merge :id => 123, :plan => 'premium'
+        @data['api']['password'] = 'secret'
+      end
+      def check ; PlanChangeCheck ; end
+      test "working plan change call" do
+        use_provider_endpoint "working"
+        assert_valid
+      end
+      test "detects invalid status" do
+        use_provider_endpoint "invalid-status"
+        assert_invalid
+      end
+      test "detects missing auth" do
+        use_provider_endpoint "invalid-missing-auth"
+        assert_invalid
+      end
+    end
+  end
+end

data/test/provision_check_test.rb ADDED Viewed

@@ -0,0 +1,51 @@
+require 'test/helper'
+class ProvisionCheckTest < Test::Unit::TestCase
+  include Heroku::Kensa
+  def check ; ProvisionCheck ; end
+  ['get', 'post'].each do |method|
+    context "with sso #{method}" do
+      setup do
+        @data = Manifest.new(:method => method).skeleton
+        @data['api']['password'] = 'secret'
+      end
+      test "trims url" do
+        c = check.new(@data)
+        assert_equal c.url, 'http://localhost:4567'
+      end
+      test "working provision call" do
+        use_provider_endpoint "working"
+        assert_valid
+      end
+      test "detects invalid JSON" do
+        use_provider_endpoint "invalid-json"
+        assert_invalid
+      end
+      test "detects invalid response" do
+        use_provider_endpoint "invalid-response"
+        assert_invalid
+      end
+      test "detects invalid status" do
+        use_provider_endpoint "invalid-status"
+        assert_invalid
+      end
+      test "detects missing id" do
+        use_provider_endpoint "invalid-missing-id"
+        assert_invalid
+      end
+      test "detects missing auth" do
+        use_provider_endpoint "invalid-missing-auth"
+        assert_invalid
+      end
+    end
+  end
+end

data/test/provision_response_check_test.rb ADDED Viewed

@@ -0,0 +1,81 @@
+require 'test/helper'
+class ProvisionResponseCheckTest < Test::Unit::TestCase
+  include Heroku::Kensa
+  def check ; ProvisionResponseCheck ; end
+  setup do
+    @response = { "id" => "123",
+                  "config" => {
+                    "MYADDON_URL" => "http://example.com/resource",
+                    "MYADDON_CONFIG" => "value"
+                }}
+    @data = Manifest.new.skeleton.merge(:provision_response => @response)
+    @data['api']['config_vars'] << "MYADDON_CONFIG"
+  end
+  test "is valid if no errors" do
+    assert_valid
+  end
+  test "has an id" do
+    @response.delete("id")
+    assert_invalid
+  end
+  describe "when config is present" do
+    test "is a hash" do
+      @response["config"] = ""
+      assert_invalid
+    end
+    test "each key is previously set in the manifest" do
+      @response["config"]["MYSQL_URL"] = "http://..."
+      assert_invalid
+    end
+    test "each value is a string" do
+      @response["config"]["MYADDON_URL"] = {}
+      assert_invalid
+    end
+    test "asserts _URL vars are valid URIs" do
+      @response["config"]["MYADDON_URL"] = "abc:"
+      assert_invalid
+    end
+    test "asserts _URL vars have a host" do
+      @response["config"]["MYADDON_URL"] = "path"
+      assert_invalid
+    end
+    test "asserts _URL vars have a scheme" do
+      @response["config"]["MYADDON_URL"] = "//host/path"
+      assert_invalid
+    end
+    test "doesn't run URI test against other vars" do
+      @response["config"]['MYADDON_CONFIG'] = "abc:"
+      assert_valid
+    end
+    test "doesn't allow localhost URIs on production" do
+      @data[:env] = 'production'
+      @response["config"]["MYADDON_URL"] = "http://localhost/abc"
+      assert_invalid
+    end
+    test "asserts all vars in manifest are in response" do
+      @response["config"].delete('MYADDON_CONFIG')
+      assert_invalid
+    end
+    test "is valid otherwise" do
+      @response["config"]["MYADDON_URL"] = "http://localhost/abc"
+      assert_valid
+    end
+  end
+end

data/test/resources/runner.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ exit(1) if ARGV.first == 'fail'

data/test/resources/server.rb ADDED Viewed

@@ -0,0 +1,227 @@
+require 'rubygems'
+require 'sinatra'
+require 'json'
+enable :sessions
+helpers do
+  def heroku_only!
+    unless auth_heroku?
+      response['WWW-Authenticate'] = %(Basic realm="Kensa Test Server")
+      unauthorized!(401)
+    end
+  end
+  def auth_heroku?
+    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
+    @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['myaddon', 'secret']
+  end
+  def unauthorized!(status=403)
+    throw(:halt, [status, "Not authorized\n"])
+  end
+  def make_token
+    Digest::SHA1.hexdigest([params[:id], 'SSO_SALT', params[:timestamp]].join(':'))
+  end
+  def json_must_include(keys)
+    params = JSON.parse(request.body.read)
+    keys.each do |param|
+      raise "#{param} not included with request" unless params.keys.include? param
+    end
+  end
+  def login(heroku_user=true)
+    session.clear
+    session[:logged_in] = true
+    session[:heroku]    = heroku_user
+    redirect '/'
+  end
+end
+post '/heroku/resources' do
+  heroku_only!
+  { :id => 123 }.to_json
+end
+post '/working/heroku/resources' do
+  json_must_include(%w{heroku_id plan callback_url logplex_token options})
+  heroku_only!
+  { :id => 123 }.to_json
+end
+post '/cmd-line-options/heroku/resources' do
+  heroku_only!
+  { :id => 123 }.to_json
+end
+post '/invalid-json/heroku/resources' do
+  heroku_only!
+  'invalidjson'
+end
+post '/invalid-response/heroku/resources' do
+  heroku_only!
+  nil.to_json
+end
+post '/invalid-status/heroku/resources' do
+  heroku_only!
+  status 422
+  { :id => 123 }.to_json
+end
+post '/invalid-missing-id/heroku/resources' do
+  heroku_only!
+  { :noid => 123 }.to_json
+end
+post '/invalid-missing-auth/heroku/resources' do
+  { :id => 123 }.to_json
+end
+put '/working/heroku/resources/:id' do
+  json_must_include(%w{heroku_id plan})
+  heroku_only!
+  {}.to_json
+end
+put '/invalid-missing-auth/heroku/resources/:id' do
+  { :id => 123 }.to_json
+end
+put '/invalid-status/heroku/resources/:id' do
+  heroku_only!
+  status 422
+  {}.to_json
+end
+delete '/working/heroku/resources/:id' do
+  heroku_only!
+  "Ok"
+end
+def sso
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  response.set_cookie('heroku-nav-data', params['nav-data'])
+  login
+end
+get '/working/heroku/resources/:id' do
+  sso
+end
+post '/working/sso/login' do
+  puts params.inspect
+  sso
+end
+def notoken
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  response.set_cookie('heroku-nav-data', params['nav-data'])
+  login
+end
+get '/notoken/heroku/resources/:id' do
+  notoken
+end
+post '/notoken/sso/login' do
+  notoken
+end
+def notimestamp
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:token] == make_token
+  response.set_cookie('heroku-nav-data', params['nav-data'])
+  login
+end
+get '/notimestamp/heroku/resources/:id' do
+  notimestamp
+end
+post '/notimestamp/sso/login' do
+  notimestamp
+end
+def nolayout
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  response.set_cookie('heroku-nav-data', params['nav-data'])
+  login(false)
+end
+get '/nolayout/heroku/resources/:id' do
+  nolayout
+end
+post '/nolayout/sso/login' do
+  nolayout
+end
+def nocookie
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  login
+end
+get '/nocookie/heroku/resources/:id' do
+  nocookie
+end
+post '/nocookie/sso/login' do
+  nocookie
+end
+def badcookie
+  unauthorized! unless params[:id] && params[:token]
+  unauthorized! unless params[:timestamp].to_i > (Time.now-60*2).to_i
+  unauthorized! unless params[:token] == make_token
+  response.set_cookie('heroku-nav-data', 'wrong value')
+  login
+end
+get '/badcookie/heroku/resources/:id' do
+  badcookie
+end
+post '/badcookie/sso/login' do
+  badcookie
+end
+def sso_user
+  head 404 unless params[:email] == 'username@example.com'
+  sso
+end
+get '/user/heroku/resources/:id' do
+  sso_user
+end
+post '/user/sso/login' do
+  sso_user
+end
+get '/' do
+  unauthorized! unless session[:logged_in]
+  haml :index
+end
+__END__
+@@ index
+%html
+  %body
+    - if session[:heroku]
+      #heroku-header
+        %h1 Heroku
+    %h1 Sample Addon

data/test/sso_check_test.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require 'test/helper'
+class SsoCheckTest < Test::Unit::TestCase
+  include Heroku::Kensa
+  def check ; SsoCheck ; end
+  %w{get post}.each do |method|
+    context "via #{method}" do
+      setup do
+        @data = Manifest.new(:sso => true, :method => method).
+          skeleton.merge :id => 123
+        @data['api']['sso_salt'] = 'SSO_SALT'
+      end
+      test "working sso request" do
+        use_provider_endpoint('working', 'sso')
+        assert_valid
+      end
+      test "rejects bad token" do
+        use_provider_endpoint("notoken", 'sso')
+        assert_invalid
+      end
+      test "rejects old timestamp" do
+        use_provider_endpoint("notimestamp", 'sso')
+        assert_invalid
+      end
+      test "reject omitted sso salt" do
+        @data['api'].delete 'sso_salt'
+        use_provider_endpoint("working", 'sso')
+        assert_invalid
+      end
+      test "reject missing heroku layout" do
+        use_provider_endpoint("nolayout", 'sso')
+        assert_invalid
+      end
+      test "reject missing cookie" do
+        use_provider_endpoint("nocookie", 'sso')
+        assert_invalid
+      end
+      test "reject invalid cookie value" do
+        use_provider_endpoint("badcookie", 'sso')
+        assert_invalid
+      end
+      test "sends email param" do
+        use_provider_endpoint("user", 'sso')
+        assert_valid
+      end
+    end
+  end
+end