leap_web_users 0.0.1

data/test/dummy/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/test/dummy/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/test/dummy/public/500.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+</body>
+</html>

data/test/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby1.8
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/test/functional/sessions_controller_test.rb

@@ -0,0 +1,73 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionController::TestCase
+
+  def setup
+    @client_hex = 'a123'
+    @client_rnd = @client_hex.hex
+    @server_hex = 'b123'
+    @server_rnd = @server_hex.hex
+    @server_rnd_exp = 'e123'.hex
+    @server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
+  end
+
+  test "should get login screen" do
+    get :new
+    assert_response :success
+  end
+
+  test "should perform handshake" do
+    user = stub :login => "me", :id => 123
+    user.expects(:initialize_auth).
+      with(@client_rnd).
+      returns(@server_handshake)
+    User.expects(:find_by_param).with(user.login).returns(user)
+    post :create, :login => user.login, 'A' => @client_hex
+    assert_equal @server_handshake, session[:handshake]
+    assert_response :success
+    assert_json_response :B => @server_hex
+  end
+
+  test "should report user not found" do
+    unknown = "login_that_does_not_exist"
+    User.expects(:find_by_param).with(unknown).raises(RECORD_NOT_FOUND)
+    post :create, :login => unknown
+    assert_response :success
+    assert_json_response :errors => {"login" => ["unknown user"]}
+  end
+
+  test "should authorize" do
+    session[:handshake] = @server_handshake
+    user = stub :login => "me", :id => 123
+    user.expects(:authenticate!).
+      with(@client_rnd, @server_handshake).
+      returns(@server_auth)
+    User.expects(:find_by_param).with(user.login).returns(user)
+    post :update, :id => user.login, :client_auth => @client_hex
+    assert_nil session[:handshake]
+    assert_json_response :M2 => @server_auth
+    assert_equal user.id, session[:user_id]
+  end
+
+  test "should report wrong password" do
+    session[:handshake] = @server_handshake
+    user = stub :login => "me", :id => 123
+    user.expects(:authenticate!).
+      with(@client_rnd, @server_handshake).
+      raises(WRONG_PASSWORD)
+    User.expects(:find_by_param).with(user.login).returns(user)
+    post :update, :id => user.login, :client_auth => @client_hex
+    assert_nil session[:handshake]
+    assert_nil session[:user_id]
+    assert_json_response :errors => {"password" => ["wrong password"]}
+  end
+
+  test "logout should reset sessions user_id" do
+    session[:user_id] = "set"
+    delete :destroy
+    assert_nil session[:user_id]
+    assert_response :redirect
+    assert_redirected_to root_url
+  end
+
+end

data/test/functional/users_controller_test.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+class UsersControllerTest < ActionController::TestCase
+  test "should get new" do
+    get :new
+    assert_equal User, assigns(:user).class
+    assert_response :success
+  end
+
+  test "should create new user" do
+    params = User.valid_attributes_hash
+    user = stub params.merge(:id => 123)
+    params.stringify_keys!
+    User.expects(:create!).with(params).returns(user)
+    post :create, :user => params
+    assert_nil session[:user_id]
+    assert_response :redirect
+    assert_redirected_to root_url
+  end
+
+  test "should redirect to signup form on failed attempt" do
+    params = User.valid_attributes_hash.slice(:login)
+    user = User.new(params)
+    params.stringify_keys!
+    User.expects(:create!).with(params).raises(VALIDATION_FAILED.new(user))
+    post :create, :user => params
+    assert_nil session[:user_id]
+    assert_equal user, assigns[:user]
+    assert_response :redirect
+    assert_redirected_to new_user_path
+  end
+
+end

data/test/integration/api/Readme.md

@@ -0,0 +1,23 @@
+API tests
+==========
+
+
+Testing the restful api from a simple python client as that's what we'll be using.
+
+This test so far mostly demoes the API. We have no SRP calc in there.
+
+TODO: keep track of the cookies during login. The server uses the session to keep track of the random numbers A and B.
+
+The output of signup_and_login_wrong_password pretty well describes the SRP API:
+
+```
+POST: http://localhost:9292/users.json
+    {"user[password_salt]": "54321", "user[password_verifier]": "12345", "user[login]": "SWQ055"}
+ -> {"password_salt":"54321","login":"SWQ055"}
+POST: http://localhost:9292/sessions
+    {"A": "12345", "login": "SWQ055"}
+ -> {"B":"1778367531e93a4c7713c76f67649f35a4211ebc520926ae8c3848cd66171651"}
+PUT: http://localhost:9292/sessions/SWQ055
+    {"M": "123ABC"}
+ -> {"field":"password","error":"wrong password"}
+```

data/test/integration/api/account_flow_test.rb

@@ -0,0 +1,69 @@
+require 'test_helper'
+
+class AccountFlowTest < ActionDispatch::IntegrationTest
+
+  # this test wraps the api and implements the interface the ruby-srp client.
+  def handshake(login, aa)
+    post "sessions", :login => login, 'A' => aa.to_s(16)
+    assert_response :success
+    response = JSON.parse(@response.body)
+    if response['errors']
+      raise RECORD_NOT_FOUND.new(response['errors'])
+    else
+      return response['B'].hex
+    end
+  end
+
+  def validate(m)
+    put "sessions/" + @login, :client_auth => m.to_s(16)
+    assert_response :success
+    return JSON.parse(@response.body)
+  end
+
+  def setup
+    @login = "integration_test_user"
+    User.find_by_login(@login).tap{|u| u.destroy if u}
+    @password = "srp, verify me!"
+    @srp = SRP::Client.new(@login, @password)
+    @user_params = {
+      :login => @login,
+      :password_verifier => @srp.verifier.to_s(16),
+      :password_salt => @srp.salt.to_s(16)
+    }
+  end
+
+  def teardown
+    @user.destroy if @user # make sure we can run this test again
+  end
+
+  test "signup and login with srp via api" do
+    post '/users.json', :user => @user_params
+    @user = User.find_by_param(@login)
+    assert_json_response @user_params.slice(:login, :password_salt)
+    assert_response :success
+    server_auth = @srp.authenticate(self, @login, @password)
+    assert_nil server_auth["errors"]
+    assert server_auth["M2"]
+  end
+
+  test "signup and wrong password login attempt" do
+    post '/users.json', :user => @user_params
+    @user = User.find_by_param(@login)
+    assert_json_response @user_params.slice(:login, :password_salt)
+    assert_response :success
+    server_auth = @srp.authenticate(self, @login, "wrong password")
+    assert_equal ["wrong password"], server_auth["errors"]['password']
+    assert_nil server_auth["M2"]
+  end
+
+  test "signup and wrong username login attempt" do
+    post '/users.json', :user => @user_params
+    @user = User.find_by_param(@login)
+    assert_json_response @user_params.slice(:login, :password_salt)
+    assert_response :success
+    assert_raises RECORD_NOT_FOUND do
+      server_auth = @srp.authenticate(self, "wronglogin", @password)
+    end
+  end
+
+end

data/test/integration/api/python/login_wrong_username.py

@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:9292'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+params = {
+    'login': 'python_test_user_'+id_generator(),
+    'A': '12345',
+    }
+r = requests.post(server + '/sessions', data = params)
+print r.url
+print r.text

data/test/integration/api/python/signup.py

@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:9292'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+user_params = {
+    'user[login]': 'python_test_user_'+id_generator(),
+    'user[password_verifier]': '12345',
+    'user[password_salt]': '54321'
+    }
+r = requests.post(server + '/users.json', data = user_params)
+print r.url
+print r.text

data/test/integration/api/python/signup_and_login.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+
+# FAILS
+#
+# This test is currently failing for me because the session is not kept.
+# Played with it a bunch - is probably messed up right now as well.
+
+
+server = 'http://localhost:3000'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+def print_and_parse(response):
+  print response.request.method + ': ' + response.url
+  print "    " + json.dumps(response.request.data)
+  print " -> " + response.text
+  print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
+  return json.loads(response.text)
+
+def signup(session):
+  user_params = {
+      'user[login]': id_generator(),
+      'user[password_verifier]': '12345',
+      'user[password_salt]': '54321'
+      }
+  return session.post(server + '/users.json', data = user_params)
+
+def authenticate(session, login):
+  params = {
+      'login': login,
+      'A': '12345',
+      }
+  init = session.post(server + '/sessions', data = params)
+  cookies = requests.utils.dict_from_cookiejar(init.cookies)
+  init = session.post(server + '/sessions', data = params, cookies = cookies)
+  print "(%) " + json.dumps(cookies)
+  return session.put(server + '/sessions/' + login, data = {'M': '123'}, cookies = cookies)
+
+session = requests.session()
+user = print_and_parse(signup(session))
+# SRP signup would happen here and calculate M hex
+auth = print_and_parse(authenticate(session, user['login']))

data/test/integration/api/python/signup_and_login_wrong_password.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:9292'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+def print_and_parse(response):
+  print response.request.method + ': ' + response.url
+  print "    " + json.dumps(response.request.data)
+  print " -> " + response.text
+#  print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
+  return json.loads(response.text)
+
+def signup():
+  user_params = {
+      'user[login]': id_generator(),
+      'user[password_verifier]': '12345',
+      'user[password_salt]': '54321'
+      }
+  return requests.post(server + '/users.json', data = user_params)
+
+def handshake(login):
+  params = {
+      'login': login,
+      'A': '12345',
+      }
+  return requests.post(server + '/sessions', data = params)
+
+def authenticate(login, M):
+  return requests.put(server + '/sessions/' + login, data = {'M': M})
+
+
+user = print_and_parse(signup())
+handshake = print_and_parse(handshake(user['login']))
+# SRP signup would happen here and calculate M hex
+M = '123ABC'
+auth = print_and_parse(authenticate(user['login'], M))

data/test/integration/navigation_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class NavigationTest < ActionDispatch::IntegrationTest
+
+  # test "the truth" do
+  #   assert true
+  # end
+end
+

data/test/leap_web_users_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class LeapWebUsersTest < ActiveSupport::TestCase
+  test "module exists" do
+    assert_kind_of Module, LeapWebUsers
+  end
+end