RubyGems - pasaporte - Versions diffs - 0.0.1 → 0.0.3 - Mend

pasaporte 0.0.1 → 0.0.3

Files changed (27) hide show

data/History.txt +2 -2
data/Manifest.txt +14 -5
data/README.txt +52 -15
data/Rakefile +4 -9
data/bin/pasaporte-emit-app.rb +5 -0
data/bin/pasaporte-fcgi.rb +5 -1
data/lib/pasaporte.rb +200 -332
data/lib/pasaporte/hacks.rb +10 -0
data/lib/pasaporte/julik_state.rb +14 -10
data/lib/pasaporte/lighttpd/cacert.pem +21 -0
data/lib/pasaporte/lighttpd/cert_localhost_combined.pem +32 -0
data/lib/pasaporte/lighttpd/sample-lighttpd-config.conf +27 -0
data/lib/pasaporte/models.rb +254 -0
data/lib/pasaporte/token_box.rb +43 -0
data/test/helper.rb +7 -1
data/test/test_edit_profile.rb +53 -0
data/test/test_openid.rb +20 -13
data/test/test_pasaporte.rb +0 -103
data/test/test_profile.rb +3 -2
data/test/test_public_signon.rb +26 -0
data/test/test_settings.rb +1 -2
data/test/test_signout.rb +24 -0
data/test/test_token_box.rb +54 -0
data/test/test_with_partial_ssl.rb +99 -0
metadata +27 -9
data/lib/pasaporte/.DS_Store +0 -0
data/lib/pasaporte/assets/.DS_Store +0 -0

@@ -0,0 +1,53 @@
+require File.dirname(__FILE__) + '/helper'
+class TestEditProfile < Pasaporte::WebTest
+  test 'should require login' do
+    get '/julik/edit'
+    assert_response :redirect
+    assert_redirected_to '/julik/signon'
+  end
+  test 'should preload profile' do
+    prelogin 'julik'
+    get '/julik/edit'
+    assert_response :success
+    assert_kind_of Profile, @assigns.profile
+    deny @assigns.profile.new_record?, "This is a presaved profile"
+    assert_match_body /Your profile/
+  end
+  test 'should show message and not save when posting faulty data' do
+    prelogin 'julik'
+    post '/julik/edit', :profile => {:openid_server => 'xyz'}
+    assert_response :success
+    assert_not_nil @assigns.err, "An error message should be assigned"
+    prof = @assigns.profile
+    prof.reload
+    assert_nil prof.openid_server, "Nothing should have been assigned"
+  end
+  test 'should redirect with success message when changing the profile succeeds' do
+    prelogin 'julik'
+    post '/julik/edit', :profile => {:email => 'trof@groff.com'}
+    assert_response :redirect
+    assert_not_nil @state.msg
+    assert_match /Changed/i, @state.msg
+  end
+  test 'default country should be selected when loading the profile page for the first time' do
+    prelogin 'joe-boss'
+    begin
+      c = Pasaporte::DEFAULT_COUNTRY
+      silence_warnings { Pasaporte.const_set(:DEFAULT_COUNTRY, 'us')}
+      get '/joe-boss/edit'
+      assert_response :success
+      assert_select 'option[value="us"][selected]', true
+    ensure
+      silence_warnings { Pasaporte.const_set(:DEFAULT_COUNTRY, c) }
+    end
+  end
+end

data/test/test_openid.rb CHANGED

@@ -1,16 +1,9 @@
-$:.reject! { |e| e.include? 'TextMate' }
 require File.dirname(__FILE__) + '/helper'
 require 'fileutils'
 require File.dirname(__FILE__) + '/testable_openid_fetcher'
 require 'openid/store/memory'
 require 'openid/extensions/sreg'
-class Object
-  def own_methods
-    raise (methods - Object.instance_methods).inspect
-  end
-end
 class TestOpenid < Pasaporte::WebTest
   # We have to open up because it's the Fecther that's going
   # to make requests
@@ -50,12 +43,12 @@ class TestOpenid < Pasaporte::WebTest
     assert_select 'link[rel=openid.server]', true do | s |
       s = s.pop
       assert_equal "http://test.host/pasaporte/monsieur-hulot/openid", s.attributes["href"],
-        "Should contain the delegate address for Monsieur Hulot"
+        "Should contain the endpoint address for Monsieur Hulot"
     end
     assert_select 'link[rel=openid.delegate]', true do | s |
       s = s.pop
-      assert_equal "http://test.host/pasaporte/monsieur-hulot/openid", s.attributes["href"],
-        "Should contain the endpoint address for Monsieur Hulot"
+      assert_equal "http://test.host/pasaporte/monsieur-hulot", s.attributes["href"],
+        "Should refer to itself"
     end
   end
@@ -82,7 +75,7 @@ class TestOpenid < Pasaporte::WebTest
     assert_match(/#{Regexp.escape(@return_to + '?openid1_claimed_id=')}(.+)#{Regexp.escape('&rp_nonce=')}(.+)/,
       response_params["openid.return_to"],
       "The return_to should be the one of the signup with a nonce")
-    assert_equal "http://test.host/pasaporte/monsieur-hulot/openid",
+    assert_equal "http://test.host/pasaporte/monsieur-hulot",
       response_params["openid.identity"], "The identity is the server URL in this case"
     assert_equal "checkid_setup", response_params['openid.mode'],
       "The current mode is checkid_setup"
@@ -315,10 +308,24 @@ class TestOpenid < Pasaporte::WebTest
     assert_equal "Monsieur Hulot", sreg_response['fullname']
   end
+  def test_in_which_julik_wants_to_login_but_monsieur_hulot_is_logged_in_already
+    prelogin! "monsieur-hulot"
+    req = @consumer.begin("http://test.host/pasaporte/julik")
+    assert_kind_of OpenID::Consumer::CheckIDRequest, req
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    assert_response :redirect
+    assert_redirected_to '/julik/signon'
+    assert_not_nil @state.pending_openid, "A pending OpenID request should have been "+
+      "placed in the session"
+    assert_nil @state.nickname, "The nickname should have been removed from the session"
+    assert_kind_of OpenID::Server::CheckIDRequest, @state.pending_openid
+  end
   private
     # Prelogins Monsieur Hulot into Pasaporte
-    def prelogin!
-      post '/monsieur-hulot/signon', :pass => 'monsieur-hulot'.reverse
+    def prelogin!(name = 'monsieur-hulot')
+      post('/%s/signon' % name, :pass => name.reverse)
     end
     # Preapproves tativille.fr as a site Monsieur Hulot trusts

data/test/test_pasaporte.rb CHANGED

@@ -1,7 +1,4 @@
 require File.dirname(__FILE__) + '/helper'
-require File.dirname(__FILE__) + '/testable_openid_fetcher'
-require 'flexmock'
 class TestProfilePage < Pasaporte::WebTest
   fixtures :pasaporte_profiles
@@ -126,28 +123,6 @@ class TestSignon < Pasaporte::WebTest
   end
 end
-class TestSignout < Pasaporte::WebTest
-  def test_signout_should_silently_redirect_unless_signed_in
-    get '/somebody/signout'
-    assert_response :redirect
-    assert_redirected_to '/somebody/signon'
-  end
-  def test_signout_should_erase_session_and_redirect
-    flexmock(Pasaporte::AUTH).
-        should_receive(:call).with("gemanges", "tairn", "test.host").once.and_return(true)
-    post '/gemanges/signon', :pass => 'tairn'
-    assert_response :redirect
-    assert_equal 'gemanges', @state.nickname
-    get '/gemanges/signout'
-    assert_response :redirect
-    assert_redirected_to '/gemanges/signon'
-    assert_kind_of Camping::H, @state, "State should be reset with Camping::H"
-    assert_equal %w( msg ), @state.keys, "State should only contain the message"
-  end
-end
 class TestApprovalsPage < Pasaporte::WebTest
   fixtures :pasaporte_profiles, :pasaporte_approvals
   def test_approvals_page_requires_login
@@ -210,58 +185,6 @@ class TestAssets < Pasaporte::WebTest
   end
 end
-class TestProfileEditor < Pasaporte::WebTest
-  test 'should require login' do
-    get '/julik/edit'
-    assert_response :redirect
-    assert_redirected_to '/julik/signon'
-  end
-  test 'should preload profile' do
-    prelogin 'julik'
-    get '/julik/edit'
-    assert_response :success
-    assert_kind_of Profile, @assigns.profile
-    deny @assigns.profile.new_record?, "This is a presaved profile"
-    assert_match_body /Your profile/
-  end
-  test 'should show message and not save when posting faulty data' do
-    prelogin 'julik'
-    post '/julik/edit', :profile => {:openid_server => 'xyz'}
-    assert_response :success
-    assert_not_nil @assigns.err, "An error message should be assigned"
-    assert_match /Cannot save/, @assigns.err, "The error message should describe the problem"
-    prof = @assigns.profile
-    prof.reload
-    assert_nil prof.openid_server, "Nothing should have been assigned"
-  end
-  test 'should redirect with success message when changing the profile succeeds' do
-    prelogin 'julik'
-    post '/julik/edit', :profile => {:email => 'trof@groff.com'}
-    assert_response :redirect
-    assert_not_nil @state.msg
-    assert_match /Changed/i, @state.msg
-  end
-  test 'default country should be selected when loading the profile page for the first time' do
-    prelogin 'joe-boss'
-    begin
-      c = Pasaporte::DEFAULT_COUNTRY
-      silence_warnings { Pasaporte.const_set(:DEFAULT_COUNTRY, 'us')}
-      get '/joe-boss/edit'
-      assert_response :success
-      assert_select 'option[value="us"][selected]', true
-    ensure
-      silence_warnings { Pasaporte.const_set(:DEFAULT_COUNTRY, c) }
-    end
-  end
-end
 # class TestYadis < Pasaporte::WebTest
 #   attr_reader :request, :response
@@ -291,32 +214,6 @@ end
 #   end
 # end
-class TestPublicSignon < Pasaporte::WebTest
-  fixtures :pasaporte_profiles
-  test 'should present a login screen without predefined nickname' do
-    get
-    assert_response :success
-    assert_select 'input[name="login"]', true
-    flexmock(Pasaporte::AUTH).should_receive(:call).with("schtwo", "foo", "test.host").and_return(false)
-    post '/', :login => 'schtwo', :pass => 'foo'
-    assert_response :success
-    assert_nil @state.nickname
-    assert_select 'input[type="hidden"]', true
-      "The response should include a hidden field now instead of a text field"
-  end
-  test 'should redirect to profile page for new users' do
-    flexmock(Pasaporte::AUTH).should_receive(:call).with("unknown", "pfew", "test.host").and_return(true)
-    post '/', :login => "unknown", :pass => "pfew"
-    assert_response :redirect
-    assert_not_nil Profile.find_by_nickname('unknown'), "A profile should have been created during login"
-    assert_redirected_to '/unknown/prefs'
-  end
-end
 # A littol auditte
 at_exit do
   missing = Pasaporte::Controllers.constants.reject do |c|

data/test/test_profile.rb CHANGED

@@ -95,12 +95,13 @@ class TestProfile < Camping::ModelTest
     deny p.delegates_openid?, "Delegation is now turned off because we sent a bool switch of false"
   end
+  # This is how the new OpenID lib normalizes URIs, has to do with the variance in "what" can be an OpenID URL
   def test_normalizes_both_delegate_urls
     p = create('julik', DOMAIN,
       :openid_server => 'xxx.com', :openid_delegate => 'xyz.org/x')
-    assert_equal 'http://xxx.com/', p.openid_server,
+    assert_equal 'xxx.com', p.openid_server,
       "The URL should be normalized with HTTP scheme and trailing slash"
-    assert_equal 'http://xyz.org/x', p.openid_delegate,
+    assert_equal 'xyz.org/x', p.openid_delegate,
       "The URL should be normalized with HTTP scheme"
   end

data/test/test_public_signon.rb ADDED

@@ -0,0 +1,26 @@
+require File.dirname(__FILE__) + '/helper'
+class TestPublicSignon < Pasaporte::WebTest
+  fixtures :pasaporte_profiles
+  test 'should present a login screen without predefined nickname' do
+    get
+    assert_response :success
+    assert_select 'input[name="login"]', true
+    flexmock(Pasaporte::AUTH).should_receive(:call).with("schtwo", "foo", "test.host").and_return(false)
+    post '/', :login => 'schtwo', :pass => 'foo'
+    assert_response :success
+    assert_nil @state.nickname
+    assert_select 'input[value="schtwo"]', true
+  end
+  test 'should redirect to profile page for new users' do
+    flexmock(Pasaporte::AUTH).should_receive(:call).with("unknown", "pfew", "test.host").and_return(true)
+    post '/', :login => "unknown", :pass => "pfew"
+    assert_response :redirect
+    assert_not_nil Profile.find_by_nickname('unknown'), "A profile should have been created during login"
+    assert_redirected_to '/unknown/prefs'
+  end
+end

data/test/test_settings.rb CHANGED

@@ -6,8 +6,7 @@ class TestSettings < Camping::Test
   def test_application
     emit :throttle_for => 45.minutes
     assert_nothing_raised { Pasaporte.apply_config! }
-    assert_equal 45.minutes, Pasaporte::THROTTLE_FOR, "The setting should have " +
-      "been applied"
+    assert_equal 45.minutes, Pasaporte::THROTTLE_FOR, "The setting should have been applied"
   end
   def test_bail_on_unknowns

data/test/test_signout.rb ADDED

@@ -0,0 +1,24 @@
+require File.dirname(__FILE__) + '/helper'
+class TestSignout < Pasaporte::WebTest
+  def test_signout_should_silently_redirect_unless_signed_in
+    get '/somebody/signout'
+    assert_response :redirect
+    assert_redirected_to '/somebody/signon'
+  end
+  def test_signout_should_erase_session_and_redirect
+    flexmock(Pasaporte::AUTH).
+        should_receive(:call).with("gemanges", "tairn", "test.host").once.and_return(true)
+    post '/gemanges/signon', :pass => 'tairn'
+    assert_response :redirect
+    assert_equal 'gemanges', @state.nickname
+    get '/gemanges/signout'
+    assert_response :redirect
+    assert_redirected_to '/gemanges/signon'
+    assert_kind_of Camping::H, @state, "State should be reset with Camping::H"
+    # TODO: why err is still here??
+    assert_equal %w( msg err ), @state.keys, "State should only contain the message and error"
+  end
+end

data/test/test_token_box.rb ADDED

@@ -0,0 +1,54 @@
+require File.dirname(__FILE__) + '/helper'
+class TestTokenBox < Test::Unit::TestCase
+  def test_init
+    assert_nothing_raised { TokenBox.new }
+  end
+  def test_procurement
+    box = TokenBox.new
+    tok = box.procure!("abc")
+    assert_kind_of String, tok
+    assert_equal TokenBox::TOKEN_SIZE, tok.length
+    tokens = (0...30).map { box.procure!("abc") }.uniq
+    assert_equal 30, tokens.uniq.length, "All generated tokens should differ"
+    tokens.each do | tok |
+      assert_equal TokenBox::TOKEN_SIZE, tok.length
+    end
+  end
+  def test_validation_should_happen_once
+    box = TokenBox.new
+    tok = box.procure!("a")
+    assert_nothing_raised { box.validate!("a", tok) }
+    assert_raise(TokenBox::Invalid) { box.validate!("a", tok) }
+  end
+  def test_validation_should_work_for_the_request_only
+    box = TokenBox.new
+    tok = box.procure!("a")
+    assert_raise(TokenBox::Invalid) { box.validate!("b", tok) }
+    assert_nothing_raised { box.validate!("a", tok) }
+  end
+  def test_tokens_should_be_discarded
+    box = TokenBox.new
+    first = box.procure!("a")
+    TokenBox::MAX_TOKENS.times { box.procure!("a") }
+    assert_raise(TokenBox::Invalid) { box.validate!("a", first)}
+  end
+  def test_token_should_expire
+    box = TokenBox.new
+    begin
+      old, $VERBOSE, w = TokenBox::WINDOW, nil, $VERBOSE
+      TokenBox.const_set(:WINDOW, 2)
+      tok = box.procure!("a")
+      sleep(2.3)
+      assert_raise(TokenBox::Invalid) { box.validate!("a", tok)}
+    ensure
+      TokenBox.const_set(:WINDOW, old)
+      $VERBOSE = w
+    end
+  end
+end

data/test/test_with_partial_ssl.rb ADDED

@@ -0,0 +1,99 @@
+$:.reject! { |e| e.include? 'TextMate' }
+require File.dirname(__FILE__) + '/helper'
+require 'fileutils'
+require File.dirname(__FILE__) + '/testable_openid_fetcher'
+require 'openid/store/memory'
+require 'openid/extensions/sreg'
+class TestWithPartialSSL < Pasaporte::WebTest
+  # We have to open up because it's the Fecther that's going
+  # to make requests
+  attr_reader :request, :response
+  fixtures :pasaporte_profiles
+  def setup
+    super
+    @fetcher = TestableOpenidFetcher.new(self)
+    OpenID.fetcher = @fetcher
+    OpenID::Util.logger = Pasaporte::LOGGER
+    @store = OpenID::Store::Memory.new
+    @openid_session = {}
+    init_consumer
+    @request.domain = 'test.host'
+    @trust_root = 'http://tativille.fr/wiki'
+    @return_to = 'http://tativille.fr/wiki/signup'
+    @hulot = Profile.find(1)
+    silence_warnings {  Pasaporte.const_set(:PARTIAL_SSL, true) }
+  end
+  def teardown
+    # Delete all the associations created during the test case
+    JulikState::State.delete_all; Association.delete_all; Approval.delete_all; Throttle.delete_all
+    # Delete the store
+    FileUtils.rm_rf('openid-consumer-store')
+    # Call super for flexmock a.o.
+    silence_warnings {  Pasaporte.const_set(:PARTIAL_SSL, false) }
+    super
+  end
+  def test_in_which_monsieur_hulot_is_not_logged_in_and_asked_for_login_after_setup_and_gets_bounced_to_ssl_page
+    req = @consumer.begin("http://test.host/pasaporte/monsieur-hulot")
+    assert_kind_of OpenID::Consumer::CheckIDRequest, req
+    assert_nothing_raised { get_with_verbatim_url req.redirect_url(@trust_root, @return_to) }
+    assert_response :redirect
+    redirection = @response.headers['Location']
+    assert_redirected_to '/monsieur-hulot/signon'
+    follow_redirect
+    assert_response :redirect
+    assert_match /^https/, @response.headers['Location'].to_s, "Signon should redirect to itself over HTTPS"
+    assert_not_nil @state.pending_openid, "A pending OpenID request should have been "+
+      "placed in the session"
+    # TODO: Verify that the cookie indeed gets transferred along to the SSL domain
+    assert_kind_of OpenID::Server::CheckIDRequest, @state.pending_openid
+  end
+  private
+    def init_consumer
+      @consumer = OpenID::Consumer.new(@openid_session, @store)
+    end
+    def decode_qs(qs)
+      qs.to_s.split(/\&/).inject({}) do | params, segment |
+        k, v = segment.split(/\=/).map{|s| Camping.un(s)}
+        params[k] = v; params
+      end
+    end
+    def response_to_hash
+      Hash[*@response.body.split(/\n/).map{|p| p.split(/\:/)}.flatten].with_indifferent_access
+    end
+    def redirect_path_and_params(t = nil)
+      # Camping conveniently places a URI object in the location header
+      uri = (t ? URI.parse(t) : @response.headers["Location"])
+      [uri.path, decode_qs(uri.query)]
+    end
+    def redirect_url_path_and_params(t = nil)
+      # Camping conveniently places a URI object in the location header
+      uri = (t ? URI.parse(t) : @response.headers["Location"])
+      uri_with_scheme, qry = uri.to_s.split(/\?/)
+      [uri_with_scheme, uri.path, decode_qs(qry)]
+    end
+    def get_with_verbatim_url(url)
+      get(*recompose(url))
+    end
+    def recompose(url)
+      u = URI.parse(url)
+      [u.path.gsub(/^\/pasaporte/, ''), decode_qs(u.query)]
+    end
+end