razorrisk-cassini-common 0.26.24

data/test/unit/sinatra/helpers/tc_validate_query_parameters_helper.rb

@@ -0,0 +1,134 @@
+#!/usr/bin/env ruby
+
+$:.unshift File.join(File.dirname(__FILE__), *(['..'] * 4), 'lib')
+
+require 'simplecov'
+
+require 'razor_risk/cassini/testing/suppress_pantheios_logging' unless $DEBUG
+
+require 'razor_risk/sinatra/helpers/validate_query_parameters_helper'
+
+require 'xqsr3/extensions/test/unit'
+require 'test/unit'
+
+class Test_QueryParametersHelper < Test::Unit::TestCase
+
+    include ::RazorRisk::Sinatra::Helpers::ValidateQueryParametersHelper
+
+    # mocking
+
+    class StopException < RuntimeError; end
+
+    def halt code, headers, body_lines
+
+        body_lines  =   [ body_lines ] unless body_lines.nil? || ::Array === body_lines
+
+        @code       =   code
+        @headers    =   headers
+        @body_lines =   body_lines
+
+        raise StopException, 'stopped!' if code
+    end
+
+    attr_reader :code
+    attr_reader :headers
+    attr_reader :body_lines
+
+    # tests
+
+    def test_valid_cases
+
+        spec    =   %w{
+
+            page-base
+            page-extent
+        }
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[], spec
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[ [ [ 'domain', 'domain' ] ] ], spec, [ 'domain' ]
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[ [ [ 'page-base', '0' ] ] ], spec
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[ [ [ 'page-base', '0' ], [ 'page-extent', '100' ] ] ], spec
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[ [ [ 'page-base', '0' ], [ 'page-extent', '100' ], [ 'blah', '*' ] ] ], spec, [ 'blah' ]
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert_raise_with_message(StopException, 'stopped!') { validate_query_parameters(Hash[ [ [ 'some-other' => 'xxx' ] ] ], spec) }
+        assert_equal 422, code
+        assert_equal Hash.new, headers
+        assert_kind_of ::Array, body_lines
+        assert_not_empty body_lines
+        assert_match /One or more parameters.*some-other.*are not supported on this route/, body_lines[0]
+    end
+
+    def test_valid_cases_with_ignoring_Sinatra_built_ins
+
+        spec    =   %w{
+
+            page-base
+            page-extent
+        }
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[], spec
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[ [ [ 'splat', '1' ] ] ], spec
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[ [ [ 'captures', // ] ] ], spec
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[ [ [ 'page-base', '0' ], [ 'splat', '*' ] ] ], spec
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert validate_query_parameters Hash[ [ [ 'page-base', '0' ], [ 'splat', '*' ], [ 'page-extent', '100' ] ] ], spec
+        assert_nil code
+        assert_nil headers
+        assert_nil body_lines
+
+        halt nil, nil, nil
+        assert_raise_with_message(StopException, 'stopped!') { validate_query_parameters(Hash[ [ [ 'some-other' => 'xxx' ] ] ], spec) }
+        assert_equal 422, code
+        assert_equal Hash.new, headers
+        assert_kind_of ::Array, body_lines
+        assert_not_empty body_lines
+        assert_match /One or more parameters.*some-other.*are not supported on this route/, body_lines[0]
+    end
+end
+

data/test/unit/tc_authorisation_util.rb

@@ -0,0 +1,265 @@
+#! /usr/bin/env ruby
+
+$:.unshift File.join(File.dirname(__FILE__), '../../lib')
+
+require 'simplecov'
+
+require 'razor_risk/cassini/testing/suppress_pantheios_logging' unless $DEBUG
+
+require 'razor_risk/cassini/authorisation'
+
+require 'xqsr3/extensions/test/unit'
+
+require 'test/unit'
+
+require 'base64'
+
+class Test_Authorisation_Util_with_Basic < Test::Unit::TestCase
+
+    include ::RazorRisk::Cassini::Authorisation::HeaderHelpers
+
+    def test_check_Basic_invalid
+
+        invalid_strings = [
+
+            '',
+            'Basic',
+            'Basic ',
+            'Basic **',
+            'Basic *:*',
+        ]
+
+        invalid_strings.each do |s|
+
+            assert_nil credentials_from_Basic s, nil: true
+
+            cr = credentials_from_Basic s, nil: false
+            assert_not_nil cr
+            assert_nil cr[0]
+            assert_nil cr[1]
+            assert_nil cr[2]
+        end
+    end
+
+    def test_check_Basic_1
+
+        username    =   'some-user'
+        password    =   'e723f734374f3iuf3498f34'
+
+        auth_x      =   Basic_from_credentials username, password
+
+        auth        =   'Basic ' + [ "#{username}:#{password}" ].pack('m').chomp
+
+        assert_equal auth_x, auth
+
+        credentials =   credentials_from_Basic auth
+
+        assert_not_nil credentials
+
+        assert_equal username, credentials[0]
+        assert_equal password, credentials[1]
+        assert_nil credentials[2]
+    end
+
+    def test_check_Basic_2
+
+        username    =   'some-user'
+        password    =   'e723f734374f3iuf3498f34'
+        domain      =   'HERE'
+
+        auth_x      =   Basic_from_credentials username, password, domain
+
+        auth        =   'Basic ' + [ "#{domain}\\#{username}:#{password}" ].pack('m').chomp
+
+        credentials =   credentials_from_Basic auth
+
+        assert_equal auth_x, auth
+
+        assert_not_nil credentials
+
+        assert_equal username, credentials[0]
+        assert_equal password, credentials[1]
+        assert_equal domain, credentials[2]
+    end
+end
+
+
+class Test_Authorisation_Util_with_AuthorisationOnly < Test::Unit::TestCase
+
+    include ::RazorRisk::Cassini::Authorisation::HeaderHelpers
+
+    def test_check_AuthorisationOnly_invalid
+
+        invalid_strings = [
+
+            '',
+            'RazorRisk',
+            'RazorRisk.',
+            'RazorRisk.Cassini',
+            'RazorRisk.Cassini.',
+            'RazorRisk.Cassini.AuthorisationOnly',
+            'RazorRisk.Cassini.AuthorisationOnly',
+            'RazorRisk.Cassini.AuthorisationOnly ',
+        ]
+
+        invalid_strings.each do |s|
+
+            assert_nil credentials_from_AuthorisationOnly s, nil: true
+
+            cr = credentials_from_AuthorisationOnly s, nil: false
+            assert_not_nil cr
+            assert_nil cr[0]
+            assert_nil cr[1]
+            assert_nil cr[2]
+        end
+    end
+
+    def test_check_AuthorisationOnly_1
+
+        username    =   'some-user'
+
+        auth_x      =   AuthorisationOnly_from_credentials username
+
+        auth        =   'RazorRisk.Cassini.AuthorisationOnly ' + [ username ].pack('m')
+
+        assert_equal auth_x, auth
+
+        credentials =   credentials_from_AuthorisationOnly auth
+
+        assert_not_nil credentials
+
+        assert_equal username, credentials[0]
+        assert_nil credentials[1]
+        assert_nil credentials[2]
+    end
+end
+
+
+class Test_Authorisation_Util_with_JWT < Test::Unit::TestCase
+
+    include ::RazorRisk::Cassini::Authorisation::HeaderHelpers
+
+    include ::Pantheios
+
+    def test_check_JWT
+
+        trace
+
+        session_id = 'e723f734374f3iuf3498f34'
+        user_id    = 'some-user'
+        user_name  = 'Some User'
+
+        jwt_algo   = 'HS256'
+        jwt_secret = '0123456789'
+
+        jwt = JWT_from_credentials session_id, user_id, user_name, jwt_algo, jwt_secret
+
+        assert_kind_of ::String, jwt
+
+        auth = "Bearer #{jwt}"
+
+        credentials = credentials_from_JWT auth, jwt_secret
+
+        assert_equal session_id, credentials.shift
+        assert_equal user_id, credentials.shift
+        assert_equal user_name, credentials.shift
+    end
+end
+
+class Test_SecurityModelHelpers < Test::Unit::TestCase
+
+    include ::RazorRisk::Cassini::Authorisation::SecurityModelHelpers
+
+    include ::Pantheios
+
+    def test_auth_only
+
+        username = 'some-user'
+        password = 'e723f734374f3iuf3498f34'
+        domain   = 'HERE'
+        scheme   = :authorisation_only
+        cred     = [
+            username,
+        ]
+        opt      = {}
+
+        cr = razor_requester_credentials_options scheme, cred, **opt
+
+        assert_kind_of Hash, cr
+        assert_equal username, cr[:impersonatee]
+    end
+
+    def test_basic
+
+        username = 'some-user'
+        password = 'e723f734374f3iuf3498f34'
+        domain   = 'HERE'
+        scheme   = :basic
+        cred     = [
+            username,
+            password,
+            domain,
+        ]
+        opt      = {}
+
+        cr = razor_requester_credentials_options scheme, cred, **opt
+
+        assert_kind_of Hash, cr
+        assert_equal username, cr[:username]
+        assert_equal password, cr[:password]
+        assert_equal domain, cr[:domain]
+    end
+
+    def test_jwt
+
+        session_id = 'e723f734374f3iuf3498f34'
+        scheme     = :jwt
+        cred       = [
+            session_id,
+        ]
+        opt        = {}
+
+        cr = razor_requester_credentials_options scheme, cred, **opt
+
+        assert_kind_of Hash, cr
+        assert_equal session_id, cr[:session_id]
+    end
+
+    def test_basic_with_auth_test_mode
+
+        username = 'some-user'
+        password = 'e723f734374f3iuf3498f34'
+        domain   = 'HERE'
+        scheme   = :basic
+        cred     = [
+            username,
+            password,
+            domain,
+        ]
+        opt      = {
+            auth_test_mode: true
+        }
+
+        cr = razor_requester_credentials_options scheme, cred, **opt
+
+        assert_kind_of Hash, cr
+        assert_equal username, cr[:impersonatee]
+    end
+
+    def test_jwt_with_auth_test_mode
+
+        session_id = 'e723f734374f3iuf3498f34'
+        scheme     = :jwt
+        cred       = [
+            session_id,
+        ]
+        opt        = {
+            auth_test_mode: true
+        }
+
+        cr = razor_requester_credentials_options scheme, cred, **opt
+
+        assert_kind_of Hash, cr
+        assert_equal session_id, cr[:session_id]
+    end
+end

data/test/unit/tc_load_secrets.rb

@@ -0,0 +1,95 @@
+#! /usr/bin/env ruby
+
+$:.unshift File.join(File.dirname(__FILE__), '../../lib')
+
+require 'simplecov'
+
+require 'razor_risk/cassini/testing/suppress_pantheios_logging' unless $DEBUG
+
+require 'razor_risk/cassini/util/secrets_util'
+
+require 'xqsr3/extensions/test/unit'
+
+require 'test/unit'
+
+require 'tempfile'
+require 'yaml'
+
+class Test_SecretsUtil_load_secrets < Test::Unit::TestCase
+
+    include ::RazorRisk::Cassini::Util::SecretsUtil
+
+    def test_load_from_YAML_string
+
+        s = <<END_OF_yaml_string
+
+secrets:
+    all:
+        SHA256: abcdefghijkl
+        HS256: ABCDEFGHIJKL
+    special:
+        SHA256: mnopqrstuvwxyz
+        HS256: MNOPQRSTUVWXYZ
+END_OF_yaml_string
+
+        yaml    =   YAML.load s
+
+        assert_nil get_secret_from_hash(yaml, nil, 'xyz')
+        assert_equal 'abcdefghijkl', get_secret_from_hash(yaml, nil, 'SHA256')
+
+        assert_equal 'abcdefghijkl', get_secret_from_hash(yaml, 'all', 'SHA256')
+        assert_nil get_secret_from_hash(yaml, 'all', 'abc')
+
+        assert_equal 'abcdefghijkl', get_secret_from_hash(yaml, 'unknown-category', 'SHA256')
+        assert_nil get_secret_from_hash(yaml, 'unknown-category', '')
+
+        assert_equal 'mnopqrstuvwxyz', get_secret_from_hash(yaml, 'special', 'SHA256')
+        assert_nil get_secret_from_hash(yaml, 'special', '*')
+    end
+
+    def test_load_from_YAML_file
+
+        s = <<END_OF_yaml_string
+
+secrets:
+    all:
+        SHA256: abcdefghijkl
+        HS256: ABCDEFGHIJKL
+    special:
+        SHA256: mnopqrstuvwxyz
+        HS256: MNOPQRSTUVWXYZ
+END_OF_yaml_string
+
+
+        f = nil
+
+        begin
+
+            f = Tempfile.new('secrets-test-file')
+
+            f.write s
+            f.close
+
+            algorithms = [
+
+                'HS256',
+                'SHA256',
+                'blahblah',
+            ]
+
+            secrets = load_secrets f.path, *algorithms
+
+            assert_not_nil secrets
+            assert_not_empty secrets
+
+            assert_equal 'abcdefghijkl', secrets['sha256']
+            assert_equal 'ABCDEFGHIJKL', secrets['hs256']
+            assert_nil secrets['xxx']
+        ensure
+
+            f.unlink unless f.nil?
+        end
+    end
+end
+
+