touchpass 0.0.8.1 → 0.0.8.16
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +2 -0
- data/Gemfile +6 -0
- data/Gemfile.lock +27 -12
- data/Rakefile +20 -1
- data/app/assets/images/touchpass/buttons/cancelling.png +0 -0
- data/app/assets/images/touchpass/buttons/unverified.png +0 -0
- data/app/assets/images/touchpass/buttons/verified.png +0 -0
- data/app/assets/images/touchpass/buttons/verify.png +0 -0
- data/app/assets/images/touchpass/buttons/verifying.png +0 -0
- data/app/assets/images/touchpass/cross.png +0 -0
- data/app/assets/images/touchpass/loading.gif +0 -0
- data/app/assets/images/touchpass/tick.png +0 -0
- data/app/assets/images/touchpass/touchpass-logo.jpg +0 -0
- data/app/assets/javascripts/touchpass/index.js +1 -0
- data/app/assets/javascripts/touchpass/jquery.touchpass-0.0.1.js +199 -0
- data/app/assets/stylesheets/touchpass/index.css +1 -0
- data/app/assets/stylesheets/touchpass/widget.css +17 -0
- data/app/controllers/touchpass/verifications_controller.rb +10 -6
- data/bin/tpcli.rb +29 -21
- data/bin/tpcrypt.rb +38 -0
- data/config/routes.rb +2 -2
- data/lib/touchpass/client.rb +33 -81
- data/lib/touchpass/crypt.rb +29 -6
- data/lib/touchpass/prp.rb +9 -6
- data/lib/touchpass/{device.rb → rp/device.rb} +5 -2
- data/lib/touchpass/rp/response.rb +34 -0
- data/lib/touchpass/rp/verification.rb +53 -0
- data/lib/touchpass/verification.rb +119 -86
- data/lib/touchpass/version.rb +1 -1
- data/lib/touchpass.rb +27 -5
- data/spec/curl.touchpass_client_spec-workingcontent.txt +268 -0
- data/spec/spec_helper.rb +9 -0
- data/spec/touchpass_client_spec.rb +42 -48
- data/spec/touchpass_crypt_spec.rb +27 -0
- data/spec/touchpass_rp_verification_spec.rb +52 -0
- data/spec/touchpass_spec.rb +12 -0
- data/spec/touchpass_verification_spec.rb +26 -0
- metadata +66 -14
@@ -0,0 +1,268 @@
|
|
1
|
+
# ruby strings for the curl commands
|
2
|
+
#
|
3
|
+
#
|
4
|
+
# Register Party
|
5
|
+
#
|
6
|
+
#
|
7
|
+
|
8
|
+
# curlstr = 'curl -k -X POST -F "username=' user '"' '-F "email=' email '" -F "password=' password '" "#{DFT_HOSTNAME}//parties.json"'
|
9
|
+
|
10
|
+
curl -k -X POST -F "username=tpusery" -F "email=tpusery@geodica.com" -F "password=tpusery" "https://localhost:3999/parties.json"
|
11
|
+
|
12
|
+
{
|
13
|
+
"id": 8,
|
14
|
+
"username": "tpusery",
|
15
|
+
"email": "tpusery@geodica.com",
|
16
|
+
"first_name": "",
|
17
|
+
"last_name": "",
|
18
|
+
"api_key": "CU2GxrYnqJJ7nMiyzG29",
|
19
|
+
"state": "created"
|
20
|
+
}
|
21
|
+
|
22
|
+
|
23
|
+
|
24
|
+
# attempting to register again
|
25
|
+
# curlstr = 'curl -k -X POST -F "username=tpusera'"' '-F "email=' email '" -F "password=' password '" "#{DFT_HOSTNAME}//parties.json"'
|
26
|
+
curl -k -X POST -F "username=tpusery" -F "email=tpusery@geodica.com" -F "password=tpusery" "https://localhost:3999/parties.json"
|
27
|
+
{
|
28
|
+
"errors": [
|
29
|
+
{"field": "email", "message": "has already been taken"},
|
30
|
+
{"field": "username", "message": "has already been taken"}
|
31
|
+
]
|
32
|
+
|
33
|
+
# attempting empty username
|
34
|
+
# curlstr = 'curl -k -X POST -F "username='"' '-F "email=' email '" -F "password=' password '" "#{DFT_HOSTNAME}//parties.json"'
|
35
|
+
curl -k -X POST -F "username=" -F "email=tpuserz@geodica.com" -F "password=tpusery" "https://localhost:3999/parties.json"
|
36
|
+
{
|
37
|
+
"errors": [
|
38
|
+
{"field": "username", "message": "can't be blank"},
|
39
|
+
{"field": "username", "message": "is too short (minimum is 4 characters)"}
|
40
|
+
]
|
41
|
+
|
42
|
+
|
43
|
+
}
|
44
|
+
|
45
|
+
# attempting longer than 15 characters
|
46
|
+
# curlstr = 'curl -k -X POST -F "username=longlonglonglonglonglonglonglongname'"' '-F "email=' email ' -F "password=' password '" "#{DFT_HOSTNAME}//parties.json"'
|
47
|
+
curl -k -X POST -F "username=longlonglonglonglonglonglonglongname" -F "email=tpuserz@geodica.com" -F "password=tpusery" "https://localhost:3999/parties.json"
|
48
|
+
{
|
49
|
+
"errors": [
|
50
|
+
{"field": "username", "message": "is too long (maximum is 15 characters)"}
|
51
|
+
]
|
52
|
+
}
|
53
|
+
|
54
|
+
|
55
|
+
# attempting empty email address
|
56
|
+
# curlstr = 'curl -k -X POST -F "username=testnameok'"' '-F "email="' -F "password=' password '" "#{DFT_HOSTNAME}//parties.json"'
|
57
|
+
curl -k -X POST -F "username=testnameok" -F "email=" -F "password=tpusery" "https://localhost:3999/parties.json"
|
58
|
+
{
|
59
|
+
"errors": [
|
60
|
+
{"field": "email", "message": "can't be blank"}
|
61
|
+
]curl -k -X POST -F "username=tpusery" -F "email=tpusery@geodica.com" -F "password=" "https://localhost:3999/parties.json"
|
62
|
+
curl -k -X POST -F "username=tpuserz" -F "email=tpuserz@geodica.com" -F "password=" "https://localhost:3999/parties.json"
|
63
|
+
{
|
64
|
+
"errors": [
|
65
|
+
{"field": "password", "message": "can't be blank"}
|
66
|
+
]
|
67
|
+
}
|
68
|
+
}
|
69
|
+
|
70
|
+
|
71
|
+
# attempting with empty password
|
72
|
+
# curlstr = 'curl -k -X POST -F "username=' user'"' '-F "email="' -F "password=" "#{DFT_HOSTNAME}//parties.json"'
|
73
|
+
curl -k -X POST -F "username=tpuserz" -F "email=tpuserz@geodica.com" -F "password=" "https://localhost:3999/parties.json"
|
74
|
+
{
|
75
|
+
"errors": [
|
76
|
+
{"field": "password", "message": "can't be blank"}
|
77
|
+
]
|
78
|
+
}
|
79
|
+
|
80
|
+
|
81
|
+
|
82
|
+
|
83
|
+
|
84
|
+
|
85
|
+
#
|
86
|
+
#Authenticate
|
87
|
+
#
|
88
|
+
|
89
|
+
#
|
90
|
+
# curlstr = 'curl -X POST -d "login=' username '" -d "password=' username '" "#{DFT_HOSTNAME}/parties/authenticate.json"'
|
91
|
+
#
|
92
|
+
# curl -k -X POST -d "login=tpusera" -d "password=tpusera" "https://localhost:3999/parties/authenticate.json"
|
93
|
+
#{
|
94
|
+
# "id": 3,
|
95
|
+
# "username": "tpusera",
|
96
|
+
# "email": "tpusera@geodica.com",
|
97
|
+
# "first_name": "Tpuser",
|
98
|
+
# "last_name": "A",
|
99
|
+
# "api_key": "zEHFEvT7V99uQoQ4enZX",
|
100
|
+
# "state": "active"
|
101
|
+
#}
|
102
|
+
|
103
|
+
|
104
|
+
#Authenticate with blank login name
|
105
|
+
curl -k -X POST -d "login=" -d "password=tpusera" "https://localhost:3999/parties/authenticate.json"
|
106
|
+
{
|
107
|
+
"errors": [
|
108
|
+
{"message": "Invalid login or password"}
|
109
|
+
]
|
110
|
+
}
|
111
|
+
|
112
|
+
|
113
|
+
#Authenticate with name > 15
|
114
|
+
curl -k -X POST -d "login=longlonglonglonglonglonglonglongname" -d "password=tpusera" "https://localhost:3999/parties/authenticate.json"
|
115
|
+
{
|
116
|
+
"errors": [
|
117
|
+
{"message": "Invalid login or password"}
|
118
|
+
]
|
119
|
+
}
|
120
|
+
|
121
|
+
|
122
|
+
#
|
123
|
+
# Validate API Key for registere user
|
124
|
+
#
|
125
|
+
# get party
|
126
|
+
#
|
127
|
+
#
|
128
|
+
# curlstr = 'curl -k -X GET -H "X-TouchPass-ApiKey:" ' apikey '" "#{DFT_HOSTNAME}//parties/10.json"'
|
129
|
+
#
|
130
|
+
curl -k -X GET -H "X-TouchPass-ApiKey:ug8VHKNRsFoDPLHBA549" "https://localhost:3999/parties/10.json"
|
131
|
+
{
|
132
|
+
"id": 10,
|
133
|
+
"username": "tpuserab",
|
134
|
+
"email": "tpuserab@geodica.com",
|
135
|
+
"first_name": "",
|
136
|
+
"last_name": "",
|
137
|
+
"state": "created"
|
138
|
+
,"devices": [
|
139
|
+
]
|
140
|
+
}
|
141
|
+
|
142
|
+
|
143
|
+
#
|
144
|
+
# Make changes to a registered party. update party
|
145
|
+
#
|
146
|
+
# TBC: do we need a test in here to see if you can rename the username to the same as another already registered name
|
147
|
+
#
|
148
|
+
#
|
149
|
+
# curlstr = 'curl -k -X PUT -H "X-TouchPass-ApiKey:" ' apikey '" -d "firstname=' newname '" "#{DFT_HOSTNAME}/tpuserab.json"'
|
150
|
+
#
|
151
|
+
curl -k -X PUT -H "X-TouchPass-ApiKey:ug8VHKNRsFoDPLHBA549" -d "first_name=new" "https://localhost:3999/tpuserab.json"
|
152
|
+
{
|
153
|
+
"id": 10,
|
154
|
+
"username": "tpuserab",
|
155
|
+
"email": "tpuserab@geodica.com",
|
156
|
+
"first_name": "new",
|
157
|
+
"last_name": "",
|
158
|
+
"state": "created"
|
159
|
+
,"devices": [
|
160
|
+
]
|
161
|
+
}
|
162
|
+
|
163
|
+
|
164
|
+
#
|
165
|
+
#
|
166
|
+
# Validate additiona of new devices
|
167
|
+
|
168
|
+
#
|
169
|
+
#
|
170
|
+
# add device
|
171
|
+
#
|
172
|
+
# curlstr = 'curl -k -X GET -H "X-TouchPass-ApiKey:" ' apikey '" "#{DFT_HOSTNAME}/' username '/devices.json"'
|
173
|
+
#
|
174
|
+
# #todo need to setup the params for this string
|
175
|
+
# -F "name=" newdevicename
|
176
|
+
# -F "udid=" randomstring1
|
177
|
+
# -F "pub_key=" randomstring2
|
178
|
+
# -F "messaging_value=" randomstring3
|
179
|
+
# -F "app_id=geodica.touchpass.client.app-R100"
|
180
|
+
#
|
181
|
+
curl -k -X POST -H "X-TouchPass-ApiKey: zEHFEvT7V99uQoQ4enZX" -F "name=Tpusera Device Test" -F "udid=747c2098adsrjlakfjlaskdfjlj77f3b3f5e2c3b" -F "pub_key=-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAMa0TaTSmYC5xkWLBdffcTe2wJ8ebv0COONbWTb0iZVBG3NwC0WfqATHdDEQfAKPeTxH1xte5U+o5Bl3NQRGOeeQPsZTOZkENIe1C560Ehx/swUyDiW4Z5a2OKFQqLqt8u2LyUmhVZv6bpfBTL6HcWh+rrOZN6RasBbi/GJEndxrAgMBAAE=-----END RSA PUBLIC KEY-----" -F "messaging_type=apn-development" -F "messaging_value=8ca4329cc55bf98f6c81e4ff443201cb03a0e8d4afbd07bea159194bf29ea8a0" -F "app_id=geodica.touchpass.client.app-R100" "https://localhost:3999/tpusera/devices.json"
|
182
|
+
{
|
183
|
+
"id": 6,
|
184
|
+
"udid": "747c2098adsrjlakfjlaskdfjlj77f3b3f5e2c3b",
|
185
|
+
"name": "Tpusera Device Test",
|
186
|
+
"pub_key": "-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAMa0TaTSmYC5xkWLBdffcTe2wJ8ebv0COONbWTb0iZVBG3NwC0WfqATHdDEQfAKPeTxH1xte5U+o5Bl3NQRGOeeQPsZTOZkENIe1C560Ehx/swUyDiW4Z5a2OKFQqLqt8u2LyUmhVZv6bpfBTL6HcWh+rrOZN6RasBbi/GJEndxrAgMBAAE=-----END RSA PUBLIC KEY-----",
|
187
|
+
"app_id": "geodica.touchpass.client.app-R100"
|
188
|
+
}
|
189
|
+
|
190
|
+
|
191
|
+
#
|
192
|
+
# get devices
|
193
|
+
#
|
194
|
+
# curlstr = 'curl -k -X GET -H "X-TouchPass-ApiKey:" ' apikey '" "#{DFT_HOSTNAME}/' username '/devices.json"'
|
195
|
+
#
|
196
|
+
curl -k -X GET -H "X-TouchPass-ApiKey:8rm2JYjzVfeFHpAaJTwM" "https://localhost:3999/tpusera/devices.json"
|
197
|
+
{
|
198
|
+
"devices": [
|
199
|
+
{
|
200
|
+
"id": 4,
|
201
|
+
"udid": "62dae634ab99a2b69cfb01c6e18ea7d6841c93cc",
|
202
|
+
"name": "Ben’s iPhone",
|
203
|
+
"pub_key": "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAMNH6Z8oZxCZKhWnBuLqfx21S2QMl8FBY7+RIaBIiCXigBY6aL6GD5yT\nw67l3piUfJg3dzobEBh0mwhxy0JC4jPDX1f9BF5colJ9eI2E+xzZ7RJT/HDZLlR1\nB/+2vVUXjNOk8j43ZQg7tLnU3/B5s7n7SoHFC7VSgWPNqC72DhjNAgMBAAE=\n-----END RSA PUBLIC KEY-----\n",
|
204
|
+
"app_id": "geodica.touchpass.client.app-R100"
|
205
|
+
},
|
206
|
+
{
|
207
|
+
"id": 2,
|
208
|
+
"udid": "3b3f5e2c3b747c37dc35148398e77fb66830e921",
|
209
|
+
"name": "Tpusera Device 2",
|
210
|
+
"pub_key": "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAL6Doy1emQcTVuNfaqClPGQosuEsbkmHYIAzDpeltT10CPhpt5j7441O\nNGjlxirYb/PkvRNjzCxh2fUAcLnbXPgaeYqFg1yXSlmwIM5wVzPJPMRCzoWxLY4g\nvNpTahG/X+ydAy0AeVI7CGFlljaWCdX25FKLucjfUEpL+qccoITLAgMBAAE=\n-----END RSA PUBLIC KEY-----\n",
|
211
|
+
"app_id": "seeds"
|
212
|
+
},
|
213
|
+
{
|
214
|
+
"id": 1,
|
215
|
+
"udid": "747c37dc35b66830e921148398e77f3b3f5e2c3b",
|
216
|
+
"name": "Tpusera Device 1",
|
217
|
+
"pub_key": "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBALufhXKqGqe1OL0KZ09xI029GnYzWTZtsUXqLXXGv++jN1KgkPTxrxll\nJ35i7UFN9eryNj3IX34BN0FmF5o3FqrQdpmVSA5TI4a4qb9DMfeJjfp6uqx+MWUw\nk4Pq7z3SGEv7jvLB5AY0ntuMSgluhqLWhZ8phaE2iWZQ8CL2tnRVAgMBAAE=\n-----END RSA PUBLIC KEY-----\n",
|
218
|
+
"app_id": "seeds"
|
219
|
+
}
|
220
|
+
]
|
221
|
+
}
|
222
|
+
|
223
|
+
#
|
224
|
+
# get details of a specific device for a user
|
225
|
+
#
|
226
|
+
# curlstr = 'curl -k -X GET -H "X-TouchPass-ApiKey:" ' apikey '" "#{DFT_HOSTNAME}/' username '/devices/' deviceid '.json"'
|
227
|
+
#
|
228
|
+
curl -k -X GET -H "X-TouchPass-ApiKey:8rm2JYjzVfeFHpAaJTwM" "https://localhost:3999/tpusera/devices/4.json"
|
229
|
+
{
|
230
|
+
"id": 4,
|
231
|
+
"udid": "62dae634ab99a2b69cfb01c6e18ea7d6841c93cc",
|
232
|
+
"name": "Ben’s iPhone",
|
233
|
+
"pub_key": "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAMNH6Z8oZxCZKhWnBuLqfx21S2QMl8FBY7+RIaBIiCXigBY6aL6GD5yT\nw67l3piUfJg3dzobEBh0mwhxy0JC4jPDX1f9BF5colJ9eI2E+xzZ7RJT/HDZLlR1\nB/+2vVUXjNOk8j43ZQg7tLnU3/B5s7n7SoHFC7VSgWPNqC72DhjNAgMBAAE=\n-----END RSA PUBLIC KEY-----\n",
|
234
|
+
"app_id": "geodica.touchpass.client.app-R100"
|
235
|
+
}
|
236
|
+
|
237
|
+
|
238
|
+
#
|
239
|
+
# get details of a specific device AS a user
|
240
|
+
#
|
241
|
+
#
|
242
|
+
# note: apikey must be of a user for which a device matches (e.g. add it before!?!)
|
243
|
+
# curlstr = 'curl -k -X GET -H "X-TouchPass-ApiKey:" ' apikey '" "#{DFT_HOSTNAME}/devices/' deviceid '.json"'
|
244
|
+
#
|
245
|
+
curl -k -X GET -H "X-TouchPass-ApiKey:zEHFEvT7V99uQoQ4enZX" "https://localhost:3999/devices/1.json"
|
246
|
+
{
|
247
|
+
"id": 1,
|
248
|
+
"udid": "747c37dc35b66830e921148398e77f3b3f5e2c3b",
|
249
|
+
"name": "Tpusera Device 1",
|
250
|
+
"pub_key": "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBALufhXKqGqe1OL0KZ09xI029GnYzWTZtsUXqLXXGv++jN1KgkPTxrxll\nJ35i7UFN9eryNj3IX34BN0FmF5o3FqrQdpmVSA5TI4a4qb9DMfeJjfp6uqx+MWUw\nk4Pq7z3SGEv7jvLB5AY0ntuMSgluhqLWhZ8phaE2iWZQ8CL2tnRVAgMBAAE=\n-----END RSA PUBLIC KEY-----\n",
|
251
|
+
"app_id": "seeds"
|
252
|
+
}
|
253
|
+
|
254
|
+
#
|
255
|
+
# get device, no such device
|
256
|
+
#
|
257
|
+
# curlstr = 'curl -k -X GET -H "X-TouchPass-ApiKey:" ' apikey '" "#{DFT_HOSTNAME}/' username '/devices/999.json"'
|
258
|
+
#
|
259
|
+
curl -k -X GET -H "X-TouchPass-ApiKey:8rm2JYjzVfeFHpAaJTwM" "https://localhost:3999/tpusera/devices/999.json"
|
260
|
+
{
|
261
|
+
"errors": [
|
262
|
+
{"message": "Device cannot be found"}
|
263
|
+
]
|
264
|
+
}
|
265
|
+
|
266
|
+
#
|
267
|
+
# add a new device
|
268
|
+
#
|
data/spec/spec_helper.rb
CHANGED
@@ -5,7 +5,9 @@
|
|
5
5
|
#
|
6
6
|
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
7
7
|
|
8
|
+
require 'cover_me'
|
8
9
|
SPEC_KEYS_PATH = File.join(ENV['HOME'], ".touchpass", "certs_spec")
|
10
|
+
require 'touchpass'
|
9
11
|
|
10
12
|
RSpec.configure do |config|
|
11
13
|
config.treat_symbols_as_metadata_keys_with_true_values = true
|
@@ -22,3 +24,10 @@ end
|
|
22
24
|
|
23
25
|
require 'helpers/gtp_spec_helper'
|
24
26
|
require 'helpers/client_spec_helper'
|
27
|
+
|
28
|
+
def expect_response_error(response, field = nil, error = nil)
|
29
|
+
response.should_not be_nil
|
30
|
+
#p response
|
31
|
+
response['errors'].should_not be_nil
|
32
|
+
end
|
33
|
+
|
@@ -28,8 +28,9 @@ describe "Touchpass Client" do
|
|
28
28
|
|
29
29
|
# Ensure that we can register a new party
|
30
30
|
context "Register Party" do
|
31
|
+
|
31
32
|
it "should allow a party to register with valid username, email and password" do
|
32
|
-
username = "tp#{Touchpass::Crypt.
|
33
|
+
username = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
|
33
34
|
email = "#{username}@geodica.com"
|
34
35
|
password = "#{username}"
|
35
36
|
new_party = tpclient.register_party(:email => email, :username => username, :password => password)
|
@@ -39,58 +40,47 @@ describe "Touchpass Client" do
|
|
39
40
|
new_party['state' ].should == 'created'
|
40
41
|
new_party['api_key' ].should_not be nil
|
41
42
|
end
|
43
|
+
|
42
44
|
it "should not allow a party to register with an empty username" do
|
43
45
|
username = ""
|
44
46
|
email = "#{username}@geodica.com"
|
45
47
|
password = "password"
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
new_party['email' ].should == ['is invalid']
|
50
|
-
new_party['state' ].should be nil
|
51
|
-
new_party['api_key' ].should be nil
|
48
|
+
response = tpclient.register_party(:email => email, :username => username, :password => password)
|
49
|
+
expect_response_error(response, :username, "can't be blank")
|
50
|
+
expect_response_error(response, :email, "is invalid")
|
52
51
|
end
|
52
|
+
|
53
53
|
it "should not allow a party to register with an username > 15" do
|
54
|
-
username = "tp#{Touchpass::Crypt.
|
54
|
+
username = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)}"
|
55
55
|
username.length.should be >= 15
|
56
56
|
email = "#{username}@geodica.com"
|
57
57
|
password = "password"
|
58
58
|
new_party = tpclient.register_party(:email => email, :username => username, :password => password)
|
59
|
-
new_party
|
60
|
-
new_party['username'].should == ["is too long (maximum is 15 characters)"]
|
61
|
-
new_party['email' ].should be nil
|
62
|
-
new_party['state' ].should be nil
|
63
|
-
new_party['api_key' ].should be nil
|
59
|
+
expect_response_error(new_party, :username, "is too long (maximum is 15 characters)")
|
64
60
|
end
|
61
|
+
|
65
62
|
it "should not allow a party to register with an empty email address" do
|
66
|
-
username = "tp#{Touchpass::Crypt.
|
63
|
+
username = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
|
67
64
|
email = ""
|
68
65
|
password = "#{username}"
|
69
|
-
|
70
|
-
|
71
|
-
new_party['username'].should be nil
|
72
|
-
new_party['email' ].should == ['can\'t be blank']
|
73
|
-
new_party['state' ].should be nil
|
74
|
-
new_party['api_key' ].should be nil
|
66
|
+
response = tpclient.register_party(:email => email, :username => username, :password => password)
|
67
|
+
expect_response_error(response, :email, "can't be blank")
|
75
68
|
end
|
69
|
+
|
76
70
|
it "should not allow a party to register with an empty password" do
|
77
|
-
username = "tp#{Touchpass::Crypt.
|
71
|
+
username = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
|
78
72
|
email = "#{username}@geodica.com"
|
79
73
|
password = ""
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
new_party['email' ].should be nil
|
84
|
-
new_party['state' ].should be nil
|
85
|
-
new_party['api_key' ].should be nil
|
86
|
-
end
|
74
|
+
response = tpclient.register_party(:email => email, :username => username, :password => password)
|
75
|
+
expect_response_error(response, :password, "can't be blank")
|
76
|
+
end
|
87
77
|
end
|
88
78
|
|
89
79
|
# Check that a new rego provides an API key and that we can use the API key to access info
|
90
80
|
context "Validate api_key for newly registered user" do
|
91
81
|
it "should provide a valid API key that can be used to access the party record" do
|
92
82
|
# create a new party and get that party's api_key
|
93
|
-
username = "tp#{Touchpass::Crypt.
|
83
|
+
username = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
|
94
84
|
email = "#{username}@geodica.com"
|
95
85
|
password = "#{username}"
|
96
86
|
new_party = tpclient.register_party(:email => email, :username => username, :password => password)
|
@@ -121,7 +111,7 @@ describe "Touchpass Client" do
|
|
121
111
|
context "Make changes to a registered party" do
|
122
112
|
it "should allow changes to be made to a party" do
|
123
113
|
# create a new party and get that party's api_key
|
124
|
-
username = "tp#{Touchpass::Crypt.
|
114
|
+
username = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
|
125
115
|
email = "#{username}@geodica.com"
|
126
116
|
password = "#{username}"
|
127
117
|
new_party = tpclient.register_party(:email => email, :username => username, :password => password)
|
@@ -140,7 +130,7 @@ describe "Touchpass Client" do
|
|
140
130
|
# Validate addition of new devices
|
141
131
|
context "Add, get and update a device" do
|
142
132
|
before(:each) do
|
143
|
-
@username = "tp#{Touchpass::Crypt.
|
133
|
+
@username = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
|
144
134
|
@email = "#{@username}@geodica.com"
|
145
135
|
@password = "#{@username}"
|
146
136
|
@new_party = tpclient.register_party(:email => @email, :username => @username, :password => @password)
|
@@ -153,9 +143,11 @@ describe "Touchpass Client" do
|
|
153
143
|
|
154
144
|
it "should allow for the addition and retrieval of a new device" do
|
155
145
|
# create a new device for this party
|
156
|
-
udid = Touchpass::Crypt.
|
157
|
-
messaging_value = Touchpass::Crypt.
|
146
|
+
udid = Touchpass::Crypt.hash(Touchpass::Crypt.salt) # a random string
|
147
|
+
messaging_value = Touchpass::Crypt.hash(Touchpass::Crypt.salt) # another random string
|
148
|
+
app_id = "touchpass_client_spec"
|
158
149
|
new_device = tpclient.register_device(:username => @new_party['username'],
|
150
|
+
:app_id => app_id,
|
159
151
|
:udid => udid,
|
160
152
|
:name => "#{@username}'s Device",
|
161
153
|
:messaging_type => 'apn-development',
|
@@ -163,6 +155,7 @@ describe "Touchpass Client" do
|
|
163
155
|
|
164
156
|
new_device['id' ].should_not be nil
|
165
157
|
new_device['udid' ].should == udid
|
158
|
+
new_device['app_id'].should == app_id
|
166
159
|
new_device['name' ].should == "#{@username}'s Device"
|
167
160
|
new_device['pub_key'].should_not be nil
|
168
161
|
|
@@ -186,10 +179,11 @@ describe "Touchpass Client" do
|
|
186
179
|
end
|
187
180
|
|
188
181
|
it "should allow for removal of a device by id" do
|
189
|
-
udid = Touchpass::Crypt.
|
190
|
-
messaging_value = Touchpass::Crypt.
|
182
|
+
udid = Touchpass::Crypt.hash(Touchpass::Crypt.salt) # a random string
|
183
|
+
messaging_value = Touchpass::Crypt.hash(Touchpass::Crypt.salt) # another random string
|
191
184
|
|
192
185
|
new_device = tpclient.register_device(:username => @new_party['username'],
|
186
|
+
:app_id => "touchpass_client_spec",
|
193
187
|
:udid => udid,
|
194
188
|
:name => "#{@username}'s Device",
|
195
189
|
:messaging_type => 'apn-development',
|
@@ -204,9 +198,9 @@ describe "Touchpass Client" do
|
|
204
198
|
retrieved_devices['devices'].size.should be 0
|
205
199
|
|
206
200
|
retrieved_device = tpclient.get_device(:username => @username, :id => new_device['id'])
|
207
|
-
retrieved_device
|
201
|
+
expect_response_error(retrieved_device)
|
208
202
|
end
|
209
|
-
|
203
|
+
|
210
204
|
end
|
211
205
|
|
212
206
|
# Work with verifications
|
@@ -216,23 +210,24 @@ describe "Touchpass Client" do
|
|
216
210
|
@rp_client = Touchpass::Client.new(TPC_HOSTNAME, TPC_DEBUG)
|
217
211
|
|
218
212
|
# create a new verifying party
|
219
|
-
@vp_username = "tp#{Touchpass::Crypt.
|
213
|
+
@vp_username = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
|
220
214
|
@vp_email = "#{@vp_username}@geodica.com"
|
221
215
|
@vp_password = "#{@vp_username}"
|
222
216
|
@new_vp = @vp_client.register_party(:email => @vp_email, :username => @vp_username, :password => @vp_password)
|
223
217
|
|
224
218
|
# create a new relying party
|
225
|
-
@rp_username = "rp#{Touchpass::Crypt.
|
219
|
+
@rp_username = "rp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
|
226
220
|
@rp_email = "#{@rp_username}@geodica.com"
|
227
221
|
@rp_password = "#{@rp_username}"
|
228
222
|
@new_rp = @rp_client.register_party(:email => @rp_email, :username => @rp_username, :password => @rp_password)
|
229
223
|
|
230
224
|
# add a device to the VP
|
231
225
|
@new_device = @vp_client.register_device(:username => @new_vp['username'],
|
232
|
-
:
|
226
|
+
:app_id => "touchpass_client_spec",
|
227
|
+
:udid => Touchpass::Crypt.hash(Touchpass::Crypt.salt),
|
233
228
|
:name => "#{@username}'s Device",
|
234
229
|
:messaging_type => 'apn-development',
|
235
|
-
:messaging_value => Touchpass::Crypt.
|
230
|
+
:messaging_value => Touchpass::Crypt.hash(Touchpass::Crypt.salt) )
|
236
231
|
end
|
237
232
|
|
238
233
|
it "should create the new rp and vp to work with" do
|
@@ -257,7 +252,7 @@ describe "Touchpass Client" do
|
|
257
252
|
verification['id' ].should_not be nil
|
258
253
|
verification['reference' ].should_not be nil
|
259
254
|
verification['requested_at' ].should_not be nil
|
260
|
-
verification['responded_at' ].should_not be nil
|
255
|
+
#verification['responded_at' ].should_not be nil
|
261
256
|
verification['from_party']['id' ].should == @new_rp['id' ]
|
262
257
|
verification['from_party']['username' ].should == @new_rp['username']
|
263
258
|
verification['to_party' ]['id' ].should == @new_vp['id' ]
|
@@ -307,12 +302,11 @@ describe "Touchpass Client" do
|
|
307
302
|
updated_verification['responded_at'].should_not be nil
|
308
303
|
|
309
304
|
# We should *not* be able to canel or reject this verification since it's already been validated
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
rejected_verification['base'][0].should == "Verification has already been responded"
|
305
|
+
response = @vp_client.cancel_verification(:id => verification['id'])
|
306
|
+
expect_response_error(response, :base, "Verification has already been responded")
|
307
|
+
|
308
|
+
response = @vp_client.reject_verification(:id => verification['id'])
|
309
|
+
expect_response_error(response, :base, "Verification has already been responded")
|
316
310
|
end
|
317
311
|
end
|
318
312
|
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# Geodica Touchpass
|
2
|
+
# (C) Copyright 2009-2012 Geodica, a Carpadium Pty Ltd Venture
|
3
|
+
# All rights reserved
|
4
|
+
|
5
|
+
require 'spec_helper'
|
6
|
+
|
7
|
+
describe Touchpass::Crypt do
|
8
|
+
|
9
|
+
before(:each) do
|
10
|
+
@key = Touchpass::Crypt.generate_encryption_key
|
11
|
+
end
|
12
|
+
|
13
|
+
it "should encrypt data" do
|
14
|
+
encrypted_data = Touchpass::Crypt.encrypt("data", @key)
|
15
|
+
encrypted_data.should_not be_nil
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should decrypt encrypted data" do
|
19
|
+
# test message not a multiple of 32 bytes (test padding)
|
20
|
+
message = "test data to encrypt abcabcabcabc"
|
21
|
+
(message.length % 32).should_not == 0
|
22
|
+
encrypted_data = Touchpass::Crypt.encrypt(message, @key)
|
23
|
+
data = Touchpass::Crypt.decrypt(encrypted_data, @key)
|
24
|
+
data.should == message
|
25
|
+
end
|
26
|
+
|
27
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
|
2
|
+
require 'spec_helper'
|
3
|
+
|
4
|
+
describe "Touchpass:Rp::Verification" do
|
5
|
+
|
6
|
+
before(:each) do
|
7
|
+
@verification = Touchpass::Rp::Verification.new
|
8
|
+
@pub_key = "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAL2J74ey4flrTR4gK6MJgrwpsRq4RrsvHzv+2/tgcvAlNCXrYddc16IQ\nzy487ilZmHUF2ej9NtnsMucSbukjN0h06ntyHlTuuBVeEJAdnOHPUk5NIhYkMZ6w\nmdQTPd33gSmHtkJyorn1BvutzUsBmwcGxZ+0ADK0TwY6M/MRjjZ/AgMBAAE=\n-----END RSA PUBLIC KEY-----\n"
|
9
|
+
|
10
|
+
@devices = { 'devices' => [{ 'id' => "1", 'pub_key' => @pub_key }] }
|
11
|
+
@devices_response = mock(:response)
|
12
|
+
@devices_response.stub!(:code).and_return(200)
|
13
|
+
@devices_response.stub!(:parsed_response).and_return(@devices)
|
14
|
+
end
|
15
|
+
|
16
|
+
def dummy_response
|
17
|
+
parsed_response = {"id"=>6, "uuid"=>"b76b6016-aa06-11e1-8aac-d49a20f34512", "reference"=>"68e7", "requested_at"=>"2012-05-30T03:22:42Z", "responded_at"=>nil, "from_party"=>{"id"=>19, "username"=>"awilliams"}, "to_party"=>{"id"=>19, "username"=>"awilliams"}, "location_verification"=>nil, "resolution"=>"", "location_verified"=>nil, "crypted_tokens"=>[{"id"=>6, "device_id"=>12, "value"=>"Ylqyi4LQZLvk1U4/TkvRl/WOuALbiWZrhi1Kf1fmeKZLGydc3+3U9wJa/MNZZffh5Z8IxcifLsUJDCBSSlhy8K5gxvTiDRhfe401jjnoxT9vwZv1Sak9BX+49JRaZ/TwYtH5Zyk/K1l+nb5rgX5CgLYrscU64EBb1r5RQnRIzyA="}], "crypted_salts"=>[], "crypted_messages"=>[], "state"=>"created"}
|
18
|
+
response = mock(:response)
|
19
|
+
response.should_receive(:parsed_response).and_return(parsed_response)
|
20
|
+
response.should_receive(:code).and_return(200)
|
21
|
+
Touchpass::Rp::Device.should_receive(:get).and_return(@devices_response)
|
22
|
+
Touchpass::Rp::Verification.stub!(:post).and_return(response)
|
23
|
+
response
|
24
|
+
end
|
25
|
+
|
26
|
+
def dummy_response_error
|
27
|
+
parsed_response = "some error occurred" # string
|
28
|
+
response = mock(:response)
|
29
|
+
response.should_receive(:parsed_response).and_return(parsed_response)
|
30
|
+
response.should_receive(:code).and_return(500)
|
31
|
+
Touchpass::Rp::Device.should_receive(:get).and_return(@devices_response)
|
32
|
+
Touchpass::Rp::Verification.stub!(:post).and_return(response)
|
33
|
+
response
|
34
|
+
end
|
35
|
+
|
36
|
+
it "should create a new verification" do
|
37
|
+
Touchpass::Rp::Verification.should_receive(:post).and_return(dummy_response)
|
38
|
+
response = @verification.create('awilliams')
|
39
|
+
response.should_not be_nil
|
40
|
+
response.to_json.should_not be_nil
|
41
|
+
response.http_status_code.should == 200
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should gracefully handle error responses from the server" do
|
45
|
+
Touchpass::Rp::Verification.should_receive(:post).and_return(dummy_response_error)
|
46
|
+
response = @verification.create('awilliams')
|
47
|
+
response.should_not be_nil
|
48
|
+
response.to_json.should_not be_nil
|
49
|
+
response.http_status_code.should == 500
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Touchpass do
|
4
|
+
|
5
|
+
it "should return the server base_uri" do
|
6
|
+
Touchpass.host = "touchpass.example.com"
|
7
|
+
Touchpass.port = 443
|
8
|
+
Touchpass.use_https = true
|
9
|
+
Touchpass.base_uri.should == "https://touchpass.example.com:443"
|
10
|
+
end
|
11
|
+
|
12
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# Geodica Touchpass
|
2
|
+
# (C) Copyright 2009-2012 Geodica, a Carpadium Pty Ltd Venture
|
3
|
+
# All rights reserved
|
4
|
+
|
5
|
+
require 'spec_helper'
|
6
|
+
|
7
|
+
describe "Touchpass Verification" do
|
8
|
+
|
9
|
+
before(:each) do
|
10
|
+
@device = {
|
11
|
+
'id' => 1,
|
12
|
+
'pub_key' => "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAL2J74ey4flrTR4gK6MJgrwpsRq4RrsvHzv+2/tgcvAlNCXrYddc16IQ\nzy487ilZmHUF2ej9NtnsMucSbukjN0h06ntyHlTuuBVeEJAdnOHPUk5NIhYkMZ6w\nmdQTPd33gSmHtkJyorn1BvutzUsBmwcGxZ+0ADK0TwY6M/MRjjZ/AgMBAAE=\n-----END RSA PUBLIC KEY-----\n",
|
13
|
+
}
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should add messages" do
|
17
|
+
verification = Touchpass::Verification.new([@device])
|
18
|
+
verification.add_message("test")
|
19
|
+
verification.crypted_messages.count.should == 1
|
20
|
+
end
|
21
|
+
|
22
|
+
it "should create a location verification" do
|
23
|
+
verification = Touchpass::Verification.new([@device], :address => "29 foobar way, Australia")
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|