vines 0.4.0 → 0.4.1

data/test/rake_test_loader.rb

@@ -2,7 +2,7 @@ require 'rake'
 
 # Use the latest MiniTest gem instead of the buggy
 # version included with Ruby 1.9.2.
-gem 'minitest', '2.2.2'
+gem 'minitest', '~> 2.11.2'
 
 # Load the test files from the command line.
 

data/test/router_test.rb

@@ -46,7 +46,7 @@ class RouterTest < MiniTest::Unit::TestCase
 
     assert_equal 2, @router.size
     assert_equal 0, @router.connected_resources(@alice, romeo).size
-    @config.vhosts['wonderland.lit'].cross_domain_messages true
+    @config.vhost('wonderland.lit').cross_domain_messages true
     assert_equal 1, @router.connected_resources(@alice, romeo).size
 
     assert stream1.verify
@@ -148,7 +148,7 @@ class RouterTest < MiniTest::Unit::TestCase
   end
 
   def test_multiple_s2s_streams_are_load_balanced
-    @config.vhosts['wonderland.lit'].cross_domain_messages true
+    @config.vhost('wonderland.lit').cross_domain_messages true
     stream1 = s2s('wonderland.lit', 'verona.lit')
     stream2 = s2s('wonderland.lit', 'verona.lit')
     @router << stream1
@@ -166,11 +166,11 @@ class RouterTest < MiniTest::Unit::TestCase
   private
 
   def stream(jid)
-    MiniTest::Mock.new.tap do |stream|
-      stream.expect(:connected?, true)
-      stream.expect(:stream_type, :client)
-      stream.expect(:user, Vines::User.new(jid: jid))
-    end
+    stream = MiniTest::Mock.new
+    stream.expect(:connected?, true)
+    stream.expect(:stream_type, :client)
+    stream.expect(:user, Vines::User.new(jid: jid))
+    stream
   end
 
   def component(jid)

data/test/stanza/iq/disco_info_test.rb

@@ -36,7 +36,7 @@ class DiscoInfoTest < MiniTest::Unit::TestCase
       </iq>
     }.strip.gsub(/\n|\s{2,}/, ''))
 
-    @config.vhosts['wonderland.lit'].private_storage false
+    @config.vhost('wonderland.lit').private_storage false
     @stream.expect(:write, nil, [expected])
 
     stanza = Vines::Stanza::Iq::DiscoInfo.new(node, @stream)
@@ -62,7 +62,7 @@ class DiscoInfoTest < MiniTest::Unit::TestCase
       </iq>
     }.strip.gsub(/\n|\s{2,}/, ''))
 
-    @config.vhosts['wonderland.lit'].private_storage true
+    @config.vhost('wonderland.lit').private_storage true
     @stream.expect(:write, nil, [expected])
 
     stanza = Vines::Stanza::Iq::DiscoInfo.new(node, @stream)

data/test/stanza/iq/private_storage_test.rb

@@ -20,7 +20,7 @@ class PrivateStorageTest < MiniTest::Unit::TestCase
     query = %q{<query xmlns="jabber:iq:private"><one xmlns="a"/></query>}
     node = node(%Q{<iq id="42" type="get">#{query}</iq>})
 
-    @config.vhosts['wonderland.lit'].private_storage false
+    @config.vhost('wonderland.lit').private_storage false
     @stream.expect(:domain, 'wonderland.lit')
     @stream.expect(:config, @config)
 

data/test/stanza/iq_test.rb

@@ -44,7 +44,7 @@ class IqTest < MiniTest::Unit::TestCase
 
     @stream.expect(:config, @config)
     @stream.expect(:user, hatter)
-    @stream.expect(:connected_resources, [recipient], [alice.jid.to_s])
+    @stream.expect(:connected_resources, [recipient], [alice.jid])
 
     stanza = Vines::Stanza::Iq.new(node, @stream)
     stanza.process

data/test/stanza/presence/subscribe_test.rb

@@ -13,7 +13,7 @@ class SubscribeTest < MiniTest::Unit::TestCase
 
     user = MiniTest::Mock.new
     user.expect(:jid, alice)
-    user.expect(:request_subscription, nil, [hatter.to_s])
+    user.expect(:request_subscription, nil, [hatter])
     user.expect(:contact, contact, [hatter])
 
     storage = MiniTest::Mock.new

data/test/stanza/pubsub/subscribe_test.rb

@@ -113,7 +113,7 @@ class SubscribePubSubTest < MiniTest::Unit::TestCase
       unless @mock_pubsub
         @mock_pubsub = MiniTest::Mock.new
         @mock_pubsub.expect(:node?, true, ['game_13'])
-        @mock_pubsub.expect(:subscribed?, true, ['game_13', 'alice@wonderland.lit/tea'])
+        @mock_pubsub.expect(:subscribed?, true, ['game_13', Vines::JID.new('alice@wonderland.lit/tea')])
       end
       @mock_pubsub
     end
@@ -157,8 +157,8 @@ class SubscribePubSubTest < MiniTest::Unit::TestCase
       unless @mock_pubsub
         @mock_pubsub = MiniTest::Mock.new
         @mock_pubsub.expect(:node?, true, ['game_13'])
-        @mock_pubsub.expect(:subscribed?, false, ['game_13', 'alice@wonderland.lit/tea'])
-        @mock_pubsub.expect(:subscribe, nil, ['game_13', 'alice@wonderland.lit/tea'])
+        @mock_pubsub.expect(:subscribed?, false, ['game_13', Vines::JID.new('alice@wonderland.lit/tea')])
+        @mock_pubsub.expect(:subscribe, nil, ['game_13', Vines::JID.new('alice@wonderland.lit/tea')])
       end
       @mock_pubsub
     end

data/test/stanza/pubsub/unsubscribe_test.rb

@@ -112,7 +112,7 @@ class UnsubscribePubSubTest < MiniTest::Unit::TestCase
       unless @mock_pubsub
         @mock_pubsub = MiniTest::Mock.new
         @mock_pubsub.expect(:node?, true, ['game_13'])
-        @mock_pubsub.expect(:subscribed?, false, ['game_13', 'alice@wonderland.lit/tea'])
+        @mock_pubsub.expect(:subscribed?, false, ['game_13', Vines::JID.new('alice@wonderland.lit/tea')])
       end
       @mock_pubsub
     end
@@ -156,8 +156,8 @@ class UnsubscribePubSubTest < MiniTest::Unit::TestCase
       unless @mock_pubsub
         @mock_pubsub = MiniTest::Mock.new
         @mock_pubsub.expect(:node?, true, ['game_13'])
-        @mock_pubsub.expect(:subscribed?, true, ['game_13', 'alice@wonderland.lit/tea'])
-        @mock_pubsub.expect(:unsubscribe, nil, ['game_13', 'alice@wonderland.lit/tea'])
+        @mock_pubsub.expect(:subscribed?, true, ['game_13', Vines::JID.new('alice@wonderland.lit/tea')])
+        @mock_pubsub.expect(:unsubscribe, nil, ['game_13', Vines::JID.new('alice@wonderland.lit/tea')])
       end
       @mock_pubsub
     end

data/test/storage_test.rb

@@ -13,7 +13,14 @@ class StorageTest < MiniTest::Unit::TestCase
     def initialize(found_user=nil)
       @found_user = found_user
       @authenticate_calls = @find_user_calls = @save_user_calls = 0
-      @ldap = MiniTest::Mock.new
+      @ldap = Class.new do
+        attr_accessor :user, :auth
+        def authenticate(username, password)
+          @auth ||= []
+          @auth << [username, password]
+          @user
+        end
+      end.new
     end
 
     def authenticate(username, password)
@@ -40,20 +47,20 @@ class StorageTest < MiniTest::Unit::TestCase
       assert_equal 0, storage.authenticate_calls
       assert_equal 0, storage.find_user_calls
       assert_equal 0, storage.save_user_calls
-      assert storage.ldap.verify
+      assert_nil storage.ldap.auth # ldap never called
     end
   end
 
   def test_authenticate_with_ldap_bad_password
     StorageTests::EMLoop.new do
       storage = MockLdapStorage.new
-      storage.ldap.expect(:authenticate, nil, [ALICE, 'bogus'])
+      storage.ldap.user = nil
       user = storage.authenticate(ALICE, 'bogus')
       assert_nil user
       assert_equal 0, storage.authenticate_calls
       assert_equal 0, storage.find_user_calls
       assert_equal 0, storage.save_user_calls
-      assert storage.ldap.verify
+      assert_equal [ALICE, 'bogus'], storage.ldap.auth.first
     end
   end
 
@@ -61,14 +68,14 @@ class StorageTest < MiniTest::Unit::TestCase
     StorageTests::EMLoop.new do
       alice = Vines::User.new(:jid => ALICE)
       storage = MockLdapStorage.new(alice)
-      storage.ldap.expect(:authenticate, alice, [ALICE, 'secr3t'])
+      storage.ldap.user = alice
       user = storage.authenticate(ALICE, 'secr3t')
       refute_nil user
       assert_equal ALICE, user.jid.to_s
       assert_equal 0, storage.authenticate_calls
       assert_equal 1, storage.find_user_calls
       assert_equal 0, storage.save_user_calls
-      assert storage.ldap.verify
+      assert_equal [ALICE, 'secr3t'], storage.ldap.auth.first
     end
   end
 
@@ -76,14 +83,14 @@ class StorageTest < MiniTest::Unit::TestCase
     StorageTests::EMLoop.new do
       alice = Vines::User.new(:jid => ALICE)
       storage = MockLdapStorage.new
-      storage.ldap.expect(:authenticate, alice, [ALICE, 'secr3t'])
+      storage.ldap.user = alice
       user = storage.authenticate(ALICE, 'secr3t')
       refute_nil user
       assert_equal ALICE, user.jid.to_s
       assert_equal 0, storage.authenticate_calls
       assert_equal 1, storage.find_user_calls
       assert_equal 1, storage.save_user_calls
-      assert storage.ldap.verify
+      assert_equal [ALICE, 'secr3t'], storage.ldap.auth.first
     end
   end
 end

data/test/store_test.rb

@@ -0,0 +1,131 @@
+# encoding: UTF-8
+
+require 'vines'
+require 'minitest/autorun'
+
+describe Vines::Store do
+  before do
+    dir = 'conf/certs'
+
+    domain, key = certificate('wonderland.lit')
+    File.open("#{dir}/wonderland.lit.crt", 'w') {|f| f.write(domain) }
+    File.open("#{dir}/wonderland.lit.key", 'w') {|f| f.write(key) }
+
+    wildcard, key = certificate('*.wonderland.lit')
+    File.open("#{dir}/wildcard.lit.crt", 'w') {|f| f.write(wildcard) }
+    File.open("#{dir}/wildcard.lit.key", 'w') {|f| f.write(key) }
+
+    @store = Vines::Store.new('conf/certs')
+  end
+
+  after do
+    %w[wonderland.lit.crt wonderland.lit.key wildcard.lit.crt wildcard.lit.key].each do |f|
+      name = "conf/certs/#{f}"
+      File.delete(name) if File.exists?(name)
+    end
+  end
+
+  it 'parses certificate files' do
+    refute @store.certs.empty?
+    assert_equal OpenSSL::X509::Certificate, @store.certs.first.class
+  end
+
+  it 'ignores expired certificates' do
+    assert @store.certs.all? {|c| c.not_after > Time.new }
+  end
+
+  describe 'files_for_domain' do
+    it 'handles invalid input' do
+      assert_nil @store.files_for_domain(nil)
+      assert_nil @store.files_for_domain('')
+    end
+
+    it 'finds files by name' do
+      refute_nil @store.files_for_domain('wonderland.lit')
+      cert, key = @store.files_for_domain('wonderland.lit')
+      assert_certificate_matches_key cert, key
+      assert_equal 'wonderland.lit.crt', File.basename(cert)
+      assert_equal 'wonderland.lit.key', File.basename(key)
+    end
+
+    it 'finds files for wildcard' do
+      refute_nil @store.files_for_domain('foo.wonderland.lit')
+      cert, key = @store.files_for_domain('foo.wonderland.lit')
+      assert_certificate_matches_key cert, key
+      assert_equal 'wildcard.lit.crt', File.basename(cert)
+      assert_equal 'wildcard.lit.key', File.basename(key)
+    end
+  end
+
+  describe 'domain?' do
+    it 'handles invalid input' do
+      cert, key = certificate('wonderland.lit')
+      refute @store.domain?(nil, nil)
+      refute @store.domain?(cert, nil)
+      refute @store.domain?(cert, '')
+      refute @store.domain?(nil, '')
+      assert @store.domain?(cert, 'wonderland.lit')
+    end
+
+    it 'verifies certificate subject domains' do
+      cert, key = certificate('wonderland.lit')
+      refute @store.domain?(cert, 'bogus')
+      refute @store.domain?(cert, 'www.wonderland.lit')
+      assert @store.domain?(cert, 'wonderland.lit')
+    end
+
+    it 'verifies certificate subject alt domains' do
+      cert, key = certificate('wonderland.lit', 'www.wonderland.lit')
+      refute @store.domain?(cert, 'bogus')
+      refute @store.domain?(cert, 'tea.wonderland.lit')
+      assert @store.domain?(cert, 'www.wonderland.lit')
+      assert @store.domain?(cert, 'wonderland.lit')
+    end
+
+    it 'verifies certificate wildcard domains' do
+      cert, key = certificate('wonderland.lit', '*.wonderland.lit')
+      refute @store.domain?(cert, 'bogus')
+      refute @store.domain?(cert, 'one.two.wonderland.lit')
+      assert @store.domain?(cert, 'tea.wonderland.lit')
+      assert @store.domain?(cert, 'www.wonderland.lit')
+      assert @store.domain?(cert, 'wonderland.lit')
+    end
+  end
+
+  private
+
+  def assert_certificate_matches_key(cert, key)
+    refute_nil cert
+    refute_nil key
+    cert = OpenSSL::X509::Certificate.new(File.read(cert))
+    key = OpenSSL::PKey::RSA.new(File.read(key))
+    assert_equal cert.public_key.to_s, key.public_key.to_s
+  end
+
+  def certificate(domain, altname=nil)
+    # use small key so tests are fast
+    key = OpenSSL::PKey::RSA.generate(256)
+
+    name = OpenSSL::X509::Name.parse("/C=US/ST=Colorado/L=Denver/O=Test/CN=#{domain}")
+    cert = OpenSSL::X509::Certificate.new
+    cert.version = 2
+    cert.subject = name
+    cert.issuer = name
+    cert.serial = Time.now.to_i
+    cert.public_key = key.public_key
+    cert.not_before = Time.now
+    cert.not_after = Time.now + 3600
+
+    if altname
+      factory = OpenSSL::X509::ExtensionFactory.new
+      factory.subject_certificate = cert
+      factory.issuer_certificate = cert
+      cert.extensions = [
+        %w[subjectKeyIdentifier hash],
+        %w[subjectAltName] << [domain, altname].map {|n| "DNS:#{n}" }.join(',')
+      ].map {|k, v| factory.create_ext(k, v) }
+    end
+
+    [cert.to_pem, key.to_pem]
+  end
+end

data/test/stream/client/ready_test.rb

@@ -13,12 +13,12 @@ class ClientReadyTest < MiniTest::Unit::TestCase
       if node.name == 'bogus'
         nil
       else
-        MiniTest::Mock.new.tap do |stanza|
-          stanza.expect(:process, nil)
-          stanza.expect(:validate_to, nil)
-          stanza.expect(:validate_from, nil)
-          ClientReadyTest::STANZAS << stanza
-        end
+        stanza = MiniTest::Mock.new
+        stanza.expect(:process, nil)
+        stanza.expect(:validate_to, nil)
+        stanza.expect(:validate_from, nil)
+        ClientReadyTest::STANZAS << stanza
+        stanza
       end
     end
   end

data/test/stream/component/ready_test.rb

@@ -73,7 +73,7 @@ class ComponentReadyTest < MiniTest::Unit::TestCase
     @recipient.expect(:user, Vines::User.new(:jid => 'hatter@wonderland.lit'))
     @recipient.expect(:write, nil, [node])
 
-    @stream.expect(:connected_resources, [@recipient], ['hatter@wonderland.lit'])
+    @stream.expect(:connected_resources, [@recipient], [Vines::JID.new('hatter@wonderland.lit')])
 
     @state.node(node)
     assert @stream.verify

data/test/stream/http/ready_test.rb

@@ -1,40 +1,42 @@
 # encoding: UTF-8
 
+require 'tmpdir'
 require 'vines'
 require 'minitest/autorun'
 
-class HttpReadyTest < MiniTest::Unit::TestCase
-  def setup
+describe Vines::Stream::Http::Ready do
+  before do
     @stream = MiniTest::Mock.new
     @state = Vines::Stream::Http::Ready.new(@stream, nil)
   end
 
-  def test_missing_body_raises_error
+  it "raises when body element is missing" do
     node = node('<presence type="unavailable"/>')
     @stream.expect(:valid_session?, true, [nil])
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    -> { @state.node(node) }.must_raise Vines::StreamErrors::NotAuthorized
   end
 
-  def test_body_with_missing_namespace_raises_error
+  it "raises when namespace is missing" do
     node = node('<body rid="42" sid="12"/>')
     @stream.expect(:valid_session?, true, ['12'])
     assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    -> { @state.node(node) }.must_raise Vines::StreamErrors::NotAuthorized
   end
 
-  def test_missing_rid_raises_error
+  it "raises when rid attribute is missing" do
     node = node('<body xmlns="http://jabber.org/protocol/httpbind" sid="12"/>')
     @stream.expect(:valid_session?, true, ['12'])
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    -> { @state.node(node) }.must_raise Vines::StreamErrors::NotAuthorized
   end
 
-  def test_invalid_session_raises_error
+  it "raises when session id is invalid" do
     @stream.expect(:valid_session?, false, ['12'])
     node = node('<body xmlns="http://jabber.org/protocol/httpbind" rid="42" sid="12"/>')
-    assert_raises(Vines::StreamErrors::NotAuthorized) { @state.node(node) }
+    -> { @state.node(node) }.must_raise Vines::StreamErrors::NotAuthorized
     assert @stream.verify
   end
 
-  def test_valid_body_processes
+  it "processes when body element is empty" do
     node = node('<body xmlns="http://jabber.org/protocol/httpbind" rid="42" sid="12"/>')
     @stream.expect(:valid_session?, true, ['12'])
     @stream.expect(:parse_body, [], [node])
@@ -42,7 +44,40 @@ class HttpReadyTest < MiniTest::Unit::TestCase
     assert @stream.verify
   end
 
-  def test_terminate
+  it "processes all stanzas in one body element" do
+    alice = Vines::User.new(jid: 'alice@wonderland.lit')
+    hatter = Vines::User.new(jid: 'hatter@wonderland.lit')
+
+    config = Vines::Config.new do
+      host 'wonderland.lit' do
+        storage(:fs) { dir Dir.tmpdir }
+      end
+    end
+
+    bogus = node('<message type="bogus">raises stanza error</message>')
+    ok = node('<message to="hatter@wonderland.lit">but processes this message</message>')
+    node = node(%Q{<body xmlns="http://jabber.org/protocol/httpbind" rid="42" sid="12">#{bogus}#{ok}</body>})
+
+    raises = Vines::Stanza.from_node(bogus, @stream)
+    processes = Vines::Stanza.from_node(ok, @stream)
+
+    recipient = MiniTest::Mock.new
+    recipient.expect(:user, hatter)
+    recipient.expect(:write, nil, [Vines::Stanza::Message])
+
+    @stream.expect(:valid_session?, true, ['12'])
+    @stream.expect(:parse_body, [raises, processes], [node])
+    @stream.expect(:error, nil, [Vines::StanzaErrors::BadRequest])
+    @stream.expect(:config, config)
+    @stream.expect(:user, alice)
+    @stream.expect(:connected_resources, [recipient], [hatter.jid])
+
+    @state.node(node)
+    assert @stream.verify
+    assert recipient.verify
+  end
+
+  it "terminates the session" do
     node = node('<body xmlns="http://jabber.org/protocol/httpbind" rid="42" sid="12" type="terminate"/>')
     @stream.expect(:valid_session?, true, ['12'])
     @stream.expect(:parse_body, [], [node])