cucumber specs are green

2011-06-14 15:36:05 -07:00 · 2011-06-14 15:36:05 -07:00 · dca2eca67c
commit dca2eca67c
parent 2a4932ea34
7 changed files with 65 additions and 25 deletions
--- a/2
+++ b/2
@ -94,5 +94,5 @@ group :test do
  gem 'rspec-instafail', '>= 0.1.7', :require => false
  gem 'fuubar'

-  gem 'diaspora-client', :git => 'git@github.com:diaspora/diaspora-client.git'
+  gem 'diaspora-client', :path => "~/workspace/diaspora-client" # :git => 'git@github.com:diaspora/diaspora-client.git'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -37,9 +37,8 @@ GIT
      addressable (>= 2.1.1)
      eventmachine (>= 0.12.9)

-GIT
-  remote: git@github.com:diaspora/diaspora-client.git
-  revision: c84fe1090fcbc16407582deca804fad48bf11ead
+PATH
+  remote: ~/workspace/diaspora-client
  specs:
    diaspora-client (0.0.0)
      activerecord
@ -391,7 +390,7 @@ GEM
    typhoeus (0.2.4)
      mime-types
      mime-types
-    tzinfo (0.3.27)
+    tzinfo (0.3.28)
    uuidtools (2.1.2)
    vegas (0.1.8)
      rack (>= 1.0.0)
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@ -53,10 +53,23 @@ class AuthorizationsController < ApplicationController
    redirect_to authorizations_path
  end

+  # @param [String] enc_signed_string A Base64 encoded string with app_url;pod_url;time;nonce
+  # @param [String] sig A Base64 encoded signature of the decoded signed_string with public_key.
+  # @param [String] public_key The application's public key to verify sig with.
+  def verify( enc_signed_string, sig, public_key)
+    signed_string = Base64.decode64(enc_signed_string)
+    split = signed_string.split(';')
+    time = split[2]
+    nonce = split[3]
+    return "invalid time" unless valid_time?(time)
+    return 'invalid nonce' unless valid_nonce?(nonce)
+    return 'invalid signature' unless verify_signature(signed_string, Base64.decode64(sig), public_key)
+    'ok'
+  end

  def verify_signature(challenge, signature, serialized_pub_key)
    public_key = OpenSSL::PKey::RSA.new(serialized_pub_key) 
-    public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(signature), challenge)
+    public_key.verify(OpenSSL::Digest::SHA256.new, signature, challenge)
  end

  def valid_time?(time)
@ -64,7 +77,7 @@ class AuthorizationsController < ApplicationController
  end

  def valid_nonce?(nonce)
-    OAuth2::Provider.client_class.where(:nonce => nonce).first.nil?
+    !OAuth2::Provider.client_class.exists?(:nonce => nonce)
  end
 end

--- a/spec/chubbies/Gemfile
+++ b/spec/chubbies/Gemfile
@ -7,4 +7,4 @@ gem 'json'
 gem 'shotgun'
 gem 'sqlite3'
 gem 'activerecord', '3.0.3'
-gem 'diaspora-client', :git => 'git@github.com:diaspora/diaspora-client.git'
+gem 'diaspora-client',  :path => "~/workspace/diaspora-client" #:git => 'git@github.com:diaspora/diaspora-client.git'
--- a/spec/chubbies/Gemfile.lock
+++ b/spec/chubbies/Gemfile.lock
@ -1,9 +1,9 @@
-GIT
-  remote: git@github.com:diaspora/diaspora-client.git
-  revision: c84fe1090fcbc16407582deca804fad48bf11ead
+PATH
+  remote: ~/workspace/diaspora-client
  specs:
    diaspora-client (0.0.0)
      activerecord
+      em-synchrony
      faraday
      oauth2
      sinatra
@ -21,9 +21,12 @@ GEM
      arel (~> 2.0.2)
      tzinfo (~> 0.3.23)
    activesupport (3.0.3)
-    addressable (2.2.4)
+    addressable (2.2.6)
    arel (2.0.10)
    builder (2.1.2)
+    em-synchrony (0.2.0)
+      eventmachine (>= 0.12.9)
+    eventmachine (0.12.10)
    faraday (0.6.1)
      addressable (~> 2.2.4)
      multipart-post (~> 1.1.0)
--- a/spec/chubbies/config.ru
+++ b/spec/chubbies/config.ru
@ -1,3 +1,4 @@
-require 'app'
+require  File.dirname(__FILE__) + '/app'
+require "bundler/setup"

 run Chubbies::App
--- a/spec/controllers/authorizations_controller_spec.rb
+++ b/spec/controllers/authorizations_controller_spec.rb
@ -9,6 +9,10 @@ describe AuthorizationsController do
    sign_in :user, alice 
    @controller.stub(:current_user).and_return(alice)

+    @time = Time.now
+    Time.stub(:now).and_return(@time)
+    @nonce = 'asdfsfasf'
+    @signable_string = ["http://chubbi.es/",'http://pod.pod/',"#{Time.now.to_i}", @nonce].join(';')
  end

  describe '#token' do
@ -28,18 +32,27 @@ describe AuthorizationsController do
    end

    it 'fetches the manifest' do
+      @controller.stub!(:verify).and_return('ok')
      post :token,  @params_hash
    end
    
    it 'creates a client application' do
+      @controller.stub!(:verify).and_return('ok')
      lambda {
        post :token,  @params_hash
      }.should change(OAuth2::Provider.client_class, :count).by(1)
    end

+    it 'does not create a client if verification fails' do
+      @controller.stub!(:verify).and_return('invalid signature')
+      lambda {
+        post :token,  @params_hash
+      }.should_not change(OAuth2::Provider.client_class, :count)
+    end
+    
    it 'verifies the signable string validity(time,nonce,sig)' do
-      post :token,  @params_hash.merge!({:signed_string => 'signable_string', :signature => 'sig'})
-      @controller.should_receive(:verify).with('signable_string', 'sig', 'public_key!')
+      @controller.should_receive(:verify).with('signed_string', 'sig', 'public_key!')
+      post :token,  @params_hash.merge!({:signed_string => 'signed_string', :signature => 'sig'})
    end
  end

@ -76,37 +89,48 @@ describe AuthorizationsController do
  end

  describe '#verify' do
-    it 'checks for valid time'
-    it 'checks the signature'
-    it 'checks for valid nonce'
+    before do
+      @controller.stub!(:verify_signature)
+      @sig = Base64.encode64('sig')
+    end
+    it 'checks for valid time' do
+      @controller.should_receive(:valid_time?).with(@time.to_i.to_s)
+      @controller.verify(Base64.encode64(@signable_string), @sig, 'public_key!')
+    end
+
+    it 'checks the signature' do
+      @controller.should_receive(:verify_signature).with(@signable_string, 'sig', 'public_key!')
+      @controller.verify(Base64.encode64(@signable_string), @sig, 'public_key!')
+    end
+
+    it 'checks for valid nonce' do
+      @controller.should_receive(:valid_nonce?).with(@nonce)
+      @controller.verify(Base64.encode64(@signable_string), @sig, 'public_key!')
+    end
  end

  describe '#verify_signature' do
    before do
      @private_key = OpenSSL::PKey::RSA.new(File.read(Rails.root + "spec/chubbies/chubbies.private.pem"))

-      @signable_string = ["http://chubbi.es/",'http://pod.pod/',"#{Time.now.to_i}",'asdfsfasf'].join(';')
      @sig = @private_key.sign(OpenSSL::Digest::SHA256.new, @signable_string)
    end

    it 'returns true if the signature is valid' do
      @public_key = File.read(Rails.root + "spec/chubbies/chubbies.public.pem")
-      @controller.verify_signature(@signable_string, Base64.encode64(@sig), @public_key).should be_true
+      @controller.verify_signature(@signable_string, @sig, @public_key).should be_true
    end

    it 'returns false if the signature is invalid' do
      @signable_string = "something else"

      @public_key = File.read(Rails.root + "spec/chubbies/chubbies.public.pem")
-      @controller.verify_signature(@signable_string, Base64.encode64(@sig), @public_key).should be_false
+      @controller.verify_signature(@signable_string, @sig, @public_key).should be_false
    end
  end

  describe "valid_time?" do
-    before do
-      @time = Time.now
-      Time.stub(:now).and_return(@time)
-    end
+

    it "returns true if time is within the last 5 minutes" do
       @controller.valid_time?(@time - 4.minutes - 59.seconds).should be_true