157 lines
5.2 KiB
Ruby
157 lines
5.2 KiB
Ruby
# Copyright (c) 2010, Diaspora Inc. This file is
|
|
# licensed under the Affero General Public License version 3 or later. See
|
|
# the COPYRIGHT file.
|
|
|
|
require 'spec_helper'
|
|
|
|
describe AuthorizationsController do
|
|
before do
|
|
sign_in :user, alice
|
|
@controller.stub(:current_user).and_return(alice)
|
|
|
|
@time = Time.now
|
|
Time.stub(:now).and_return(@time)
|
|
@nonce = 'asdfsfasf'
|
|
@signable_string = ["http://chubbi.es/",'http://pod.pod/',"#{Time.now.to_i}", @nonce].join(';')
|
|
end
|
|
|
|
describe '#token' do
|
|
before do
|
|
manifest = {
|
|
"name" => "Chubbies",
|
|
"description" => "The best way to chub.",
|
|
"homepage_url" => "http://chubbi.es/",
|
|
"icon_url" => "#",
|
|
'public_key' => 'public_key!'
|
|
}.to_json
|
|
|
|
stub_request(:get, "http://chubbi.es/manifest.json").
|
|
to_return(:status => 200, :body => manifest, :headers => {})
|
|
|
|
@params_hash = {:type => 'client_associate', :manifest_url => "http://chubbi.es/manifest.json" }
|
|
end
|
|
|
|
it 'fetches the manifest' do
|
|
@controller.stub!(:verify).and_return('ok')
|
|
post :token, @params_hash
|
|
end
|
|
|
|
it 'creates a client application' do
|
|
@controller.stub!(:verify).and_return('ok')
|
|
lambda {
|
|
post :token, @params_hash
|
|
}.should change(OAuth2::Provider.client_class, :count).by(1)
|
|
end
|
|
|
|
it 'does not create a client if verification fails' do
|
|
@controller.stub!(:verify).and_return('invalid signature')
|
|
lambda {
|
|
post :token, @params_hash
|
|
}.should_not change(OAuth2::Provider.client_class, :count)
|
|
end
|
|
|
|
it 'verifies the signable string validity(time,nonce,sig)' do
|
|
@controller.should_receive(:verify).with('signed_string', 'sig', 'public_key!')
|
|
post :token, @params_hash.merge!({:signed_string => 'signed_string', :signature => 'sig'})
|
|
end
|
|
end
|
|
|
|
describe "#index" do
|
|
it 'succeeds' do
|
|
get :index
|
|
response.should be_success
|
|
end
|
|
|
|
it 'assigns the auth. & apps for the current user' do
|
|
app1 = OAuth2::Provider.client_class.create(:name => "Authorized App")
|
|
app2 = OAuth2::Provider.client_class.create(:name => "Unauthorized App")
|
|
auth1 = OAuth2::Provider.authorization_class.create(:client => app1, :resource_owner => alice)
|
|
auth2 = OAuth2::Provider.authorization_class.create(:client => app1, :resource_owner => bob)
|
|
auth3 = OAuth2::Provider.authorization_class.create(:client => app2, :resource_owner => bob)
|
|
|
|
get :index
|
|
assigns[:authorizations].should == [auth1]
|
|
assigns[:applications].should == [app1]
|
|
end
|
|
end
|
|
|
|
describe "#destroy" do
|
|
before do
|
|
@app1 = OAuth2::Provider.client_class.create(:name => "Authorized App")
|
|
@auth1 = OAuth2::Provider.authorization_class.create(:client => @app1, :resource_owner => alice)
|
|
@auth2 = OAuth2::Provider.authorization_class.create(:client => @app1, :resource_owner => bob)
|
|
end
|
|
it 'deletes an authorization' do
|
|
lambda{
|
|
delete :destroy, :id => @app1.id
|
|
}.should change(OAuth2::Provider.authorization_class, :count).by(-1)
|
|
end
|
|
end
|
|
|
|
describe '#verify' do
|
|
before do
|
|
@controller.stub!(:verify_signature)
|
|
@sig = Base64.encode64('sig')
|
|
end
|
|
it 'checks for valid time' do
|
|
@controller.should_receive(:valid_time?).with(@time.to_i.to_s)
|
|
@controller.verify(Base64.encode64(@signable_string), @sig, 'public_key!')
|
|
end
|
|
|
|
it 'checks the signature' do
|
|
@controller.should_receive(:verify_signature).with(@signable_string, 'sig', 'public_key!')
|
|
@controller.verify(Base64.encode64(@signable_string), @sig, 'public_key!')
|
|
end
|
|
|
|
it 'checks for valid nonce' do
|
|
@controller.should_receive(:valid_nonce?).with(@nonce)
|
|
@controller.verify(Base64.encode64(@signable_string), @sig, 'public_key!')
|
|
end
|
|
end
|
|
|
|
describe '#verify_signature' do
|
|
before do
|
|
@private_key = OpenSSL::PKey::RSA.new(File.read(Rails.root + "spec/chubbies/chubbies.private.pem"))
|
|
|
|
@sig = @private_key.sign(OpenSSL::Digest::SHA256.new, @signable_string)
|
|
end
|
|
|
|
it 'returns true if the signature is valid' do
|
|
@public_key = File.read(Rails.root + "spec/chubbies/chubbies.public.pem")
|
|
@controller.verify_signature(@signable_string, @sig, @public_key).should be_true
|
|
end
|
|
|
|
it 'returns false if the signature is invalid' do
|
|
@signable_string = "something else"
|
|
|
|
@public_key = File.read(Rails.root + "spec/chubbies/chubbies.public.pem")
|
|
@controller.verify_signature(@signable_string, @sig, @public_key).should be_false
|
|
end
|
|
end
|
|
|
|
describe "valid_time?" do
|
|
|
|
|
|
it "returns true if time is within the last 5 minutes" do
|
|
@controller.valid_time?(@time - 4.minutes - 59.seconds).should be_true
|
|
end
|
|
|
|
it "returns false if time is not within the last 5 minutes" do
|
|
@controller.valid_time?(@time - 5.minutes - 1.seconds).should be_false
|
|
end
|
|
end
|
|
|
|
describe 'valid_nonce' do
|
|
before do
|
|
@app1 = OAuth2::Provider.client_class.create(:name => "Authorized App", :nonce => "abc123")
|
|
end
|
|
|
|
it 'returns true if its a new nonce' do
|
|
@controller.valid_nonce?("lalalala").should be_true
|
|
end
|
|
|
|
it 'returns false if the nonce was already used' do
|
|
@controller.valid_nonce?("abc123").should be_false
|
|
end
|
|
end
|
|
end
|