improve tests

Michel Benevento · Michel Benevento · commit c851757f0bcb · 2015-06-04T15:21:25.000+02:00
diff --git a/lib/roda/plugins/auth.rb b/lib/roda/plugins/auth.rb
@@ -29,6 +29,7 @@ def self.configure(app, *args)
 					strategies = [:basic]
 				when :form
 					strategies = [:password]
+					options[:csrf] = true
 				when :token
 					strategies = [:token, :password]
 				end
@@ -69,9 +70,11 @@ def self.setup_cookie(app, user_class, options)
 				Warden::Manager.serialize_from_session do |id|
 					user_class.find_by_id(id)
 				end
-				app.plugin :csrf, raise: true, skip_if: lambda { |request|
-					request.env.key? 'HTTP_AUTHORIZATION'
-				}
+				if options[:csrf]
+					app.plugin :csrf, raise: true, skip_if: lambda { |request|
+						request.env.key? 'HTTP_AUTHORIZATION'
+					}
+				end
 			end
 
 			def self.setup_omniauth(app, options)
@@ -170,7 +173,7 @@ def credentials_from_basic
 				end
 
 				def credentials_from_form
-					request.media_type == "application/x-www-form-urlencoded" && params
+					request.media_type == "application/x-www-form-urlencoded" && request.params
 				end
 
 				def credentials_from_body
@@ -202,7 +205,7 @@ def valid?
 				private
 
 				def credentials
-					@credentials ||= credentials_from_form || credentials_from_body || {}
+					@credentials ||= credentials_from_form || {}
 				end
 
 			end
@@ -229,13 +232,13 @@ def credentials
 			class Token < Base
 
 				def valid?
-					credentials['token']
+					credentials['token'] || (credentials['username'] && credentials['password'])
 				end
 
 				private
 
 				def credentials
-					@credentials ||= token_from_auth_header || {}
+					@credentials ||= token_from_auth_header || credentials_from_body || {}
 				end
 
 			end
diff --git a/test/auth_basic_test.rb b/test/auth_basic_test.rb
@@ -26,16 +26,16 @@ def setup
 	end
 	
 	def test_public
-		assert_equal 200, status('/public')
+		assert_equal 200, request.get('/public').status
 	end
 	
 	def test_private_refused
-		assert_equal 401, status('/private')
-		assert_equal "Basic realm=\"/private\"", header('WWW-AUTHENTICATE', '/private')
+		assert_equal 401, request.get('/private').status
+		assert_equal "Basic realm=\"/private\"", request.get('/private').headers['WWW-AUTHENTICATE']
 	end
 	
 	def test_private_accepted
-		assert_equal 200, status('/private', {"HTTP_AUTHORIZATION" => "Basic #{http_auth(valid_credentials)}"})
+		assert_equal 200, request.get('/private', {"HTTP_AUTHORIZATION" => "Basic #{http_auth(valid_credentials)}"}).status
 	end
 		
 end
diff --git a/test/auth_form_test.rb b/test/auth_form_test.rb
@@ -28,33 +28,25 @@ def setup
 	end
 	
 	def test_public
-		assert_equal 200, status('/public')
+		assert_equal 200, request.get('/public').status
 	end
 	
 	def test_private_refuse_redirect
-		r = req('/private')
-		assert_equal 302, r[0]
-		assert_equal "/login", r[1]['LOCATION']
+		response = request.get('/private')
+		assert_equal 302, response.status
+		assert_equal "/login", response.headers['LOCATION']
 	end
 	
 	def test_private_accepted
-		req('/logout')
-		cookie = login
-		assert_equal 200, status('/private', {'HTTP_COOKIE' => cookie})
+		cookie = form_login.headers['Set-Cookie']
+		response = request.get('/private')
+		assert_equal 200, request.get('/private', {'HTTP_COOKIE' => cookie}).status
 	end
 	
 	def test_private_error
-		req('/logout')
-		cookie = login(invalid_credentials)
-		assert_equal 302, status('/private', {'HTTP_COOKIE' => cookie})
-	end
-	
-	private
-		
-	def login(cred = valid_credentials)
-		status, headers = req('/login', {'REQUEST_METHOD' => 'POST', 'rack.input' => save_args(cred)})
-		status == 200 && headers["Set-Cookie"]
-	end
+		cookie = form_login(invalid_credentials).headers['Set-Cookie']
+		assert_equal 302, request.get('/private', {'HTTP_COOKIE' => cookie}).status
+	end		
 
 end
 
diff --git a/test/auth_omniauth_test.rb b/test/auth_omniauth_test.rb
@@ -29,24 +29,25 @@ def setup
 	end
 
 	def test_unprotected_access
-		assert_equal "public", body('/public')
-		assert_equal 200, status('/public')
+		response = request.get('/public')
+		assert_equal "public", response.body
+		assert_equal 200, response.status
 	end
 
 	def test_protected_error
-		assert_equal 401, status('/private')
+		assert_equal 401, request.get('/private').status
 	end
 
 	def test_twitter_redirect
-		status, headers = req('/auth/twitter', {'rack.input' => []})
-		assert_equal 302, status
-		assert_equal "api.twitter.com", URI(headers['LOCATION']).host
+		response = request.get('/auth/twitter')
+		assert_equal 302, response.status
+		assert_equal "api.twitter.com", URI(response.headers['LOCATION']).host
 	end
 
 	def test_facebook_redirect
-		status, headers = req('/auth/facebook', {'rack.input' => ""})
-		assert_equal 302, status
-		assert_equal "www.facebook.com", URI(headers['LOCATION']).host
+		response = request.get('/auth/facebook')
+		assert_equal 302, response.status
+		assert_equal "www.facebook.com", URI(response.headers['LOCATION']).host
 	end
 
 
diff --git a/test/auth_token_test.rb b/test/auth_token_test.rb
@@ -6,8 +6,9 @@ class AuthTokenTest < Minitest::Test
 
 	
 	def setup
-		u = User.new(valid_credentials)
-		User.db[:users][u.username] = u
+		@u = User.new(valid_credentials)
+		User.db[:users][@u.username] = @u
+		User.db[:tokens]['1234token'] = @u
 
 		app :bare do |app|
 			
@@ -17,59 +18,65 @@ def setup
 				r.on 'public' do
 					'public'
 				end
-				r.post('session') { sign_in.to_json }
+				r.post('session') do |args|
+					 sign_in
+					{'token' => current_user.token}.to_json 
+				end
 				authenticate!
 				r.is('session', method: :delete) { sign_out }
 				r.on 'private' do
-					"private #{current_user.username}"
+					"private #{current_user.token}"
 				end
 			end
 		end
 	end
 	
 	def test_unprotected_access
-		assert_equal "public", body('/public')
-		assert_equal 200, status('/public')
+		response = request.get '/public'
+		assert_equal "public", response.body
+		assert_equal 200, response.status
 	end
 	
 	
 	def test_protected_error
-		assert_equal 401, status('/private')
+		response = request.get '/private'
+		assert_equal 401, response.status
 	end
 	
 	def test_login_body
-		assert_equal 200, status('/session', {'REQUEST_METHOD' => 'POST', 'rack.input' => save_args(valid_credentials)})
+		response = json_login
+		assert_equal 200, response.status
 	end
 	
 	def test_login_body_invalid
-		assert_equal 401, status('/session', {'REQUEST_METHOD' => 'POST', 'rack.input' => save_args(invalid_credentials)})
+		response = json_login(invalid_credentials)
+		assert_equal 401, response.status
 	end
 	
 	def test_token_response
-		json = body('/session', {'REQUEST_METHOD' => 'POST', 'rack.input' => save_args(valid_credentials)})
-		args = JSON.parse(json)
-		assert_equal valid_credentials[:username], args['username']
-		assert args['token']
+		session = JSON.parse(json_login.body)
+		assert_equal @u.token, session['token']
 	end
 	
 	def test_token_access
-		user_args = login
-		assert_equal 200, status('/private', {"HTTP_AUTHORIZATION" => "Auth #{user_args['token']}"})
-		assert_equal "private #{user_args['username']}", body('/private', {"HTTP_AUTHORIZATION" => "Auth #{user_args['token']}"})
+		session = JSON.parse(json_login.body)
+		response = request.get('/private', {'HTTP_AUTHORIZATION' => "Auth #{session['token']}"})
+		assert_equal 200, response.status
+		assert_equal "private #{session['token']}", response.body
 	end
 	
 	def test_logout
-		user_args = login
-		assert_equal 204, status('/session', {'REQUEST_METHOD' => 'DELETE', "HTTP_AUTHORIZATION" => "Auth #{user_args['token']}"})
+		session = JSON.parse(json_login.body)
+		response = request.delete('/session', {'HTTP_AUTHORIZATION' => "Auth #{session['token']}"})
+		assert_equal 204, response.status
 	end
-	
+			
 	private
-		
-	def login
-		env = {'REQUEST_METHOD' => 'POST', 'rack.input' => save_args(valid_credentials)}
-		body = body('/session', env)
-		JSON.parse(body)
+	
+	def json_login(cred = valid_credentials)
+		request.post('/session', params: cred.to_json)
 	end
+
 	
 end
 
diff --git a/test/test_helpers.rb b/test/test_helpers.rb
@@ -22,39 +22,22 @@ def app(type=nil, &block)
 			@app ||= _app{route(&block)}
 		end
 	end
-
-	def req(path='/', env={})
-		if path.is_a?(Hash)
-			env = path
-		else
-			env['PATH_INFO'] = path
-		end
-		env = {"REQUEST_METHOD" => "GET", "PATH_INFO" => "/", "SCRIPT_NAME" => ""}.merge(env)
-		setup_csrf(env)
-		@app.call(env)
-	end
-
-	def status(path='/', env={})
-		req(path, env)[0]
-	end
-
-	def header(name, path='/', env={})
-		req(path, env)[1][name]
-	end
-
-	def body(path='/', env={})
-		req(path, env)[2].join
+	
+	def request
+		Rack::MockRequest.new(@app)
 	end
-
+	
 	def _app(&block)
 		c = Class.new(Roda)
 		c.class_eval(&block)
 		c
 	end
 
-	def save_args(args)
-		StringIO.new(args.to_json)
+	def form_login(cred = valid_credentials)
+		opts = setup_csrf :params => cred
+		request.post('/login', opts)
 	end
+
 	
 	def valid_credentials
 		{username:'foo', password:'bar'}
@@ -74,6 +57,7 @@ def setup_csrf(env)
 			token = Rack::Csrf.token(env)
 			env['HTTP_X_CSRF_TOKEN'] = token
 		end
+		env
 	end
 
 	class Mock
