helpers_test.rb
11.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
require File.dirname(__FILE__) + '/test_helper';
require File.expand_path(File.dirname(__FILE__) + "/../../../lib/noosfero/api/helpers")
class APIHelpersTest < ActiveSupport::TestCase
include Noosfero::API::APIHelpers
def setup
@headers = {}
end
attr_accessor :headers
should 'get the current user with valid token' do
user = create_user('someuser')
user.generate_private_token!
self.params = {:private_token => user.private_token}
assert_equal user, current_user
end
should 'get the current user with valid token in header' do
user = create_user('someuser')
user.generate_private_token!
headers['Private-Token'] = user.private_token
assert_equal user, current_user
end
should 'get the current user even with expired token' do
user = create_user('someuser')
user.generate_private_token!
user.private_token_generated_at = DateTime.now.prev_year
user.save
self.params = {:private_token => user.private_token}
assert_equal user, current_user
end
should 'get the person of current user' do
user = create_user('someuser')
user.generate_private_token!
self.params = {:private_token => user.private_token}
assert_equal user.person, current_person
end
# #FIXME see how to make this test. Get the current_user variable
# should 'set current_user to nil after logout' do
# user = create_user('someuser')
# user.stubs(:private_token_expired?).returns(false)
# User.stubs(:find_by_private_token).returns(user)
# assert_not_nil current_user
# assert false
# logout
# end
should 'limit be defined as the params limit value' do
local_limit = 30
self.params= {:limit => local_limit}
assert_equal local_limit, limit
end
should 'return default limit if the limit parameter is minor than zero' do
self.params= {:limit => -1}
assert_equal 20, limit
end
should 'the default limit be 20' do
assert_equal 20, limit
end
should 'the beginning of the period be the first existent date if no from date is passsed as parameter' do
assert_equal Time.at(0).to_datetime, period(nil, nil).to_a[0]
end
should 'the beginning of the period be from date passsed as parameter' do
from = DateTime.now
assert_equal from, period(from, nil).min
end
should 'the end of the period be now if no until date is passsed as parameter' do
assert_in_delta DateTime.now, period(nil, nil).max
end
should 'the end of the period be until date passsed as parameter' do
until_date = DateTime.now
assert_equal until_date, period(nil, until_date).max
end
should 'parse_content_type return nil if its blank' do
assert_nil parse_content_type("")
end
should 'parse_content_type be an array' do
assert_kind_of Array, parse_content_type("text_article")
end
should 'parse_content_type return all content types as an array' do
assert_equivalent ['TextArticle','TinyMceArticle'], parse_content_type("TextArticle,TinyMceArticle")
end
should 'find_article return article by id in list passed for user with permission' do
user = create_user('someuser')
a = fast_create(Article, :profile_id => user.person.id)
fast_create(Article, :profile_id => user.person.id)
fast_create(Article, :profile_id => user.person.id)
user.generate_private_token!
User.expects(:find_by_private_token).returns(user)
assert_equal a, find_article(user.person.articles, a.id)
end
should 'find_article return forbidden when a user try to access an article without permission' do
user = create_user('someuser')
p = fast_create(Profile)
a = fast_create(Article, :published => false, :profile_id => p.id)
fast_create(Article, :profile_id => p.id)
user.generate_private_token!
User.expects(:find_by_private_token).returns(user)
assert_equal 403, find_article(p.articles, a.id).last
end
should 'make_conditions_with_parameter return no created at parameter if it was not defined from or until parameters' do
assert_nil make_conditions_with_parameter[:created_at]
end
should 'make_conditions_with_parameter return created_at parameter if from period is defined' do
assert_not_nil make_conditions_with_parameter(:from => '2010-10-10')[:created_at]
end
should 'make_conditions_with_parameter return created_at parameter if from period is defined as string' do
assert_not_nil make_conditions_with_parameter('from' => '2010-10-10')[:created_at]
end
should 'make_conditions_with_parameter return created_at parameter if until period is defined' do
assert_not_nil make_conditions_with_parameter(:until => '2010-10-10')[:created_at]
end
should 'make_conditions_with_parameter return created_at parameter if until period is defined as string' do
assert_not_nil make_conditions_with_parameter('until' => '2010-10-10')[:created_at]
end
should 'make_conditions_with_parameter return created_at as the first existent date as parameter if only until is defined' do
assert_equal Time.at(0).to_datetime, make_conditions_with_parameter(:until => '2010-10-10')[:created_at].min
end
should 'make_conditions_with_parameter: the minimal created_at date be the from date passed as parameter' do
date = '2010-10-10'
assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => date)[:created_at].min
end
should 'make_conditions_with_parameter: the maximum created_at date be the until date passed as parameter' do
date = '2010-10-10'
assert_equal DateTime.parse(date), make_conditions_with_parameter(:until => date)[:created_at].max
end
should 'make_conditions_with_parameter return the until date passed as parameter' do
date = '2010-10-10'
assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => '2010-10-10')[:created_at].min
end
should 'make_conditions_with_parameter return no type parameter if it was not defined any content type' do
assert_nil make_conditions_with_parameter[:type]
end
#test_should_make_order_with_parameters_return_order_if attribute_is_found_at_object_association
should 'make_order_with_parameters return order if attribute is found at object association' do
environment = Environment.new
params = {:order => "name ASC"}
assert_equal "name ASC", make_order_with_parameters(environment, "articles", params)
end
# test added to check for eventual sql injection vunerabillity
#test_should_make_order_with_parameters_return_default_order_if_attributes_not_exists
should 'make_order_with_parameters return default order if attributes not exists' do
environment = Environment.new
params = {:order => "CRAZY_FIELD ASC"} # quote used to check sql injection vunerabillity
assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
end
should 'make_order_with_parameters return default order if sql injection detected' do
environment = Environment.new
params = {:order => "name' ASC"} # quote used to check sql injection vunerabillity
assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
end
should 'make_order_with_parameters return RANDOM() if random is passed' do
environment = Environment.new
params = {:order => "random"} # quote used to check sql injection vunerabillity
assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
end
should 'make_order_with_parameters return RANDOM() if random function is passed' do
environment = Environment.new
params = {:order => "random()"} # quote used to check sql injection vunerabillity
assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
end
should 'render not_found if endpoint is unavailable' do
Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)
self.expects(:not_found!)
filter_disabled_plugins_endpoints
end
should 'find all published articles on environment' do
#user = create_user('someuser')
#p = fast_create(Profile)
#a = fast_create(Article, :published => false, :profile_id => p.id)
#fast_create(Article, :profile_id => p.id)
#user.generate_private_token!
#User.expects(:find_by_private_token).returns(user)
#assert_equal 403, find_article(p.articles, a.id).last
#assert_equals [article1, article2], present_articles
end
###### Captcha tests ######
should 'do not test captcha when there are no settings' do
environment = Environment.new
assert test_captcha("127.0.0.1", {}, environment)
end
should 'do not test captcha when captcha is disabled on settings' do
environment = Environment.new
environment.api_captcha_settings = {
enabled: false,
}
assert test_captcha("127.0.0.1", {}, environment)
end
should 'fail display recaptcha v1' do
environment = Environment.new
environment.api_captcha_settings = {
enabled: true,
provider: 'google',
version: 1,
private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY',
public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-',
verify_uri: 'https://www.google.com/recaptcha/api/verify',
}
r = test_captcha('127.0.0.1', params, environment)
assert_equal(_("Missing captcha data"), r[0][:javascript_console_message])
end
should 'fail display recaptcha v2' do
environment = Environment.new
environment.api_captcha_settings = {
enabled: true,
provider: 'google',
version: 2,
private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY',
public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-',
verify_uri: 'https://www.google.com/recaptcha/api/siteverify',
}
r = test_captcha('127.0.0.1', params, environment)
assert_equal(_("Missing captcha data"), r[0][:javascript_console_message])
end
should 'verify if user filled Serpro\' captcha text' do
environment = Environment.new
environment.api_captcha_settings = {
enabled: true,
provider: 'serpro',
serpro_client_id: '0000000000000000',
verify_uri: 'http://localhost/api/verify',
}
params = {}
params[:txtToken_captcha_serpro_gov_br] = '4324343'
assert_equal(_('Captcha text has not been filled'), test_captcha('127.0.0.1', params, environment)[0]['message'])
end
should 'verify if Serpro\' captcha token has been sent' do
environment = Environment.new
environment.api_captcha_settings = {
enabled: true,
provider: 'serpro',
serpro_client_id: '0000000000000000',
verify_uri: 'http://localhost/api/verify',
}
params = {}
params[:captcha_text] = '4324343'
r = test_captcha('127.0.0.1', params, environment)
assert_equal(_("Missing Serpro's Captcha token"), r[0][:javascript_console_message])
end
should 'captcha serpro say name or service not known' do
environment = Environment.new
environment.api_captcha_settings = {
enabled: true,
provider: 'serpro',
serpro_client_id: '0000000000000000',
verify_uri: 'http://someserverthatdoesnotexist.mycompanythatdoesnotexist.com/validate',
}
params = {}
params[:txtToken_captcha_serpro_gov_br] = '4324343'
params[:captcha_text] = '4324343'
r = test_captcha('127.0.0.1', params, environment)
assert (r[0][:javascript_console_message]).starts_with?("Serpro captcha error: getaddrinfo")
end
###### END Captcha tests ######
protected
def error!(info, status)
[info, status]
end
def params
@params ||= {}
end
def params= value
@params = value
end
end