diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index 5b10800..a65b4f7 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -243,26 +243,19 @@ require 'grape' render_api_error!(_('Method Not Allowed'), 405) end - # render_api_error!(message, status) - # error!({'message' => message, :code => status}, status) - # end - # javascript_console_message is supposed to be executed as console.log() def render_api_error!(user_message, status, log_message = nil, javascript_console_message = nil) - status||= 400 message_hash = {'message' => user_message, :code => status} message_hash[:javascript_console_message] = javascript_console_message if javascript_console_message.present? log_msg = "#{status}, User message: #{user_message}" log_msg = "#{log_message}, #{log_msg}" if log_message.present? log_msg = "#{log_msg}, Javascript Console Message: #{javascript_console_message}" if javascript_console_message.present? -# headers = { Grape::Http::Headers::CONTENT_TYPE => content_type }.merge(headers) -# rack_response(format_message(message, backtrace), status, headers) -# raise log_msg - #Since throw :error is not logging the errors I had to manually log it! - #log(log_msg) logger.error log_msg - error!(message_hash, status) -# throw :error, message: message_hash, status: status, headers: headers + if javascript_console_message.present? + error!(message_hash, status) + else + error!(user_message, status) + end end def render_api_errors!(messages) @@ -331,11 +324,11 @@ require 'grape' return true unless d[:enabled] == true msg_icve = _('Internal captcha validation error') msg_eacs = 'Environment api_captcha_settings' - s = 503 + s = 500 if d[:provider] == 'google' - render_api_error!(msg_icve, s, nil, "#{msg_eacs} private_key not defined") if d[:private_key].nil? - render_api_error!(msg_icve, s, nil, "#{msg_eacs} version not defined") unless d[:version] == 1 || d[:version] == 2 + return render_api_error!(msg_icve, s, nil, "#{msg_eacs} private_key not defined") if d[:private_key].nil? + return render_api_error!(msg_icve, s, nil, "#{msg_eacs} version not defined") unless d[:version] == 1 || d[:version] == 2 if d[:version] == 1 d[:verify_uri] ||= 'https://www.google.com/recaptcha/api/verify' return verify_recaptcha_v1(remote_ip, d[:private_key], d[:verify_uri], params[:recaptcha_challenge_field], params[:recaptcha_response_field]) @@ -346,15 +339,15 @@ require 'grape' end end if d[:provider] == 'serpro' - render_api_error!(msg_icve, s, nil, "#{msg_eacs} verify_uri not defined") if d[:verify_uri].nil? + return render_api_error!(msg_icve, s, nil, "#{msg_eacs} verify_uri not defined") if d[:verify_uri].nil? return verify_serpro_captcha(d[:serpro_client_id], params[:txtToken_captcha_serpro_gov_br], params[:captcha_text], d[:verify_uri]) end - render_api_error!(msg_icve, s, nil, "#{msg_eacs} provider not defined") + return render_api_error!(msg_icve, s, nil, "#{msg_eacs} provider not defined") end def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) if recaptcha_challenge_field == nil || recaptcha_response_field == nil - render_api_error!(_('Captcha validation error'), 503, nil, _('Missing captcha data')) + return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) end verify_hash = { @@ -371,16 +364,14 @@ require 'grape' begin body = https.request(request).body rescue Exception => e - logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log")) - logger.error e - render_api_error!(_('Internal captcha validation error'), 503, nil, "recaptcha error: #{e.message}") + return render_api_error!(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}") end body = JSON.parse(body) body == "true\nsuccess" ? true : body end def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) - render_api_error!(_('Captcha validation error'), 503, nil, _('Missing captcha data')) if g_recaptcha_response == nil + return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) if g_recaptcha_response == nil verify_hash = { "secret" => private_key, "remoteip" => remote_ip, @@ -394,15 +385,15 @@ require 'grape' begin body = https.request(request).body rescue Exception => e - render_api_error!(_('Internal captcha validation error'), 503, nil, "recaptcha error: #{e.message}") + return render_api_error!(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}") end captcha_result = JSON.parse(body) captcha_result["success"] ? true : captcha_result end def verify_serpro_captcha(client_id, token, captcha_text, verify_uri) - return _('Missing Serpro Captcha token') if token == nil - return _('Captcha text has not been filled') if captcha_text == nil + return render_api_error!(_("Error processing token validation"), 500, nil, _("Missing Serpro's Captcha token")) unless token + return render_api_error!(_('Captcha text has not been filled'), 403) unless captcha_text uri = URI(verify_uri) http = Net::HTTP.new(uri.host, uri.port) request = Net::HTTP::Post.new(uri.path) @@ -411,28 +402,14 @@ require 'grape' begin body = http.request(request).body rescue Exception => e - render_api_error!(_('Internal captcha validation error'), 503, nil, "Serpro captcha error: #{e.message}") + return render_api_error!(_('Internal captcha validation error'), 500, nil, "Serpro captcha error: #{e.message}") end - render_api_error!("Wrong captcha text, please try again") if body == 0 - render_api_error!("Token not found") if body == 2 + return render_api_error!(_("Wrong captcha text, please try again"), 403) if body == 0 + return render_api_error!(_("Token not found"), 500) if body == 2 + return render_api_error!(_("No data sent to validation server or other serious problem"), 500) if body == -1 body == '1' ? true : body end - # custom_message[:prepend2log] -> Prepend2log gives more details to the application log - def log_exception(e, prepend_message2log=nil) - logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log")) - logger.formatter = GrapeLogging::Formatters::Default.new - e.message = "#{prepend_message2log} e.message" if prepend_message2log.present? - puts e.message - logger.error e - end - - def log(message) - logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log")) - logger.formatter = GrapeLogging::Formatters::Default.new - logger.error message - end - end end end diff --git a/test/unit/api/helpers_test.rb b/test/unit/api/helpers_test.rb index 78082f7..7d9e789 100644 --- a/test/unit/api/helpers_test.rb +++ b/test/unit/api/helpers_test.rb @@ -113,7 +113,6 @@ class APIHelpersTest < ActiveSupport::TestCase p = fast_create(Profile) a = fast_create(Article, :published => false, :profile_id => p.id) fast_create(Article, :profile_id => p.id) - user.generate_private_token! User.expects(:find_by_private_token).returns(user) assert_equal 403, find_article(p.articles, a.id).last @@ -162,61 +161,6 @@ class APIHelpersTest < ActiveSupport::TestCase assert_nil make_conditions_with_parameter[:type] end - should 'do not test captcha when there are no settings' do - environment = Environment.new - assert test_captcha("127.0.0.1", {}, environment) - end - - should 'do not test captcha when captcha is disabled on settings' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: false, - } - assert test_captcha("127.0.0.1", {}, environment) - end - - should 'fail display recaptcha v1' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: true, - provider: 'google', - version: 1, - private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY', - public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', - verify_uri: 'https://www.google.com/recaptcha/api/verify', - } - r = test_captcha('127.0.0.1', params, environment) - assert_equal 'Missing captcha data', JSON.parse(r)['console_message'] - end - - should 'fail display recaptcha v2' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: true, - provider: 'google', - version: 2, - private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY', - public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', - verify_uri: 'https://www.google.com/recaptcha/api/siteverify', - } - r = test_captcha('127.0.0.1', params, environment) - assert_equal 'Missing captcha data', JSON.parse(r)['console_message'] - end - - - - should 'fail display Serpro captcha' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: true, - provider: 'serpro', - serpro_client_id: '0000000000000000', - verify_uri: 'http://localhost/api/verify', - } - params = {} - params[:txtToken_captcha_serpro_gov_br] = '4324343' - assert_equal test_captcha("127.0.0.1", params, environment), _('Captcha text has not been filled') - end should 'render not_found if endpoint is unavailable' do Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true) @@ -238,7 +182,77 @@ class APIHelpersTest < ActiveSupport::TestCase #assert_equals [article1, article2], present_articles end - should 'captcha serpro say name or service not known' do +###### Captcha tests ###### + +should 'do not test captcha when there are no settings' do + environment = Environment.new + assert test_captcha("127.0.0.1", {}, environment) +end + +should 'do not test captcha when captcha is disabled on settings' do + environment = Environment.new + environment.api_captcha_settings = { + enabled: false, + } + assert test_captcha("127.0.0.1", {}, environment) +end + +should 'fail display recaptcha v1' do + environment = Environment.new + environment.api_captcha_settings = { + enabled: true, + provider: 'google', + version: 1, + private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY', + public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', + verify_uri: 'https://www.google.com/recaptcha/api/verify', + } + r = test_captcha('127.0.0.1', params, environment) + assert_equal(_("Missing captcha data"), r[0][:javascript_console_message]) +end + +should 'fail display recaptcha v2' do + environment = Environment.new + environment.api_captcha_settings = { + enabled: true, + provider: 'google', + version: 2, + private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY', + public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', + verify_uri: 'https://www.google.com/recaptcha/api/siteverify', + } + r = test_captcha('127.0.0.1', params, environment) + assert_equal(_("Missing captcha data"), r[0][:javascript_console_message]) +end + +should 'verify if user filled Serpro\' captcha text' do + environment = Environment.new + environment.api_captcha_settings = { + enabled: true, + provider: 'serpro', + serpro_client_id: '0000000000000000', + verify_uri: 'http://localhost/api/verify', + } + params = {} + params[:txtToken_captcha_serpro_gov_br] = '4324343' + assert_equal(_('Captcha text has not been filled'), test_captcha('127.0.0.1', params, environment)[0]) +end + +should 'verify if Serpro\' captcha token has been sent' do + environment = Environment.new + environment.api_captcha_settings = { + enabled: true, + provider: 'serpro', + serpro_client_id: '0000000000000000', + verify_uri: 'http://localhost/api/verify', + } + params = {} + params[:captcha_text] = '4324343' + r = test_captcha('127.0.0.1', params, environment) + assert_equal(_("Missing Serpro's Captcha token"), r[0][:javascript_console_message]) +end + +should 'captcha serpro say name or service not known' do environment = Environment.new environment.api_captcha_settings = { enabled: true, @@ -249,19 +263,11 @@ class APIHelpersTest < ActiveSupport::TestCase params = {} params[:txtToken_captcha_serpro_gov_br] = '4324343' params[:captcha_text] = '4324343' - binding.pry - expects(:render_api_error!).with(_('Internal captcha validation error'), 503, nil, "recaptcha error: #{e.message}") -# r = test_captcha('127.0.0.1', params, environment) -# assert_equal 'Serpro captcha error: getaddrinfo: Name or service not known', JSON.parse(r)['console_message'] - end - + r = test_captcha('127.0.0.1', params, environment) + assert_equal(_("Serpro captcha error: getaddrinfo: Name or service not known"), r[0][:javascript_console_message]) +end - # def render_api_error!(user_message, status, log_message = nil, javascript_console_message = nil) - # message_hash = {'message' => user_message, :code => status} - # message_hash[:javascript_console_message] = javascript_console_message if javascript_console_message.present? - # self.status(status || namespace_inheritable(:default_error_status)) - # throw :error, message: message_hash, status: self.status, headers: headers - # end +###### END Captcha tests ###### protected @@ -277,13 +283,4 @@ class APIHelpersTest < ActiveSupport::TestCase @params = value end - def render_api_error!(user_message, status, log_message = nil, javascript_console_message = nil) - status||= 400 - log_msg = "#{status}, User message: #{user_message}" - log_msg = "#{log_message}, #{log_msg}" if log_message.present? - log_msg = "#{log_msg}, Javascript Console Message: #{javascript_console_message}" if javascript_console_message.present? - return log_msg - end - - end -- libgit2 0.21.2