diff --git a/app/models/environment.rb b/app/models/environment.rb index b468ba8..863276f 100644 --- a/app/models/environment.rb +++ b/app/models/environment.rb @@ -348,9 +348,6 @@ class Environment < ActiveRecord::Base settings_items :signup_welcome_screen_body, :type => String - #Captcha settings - settings_items :api_captcha_settings, :type => ActiveSupport::HashWithIndifferentAccess, :default => {} - def has_custom_welcome_screen? settings[:signup_welcome_screen_body].present? end diff --git a/lib/noosfero/api/captcha_session_store.rb b/lib/noosfero/api/captcha_session_store.rb deleted file mode 100644 index 2617129..0000000 --- a/lib/noosfero/api/captcha_session_store.rb +++ /dev/null @@ -1,30 +0,0 @@ -class Noosfero::API::CaptchaSessionStore - - attr_accessor :data - attr_reader :private_token - - def self.create - key = SecureRandom.hex - store = Noosfero::API::CaptchaSessionStore.new(key) - Rails.cache.write(store.private_token, store, expires_in: 300) - return store - end - - def initialize(key) - @private_token = key - end - - def self.get(key) - Rails.cache.fetch(key) - end - - def store - Rails.cache.write(@private_token, self) - end - - def destroy - Rails.cache.delete(@private_token) - end - - -end diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index de0ad68..3bb6ab4 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -23,13 +23,14 @@ require 'grape' def current_tmp_user private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s - @current_tmp_user = Noosfero::API::CaptchaSessionStore.get(private_token) + ## Get the "captcha" session store + @current_tmp_user = Noosfero::API::SessionStore.get("captcha##{private_token}") @current_tmp_user end def logout_tmp_user @current_tmp_user = nil - end + end def current_user private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s @@ -273,7 +274,7 @@ require 'grape' unauthorized! unless current_user end - # Allows the anonymous captcha user authentication + # Allows the anonymous captcha user authentication # to pass the check. Used by the articles/vote to allow # the vote without login def authenticate_allow_captcha! @@ -411,99 +412,14 @@ require 'grape' ########################################## def test_captcha(remote_ip, params, environment) - d = environment.api_captcha_settings - return true unless d[:enabled] == true - msg_icve = _('Internal captcha validation error') - msg_eacs = 'Environment api_captcha_settings' - s = 500 - - if d[:provider] == 'google' - return render_api_error!(msg_icve, s, nil, "#{msg_eacs} private_key not defined") if d[:private_key].nil? - return render_api_error!(msg_icve, s, nil, "#{msg_eacs} version not defined") unless d[:version] == 1 || d[:version] == 2 - if d[:version] == 1 - d[:verify_uri] ||= 'https://www.google.com/recaptcha/api/verify' - return verify_recaptcha_v1(remote_ip, d[:private_key], d[:verify_uri], params[:recaptcha_challenge_field], params[:recaptcha_response_field]) - end - if d[:version] == 2 - d[:verify_uri] ||= 'https://www.google.com/recaptcha/api/siteverify' - return verify_recaptcha_v2(remote_ip, d[:private_key], d[:verify_uri], params[:g_recaptcha_response]) - end - end - if d[:provider] == 'serpro' - return render_api_error!(msg_icve, s, nil, "#{msg_eacs} verify_uri not defined") if d[:verify_uri].nil? - return verify_serpro_captcha(d[:serpro_client_id], params[:txtToken_captcha_serpro_gov_br], params[:captcha_text], d[:verify_uri]) - end - return render_api_error!(msg_icve, s, nil, "#{msg_eacs} provider not defined") - end - - def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) - if recaptcha_challenge_field == nil || recaptcha_response_field == nil - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) - end - - verify_hash = { - "privatekey" => private_key, - "remoteip" => remote_ip, - "challenge" => recaptcha_challenge_field, - "response" => recaptcha_response_field - } - uri = URI(api_recaptcha_verify_uri) - https = Net::HTTP.new(uri.host, uri.port) - https.use_ssl = true - request = Net::HTTP::Post.new(uri.path) - request.set_form_data(verify_hash) - begin - result = https.request(request).body.split("\n") - rescue Exception => e - return render_api_error!(_('Internal captcha validation error'), 500, nil, "Error validating Googles' recaptcha version 1: #{e.message}") - end - return true if result[0] == "true" - return render_api_error!(_("Wrong captcha text, please try again"), 403, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") if result[1] == "incorrect-captcha-sol" - #Catches all errors at the end - return render_api_error!(_("Internal recaptcha validation error"), 500, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") - end - - def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) if g_recaptcha_response == nil - verify_hash = { - "secret" => private_key, - "remoteip" => remote_ip, - "response" => g_recaptcha_response - } - uri = URI(api_recaptcha_verify_uri) - https = Net::HTTP.new(uri.host, uri.port) - https.use_ssl = true - request = Net::HTTP::Post.new(uri.path) - request.set_form_data(verify_hash) - begin - body = https.request(request).body - rescue Exception => e - return render_api_error!(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}") - end - captcha_result = JSON.parse(body) - captcha_result["success"] ? true : captcha_result - end - - def verify_serpro_captcha(client_id, token, captcha_text, verify_uri) - return render_api_error!(_("Error processing token validation"), 500, nil, "Missing Serpro's Captcha token") unless token - return render_api_error!(_('Captcha text has not been filled'), 403) unless captcha_text - uri = URI(verify_uri) - http = Net::HTTP.new(uri.host, uri.port) - request = Net::HTTP::Post.new(uri.path) - verify_string = "#{client_id}&#{token}&#{captcha_text}" - request.body = verify_string - begin - body = http.request(request).body - rescue Exception => e - return render_api_error!(_('Internal captcha validation error'), 500, nil, "Serpro captcha error: #{e.message}") + captcha_plugin_enabled = @plugins.dispatch(:test_captcha, remote_ip, params, environment).map {|p| p if ! ( p===nil ) } + return true if captcha_plugin_enabled.size == 0 + if captcha_plugin_enabled.size > 1 + return render_api_error!(_("Error processing Captcha"), 500, nil, "More than one captcha plugin enabled") end - return true if body == '1' - return render_api_error!(_("Internal captcha validation error"), 500, body, "Unable to reach Serpro's Captcha validation service") if body == "Activity timed out" - return render_api_error!(_("Wrong captcha text, please try again"), 403) if body == 0 - return render_api_error!(_("Serpro's captcha token not found"), 500) if body == 2 - return render_api_error!(_("No data sent to validation server or other serious problem"), 500) if body == -1 - #Catches all errors at the end - return render_api_error!(_("Internal captcha validation error"), 500, nil, "Error validating Serpro's captcha #{body}") + test_result = captcha_plugin_enabled[0] + return true if test_result === true + render_api_error!(test_result[:user_message], test_result[:status], test_result[:log_message], test_result[:javascript_console_message]) end end diff --git a/lib/noosfero/api/session.rb b/lib/noosfero/api/session.rb index f5d52c0..a999b34 100644 --- a/lib/noosfero/api/session.rb +++ b/lib/noosfero/api/session.rb @@ -16,7 +16,11 @@ module Noosfero # this return is just to improve the clarity of the execution path return unless test_captcha(remote_ip, params, environment) ## Creates and caches a captcha session store - store = Noosfero::API::CaptchaSessionStore.create + store = Noosfero::API::SessionStore.create("captcha") + ## Initialize the data for the session store + store.data = [] + ## Put it back in cache + store.store { "private_token" => "#{store.private_token}" } end diff --git a/lib/noosfero/api/session_store.rb b/lib/noosfero/api/session_store.rb new file mode 100644 index 0000000..6e75ed5 --- /dev/null +++ b/lib/noosfero/api/session_store.rb @@ -0,0 +1,53 @@ +## A session store for the API. It can store +## generic data on the Rails Cache to simulate +## a stateful session for API methods +class Noosfero::API::SessionStore + + ## A generic data value to allow storing any + ## value within this SessionStore + attr_accessor :data + ## The user private_token associated with this SessionStore + attr_reader :private_token + ## The key for this SessionStore in the Rails Cache + attr_reader :key + + ## Call this method to create and store a SessionStore + ## in Rails Cache. The SessionStore is returned. The + ## client_key parameter, if used, will uniquely identify + ## this SessionStore in Rails Cache, along with the user + ## private_token in the form: client_key#private_token + def self.create(client_key = nil) + private_token = SecureRandom.hex + store = Noosfero::API::SessionStore.new(client_key, private_token) + Rails.cache.write(store.key, store, expires_in: 300) + return store + end + + ## Creates a new SessionStore. Do not use directly in cliente code. + ## Please use the self.create method instead + def initialize(client_key, private_token) + ## Creates the key to store this object in Rails Cache + key = "#{client_key}#" if client_key + key = "#{key}#{private_token}" + @key = key + @private_token = private_token + end + + ## Returns the SessionStore in Rails Cache associated + ## with the given key + def self.get(key) + Rails.cache.fetch(key) + end + + ## Stores this SessionStore in Rails Cache using the + ## key attribute as the unique identifier + def store + Rails.cache.write(@key, self) + end + + ## Remove this session store from Rails Cache + def destroy + Rails.cache.delete(@key) + end + +end diff --git a/lib/noosfero/api/v1/articles.rb b/lib/noosfero/api/v1/articles.rb index 5639389..a7d7207 100644 --- a/lib/noosfero/api/v1/articles.rb +++ b/lib/noosfero/api/v1/articles.rb @@ -149,13 +149,24 @@ module Noosfero # FIXME verify allowed values render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value) article = find_article(environment.articles, params[:id]) - - begin + ## If login with captcha + if @current_tmp_user + vote = (@current_tmp_user.data.include? article.id) ? false : true + if vote + @current_tmp_user.data << article.id + @current_tmp_user.store + begin + vote = Vote.new(:voteable => article, :voter => current_person, :vote => value) + {:vote => vote.save} + rescue ActiveRecord::RecordInvalid => e + render_api_error!(e.message, 400) + end + else + {:vote => false} + end + else vote = Vote.new(:voteable => article, :voter => current_person, :vote => value) - saved = vote.save! - {:vote => saved} - rescue ActiveRecord::RecordInvalid => e - render_api_error!(e.message, 400) + {:vote => vote.save} end end diff --git a/lib/noosfero/plugin.rb b/lib/noosfero/plugin.rb index ceb583a..db83f5a 100644 --- a/lib/noosfero/plugin.rb +++ b/lib/noosfero/plugin.rb @@ -671,6 +671,11 @@ class Noosfero::Plugin nil end + #By default will return nil that will mean not implented by the plugin + def test_captcha(*args) + nil + end + # -> Adds additional blocks to profiles and environments. # Your plugin must implements a class method called 'extra_blocks' # that returns a hash with the following syntax. diff --git a/plugins/serpro_captcha b/plugins/serpro_captcha new file mode 160000 index 0000000..6bc22cb --- /dev/null +++ b/plugins/serpro_captcha @@ -0,0 +1 @@ +Subproject commit 6bc22cb64bf23a142d934b7e1818ce02d073b578 diff --git a/test/unit/api/articles_test.rb b/test/unit/api/articles_test.rb index 0b18af8..a2e9fc9 100644 --- a/test/unit/api/articles_test.rb +++ b/test/unit/api/articles_test.rb @@ -127,6 +127,37 @@ class ArticlesTest < ActiveSupport::TestCase assert_equal 1, json['total_followers'] end + should 'not perform a vote twice in same article' do + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") + @params[:value] = 1 + ## Perform a vote twice in API should compute only one vote + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + + total = article.votes_total + + assert_equal 1, total + end + + should 'not perform a vote in favor and against a proposal' do + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") + @params[:value] = 1 + ## Perform a vote in favor a proposal + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 201, last_response.status + ## Perform a vote against a proposal + @params[:value] = -1 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + ## The api should not allow to save this vote + assert_equal false, json['vote'] + end + + should 'perform a vote in a article identified by id' do article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") @params[:value] = 1 @@ -136,6 +167,7 @@ class ArticlesTest < ActiveSupport::TestCase assert_not_equal 401, last_response.status assert_equal true, json['vote'] + end should 'not perform a vote in a archived article' do diff --git a/test/unit/api/helpers_test.rb b/test/unit/api/helpers_test.rb index 7761666..f118b26 100644 --- a/test/unit/api/helpers_test.rb +++ b/test/unit/api/helpers_test.rb @@ -1,5 +1,6 @@ require File.dirname(__FILE__) + '/test_helper'; + require File.expand_path(File.dirname(__FILE__) + "/../../../lib/noosfero/api/helpers") class APIHelpersTest < ActiveSupport::TestCase @@ -216,88 +217,15 @@ class APIHelpersTest < ActiveSupport::TestCase ###### Captcha tests ###### -should 'do not test captcha when there are no settings' do - environment = Environment.new - assert test_captcha("127.0.0.1", {}, environment) -end - -should 'do not test captcha when captcha is disabled on settings' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: false, - } - assert test_captcha("127.0.0.1", {}, environment) -end - -should 'fail display recaptcha v1' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: true, - provider: 'google', - version: 1, - private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY', - public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', - verify_uri: 'https://www.google.com/recaptcha/api/verify', - } - r = test_captcha('127.0.0.1', params, environment) - assert_equal(_("Missing captcha data"), r[0][:javascript_console_message]) -end - -should 'fail display recaptcha v2' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: true, - provider: 'google', - version: 2, - private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY', - public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', - verify_uri: 'https://www.google.com/recaptcha/api/siteverify', - } - r = test_captcha('127.0.0.1', params, environment) - assert_equal(_("Missing captcha data"), r[0][:javascript_console_message]) -end - -should 'verify if user filled Serpro\' captcha text' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: true, - provider: 'serpro', - serpro_client_id: '0000000000000000', - verify_uri: 'http://localhost/api/verify', - } - params = {} - params[:txtToken_captcha_serpro_gov_br] = '4324343' - assert_equal(_('Captcha text has not been filled'), test_captcha('127.0.0.1', params, environment)[0]['message']) -end - -should 'verify if Serpro\' captcha token has been sent' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: true, - provider: 'serpro', - serpro_client_id: '0000000000000000', - verify_uri: 'http://localhost/api/verify', - } - params = {} - params[:captcha_text] = '4324343' - r = test_captcha('127.0.0.1', params, environment) - assert_equal(_("Missing Serpro's Captcha token"), r[0][:javascript_console_message]) -end - -should 'captcha serpro say name or service not known' do - environment = Environment.new - environment.api_captcha_settings = { - enabled: true, - provider: 'serpro', - serpro_client_id: '0000000000000000', - verify_uri: 'http://someserverthatdoesnotexist.mycompanythatdoesnotexist.com/validate', - } - params = {} - params[:txtToken_captcha_serpro_gov_br] = '4324343' - params[:captcha_text] = '4324343' - r = test_captcha('127.0.0.1', params, environment) - assert (r[0][:javascript_console_message]).starts_with?("Serpro captcha error: getaddrinfo") -end +# def plugins +# environment = Environment.default +# Noosfero::Plugin::Manager.new(environment, self) +# end +# +# should 'do not test captcha when there is no captcha plugin enabled' do +# environment = Environment.new +# assert test_captcha("127.0.0.1", {}, environment) +# end ###### END Captcha tests ###### diff --git a/test/unit/api/login_captcha_test.rb b/test/unit/api/login_captcha_test.rb index 8864e61..67e9ca3 100644 --- a/test/unit/api/login_captcha_test.rb +++ b/test/unit/api/login_captcha_test.rb @@ -3,20 +3,8 @@ require File.dirname(__FILE__) + '/test_helper' class LoginCaptchaTest < ActiveSupport::TestCase def setup() - @environment = Environment.default - @environment.api_captcha_settings = { - enabled: true, - provider: 'serpro', - serpro_client_id: '0000000000000000', - verify_uri: 'http://captcha.serpro.gov.br/validate', - } - @environment.save! - @url = "/api/v1/login-captcha?" - end - - def create_article(name) - person = fast_create(Person, :environment_id => @environment.id) - fast_create(Article, :profile_id => person.id, :name => name) + @url = "/api/v1/login-captcha" + OutcomeCaptcha.outcome_captcha_test = true end should 'not perform a vote without authentication' do @@ -34,7 +22,6 @@ class LoginCaptchaTest < ActiveSupport::TestCase assert_not_nil @private_token end - should 'perform a vote in an article identified by id' do login_with_captcha article = create_article('Article 1') @@ -42,11 +29,31 @@ class LoginCaptchaTest < ActiveSupport::TestCase post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" json = JSON.parse(last_response.body) - + assert_not_equal 401, last_response.status assert_equal true, json['vote'] end + should 'not perform a vote twice in same article' do + login_with_captcha + article = create_article('Article 1') + params[:value] = 1 + + ## Perform a vote twice in API should compute only one vote + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal true, json['vote'] + + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + ## Should not allow vote again + assert_equal false, json['vote'] + + total = article.votes_total + + assert_equal 1, total + end + should 'not follow any article' do login_with_captcha article = create_article('Article 1') @@ -57,9 +64,11 @@ class LoginCaptchaTest < ActiveSupport::TestCase end should 'not generate private token when login without captcha' do + OutcomeCaptcha.outcome_captcha_test = false params = {} post "#{@url}#{params.to_query}" json = JSON.parse(last_response.body) + assert_equal last_response.status, 403 assert json["private_token"].blank? end @@ -70,4 +79,8 @@ class LoginCaptchaTest < ActiveSupport::TestCase assert ret == @private_token end -end \ No newline at end of file + should 'do login captcha from api' do + do_login_captcha_from_api + end + +end diff --git a/test/unit/api/session_store_test.rb b/test/unit/api/session_store_test.rb new file mode 100644 index 0000000..575198f --- /dev/null +++ b/test/unit/api/session_store_test.rb @@ -0,0 +1,47 @@ +require File.dirname(__FILE__) + '/test_helper' + +class SessionStoreTest < ActiveSupport::TestCase + + should 'create a session store without client key' do + store = Noosfero::API::SessionStore.create + assert_not_nil store + private_token = store.private_token + assert_not_nil private_token + key = store.key + assert_not_nil key + assert_equal key, private_token + end + + should 'create a session store with client key' do + store = Noosfero::API::SessionStore.create("mykey") + assert_not_nil store + private_token = store.private_token + assert_not_nil private_token + key = store.key + assert_not_nil key + assert_equal key, "mykey##{private_token}" + end + + should 'get a session store with client key' do + store = Noosfero::API::SessionStore.create("mykey") + retrieved = Noosfero::API::SessionStore.get(store.key) + assert_not_nil retrieved + end + + should 'not get a destroyed session store with client key' do + store = Noosfero::API::SessionStore.create("mykey") + store.destroy + retrieved = Noosfero::API::SessionStore.get(store.key) + assert_nil retrieved + end + + should 'store data in session store' do + store = Noosfero::API::SessionStore.create("mykey") + store.data = [1, 2] + ## Put it back in cache + store.store + retrieved = Noosfero::API::SessionStore.get(store.key) + assert_equal [1,2], retrieved.data + end + +end \ No newline at end of file diff --git a/test/unit/api/session_test.rb b/test/unit/api/session_test.rb index 7232640..3b07b46 100644 --- a/test/unit/api/session_test.rb +++ b/test/unit/api/session_test.rb @@ -4,6 +4,7 @@ class SessionTest < ActiveSupport::TestCase def setup login_api + OutcomeCaptcha.outcome_captcha_test = true end should 'generate private token when login' do @@ -89,22 +90,6 @@ class SessionTest < ActiveSupport::TestCase json = JSON.parse(last_response.body) end - should 'detected error, Name or service not known, for Serpro captcha communication' do - environment = Environment.default - environment.api_captcha_settings = { - enabled: true, - provider: 'serpro', - serpro_client_id: '0000000000000000', - verify_uri: 'http://someserverthatdoesnotexist.mycompanythatdoesnotexist.com/validate', - } - environment.save! - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", - :txtToken_captcha_serpro_gov_br => '4324343', :captcha_text => '4030320'} - post "/api/v1/register?#{params.to_query}" - message = JSON.parse(last_response.body)['javascript_console_message'] - assert_equal "Serpro captcha error: getaddrinfo: Name or service not known", message - end - # TODO: Add another test cases to check register situations should 'activate a user' do params = { @@ -185,7 +170,7 @@ class SessionTest < ActiveSupport::TestCase should 'do not change user password when password confirmation is wrong' do user = create_user - user.activate + user.activate task = ChangePassword.create!(:requestor => user.person) params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} patch "/api/v1/new_password?#{params.to_query}" @@ -200,6 +185,14 @@ class SessionTest < ActiveSupport::TestCase assert_equal 404, last_response.status end + should 'do not register a user if captcha fails' do + OutcomeCaptcha.outcome_captcha_test = false + Environment.default.enable('skip_new_user_email_confirmation') + params = {:login => "newuserapi_ewa ", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + assert_equal 403, last_response.status + end + should 'not return private token when the registered user is inactive' do params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } post "/api/v1/register?#{params.to_query}" diff --git a/test/unit/api/test_helper.rb b/test/unit/api/test_helper.rb index 3e1c761..40d2a47 100644 --- a/test/unit/api/test_helper.rb +++ b/test/unit/api/test_helper.rb @@ -1,8 +1,28 @@ require File.dirname(__FILE__) + '/../../test_helper' +require File.join(Rails.root, '/lib/noosfero/api/helpers.rb') + +class OutcomeCaptcha + class << self + attr_accessor :outcome_captcha_test + end + @outcome_captcha_test = true +end + +module Noosfero + module API + module APIHelpers + def test_captcha(*args) + return true if OutcomeCaptcha.outcome_captcha_test + render_api_error!("Error testing captcha", 403) + end + end + end +end class ActiveSupport::TestCase include Rack::Test::Methods + include Noosfero::API::APIHelpers def app Noosfero::API::API @@ -15,31 +35,18 @@ class ActiveSupport::TestCase json end - ## Performs a login using the session.rb but mocking the - ## real HTTP request to validate the captcha. def do_login_captcha_from_api - # Request mocking - #Net::HTTP::Post Mock - request = mock - #Net::HTTP Mock - http = mock - uri = URI(environment.api_captcha_settings[:verify_uri]) - Net::HTTP.expects(:new).with(uri.host, uri.port).returns(http) - Net::HTTP::Post.expects(:new).with(uri.path).returns(request) - - # Captcha required codes - request.stubs(:body=).with("0000000000000000&4324343&4030320") - http.stubs(:request).with(request).returns(http) - - # Captcha validation success !! - http.stubs(:body).returns("1") - - params = {:txtToken_captcha_serpro_gov_br => '4324343', :captcha_text => '4030320'} - post "#{@url}#{params.to_query}" - json = JSON.parse(last_response.body) + post "/api/v1/login-captcha" + json = JSON.parse(last_response.body) json end + def create_article(name) + @environment = Environment.default + person = fast_create(Person, :environment_id => @environment.id) + fast_create(Article, :profile_id => person.id, :name => name) + end + def login_api @environment = Environment.default @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment) -- libgit2 0.21.2