Commit be8ecf2b3cddf1c75b00d17257d3557f7b302885
1 parent
534fff21
Exists in
captcha_serpro_plugin
commit to check how it used to be before captcha plugin
Showing
7 changed files
with
74 additions
and
183 deletions
Show diff stats
lib/noosfero/api/helpers.rb
| ... | ... | @@ -412,6 +412,10 @@ require 'grape' |
| 412 | 412 | # captcha_helpers # |
| 413 | 413 | ########################################## |
| 414 | 414 | |
| 415 | + # def plugins | |
| 416 | + # @plugins | |
| 417 | + # end | |
| 418 | + | |
| 415 | 419 | def test_captcha(remote_ip, params, environment) |
| 416 | 420 | captcha_plugin_enabled = @plugins.dispatch(:test_captcha, remote_ip, params, environment) |
| 417 | 421 | return true if captcha_plugin_enabled.size == 0 |
| ... | ... | @@ -423,76 +427,6 @@ require 'grape' |
| 423 | 427 | render_api_error!(test_result[:user_message], test_result[:status], test_result[:log_message], test_result[:javascript_console_message]) |
| 424 | 428 | end |
| 425 | 429 | |
| 426 | - def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) | |
| 427 | - if recaptcha_challenge_field == nil || recaptcha_response_field == nil | |
| 428 | - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) | |
| 429 | - end | |
| 430 | - | |
| 431 | - verify_hash = { | |
| 432 | - "privatekey" => private_key, | |
| 433 | - "remoteip" => remote_ip, | |
| 434 | - "challenge" => recaptcha_challenge_field, | |
| 435 | - "response" => recaptcha_response_field | |
| 436 | - } | |
| 437 | - uri = URI(api_recaptcha_verify_uri) | |
| 438 | - https = Net::HTTP.new(uri.host, uri.port) | |
| 439 | - https.use_ssl = true | |
| 440 | - request = Net::HTTP::Post.new(uri.path) | |
| 441 | - request.set_form_data(verify_hash) | |
| 442 | - begin | |
| 443 | - result = https.request(request).body.split("\n") | |
| 444 | - rescue Exception => e | |
| 445 | - return render_api_error!(_('Internal captcha validation error'), 500, nil, "Error validating Googles' recaptcha version 1: #{e.message}") | |
| 446 | - end | |
| 447 | - return true if result[0] == "true" | |
| 448 | - return render_api_error!(_("Wrong captcha text, please try again"), 403, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") if result[1] == "incorrect-captcha-sol" | |
| 449 | - #Catches all errors at the end | |
| 450 | - return render_api_error!(_("Internal recaptcha validation error"), 500, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") | |
| 451 | - end | |
| 452 | - | |
| 453 | - def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) | |
| 454 | - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) if g_recaptcha_response == nil | |
| 455 | - verify_hash = { | |
| 456 | - "secret" => private_key, | |
| 457 | - "remoteip" => remote_ip, | |
| 458 | - "response" => g_recaptcha_response | |
| 459 | - } | |
| 460 | - uri = URI(api_recaptcha_verify_uri) | |
| 461 | - https = Net::HTTP.new(uri.host, uri.port) | |
| 462 | - https.use_ssl = true | |
| 463 | - request = Net::HTTP::Post.new(uri.path) | |
| 464 | - request.set_form_data(verify_hash) | |
| 465 | - begin | |
| 466 | - body = https.request(request).body | |
| 467 | - rescue Exception => e | |
| 468 | - return render_api_error!(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}") | |
| 469 | - end | |
| 470 | - captcha_result = JSON.parse(body) | |
| 471 | - captcha_result["success"] ? true : captcha_result | |
| 472 | - end | |
| 473 | - | |
| 474 | - def verify_serpro_captcha(client_id, token, captcha_text, verify_uri) | |
| 475 | - return render_api_error!(_("Error processing token validation"), 500, nil, "Missing Serpro's Captcha token") unless token | |
| 476 | - return render_api_error!(_('Captcha text has not been filled'), 403) unless captcha_text | |
| 477 | - uri = URI(verify_uri) | |
| 478 | - http = Net::HTTP.new(uri.host, uri.port) | |
| 479 | - request = Net::HTTP::Post.new(uri.path) | |
| 480 | - verify_string = "#{client_id}&#{token}&#{captcha_text}" | |
| 481 | - request.body = verify_string | |
| 482 | - begin | |
| 483 | - body = http.request(request).body | |
| 484 | - rescue Exception => e | |
| 485 | - return render_api_error!(_('Internal captcha validation error'), 500, nil, "Serpro captcha error: #{e.message}") | |
| 486 | - end | |
| 487 | - return true if body == '1' | |
| 488 | - return render_api_error!(_("Internal captcha validation error"), 500, body, "Unable to reach Serpro's Captcha validation service") if body == "Activity timed out" | |
| 489 | - return render_api_error!(_("Wrong captcha text, please try again"), 403) if body == 0 | |
| 490 | - return render_api_error!(_("Serpro's captcha token not found"), 500) if body == 2 | |
| 491 | - return render_api_error!(_("No data sent to validation server or other serious problem"), 500) if body == -1 | |
| 492 | - #Catches all errors at the end | |
| 493 | - return render_api_error!(_("Internal captcha validation error"), 500, nil, "Error validating Serpro's captcha #{body}") | |
| 494 | - end | |
| 495 | - | |
| 496 | 430 | end |
| 497 | 431 | end |
| 498 | 432 | end | ... | ... |
lib/noosfero/api/v1/articles.rb
plugins/serpro_captcha/test/functional/account_controller_plugin_test.rb
| 1 | -# require File.dirname(__FILE__) + '/../test_helper' | |
| 2 | -# | |
| 3 | -# # Re-raise errors caught by the controller. | |
| 4 | -# class AccountController; def rescue_action(e) raise e end; end | |
| 5 | -# | |
| 6 | -# class AccountControllerPluginTest < ActionController::TestCase | |
| 7 | -# | |
| 8 | -# def setup | |
| 9 | -# @controller = AccountController.new | |
| 10 | -# @request = ActionController::TestRequest.new | |
| 11 | -# @response = ActionController::TestResponse.new | |
| 12 | -# | |
| 13 | -# @environment = Environment.default | |
| 14 | -# @environment.enabled_plugins = ['SerproCaptchaPlugin'] | |
| 15 | -# @ldap_config = load_ldap_config | |
| 16 | -# @environment.serpro_captcha_plugin= @ldap_config['server'] unless @ldap_config.nil? | |
| 17 | -# @environment.save! | |
| 18 | -# end | |
| 19 | -# | |
| 20 | -# should 'not authenticate user if its not a local user or a ldap user' do | |
| 21 | -# post :login, :user => {:login => 'someuser', :password => 'somepass'} | |
| 22 | -# assert_nil session[:user] | |
| 23 | -# end | |
| 24 | -# | |
| 25 | -# should 'diplay not logged message if the user is not a local user or a ldap user' do | |
| 26 | -# post :login, :user => {:login => 'someuser', :password => 'somepass'} | |
| 27 | -# assert_equal 'Incorrect username or password', session[:notice] | |
| 28 | -# end | |
| 29 | -# | |
| 30 | -# should 'authenticate user if its a local user but is not a ldap user' do | |
| 31 | -# user = create_user('testuser', :email => 'testuser@example.com', :password => 'test', :password_confirmation => 'test') | |
| 32 | -# user.activate | |
| 33 | -# post :login, :user => {:login => 'testuser', :password => 'test'} | |
| 34 | -# assert session[:user] | |
| 35 | -# end | |
| 36 | -# | |
| 37 | -# should 'display required fields on user login' do | |
| 38 | -# @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}} | |
| 39 | -# @environment.save | |
| 40 | -# get :login | |
| 41 | -# assert_tag(:input, :attributes => {:id => 'profile_data_contact_phone'}) | |
| 42 | -# end | |
| 43 | -# | |
| 44 | -# if ldap_configured? | |
| 45 | -# | |
| 46 | -# should 'authenticate an existing noosfero user with ldap and loggin' do | |
| 47 | -# user = create_user(@ldap_config['user']['login'], :email => 'testuser@example.com', :password => 'test', :password_confirmation => 'test') | |
| 48 | -# user.activate | |
| 49 | -# count = User.count | |
| 50 | -# post :login, :user => @ldap_config['user'] | |
| 51 | -# assert session[:user] | |
| 52 | -# assert_equal count, User.count | |
| 53 | -# end | |
| 54 | -# | |
| 55 | -# should 'login and create a new noosfero user if ldap authentication works properly' do | |
| 56 | -# count = User.count | |
| 57 | -# post :login, :user => @ldap_config['user'] | |
| 58 | -# assert session[:user] | |
| 59 | -# assert_equal count + 1, User.count | |
| 60 | -# end | |
| 61 | -# | |
| 62 | -# should 'login on ldap if required fields are defined' do | |
| 63 | -# count = User.count | |
| 64 | -# @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}} | |
| 65 | -# @environment.save | |
| 66 | -# post :login, :user => @ldap_config['user'], :profile_data => {:contact_phone => '11111111'} | |
| 67 | -# assert session[:user] | |
| 68 | -# end | |
| 69 | -# | |
| 70 | -# should 'not login on ldap if required fields are not defined' do | |
| 71 | -# @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}} | |
| 72 | -# @environment.save | |
| 73 | -# post :login, :user => @ldap_config['user'] | |
| 74 | -# assert_nil session[:user] | |
| 75 | -# end | |
| 76 | -# | |
| 77 | -# should 'authenticate user if its not a local user but is a ldap user' do | |
| 78 | -# post :login, :user => @ldap_config['user'] | |
| 79 | -# assert session[:user] | |
| 80 | -# end | |
| 81 | -# | |
| 82 | -# else | |
| 83 | -# puts LDAP_SERVER_ERROR_MESSAGE | |
| 84 | -# end | |
| 85 | -# | |
| 86 | -# end | |
| 1 | +require File.dirname(__FILE__) + '/../test_helper' | |
| 2 | + | |
| 3 | +# Re-raise errors caught by the controller. | |
| 4 | +class AccountController; def rescue_action(e) raise e end; end | |
| 5 | + | |
| 6 | +class AccountControllerPluginTest < ActionController::TestCase | |
| 7 | + | |
| 8 | + def setup | |
| 9 | + @controller = AccountController.new | |
| 10 | + @request = ActionController::TestRequest.new | |
| 11 | + @response = ActionController::TestResponse.new | |
| 12 | + | |
| 13 | + @environment = Environment.default | |
| 14 | + @environment.enabled_plugins = ['SerproCaptchaPlugin'] | |
| 15 | + @environment.save! | |
| 16 | + end | |
| 17 | + | |
| 18 | +end | ... | ... |
plugins/serpro_captcha/test/unit/serpro_captcha_verification_test.rb
| ... | ... | @@ -16,6 +16,20 @@ class SerproCaptchaVerificationTest < ActiveSupport::TestCase |
| 16 | 16 | @captcha_verification_body = "#{@environment.serpro_captcha_client_id}&#{@captcha_token}&#{@captcha_text}" |
| 17 | 17 | end |
| 18 | 18 | |
| 19 | + def login_with_captcha | |
| 20 | + store = Noosfero::API::SessionStore.create("captcha") | |
| 21 | + ## Initialize the data for the session store | |
| 22 | + store.data = [] | |
| 23 | + ## Put it back in cache | |
| 24 | + store.store | |
| 25 | + { "private_token" => "#{store.private_token}" } | |
| 26 | + end | |
| 27 | + | |
| 28 | + def create_article(name) | |
| 29 | + person = fast_create(Person, :environment_id => @environment.id) | |
| 30 | + fast_create(Article, :profile_id => person.id, :name => name) | |
| 31 | + end | |
| 32 | + | |
| 19 | 33 | should 'register a user when there are no enabled captcha pluging' do |
| 20 | 34 | @environment.enabled_plugins = [] |
| 21 | 35 | @environment.save! |
| ... | ... | @@ -65,4 +79,28 @@ class SerproCaptchaVerificationTest < ActiveSupport::TestCase |
| 65 | 79 | assert hash[:javascript_console_message], _("Wrong captcha text, please try again") |
| 66 | 80 | end |
| 67 | 81 | |
| 82 | + should 'not perform a vote without authentication' do | |
| 83 | + article = create_article('Article 1') | |
| 84 | + params = {} | |
| 85 | + params[:value] = 1 | |
| 86 | + | |
| 87 | + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" | |
| 88 | + json = JSON.parse(last_response.body) | |
| 89 | + assert_equal 401, last_response.status | |
| 90 | + end | |
| 91 | + | |
| 92 | + should 'perform a vote on an article identified by id' do | |
| 93 | + binding.pry | |
| 94 | + login_with_captcha | |
| 95 | + article = create_article('Article 1') | |
| 96 | + params = {} | |
| 97 | + params[:value] = 1 | |
| 98 | + | |
| 99 | + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" | |
| 100 | + json = JSON.parse(last_response.body) | |
| 101 | + | |
| 102 | + assert_not_equal 401, last_response.status | |
| 103 | + assert_equal true, json['vote'] | |
| 104 | + end | |
| 105 | + | |
| 68 | 106 | end | ... | ... |
test/unit/api/helpers_test.rb
| 1 | 1 | require File.dirname(__FILE__) + '/test_helper'; |
| 2 | 2 | |
| 3 | + | |
| 3 | 4 | require File.expand_path(File.dirname(__FILE__) + "/../../../lib/noosfero/api/helpers") |
| 4 | 5 | |
| 5 | 6 | class APIHelpersTest < ActiveSupport::TestCase |
| ... | ... | @@ -216,10 +217,15 @@ class APIHelpersTest < ActiveSupport::TestCase |
| 216 | 217 | |
| 217 | 218 | ###### Captcha tests ###### |
| 218 | 219 | |
| 219 | -should 'do not test captcha when there is no captcha plugin enabled' do | |
| 220 | - environment = Environment.new | |
| 221 | - assert test_captcha("127.0.0.1", {}, environment) | |
| 222 | -end | |
| 220 | +# def plugins | |
| 221 | +# environment = Environment.default | |
| 222 | +# Noosfero::Plugin::Manager.new(environment, self) | |
| 223 | +# end | |
| 224 | +# | |
| 225 | +# should 'do not test captcha when there is no captcha plugin enabled' do | |
| 226 | +# environment = Environment.new | |
| 227 | +# assert test_captcha("127.0.0.1", {}, environment) | |
| 228 | +# end | |
| 223 | 229 | |
| 224 | 230 | ###### END Captcha tests ###### |
| 225 | 231 | ... | ... |
test/unit/api/session_test.rb
| ... | ... | @@ -76,6 +76,7 @@ class SessionTest < ActiveSupport::TestCase |
| 76 | 76 | end |
| 77 | 77 | |
| 78 | 78 | should 'not register a user without email' do |
| 79 | + #binding.pry | |
| 79 | 80 | params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil } |
| 80 | 81 | post "/api/v1/register?#{params.to_query}" |
| 81 | 82 | assert_equal 400, last_response.status |
| ... | ... | @@ -185,7 +186,7 @@ class SessionTest < ActiveSupport::TestCase |
| 185 | 186 | |
| 186 | 187 | should 'do not change user password when password confirmation is wrong' do |
| 187 | 188 | user = create_user |
| 188 | - user.activate | |
| 189 | + user.activate | |
| 189 | 190 | task = ChangePassword.create!(:requestor => user.person) |
| 190 | 191 | params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} |
| 191 | 192 | patch "/api/v1/new_password?#{params.to_query}" | ... | ... |
test/unit/api/test_helper.rb
| ... | ... | @@ -15,29 +15,8 @@ class ActiveSupport::TestCase |
| 15 | 15 | json |
| 16 | 16 | end |
| 17 | 17 | |
| 18 | - ## Performs a login using the session.rb but mocking the | |
| 19 | - ## real HTTP request to validate the captcha. | |
| 20 | 18 | def do_login_captcha_from_api |
| 21 | - # Request mocking | |
| 22 | - #Net::HTTP::Post Mock | |
| 23 | - request = mock | |
| 24 | - #Net::HTTP Mock | |
| 25 | - http = mock | |
| 26 | - uri = URI(environment.api_captcha_settings[:verify_uri]) | |
| 27 | - Net::HTTP.expects(:new).with(uri.host, uri.port).returns(http) | |
| 28 | - Net::HTTP::Post.expects(:new).with(uri.path).returns(request) | |
| 29 | - | |
| 30 | - # Captcha required codes | |
| 31 | - request.stubs(:body=).with("0000000000000000&4324343&4030320") | |
| 32 | - http.stubs(:request).with(request).returns(http) | |
| 33 | - | |
| 34 | - # Captcha validation success !! | |
| 35 | - http.stubs(:body).returns("1") | |
| 36 | - | |
| 37 | - params = {:txtToken_captcha_serpro_gov_br => '4324343', :captcha_text => '4030320'} | |
| 38 | - post "#{@url}#{params.to_query}" | |
| 39 | - json = JSON.parse(last_response.body) | |
| 40 | - json | |
| 19 | + JSON.parse("1") | |
| 41 | 20 | end |
| 42 | 21 | |
| 43 | 22 | def login_api | ... | ... |