Download as
Browse Code »

Commit be8ecf2b3cddf1c75b00d17257d3557f7b302885

Authored by Evandro Junior
1 parent 534fff21
Exists in captcha_serpro_plugin

commit to check how it used to be before captcha plugin

Showing 7 changed files with 74 additions and 183 deletions   Show diff stats
lib/noosfero/api/helpers.rb
  Diff comments   View file @be8ecf2
@@ -412,6 +412,10 @@ require 'grape' @@ -412,6 +412,10 @@ require 'grape'
412 # captcha_helpers # 412 # captcha_helpers #
413 ########################################## 413 ##########################################
414 414
  415 + # def plugins
  416 + # @plugins
  417 + # end
  418 +
415 def test_captcha(remote_ip, params, environment) 419 def test_captcha(remote_ip, params, environment)
416 captcha_plugin_enabled = @plugins.dispatch(:test_captcha, remote_ip, params, environment) 420 captcha_plugin_enabled = @plugins.dispatch(:test_captcha, remote_ip, params, environment)
417 return true if captcha_plugin_enabled.size == 0 421 return true if captcha_plugin_enabled.size == 0
@@ -423,76 +427,6 @@ require 'grape' @@ -423,76 +427,6 @@ require 'grape'
423 render_api_error!(test_result[:user_message], test_result[:status], test_result[:log_message], test_result[:javascript_console_message]) 427 render_api_error!(test_result[:user_message], test_result[:status], test_result[:log_message], test_result[:javascript_console_message])
424 end 428 end
425 429
426 - def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field)  
427 - if recaptcha_challenge_field == nil || recaptcha_response_field == nil  
428 - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data'))  
429 - end  
430 -  
431 - verify_hash = {  
432 - "privatekey" => private_key,  
433 - "remoteip" => remote_ip,  
434 - "challenge" => recaptcha_challenge_field,  
435 - "response" => recaptcha_response_field  
436 - }  
437 - uri = URI(api_recaptcha_verify_uri)  
438 - https = Net::HTTP.new(uri.host, uri.port)  
439 - https.use_ssl = true  
440 - request = Net::HTTP::Post.new(uri.path)  
441 - request.set_form_data(verify_hash)  
442 - begin  
443 - result = https.request(request).body.split("\n")  
444 - rescue Exception => e  
445 - return render_api_error!(_('Internal captcha validation error'), 500, nil, "Error validating Googles' recaptcha version 1: #{e.message}")  
446 - end  
447 - return true if result[0] == "true"  
448 - return render_api_error!(_("Wrong captcha text, please try again"), 403, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") if result[1] == "incorrect-captcha-sol"  
449 - #Catches all errors at the end  
450 - return render_api_error!(_("Internal recaptcha validation error"), 500, nil, "Error validating Googles' recaptcha version 1: #{result[1]}")  
451 - end  
452 -  
453 - def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response)  
454 - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) if g_recaptcha_response == nil  
455 - verify_hash = {  
456 - "secret" => private_key,  
457 - "remoteip" => remote_ip,  
458 - "response" => g_recaptcha_response  
459 - }  
460 - uri = URI(api_recaptcha_verify_uri)  
461 - https = Net::HTTP.new(uri.host, uri.port)  
462 - https.use_ssl = true  
463 - request = Net::HTTP::Post.new(uri.path)  
464 - request.set_form_data(verify_hash)  
465 - begin  
466 - body = https.request(request).body  
467 - rescue Exception => e  
468 - return render_api_error!(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}")  
469 - end  
470 - captcha_result = JSON.parse(body)  
471 - captcha_result["success"] ? true : captcha_result  
472 - end  
473 -  
474 - def verify_serpro_captcha(client_id, token, captcha_text, verify_uri)  
475 - return render_api_error!(_("Error processing token validation"), 500, nil, "Missing Serpro's Captcha token") unless token  
476 - return render_api_error!(_('Captcha text has not been filled'), 403) unless captcha_text  
477 - uri = URI(verify_uri)  
478 - http = Net::HTTP.new(uri.host, uri.port)  
479 - request = Net::HTTP::Post.new(uri.path)  
480 - verify_string = "#{client_id}&#{token}&#{captcha_text}"  
481 - request.body = verify_string  
482 - begin  
483 - body = http.request(request).body  
484 - rescue Exception => e  
485 - return render_api_error!(_('Internal captcha validation error'), 500, nil, "Serpro captcha error: #{e.message}")  
486 - end  
487 - return true if body == '1'  
488 - return render_api_error!(_("Internal captcha validation error"), 500, body, "Unable to reach Serpro's Captcha validation service") if body == "Activity timed out"  
489 - return render_api_error!(_("Wrong captcha text, please try again"), 403) if body == 0  
490 - return render_api_error!(_("Serpro's captcha token not found"), 500) if body == 2  
491 - return render_api_error!(_("No data sent to validation server or other serious problem"), 500) if body == -1  
492 - #Catches all errors at the end  
493 - return render_api_error!(_("Internal captcha validation error"), 500, nil, "Error validating Serpro's captcha #{body}")  
494 - end  
495 -  
496 end 430 end
497 end 431 end
498 end 432 end
lib/noosfero/api/v1/articles.rb
  Diff comments   View file @be8ecf2
@@ -138,6 +138,7 @@ module Noosfero @@ -138,6 +138,7 @@ module Noosfero
138 named 'ArticleVote' 138 named 'ArticleVote'
139 end 139 end
140 post ':id/vote' do 140 post ':id/vote' do
  141 + binding.pry
141 ## The vote api should allow regular login or with captcha 142 ## The vote api should allow regular login or with captcha
142 authenticate_allow_captcha! 143 authenticate_allow_captcha!
143 value = (params[:value] || 1).to_i 144 value = (params[:value] || 1).to_i
plugins/serpro_captcha/test/functional/account_controller_plugin_test.rb
  Diff comments   View file @be8ecf2
1 -# require File.dirname(__FILE__) + '/../test_helper'  
2 -#  
3 -# # Re-raise errors caught by the controller.  
4 -# class AccountController; def rescue_action(e) raise e end; end  
5 -#  
6 -# class AccountControllerPluginTest < ActionController::TestCase  
7 -#  
8 -# def setup  
9 -# @controller = AccountController.new  
10 -# @request = ActionController::TestRequest.new  
11 -# @response = ActionController::TestResponse.new  
12 -#  
13 -# @environment = Environment.default  
14 -# @environment.enabled_plugins = ['SerproCaptchaPlugin']  
15 -# @ldap_config = load_ldap_config  
16 -# @environment.serpro_captcha_plugin= @ldap_config['server'] unless @ldap_config.nil?  
17 -# @environment.save!  
18 -# end  
19 -#  
20 -# should 'not authenticate user if its not a local user or a ldap user' do  
21 -# post :login, :user => {:login => 'someuser', :password => 'somepass'}  
22 -# assert_nil session[:user]  
23 -# end  
24 -#  
25 -# should 'diplay not logged message if the user is not a local user or a ldap user' do  
26 -# post :login, :user => {:login => 'someuser', :password => 'somepass'}  
27 -# assert_equal 'Incorrect username or password', session[:notice]  
28 -# end  
29 -#  
30 -# should 'authenticate user if its a local user but is not a ldap user' do  
31 -# user = create_user('testuser', :email => 'testuser@example.com', :password => 'test', :password_confirmation => 'test')  
32 -# user.activate  
33 -# post :login, :user => {:login => 'testuser', :password => 'test'}  
34 -# assert session[:user]  
35 -# end  
36 -#  
37 -# should 'display required fields on user login' do  
38 -# @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}}  
39 -# @environment.save  
40 -# get :login  
41 -# assert_tag(:input, :attributes => {:id => 'profile_data_contact_phone'})  
42 -# end  
43 -#  
44 -# if ldap_configured?  
45 -#  
46 -# should 'authenticate an existing noosfero user with ldap and loggin' do  
47 -# user = create_user(@ldap_config['user']['login'], :email => 'testuser@example.com', :password => 'test', :password_confirmation => 'test')  
48 -# user.activate  
49 -# count = User.count  
50 -# post :login, :user => @ldap_config['user']  
51 -# assert session[:user]  
52 -# assert_equal count, User.count  
53 -# end  
54 -#  
55 -# should 'login and create a new noosfero user if ldap authentication works properly' do  
56 -# count = User.count  
57 -# post :login, :user => @ldap_config['user']  
58 -# assert session[:user]  
59 -# assert_equal count + 1, User.count  
60 -# end  
61 -#  
62 -# should 'login on ldap if required fields are defined' do  
63 -# count = User.count  
64 -# @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}}  
65 -# @environment.save  
66 -# post :login, :user => @ldap_config['user'], :profile_data => {:contact_phone => '11111111'}  
67 -# assert session[:user]  
68 -# end  
69 -#  
70 -# should 'not login on ldap if required fields are not defined' do  
71 -# @environment.custom_person_fields = {"contact_phone"=>{"required"=>"true", "signup"=>"false", "active"=>"true"}}  
72 -# @environment.save  
73 -# post :login, :user => @ldap_config['user']  
74 -# assert_nil session[:user]  
75 -# end  
76 -#  
77 -# should 'authenticate user if its not a local user but is a ldap user' do  
78 -# post :login, :user => @ldap_config['user']  
79 -# assert session[:user]  
80 -# end  
81 -#  
82 -# else  
83 -# puts LDAP_SERVER_ERROR_MESSAGE  
84 -# end  
85 -#  
86 -# end 1 +require File.dirname(__FILE__) + '/../test_helper'
  2 +
  3 +# Re-raise errors caught by the controller.
  4 +class AccountController; def rescue_action(e) raise e end; end
  5 +
  6 +class AccountControllerPluginTest < ActionController::TestCase
  7 +
  8 + def setup
  9 + @controller = AccountController.new
  10 + @request = ActionController::TestRequest.new
  11 + @response = ActionController::TestResponse.new
  12 +
  13 + @environment = Environment.default
  14 + @environment.enabled_plugins = ['SerproCaptchaPlugin']
  15 + @environment.save!
  16 + end
  17 +
  18 +end
plugins/serpro_captcha/test/unit/serpro_captcha_verification_test.rb
  Diff comments   View file @be8ecf2
@@ -16,6 +16,20 @@ class SerproCaptchaVerificationTest &lt; ActiveSupport::TestCase @@ -16,6 +16,20 @@ class SerproCaptchaVerificationTest &lt; ActiveSupport::TestCase
16 @captcha_verification_body = "#{@environment.serpro_captcha_client_id}&#{@captcha_token}&#{@captcha_text}" 16 @captcha_verification_body = "#{@environment.serpro_captcha_client_id}&#{@captcha_token}&#{@captcha_text}"
17 end 17 end
18 18
  19 + def login_with_captcha
  20 + store = Noosfero::API::SessionStore.create("captcha")
  21 + ## Initialize the data for the session store
  22 + store.data = []
  23 + ## Put it back in cache
  24 + store.store
  25 + { "private_token" => "#{store.private_token}" }
  26 + end
  27 +
  28 + def create_article(name)
  29 + person = fast_create(Person, :environment_id => @environment.id)
  30 + fast_create(Article, :profile_id => person.id, :name => name)
  31 + end
  32 +
19 should 'register a user when there are no enabled captcha pluging' do 33 should 'register a user when there are no enabled captcha pluging' do
20 @environment.enabled_plugins = [] 34 @environment.enabled_plugins = []
21 @environment.save! 35 @environment.save!
@@ -65,4 +79,28 @@ class SerproCaptchaVerificationTest &lt; ActiveSupport::TestCase @@ -65,4 +79,28 @@ class SerproCaptchaVerificationTest &lt; ActiveSupport::TestCase
65 assert hash[:javascript_console_message], _("Wrong captcha text, please try again") 79 assert hash[:javascript_console_message], _("Wrong captcha text, please try again")
66 end 80 end
67 81
  82 + should 'not perform a vote without authentication' do
  83 + article = create_article('Article 1')
  84 + params = {}
  85 + params[:value] = 1
  86 +
  87 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  88 + json = JSON.parse(last_response.body)
  89 + assert_equal 401, last_response.status
  90 + end
  91 +
  92 + should 'perform a vote on an article identified by id' do
  93 + binding.pry
  94 + login_with_captcha
  95 + article = create_article('Article 1')
  96 + params = {}
  97 + params[:value] = 1
  98 +
  99 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  100 + json = JSON.parse(last_response.body)
  101 +
  102 + assert_not_equal 401, last_response.status
  103 + assert_equal true, json['vote']
  104 + end
  105 +
68 end 106 end
test/unit/api/helpers_test.rb
  Diff comments   View file @be8ecf2
1 require File.dirname(__FILE__) + '/test_helper'; 1 require File.dirname(__FILE__) + '/test_helper';
2 2
  3 +
3 require File.expand_path(File.dirname(__FILE__) + "/../../../lib/noosfero/api/helpers") 4 require File.expand_path(File.dirname(__FILE__) + "/../../../lib/noosfero/api/helpers")
4 5
5 class APIHelpersTest < ActiveSupport::TestCase 6 class APIHelpersTest < ActiveSupport::TestCase
@@ -216,10 +217,15 @@ class APIHelpersTest &lt; ActiveSupport::TestCase @@ -216,10 +217,15 @@ class APIHelpersTest &lt; ActiveSupport::TestCase
216 217
217 ###### Captcha tests ###### 218 ###### Captcha tests ######
218 219
219 -should 'do not test captcha when there is no captcha plugin enabled' do  
220 - environment = Environment.new  
221 - assert test_captcha("127.0.0.1", {}, environment)  
222 -end 220 +# def plugins
  221 +# environment = Environment.default
  222 +# Noosfero::Plugin::Manager.new(environment, self)
  223 +# end
  224 +#
  225 +# should 'do not test captcha when there is no captcha plugin enabled' do
  226 +# environment = Environment.new
  227 +# assert test_captcha("127.0.0.1", {}, environment)
  228 +# end
223 229
224 ###### END Captcha tests ###### 230 ###### END Captcha tests ######
225 231
test/unit/api/session_test.rb
  Diff comments   View file @be8ecf2
@@ -76,6 +76,7 @@ class SessionTest &lt; ActiveSupport::TestCase @@ -76,6 +76,7 @@ class SessionTest &lt; ActiveSupport::TestCase
76 end 76 end
77 77
78 should 'not register a user without email' do 78 should 'not register a user without email' do
  79 + #binding.pry
79 params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil } 80 params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil }
80 post "/api/v1/register?#{params.to_query}" 81 post "/api/v1/register?#{params.to_query}"
81 assert_equal 400, last_response.status 82 assert_equal 400, last_response.status
@@ -185,7 +186,7 @@ class SessionTest &lt; ActiveSupport::TestCase @@ -185,7 +186,7 @@ class SessionTest &lt; ActiveSupport::TestCase
185 186
186 should 'do not change user password when password confirmation is wrong' do 187 should 'do not change user password when password confirmation is wrong' do
187 user = create_user 188 user = create_user
188 - user.activate 189 + user.activate
189 task = ChangePassword.create!(:requestor => user.person) 190 task = ChangePassword.create!(:requestor => user.person)
190 params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} 191 params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'}
191 patch "/api/v1/new_password?#{params.to_query}" 192 patch "/api/v1/new_password?#{params.to_query}"
test/unit/api/test_helper.rb
  Diff comments   View file @be8ecf2
@@ -15,29 +15,8 @@ class ActiveSupport::TestCase @@ -15,29 +15,8 @@ class ActiveSupport::TestCase
15 json 15 json
16 end 16 end
17 17
18 - ## Performs a login using the session.rb but mocking the  
19 - ## real HTTP request to validate the captcha.  
20 def do_login_captcha_from_api 18 def do_login_captcha_from_api
21 - # Request mocking  
22 - #Net::HTTP::Post Mock  
23 - request = mock  
24 - #Net::HTTP Mock  
25 - http = mock  
26 - uri = URI(environment.api_captcha_settings[:verify_uri])  
27 - Net::HTTP.expects(:new).with(uri.host, uri.port).returns(http)  
28 - Net::HTTP::Post.expects(:new).with(uri.path).returns(request)  
29 -  
30 - # Captcha required codes  
31 - request.stubs(:body=).with("0000000000000000&4324343&4030320")  
32 - http.stubs(:request).with(request).returns(http)  
33 -  
34 - # Captcha validation success !!  
35 - http.stubs(:body).returns("1")  
36 -  
37 - params = {:txtToken_captcha_serpro_gov_br => '4324343', :captcha_text => '4030320'}  
38 - post "#{@url}#{params.to_query}"  
39 - json = JSON.parse(last_response.body)  
40 - json 19 + JSON.parse("1")
41 end 20 end
42 21
43 def login_api 22 def login_api