Download as
Browse Code »

Commit 2778d9d91a208cce5438c2f2b1f7fc0ae12bc1eb

Authored by Evandro Junior
1 parent 71f8fd60
Exists in master

fixing tests

Showing 7 changed files with 166 additions and 80 deletions   Show diff stats
Gemfile
  Diff comments   View file @2778d9d
  1 +source 'https://rubygems.org'
  2 +
1 3 group :test do
2 4 gem 'webmock'
3 5 end
... ...
Gemfile.lock 0 → 100644
  Diff comments   View file @2778d9d
... ... @@ -0,0 +1,21 @@
  1 +GEM
  2 + remote: https://rubygems.org/
  3 + specs:
  4 + addressable (2.4.0)
  5 + crack (0.4.3)
  6 + safe_yaml (~> 1.0.0)
  7 + hashdiff (0.2.3)
  8 + safe_yaml (1.0.4)
  9 + webmock (1.22.3)
  10 + addressable (>= 2.3.6)
  11 + crack (>= 0.3.2)
  12 + hashdiff
  13 +
  14 +PLATFORMS
  15 + ruby
  16 +
  17 +DEPENDENCIES
  18 + webmock
  19 +
  20 +BUNDLED WITH
  21 + 1.11.0
... ...
lib/ext/environment.rb
  Diff comments   View file @2778d9d
... ... @@ -4,7 +4,7 @@ class Environment
4 4  
5 5 #reCAPTCHA settings
6 6 settings_items :recaptcha_plugin, :type => ActiveSupport::HashWithIndifferentAccess, :default => {}
7   - attr_accessible :recaptcha_plugin_attributes, :recaptcha_version, :recaptcha_private_key, :recaptcha_site_key
  7 + attr_accessible :recaptcha_plugin_attributes, :recaptcha_version, :recaptcha_private_key, :recaptcha_site_key, :recaptcha_verify_uri
8 8  
9 9 def recaptcha_plugin_attributes
10 10 self.recaptcha_plugin || {}
... ...
lib/recaptcha_plugin.rb
  Diff comments   View file @2778d9d
... ... @@ -17,17 +17,17 @@ class RecaptchaPlugin < Noosfero::Plugin
17 17 params = args[1]
18 18 environment = args[2]
19 19  
  20 + status = 500
20 21 private_key = environment.recaptcha_private_key
21   - version = environment.recaptcha_version
  22 + version = environment.recaptcha_version.to_i
22 23  
23 24 msg_icve = _('Internal captcha validation error')
24   - msg_esca = 'Environment recaptcha_plugin_attributes'
  25 + msg_erpa = 'Environment recaptcha_plugin_attributes'
25 26  
26   - return RecaptchaVerification.hash_error(msg_icve, s, nil, "#{msg_eacs} private_key not defined") if private_key.nil?
27   - return RecaptchaVerification.hash_error(msg_icve, s, nil, "#{msg_eacs} version not defined") unless version == 1 || version == 2
  27 + return RecaptchaVerification.hash_error(msg_icve, status, nil, "#{msg_erpa} private_key not defined") if private_key.nil?
  28 + return RecaptchaVerification.hash_error(msg_icve, status, nil, "#{msg_erpa} version not defined") unless version == 1 || version == 2
28 29  
29 30 rv = RecaptchaVerification.new
30   -
31 31 if version == 1
32 32 verify_uri = 'https://www.google.com/recaptcha/api/verify'
33 33 return rv.verify_recaptcha_v1(remote_ip, private_key, verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field])
... ...
lib/recaptcha_verification.rb
  Diff comments   View file @2778d9d
1 1 class RecaptchaVerification
2 2  
3   - def self.hash_error(user_message, status, log_message=nil, javascript_console_message=nil)
  3 + def hash_error(user_message, status, log_message=nil, javascript_console_message=nil)
4 4 {user_message: user_message, status: status, log_message: log_message, javascript_console_message: javascript_console_message}
5 5 end
6 6  
... ... @@ -8,7 +8,7 @@ class RecaptchaVerification
8 8 # :user_message, :status, :log_message, :javascript_console_message
9 9 def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field)
10 10 if recaptcha_challenge_field == nil || recaptcha_response_field == nil
11   - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data'))
  11 + return hash_error(_('Captcha validation error'), 500, nil, _('Missing captcha data'))
12 12 end
13 13  
14 14 verify_hash = {
... ... @@ -25,18 +25,18 @@ class RecaptchaVerification
25 25 begin
26 26 result = https.request(request).body.split("\n")
27 27 rescue Exception => e
28   - return render_api_error!(_('Internal captcha validation error'), 500, nil, "Error validating Googles' recaptcha version 1: #{e.message}")
  28 + return hash_error(_('Internal captcha validation error'), 500, nil, "Error validating Googles' recaptcha version 1: #{e.message}")
29 29 end
30 30 return true if result[0] == "true"
31   - return render_api_error!(_("Wrong captcha text, please try again"), 403, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") if result[1] == "incorrect-captcha-sol"
  31 + return hash_error(_("Wrong captcha text, please try again"), 403, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") if result[1] == "incorrect-captcha-sol"
32 32 #Catches all errors at the end
33   - return render_api_error!(_("Internal recaptcha validation error"), 500, nil, "Error validating Googles' recaptcha version 1: #{result[1]}")
  33 + return hash_error(_("Internal recaptcha validation error"), 500, nil, "Error validating Googles' recaptcha version 1: #{result[1]}")
34 34 end
35 35  
36 36 # return true or a hash with the error
37 37 # :user_message, :status, :log_message, :javascript_console_message
38 38 def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response)
39   - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) if g_recaptcha_response == nil
  39 + return hash_error(_('Captcha validation error'), 500, nil, _('Missing captcha data')) if g_recaptcha_response == nil
40 40 verify_hash = {
41 41 "secret" => private_key,
42 42 "remoteip" => remote_ip,
... ... @@ -50,7 +50,7 @@ class RecaptchaVerification
50 50 begin
51 51 body = https.request(request).body
52 52 rescue Exception => e
53   - return render_api_error!(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}")
  53 + return hash_error(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}")
54 54 end
55 55 captcha_result = JSON.parse(body)
56 56 captcha_result["success"] ? true : captcha_result
... ...
test/test_helper.rb
  Diff comments   View file @2778d9d
... ... @@ -8,18 +8,45 @@ class ActiveSupport::TestCase
8 8 Noosfero::API::API
9 9 end
10 10  
11   - def pass_captcha(mocked_url, captcha_verification_body)
  11 + def pass_captcha(version)
  12 +
  13 + if version.to_i == 1
  14 + mocked_url = 'https://www.google.com/recaptcha/api/verify'
  15 + end
  16 + if version.to_i == 2
  17 + mocked_url = 'https://www.google.com/recaptcha/api/siteverify'
  18 + body={ secret: "secret",
  19 + response: "response",
  20 + remoteip: "127.0.0.1"}
  21 + end
  22 +
  23 + pass_body = '{
  24 + "success": true
  25 + }'
12 26 stub_request(:post, mocked_url).
13   - with(:body => captcha_verification_body,
  27 + with(:body => body,
14 28 :headers => {'Accept'=>'*/*', 'User-Agent'=>'Ruby'}).
15   - to_return(:status => 200, :body => "1", :headers => {'Content-Length' => 1})
  29 + to_return(:status => 200, :body => pass_body, :headers => {'Content-Length' => 1})
16 30 end
17 31  
18   - def fail_captcha_text(mocked_url, captcha_verification_body)
  32 + def fail_captcha(version)
  33 + if version.to_i == 1
  34 + mocked_url = 'https://www.google.com/recaptcha/api/verify'
  35 + end
  36 + if version.to_i == 2
  37 + mocked_url = 'https://www.google.com/recaptcha/api/siteverify'
  38 + body={ secret: "secret",
  39 + response: "response",
  40 + remoteip: "127.0.0.1"}
  41 + end
  42 +
  43 + fail_body = '{
  44 + "success": false
  45 + }'
19 46 stub_request(:post, mocked_url).
20   - with(:body => captcha_verification_body,
  47 + with(:body => body,
21 48 :headers => {'Accept'=>'*/*', 'User-Agent'=>'Ruby'}).
22   - to_return(:status => 200, :body => "0", :headers => {'Content-Length' => 1})
  49 + to_return(:status => 200, :body => fail_body, :headers => {'Content-Length' => 1})
23 50 end
24 51  
25 52 def login_with_captcha
... ...
test/unit/recaptcha_verification_test.rb
  Diff comments   View file @2778d9d
... ... @@ -8,13 +8,25 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase
8 8 def setup
9 9 @environment = Environment.default
10 10 @environment.enabled_plugins = ['RecaptchaPlugin']
11   - @environment.recaptcha_verify_uri="http://www.google.com/validate" # do not correct!
12   - @environment.recaptcha_version='2'
13   - @environment.recaptcha_private_key = "private_key"
  11 + end
  12 +
  13 + def setup_captcha(version)
  14 + @environment.recaptcha_version=version.to_s
  15 + @remote_ip = "127.0.0.1"
  16 + if version.to_i == 1
  17 + @params[:recaptcha_challenge_field] = "challenge"
  18 + @params[:recaptcha_response_field] = "response"
  19 + end
  20 + if version.to_i == 2
  21 + #wont go to google thanks to webmock
  22 + @environment.recaptcha_private_key = "secret"
  23 + @recaptcha_site_key = "64264643"
  24 + @captcha_text = "44641441"
  25 + @params = {}
  26 +
  27 + @params[:g_recaptcha_response] = "response"
  28 + end
14 29 @environment.save!
15   - @recaptcha_site_key = "64264643"
16   - @captcha_text = "44641441"
17   -# @captcha_verification_body = "#{@environment.recaptcha_client_id}&#{@captcha_token}&#{@captcha_text}"
18 30 end
19 31  
20 32 def login_with_captcha
... ... @@ -31,6 +43,29 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase
31 43 fast_create(Article, :profile_id => person.id, :name => name)
32 44 end
33 45  
  46 + should 'pass recaptcha version 1' do
  47 + pass_captcha(1)
  48 + rp = RecaptchaPlugin.new
  49 + r = rp.test_captcha(@remote_ip, @params, @environment)
  50 + assert r
  51 + end
  52 +
  53 + should 'pass recaptcha version 2' do
  54 + setup_captcha(2)
  55 + pass_captcha(2)
  56 + rp = RecaptchaPlugin.new
  57 + r = rp.test_captcha(@remote_ip, @params, @environment)
  58 + assert r
  59 + end
  60 +
  61 + should 'fail recaptcha version 2' do
  62 + setup_captcha(2)
  63 + fail_captcha(2)
  64 + rp = RecaptchaPlugin.new
  65 + r = rp.test_captcha(@remote_ip, @params, @environment)
  66 + assert_equal({"success"=>false}, r)
  67 + end
  68 +
34 69 should 'register a user when there are no enabled captcha pluging' do
35 70 @environment.enabled_plugins = []
36 71 @environment.save!
... ... @@ -44,67 +79,68 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase
44 79 end
45 80  
46 81 should 'not register a user if captcha fails' do
47   - fail_captcha_text @environment.recaptcha_verify_uri, @captcha_verification_body
  82 + fail_captcha(1)
48 83 Environment.default.enable('skip_new_user_email_confirmation')
49 84 params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :txtToken_captcha_serpro_gov_br => @captcha_token, :captcha_text => @captcha_text}
50 85 post "/api/v1/register?#{params.to_query}"
  86 + ap last_response
51 87 assert_equal 403, last_response.status
52 88 json = JSON.parse(last_response.body)
53 89 assert_equal json["message"], _("Wrong captcha text, please try again")
54 90 end
55   -
56   - should 'verify_recaptcha' do
57   - pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
58   - scv = RecaptchaVerification.new
59   - assert scv.verify_recaptcha(@environment.recaptcha_client_id, @captcha_token, @captcha_text, @environment.recaptcha_verify_uri)
60   - end
61   -
62   - should 'fail captcha if user has not filled Serpro\' captcha text' do
63   - pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
64   - scv = RecaptchaVerification.new
65   - hash = scv.verify_recaptcha(@environment.recaptcha_client_id, @captcha_token, nil, @environment.recaptcha_verify_uri)
66   - assert hash[:user_message], _('Captcha text has not been filled')
67   - end
68   -
69   - should 'fail captcha if Serpro\' captcha token has not been sent' do
70   - pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
71   - scv = RecaptchaVerification.new
72   - hash = scv.verify_recaptcha(@environment.recaptcha_client_id, nil, @captcha_text, @environment.recaptcha_verify_uri)
73   - assert hash[:javascript_console_message], _("Missing Serpro's Captcha token")
74   - end
75   -
76   - should 'fail captcha text' do
77   - fail_captcha_text @environment.recaptcha_verify_uri, @captcha_verification_body
78   - scv = RecaptchaVerification.new
79   - hash = scv.verify_recaptcha(@environment.recaptcha_client_id, nil, @captcha_text, @environment.recaptcha_verify_uri)
80   - assert hash[:javascript_console_message], _("Wrong captcha text, please try again")
81   - end
82   -
83   - should 'not perform a vote without authentication' do
84   - article = create_article('Article 1')
85   - params = {}
86   - params[:value] = 1
87   -
88   - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
89   - json = JSON.parse(last_response.body)
90   - assert_equal 401, last_response.status
91   - end
92   -
93   - should 'perform a vote on an article identified by id' do
94   - pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
95   - params = {}
96   - params[:txtToken_captcha_serpro_gov_br]= @captcha_token
97   - params[:captcha_text]= @captcha_text
98   - post "/api/v1/login-captcha?#{params.to_query}"
99   - json = JSON.parse(last_response.body)
100   - article = create_article('Article 1')
101   - params = {}
102   - params[:private_token] = json['private_token']
103   - params[:value] = 1
104   - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
105   - json = JSON.parse(last_response.body)
106   - assert_not_equal 401, last_response.status
107   - assert_equal true, json['vote']
108   - end
  91 + #
  92 + # should 'verify_recaptcha' do
  93 + # pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
  94 + # rv = RecaptchaVerification.new
  95 + # assert rv.verify_recaptcha(@environment.recaptcha_verify_uri, @captcha_token, @captcha_text, @environment.recaptcha_verify_uri)
  96 + # end
  97 + #
  98 + # should 'fail captcha if user has not filled Serpro\' captcha text' do
  99 + # pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
  100 + # scv = RecaptchaVerification.new
  101 + # hash = scv.verify_recaptcha(@environment.recaptcha_client_id, @captcha_token, nil, @environment.recaptcha_verify_uri)
  102 + # assert hash[:user_message], _('Captcha text has not been filled')
  103 + # end
  104 + #
  105 + # should 'fail captcha if Serpro\' captcha token has not been sent' do
  106 + # pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
  107 + # scv = RecaptchaVerification.new
  108 + # hash = scv.verify_recaptcha(@environment.recaptcha_client_id, nil, @captcha_text, @environment.recaptcha_verify_uri)
  109 + # assert hash[:javascript_console_message], _("Missing Serpro's Captcha token")
  110 + # end
  111 + #
  112 + # should 'fail captcha text' do
  113 + # fail_captcha_text @environment.recaptcha_verify_uri, @captcha_verification_body
  114 + # scv = RecaptchaVerification.new
  115 + # hash = scv.verify_recaptcha(@environment.recaptcha_client_id, nil, @captcha_text, @environment.recaptcha_verify_uri)
  116 + # assert hash[:javascript_console_message], _("Wrong captcha text, please try again")
  117 + # end
  118 + #
  119 + # should 'not perform a vote without authentication' do
  120 + # article = create_article('Article 1')
  121 + # params = {}
  122 + # params[:value] = 1
  123 + #
  124 + # post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  125 + # json = JSON.parse(last_response.body)
  126 + # assert_equal 401, last_response.status
  127 + # end
  128 + #
  129 + # should 'perform a vote on an article identified by id' do
  130 + # pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
  131 + # params = {}
  132 + # params[:txtToken_captcha_serpro_gov_br]= @captcha_token
  133 + # params[:captcha_text]= @captcha_text
  134 + # post "/api/v1/login-captcha?#{params.to_query}"
  135 + # json = JSON.parse(last_response.body)
  136 + # article = create_article('Article 1')
  137 + # params = {}
  138 + # params[:private_token] = json['private_token']
  139 + # params[:value] = 1
  140 + # post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  141 + # json = JSON.parse(last_response.body)
  142 + # assert_not_equal 401, last_response.status
  143 + # assert_equal true, json['vote']
  144 + # end
109 145  
110 146 end
... ...