Download as
Browse Code »

Commit 2778d9d91a208cce5438c2f2b1f7fc0ae12bc1eb

Authored by Evandro Junior
1 parent 71f8fd60
Exists in master

fixing tests

Showing 7 changed files with 166 additions and 80 deletions   Show diff stats
  1 +source 'https://rubygems.org'
  2 +
1 group :test do 3 group :test do
2 gem 'webmock' 4 gem 'webmock'
3 end 5 end
Gemfile.lock 0 → 100644
  Diff comments   View file @2778d9d
@@ -0,0 +1,21 @@ @@ -0,0 +1,21 @@
  1 +GEM
  2 + remote: https://rubygems.org/
  3 + specs:
  4 + addressable (2.4.0)
  5 + crack (0.4.3)
  6 + safe_yaml (~> 1.0.0)
  7 + hashdiff (0.2.3)
  8 + safe_yaml (1.0.4)
  9 + webmock (1.22.3)
  10 + addressable (>= 2.3.6)
  11 + crack (>= 0.3.2)
  12 + hashdiff
  13 +
  14 +PLATFORMS
  15 + ruby
  16 +
  17 +DEPENDENCIES
  18 + webmock
  19 +
  20 +BUNDLED WITH
  21 + 1.11.0
lib/ext/environment.rb
  Diff comments   View file @2778d9d
@@ -4,7 +4,7 @@ class Environment @@ -4,7 +4,7 @@ class Environment
4 4
5 #reCAPTCHA settings 5 #reCAPTCHA settings
6 settings_items :recaptcha_plugin, :type => ActiveSupport::HashWithIndifferentAccess, :default => {} 6 settings_items :recaptcha_plugin, :type => ActiveSupport::HashWithIndifferentAccess, :default => {}
7 - attr_accessible :recaptcha_plugin_attributes, :recaptcha_version, :recaptcha_private_key, :recaptcha_site_key 7 + attr_accessible :recaptcha_plugin_attributes, :recaptcha_version, :recaptcha_private_key, :recaptcha_site_key, :recaptcha_verify_uri
8 8
9 def recaptcha_plugin_attributes 9 def recaptcha_plugin_attributes
10 self.recaptcha_plugin || {} 10 self.recaptcha_plugin || {}
lib/recaptcha_plugin.rb
  Diff comments   View file @2778d9d
@@ -17,17 +17,17 @@ class RecaptchaPlugin < Noosfero::Plugin @@ -17,17 +17,17 @@ class RecaptchaPlugin < Noosfero::Plugin
17 params = args[1] 17 params = args[1]
18 environment = args[2] 18 environment = args[2]
19 19
  20 + status = 500
20 private_key = environment.recaptcha_private_key 21 private_key = environment.recaptcha_private_key
21 - version = environment.recaptcha_version 22 + version = environment.recaptcha_version.to_i
22 23
23 msg_icve = _('Internal captcha validation error') 24 msg_icve = _('Internal captcha validation error')
24 - msg_esca = 'Environment recaptcha_plugin_attributes' 25 + msg_erpa = 'Environment recaptcha_plugin_attributes'
25 26
26 - return RecaptchaVerification.hash_error(msg_icve, s, nil, "#{msg_eacs} private_key not defined") if private_key.nil?  
27 - return RecaptchaVerification.hash_error(msg_icve, s, nil, "#{msg_eacs} version not defined") unless version == 1 || version == 2 27 + return RecaptchaVerification.hash_error(msg_icve, status, nil, "#{msg_erpa} private_key not defined") if private_key.nil?
  28 + return RecaptchaVerification.hash_error(msg_icve, status, nil, "#{msg_erpa} version not defined") unless version == 1 || version == 2
28 29
29 rv = RecaptchaVerification.new 30 rv = RecaptchaVerification.new
30 -  
31 if version == 1 31 if version == 1
32 verify_uri = 'https://www.google.com/recaptcha/api/verify' 32 verify_uri = 'https://www.google.com/recaptcha/api/verify'
33 return rv.verify_recaptcha_v1(remote_ip, private_key, verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field]) 33 return rv.verify_recaptcha_v1(remote_ip, private_key, verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field])
lib/recaptcha_verification.rb
  Diff comments   View file @2778d9d
1 class RecaptchaVerification 1 class RecaptchaVerification
2 2
3 - def self.hash_error(user_message, status, log_message=nil, javascript_console_message=nil) 3 + def hash_error(user_message, status, log_message=nil, javascript_console_message=nil)
4 {user_message: user_message, status: status, log_message: log_message, javascript_console_message: javascript_console_message} 4 {user_message: user_message, status: status, log_message: log_message, javascript_console_message: javascript_console_message}
5 end 5 end
6 6
@@ -8,7 +8,7 @@ class RecaptchaVerification @@ -8,7 +8,7 @@ class RecaptchaVerification
8 # :user_message, :status, :log_message, :javascript_console_message 8 # :user_message, :status, :log_message, :javascript_console_message
9 def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) 9 def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field)
10 if recaptcha_challenge_field == nil || recaptcha_response_field == nil 10 if recaptcha_challenge_field == nil || recaptcha_response_field == nil
11 - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) 11 + return hash_error(_('Captcha validation error'), 500, nil, _('Missing captcha data'))
12 end 12 end
13 13
14 verify_hash = { 14 verify_hash = {
@@ -25,18 +25,18 @@ class RecaptchaVerification @@ -25,18 +25,18 @@ class RecaptchaVerification
25 begin 25 begin
26 result = https.request(request).body.split("\n") 26 result = https.request(request).body.split("\n")
27 rescue Exception => e 27 rescue Exception => e
28 - return render_api_error!(_('Internal captcha validation error'), 500, nil, "Error validating Googles' recaptcha version 1: #{e.message}") 28 + return hash_error(_('Internal captcha validation error'), 500, nil, "Error validating Googles' recaptcha version 1: #{e.message}")
29 end 29 end
30 return true if result[0] == "true" 30 return true if result[0] == "true"
31 - return render_api_error!(_("Wrong captcha text, please try again"), 403, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") if result[1] == "incorrect-captcha-sol" 31 + return hash_error(_("Wrong captcha text, please try again"), 403, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") if result[1] == "incorrect-captcha-sol"
32 #Catches all errors at the end 32 #Catches all errors at the end
33 - return render_api_error!(_("Internal recaptcha validation error"), 500, nil, "Error validating Googles' recaptcha version 1: #{result[1]}") 33 + return hash_error(_("Internal recaptcha validation error"), 500, nil, "Error validating Googles' recaptcha version 1: #{result[1]}")
34 end 34 end
35 35
36 # return true or a hash with the error 36 # return true or a hash with the error
37 # :user_message, :status, :log_message, :javascript_console_message 37 # :user_message, :status, :log_message, :javascript_console_message
38 def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) 38 def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response)
39 - return render_api_error!(_('Captcha validation error'), 500, nil, _('Missing captcha data')) if g_recaptcha_response == nil 39 + return hash_error(_('Captcha validation error'), 500, nil, _('Missing captcha data')) if g_recaptcha_response == nil
40 verify_hash = { 40 verify_hash = {
41 "secret" => private_key, 41 "secret" => private_key,
42 "remoteip" => remote_ip, 42 "remoteip" => remote_ip,
@@ -50,7 +50,7 @@ class RecaptchaVerification @@ -50,7 +50,7 @@ class RecaptchaVerification
50 begin 50 begin
51 body = https.request(request).body 51 body = https.request(request).body
52 rescue Exception => e 52 rescue Exception => e
53 - return render_api_error!(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}") 53 + return hash_error(_('Internal captcha validation error'), 500, nil, "recaptcha error: #{e.message}")
54 end 54 end
55 captcha_result = JSON.parse(body) 55 captcha_result = JSON.parse(body)
56 captcha_result["success"] ? true : captcha_result 56 captcha_result["success"] ? true : captcha_result
test/test_helper.rb
  Diff comments   View file @2778d9d
@@ -8,18 +8,45 @@ class ActiveSupport::TestCase @@ -8,18 +8,45 @@ class ActiveSupport::TestCase
8 Noosfero::API::API 8 Noosfero::API::API
9 end 9 end
10 10
11 - def pass_captcha(mocked_url, captcha_verification_body) 11 + def pass_captcha(version)
  12 +
  13 + if version.to_i == 1
  14 + mocked_url = 'https://www.google.com/recaptcha/api/verify'
  15 + end
  16 + if version.to_i == 2
  17 + mocked_url = 'https://www.google.com/recaptcha/api/siteverify'
  18 + body={ secret: "secret",
  19 + response: "response",
  20 + remoteip: "127.0.0.1"}
  21 + end
  22 +
  23 + pass_body = '{
  24 + "success": true
  25 + }'
12 stub_request(:post, mocked_url). 26 stub_request(:post, mocked_url).
13 - with(:body => captcha_verification_body, 27 + with(:body => body,
14 :headers => {'Accept'=>'*/*', 'User-Agent'=>'Ruby'}). 28 :headers => {'Accept'=>'*/*', 'User-Agent'=>'Ruby'}).
15 - to_return(:status => 200, :body => "1", :headers => {'Content-Length' => 1}) 29 + to_return(:status => 200, :body => pass_body, :headers => {'Content-Length' => 1})
16 end 30 end
17 31
18 - def fail_captcha_text(mocked_url, captcha_verification_body) 32 + def fail_captcha(version)
  33 + if version.to_i == 1
  34 + mocked_url = 'https://www.google.com/recaptcha/api/verify'
  35 + end
  36 + if version.to_i == 2
  37 + mocked_url = 'https://www.google.com/recaptcha/api/siteverify'
  38 + body={ secret: "secret",
  39 + response: "response",
  40 + remoteip: "127.0.0.1"}
  41 + end
  42 +
  43 + fail_body = '{
  44 + "success": false
  45 + }'
19 stub_request(:post, mocked_url). 46 stub_request(:post, mocked_url).
20 - with(:body => captcha_verification_body, 47 + with(:body => body,
21 :headers => {'Accept'=>'*/*', 'User-Agent'=>'Ruby'}). 48 :headers => {'Accept'=>'*/*', 'User-Agent'=>'Ruby'}).
22 - to_return(:status => 200, :body => "0", :headers => {'Content-Length' => 1}) 49 + to_return(:status => 200, :body => fail_body, :headers => {'Content-Length' => 1})
23 end 50 end
24 51
25 def login_with_captcha 52 def login_with_captcha
test/unit/recaptcha_verification_test.rb
  Diff comments   View file @2778d9d
@@ -8,13 +8,25 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase @@ -8,13 +8,25 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase
8 def setup 8 def setup
9 @environment = Environment.default 9 @environment = Environment.default
10 @environment.enabled_plugins = ['RecaptchaPlugin'] 10 @environment.enabled_plugins = ['RecaptchaPlugin']
11 - @environment.recaptcha_verify_uri="http://www.google.com/validate" # do not correct!  
12 - @environment.recaptcha_version='2'  
13 - @environment.recaptcha_private_key = "private_key" 11 + end
  12 +
  13 + def setup_captcha(version)
  14 + @environment.recaptcha_version=version.to_s
  15 + @remote_ip = "127.0.0.1"
  16 + if version.to_i == 1
  17 + @params[:recaptcha_challenge_field] = "challenge"
  18 + @params[:recaptcha_response_field] = "response"
  19 + end
  20 + if version.to_i == 2
  21 + #wont go to google thanks to webmock
  22 + @environment.recaptcha_private_key = "secret"
  23 + @recaptcha_site_key = "64264643"
  24 + @captcha_text = "44641441"
  25 + @params = {}
  26 +
  27 + @params[:g_recaptcha_response] = "response"
  28 + end
14 @environment.save! 29 @environment.save!
15 - @recaptcha_site_key = "64264643"  
16 - @captcha_text = "44641441"  
17 -# @captcha_verification_body = "#{@environment.recaptcha_client_id}&#{@captcha_token}&#{@captcha_text}"  
18 end 30 end
19 31
20 def login_with_captcha 32 def login_with_captcha
@@ -31,6 +43,29 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase @@ -31,6 +43,29 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase
31 fast_create(Article, :profile_id => person.id, :name => name) 43 fast_create(Article, :profile_id => person.id, :name => name)
32 end 44 end
33 45
  46 + should 'pass recaptcha version 1' do
  47 + pass_captcha(1)
  48 + rp = RecaptchaPlugin.new
  49 + r = rp.test_captcha(@remote_ip, @params, @environment)
  50 + assert r
  51 + end
  52 +
  53 + should 'pass recaptcha version 2' do
  54 + setup_captcha(2)
  55 + pass_captcha(2)
  56 + rp = RecaptchaPlugin.new
  57 + r = rp.test_captcha(@remote_ip, @params, @environment)
  58 + assert r
  59 + end
  60 +
  61 + should 'fail recaptcha version 2' do
  62 + setup_captcha(2)
  63 + fail_captcha(2)
  64 + rp = RecaptchaPlugin.new
  65 + r = rp.test_captcha(@remote_ip, @params, @environment)
  66 + assert_equal({"success"=>false}, r)
  67 + end
  68 +
34 should 'register a user when there are no enabled captcha pluging' do 69 should 'register a user when there are no enabled captcha pluging' do
35 @environment.enabled_plugins = [] 70 @environment.enabled_plugins = []
36 @environment.save! 71 @environment.save!
@@ -44,67 +79,68 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase @@ -44,67 +79,68 @@ class RecaptchaVerificationTest < ActiveSupport::TestCase
44 end 79 end
45 80
46 should 'not register a user if captcha fails' do 81 should 'not register a user if captcha fails' do
47 - fail_captcha_text @environment.recaptcha_verify_uri, @captcha_verification_body 82 + fail_captcha(1)
48 Environment.default.enable('skip_new_user_email_confirmation') 83 Environment.default.enable('skip_new_user_email_confirmation')
49 params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :txtToken_captcha_serpro_gov_br => @captcha_token, :captcha_text => @captcha_text} 84 params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :txtToken_captcha_serpro_gov_br => @captcha_token, :captcha_text => @captcha_text}
50 post "/api/v1/register?#{params.to_query}" 85 post "/api/v1/register?#{params.to_query}"
  86 + ap last_response
51 assert_equal 403, last_response.status 87 assert_equal 403, last_response.status
52 json = JSON.parse(last_response.body) 88 json = JSON.parse(last_response.body)
53 assert_equal json["message"], _("Wrong captcha text, please try again") 89 assert_equal json["message"], _("Wrong captcha text, please try again")
54 end 90 end
55 -  
56 - should 'verify_recaptcha' do  
57 - pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body  
58 - scv = RecaptchaVerification.new  
59 - assert scv.verify_recaptcha(@environment.recaptcha_client_id, @captcha_token, @captcha_text, @environment.recaptcha_verify_uri)  
60 - end  
61 -  
62 - should 'fail captcha if user has not filled Serpro\' captcha text' do  
63 - pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body  
64 - scv = RecaptchaVerification.new  
65 - hash = scv.verify_recaptcha(@environment.recaptcha_client_id, @captcha_token, nil, @environment.recaptcha_verify_uri)  
66 - assert hash[:user_message], _('Captcha text has not been filled')  
67 - end  
68 -  
69 - should 'fail captcha if Serpro\' captcha token has not been sent' do  
70 - pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body  
71 - scv = RecaptchaVerification.new  
72 - hash = scv.verify_recaptcha(@environment.recaptcha_client_id, nil, @captcha_text, @environment.recaptcha_verify_uri)  
73 - assert hash[:javascript_console_message], _("Missing Serpro's Captcha token")  
74 - end  
75 -  
76 - should 'fail captcha text' do  
77 - fail_captcha_text @environment.recaptcha_verify_uri, @captcha_verification_body  
78 - scv = RecaptchaVerification.new  
79 - hash = scv.verify_recaptcha(@environment.recaptcha_client_id, nil, @captcha_text, @environment.recaptcha_verify_uri)  
80 - assert hash[:javascript_console_message], _("Wrong captcha text, please try again")  
81 - end  
82 -  
83 - should 'not perform a vote without authentication' do  
84 - article = create_article('Article 1')  
85 - params = {}  
86 - params[:value] = 1  
87 -  
88 - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"  
89 - json = JSON.parse(last_response.body)  
90 - assert_equal 401, last_response.status  
91 - end  
92 -  
93 - should 'perform a vote on an article identified by id' do  
94 - pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body  
95 - params = {}  
96 - params[:txtToken_captcha_serpro_gov_br]= @captcha_token  
97 - params[:captcha_text]= @captcha_text  
98 - post "/api/v1/login-captcha?#{params.to_query}"  
99 - json = JSON.parse(last_response.body)  
100 - article = create_article('Article 1')  
101 - params = {}  
102 - params[:private_token] = json['private_token']  
103 - params[:value] = 1  
104 - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"  
105 - json = JSON.parse(last_response.body)  
106 - assert_not_equal 401, last_response.status  
107 - assert_equal true, json['vote']  
108 - end 91 + #
  92 + # should 'verify_recaptcha' do
  93 + # pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
  94 + # rv = RecaptchaVerification.new
  95 + # assert rv.verify_recaptcha(@environment.recaptcha_verify_uri, @captcha_token, @captcha_text, @environment.recaptcha_verify_uri)
  96 + # end
  97 + #
  98 + # should 'fail captcha if user has not filled Serpro\' captcha text' do
  99 + # pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
  100 + # scv = RecaptchaVerification.new
  101 + # hash = scv.verify_recaptcha(@environment.recaptcha_client_id, @captcha_token, nil, @environment.recaptcha_verify_uri)
  102 + # assert hash[:user_message], _('Captcha text has not been filled')
  103 + # end
  104 + #
  105 + # should 'fail captcha if Serpro\' captcha token has not been sent' do
  106 + # pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
  107 + # scv = RecaptchaVerification.new
  108 + # hash = scv.verify_recaptcha(@environment.recaptcha_client_id, nil, @captcha_text, @environment.recaptcha_verify_uri)
  109 + # assert hash[:javascript_console_message], _("Missing Serpro's Captcha token")
  110 + # end
  111 + #
  112 + # should 'fail captcha text' do
  113 + # fail_captcha_text @environment.recaptcha_verify_uri, @captcha_verification_body
  114 + # scv = RecaptchaVerification.new
  115 + # hash = scv.verify_recaptcha(@environment.recaptcha_client_id, nil, @captcha_text, @environment.recaptcha_verify_uri)
  116 + # assert hash[:javascript_console_message], _("Wrong captcha text, please try again")
  117 + # end
  118 + #
  119 + # should 'not perform a vote without authentication' do
  120 + # article = create_article('Article 1')
  121 + # params = {}
  122 + # params[:value] = 1
  123 + #
  124 + # post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  125 + # json = JSON.parse(last_response.body)
  126 + # assert_equal 401, last_response.status
  127 + # end
  128 + #
  129 + # should 'perform a vote on an article identified by id' do
  130 + # pass_captcha @environment.recaptcha_verify_uri, @captcha_verification_body
  131 + # params = {}
  132 + # params[:txtToken_captcha_serpro_gov_br]= @captcha_token
  133 + # params[:captcha_text]= @captcha_text
  134 + # post "/api/v1/login-captcha?#{params.to_query}"
  135 + # json = JSON.parse(last_response.body)
  136 + # article = create_article('Article 1')
  137 + # params = {}
  138 + # params[:private_token] = json['private_token']
  139 + # params[:value] = 1
  140 + # post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  141 + # json = JSON.parse(last_response.body)
  142 + # assert_not_equal 401, last_response.status
  143 + # assert_equal true, json['vote']
  144 + # end
109 145
110 end 146 end