Commit 962b038c104fa77d61847e7079190493271127fe
Committed by
Larissa Reis
Larissa Reis
1 parent
28b32a73
Exists in
oauth_external_login
and in
1 other branch
Adding tests to Webfinger Api
Signed-off-by: Alessandro Caetano <alessandro.caetanob@gmail.com> Signed-off-by: Thiago Ribeiro <thiagitosouza@gmail.com>
Showing
3 changed files
with
79 additions
and
30 deletions
Show diff stats
lib/noosfero/api/api.rb
lib/noosfero/api/federation/webfinger.rb
| ... | ... | @@ -3,9 +3,9 @@ module Noosfero |
| 3 | 3 | module API |
| 4 | 4 | module Federation |
| 5 | 5 | class Webfinger < Grape::API |
| 6 | - get "webfinger" do | |
| 6 | + get 'webfinger' do | |
| 7 | 7 | result = generate_jrd |
| 8 | - present result, :with => Grape::Presenters::Presenter | |
| 8 | + present result, with: Grape::Presenters::Presenter | |
| 9 | 9 | end |
| 10 | 10 | end |
| 11 | 11 | end |
| ... | ... | @@ -13,62 +13,79 @@ module Noosfero |
| 13 | 13 | end |
| 14 | 14 | |
| 15 | 15 | def generate_jrd |
| 16 | - result = {} | |
| 17 | - if valid_domain? && request_acct? | |
| 18 | - result = acct_hash | |
| 19 | - elsif valid_domain? && valid_uri?(params[:resource]) | |
| 20 | - result = uri_hash | |
| 16 | + unless valid_domain? | |
| 17 | + not_found! | |
| 18 | + Rails.logger.error 'Domain Not Found' | |
| 19 | + end | |
| 20 | + if request_acct? | |
| 21 | + acct_hash | |
| 22 | + elsif valid_uri?(params[:resource]) | |
| 23 | + uri_hash | |
| 21 | 24 | end |
| 22 | 25 | end |
| 23 | 26 | |
| 24 | -def valid_domain? | |
| 25 | - #validate domain if resource have acct | |
| 27 | +def domain | |
| 26 | 28 | if request_acct? |
| 27 | - domain = params[:resource].split("@")[1] | |
| 28 | - environment.domains.map(&:name).include? domain | |
| 29 | + params[:resource].split('@')[1] | |
| 29 | 30 | else |
| 30 | - domain = params[:resource].split("/")[2] | |
| 31 | - environment.domains.map(&:name).include? domain | |
| 31 | + params[:resource].split('/')[2] | |
| 32 | 32 | end |
| 33 | 33 | end |
| 34 | 34 | |
| 35 | +def valid_domain? | |
| 36 | + environment.domains.map(&:name).include? domain | |
| 37 | +end | |
| 38 | + | |
| 35 | 39 | def request_acct? |
| 36 | - params[:resource].include? "acct:" | |
| 40 | + params[:resource].include? 'acct:' | |
| 37 | 41 | end |
| 38 | 42 | |
| 39 | 43 | def acct_hash |
| 40 | 44 | acct = {} |
| 41 | 45 | acct[:subject] = params[:resource] |
| 42 | 46 | acct[:properties] = Person.find_by_identifier(extract_person_identifier) |
| 47 | + if acct[:properties].nil? | |
| 48 | + Rails.logger.error 'Person not found' | |
| 49 | + not_found! | |
| 50 | + end | |
| 43 | 51 | acct |
| 44 | 52 | end |
| 45 | 53 | |
| 46 | 54 | def extract_person_identifier |
| 47 | - params[:resource].split("@")[0].split(":")[1] | |
| 55 | + params[:resource].split('@')[0].split(':')[1] | |
| 48 | 56 | end |
| 49 | 57 | |
| 50 | 58 | def valid_uri?(url) |
| 51 | 59 | uri = URI.parse(url) |
| 52 | - uri.kind_of?(URI::HTTP) | |
| 53 | - rescue URI::BadURIError => ex | |
| 54 | - Rails.logger.error "Bad URI Error: #{ex}" | |
| 55 | - rescue URI::InvalidURIError => ex | |
| 56 | - Rails.logger.error "Invalid URI Error: #{ex}" | |
| 60 | + if uri.is_a?(URI::HTTP) | |
| 61 | + true | |
| 62 | + else | |
| 63 | + Rails.logger.error 'Bad URI Error' | |
| 64 | + not_found! | |
| 65 | + end | |
| 57 | 66 | end |
| 58 | 67 | |
| 59 | 68 | def uri_hash |
| 60 | 69 | uri = {} |
| 61 | 70 | uri[:subject] = params[:resource] |
| 62 | - entity = entity_exists?(params[:resource]) | |
| 71 | + entity = find_entity(params[:resource]) | |
| 63 | 72 | id = params[:resource].split('/').last.to_i |
| 64 | - uri[:properties] = entity.classify.constantize.find(id) | |
| 73 | + begin | |
| 74 | + uri[:properties] = entity.classify.constantize.find(id) | |
| 75 | + rescue ActiveRecord::RecordNotFound | |
| 76 | + Rails.logger.error "Entity: #{entity} with id: #{id} not found" | |
| 77 | + not_found! | |
| 78 | + end | |
| 65 | 79 | uri |
| 66 | 80 | end |
| 67 | 81 | |
| 68 | -def entity_exists?(uri) | |
| 82 | +def find_entity(uri) | |
| 69 | 83 | possible_entity = uri.split('/') |
| 70 | - possible_entity.map! {|entity| "#{entity}s"} | |
| 71 | - ( ActiveRecord::Base.connection.tables & possible_entity ).first | |
| 72 | - rescue ActiveRecord::RecordNotFound => ex | |
| 73 | - Rails.logger.error "Entity not found on records: #{ex}" | |
| 84 | + possible_entity.map! { |entity| "#{entity}s" } | |
| 85 | + entity = (ActiveRecord::Base.connection.tables & possible_entity).first | |
| 86 | + unless entity | |
| 87 | + Rails.logger.error 'Entity not found on records' | |
| 88 | + not_found! | |
| 89 | + end | |
| 90 | + entity | |
| 74 | 91 | end | ... | ... |
test/api/federation/webfinger_test.rb
| 1 | 1 | require_relative '../test_helper' |
| 2 | 2 | |
| 3 | 3 | class WebfingerTest < ActiveSupport::TestCase |
| 4 | - | |
| 5 | 4 | def setup |
| 5 | + Domain.create(name: 'example.com') | |
| 6 | + Environment.default.domains << Domain.last | |
| 6 | 7 | login_api |
| 7 | 8 | end |
| 8 | 9 | |
| ... | ... | @@ -13,10 +14,40 @@ class WebfingerTest < ActiveSupport::TestCase |
| 13 | 14 | assert_equal webfinger['subject'], 'acct:ze@example.com' |
| 14 | 15 | end |
| 15 | 16 | |
| 17 | + should 'not return json when user not found' do | |
| 18 | + invalid_user = 'invalid_user_in_url' | |
| 19 | + get ".well-known/webfinger?resource=acct%3A#{invalid_user}%40example.com" | |
| 20 | + assert_equal 404, last_response.status | |
| 21 | + end | |
| 22 | + | |
| 16 | 23 | should 'return correct article via webfinger url' do |
| 17 | - get '.well-known/webfinger?resource=http://example.com/article/id/1' | |
| 24 | + a = fast_create(Article, name: 'my article', profile_id: 1) | |
| 25 | + a.save | |
| 26 | + get ".well-known/webfinger?resource=http://example.com/article/id/#{a.id}" | |
| 18 | 27 | webfinger = JSON.parse(last_response.body) |
| 19 | 28 | assert_equal 200, last_response.status |
| 20 | - assert_equal webfinger['subject'], 'http://example.com/article/id/1' | |
| 29 | + assert_equal webfinger['subject'], "http://example.com/article/id/#{a.id}" | |
| 30 | + end | |
| 31 | + | |
| 32 | + should 'not return json when domain is invalid' do | |
| 33 | + invalid_domain = 'doest_not_exist.com' | |
| 34 | + get ".well-known/webfinger?resource=http://#{invalid_domain}/article/id/1" | |
| 35 | + assert_equal 404, last_response.status | |
| 36 | + end | |
| 37 | + | |
| 38 | + should 'not return json when entity is not found' do | |
| 39 | + get '.well-known/webfinger?resource=http://example.com/article/id/999999' | |
| 40 | + assert_equal 404, last_response.status | |
| 41 | + end | |
| 42 | + | |
| 43 | + should 'not return json when entity does not exist' do | |
| 44 | + get '.well-known/webfinger?resource=http://example.com/doest_not_exist/id/1' | |
| 45 | + assert_equal 404, last_response.status | |
| 46 | + end | |
| 47 | + | |
| 48 | + should 'not return json when request is not http' do | |
| 49 | + not_http_url = 'kkttc://example.com/article/id/1' | |
| 50 | + get ".well-known/webfinger?resource=#{not_http_url}" | |
| 51 | + assert_equal 404, last_response.status | |
| 21 | 52 | end |
| 22 | 53 | end | ... | ... |