122 lines
3.1 KiB
Lua
122 lines
3.1 KiB
Lua
|
|
||
|
_G.spy = spy
|
||
|
local mock_env = require("spec.env_mock")
|
||
|
|
||
|
describe("smr login",function()
|
||
|
setup(mock_env.setup)
|
||
|
teardown(mock_env.teardown)
|
||
|
it("should allow someone to claim an account",function()
|
||
|
mock_env.mockdb()
|
||
|
local claim_post = require("endpoints.claim_post")
|
||
|
configure()
|
||
|
claim_req = {
|
||
|
method = "POST",
|
||
|
host = "test.host",
|
||
|
path = "/_claim",
|
||
|
args = {
|
||
|
user = "user"
|
||
|
}
|
||
|
}
|
||
|
claim_post(claim_req)
|
||
|
assert(
|
||
|
claim_req.responsecode == 200,
|
||
|
"Login did not respond with a 200 code"
|
||
|
)
|
||
|
assert(
|
||
|
claim_req.response_headers,
|
||
|
"Login did not have response headers."
|
||
|
)
|
||
|
assert(
|
||
|
claim_req.response_headers["Content-Disposition"],
|
||
|
"Login did not have a Content Disposition header to set filename"
|
||
|
)
|
||
|
assert(
|
||
|
string.find(claim_req.response_headers["Content-Disposition"],"attachment"),
|
||
|
"Login did not mark passfile as an attachment"
|
||
|
)
|
||
|
assert(
|
||
|
claim_req.response_headers["Content-Disposition"]:find(".passfile"),
|
||
|
"Login did not name the returned file with the .passfile extension."
|
||
|
)
|
||
|
assert(
|
||
|
claim_req.response_headers["Content-Type"],
|
||
|
"Login did not respond with a Content-Type"
|
||
|
)
|
||
|
assert(
|
||
|
claim_req.response_headers["Content-Type"] == "application/octet-stream",
|
||
|
"Login did not mark Content-Type correctly (application/octet-stream)"
|
||
|
)
|
||
|
assert(
|
||
|
claim_req.response,
|
||
|
"Login did not return a passfile"
|
||
|
)
|
||
|
end)
|
||
|
it("should give a session cookie when logging in with a user",function()
|
||
|
mock_env.mockdb()
|
||
|
local claim_post = require("endpoints.claim_post")
|
||
|
local login_post = require("endpoints.login_post")
|
||
|
local config = require("config")
|
||
|
configure()
|
||
|
local claim_req = {
|
||
|
method = "POST",
|
||
|
host = "test.host",
|
||
|
path = "/_claim",
|
||
|
args = {
|
||
|
user = "user"
|
||
|
}
|
||
|
}
|
||
|
claim_post(claim_req)
|
||
|
login_req = {
|
||
|
method = "POST",
|
||
|
host = "test.host",
|
||
|
path = "/_login",
|
||
|
args = {
|
||
|
user = "user"
|
||
|
},
|
||
|
file = {
|
||
|
pass = claim_req.response
|
||
|
}
|
||
|
}
|
||
|
login_post(login_req)
|
||
|
local code = login_req.responsecode
|
||
|
assert(
|
||
|
code >= 300 and code <= 400,
|
||
|
"Sucessful login should redirect the user"
|
||
|
)
|
||
|
assert(
|
||
|
login_req.response_headers,
|
||
|
"Sucessful login should have response headers"
|
||
|
)
|
||
|
assert(
|
||
|
login_req.response_headers["set-cookie"],
|
||
|
"Sucessful login should set a cookie on the client"
|
||
|
)
|
||
|
local cookie = login_req.response_headers["set-cookie"]
|
||
|
local domain_noport = string.match(config.domain,"(.-):?%d*$")
|
||
|
assert(
|
||
|
string.find(cookie,"session="),
|
||
|
"Sucessful login should set a cookie named 'session'"
|
||
|
)
|
||
|
assert(
|
||
|
string.find(cookie,"Domain="..domain_noport),
|
||
|
"Cookies should only be set for the configured domain"
|
||
|
)
|
||
|
assert(
|
||
|
string.find(cookie,"HttpOnly"),
|
||
|
"Cookies should have the HttpOnly flag set"
|
||
|
)
|
||
|
assert(
|
||
|
string.find(cookie,"Secure"),
|
||
|
"Cookies should have the secure flag set"
|
||
|
)
|
||
|
assert(
|
||
|
login_req.response_headers["Location"],
|
||
|
"Sucessful login should redirect to a location"
|
||
|
)
|
||
|
assert(
|
||
|
login_req.response_headers["Location"] == "https://user." .. config.domain,
|
||
|
"Login redirect should get domain from config file"
|
||
|
)
|
||
|
end)
|
||
|
end)
|