diff --git a/config/environments/development.rb b/config/environments/development.rb index ef22a19ba4..59c68f98f7 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,4 +1,4 @@ -require "active_support/core_ext/integer/time" +require 'active_support/core_ext/integer/time' Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -7,7 +7,7 @@ # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.enable_reloading = true - # if the dev enviornemnt not running localy this config is needed e.g. workspaces + # if the dev enviornemnt not running localy this config is needed e.g. workspaces config.hosts << /.*\.cloud\.sap/ # Do not eager load code on boot. @@ -23,13 +23,13 @@ # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. - if Rails.root.join("tmp/caching-dev.txt").exist? + if Rails.root.join('tmp/caching-dev.txt').exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{2.days.to_i}" + 'Cache-Control' => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false @@ -79,7 +79,7 @@ config.action_controller.raise_on_missing_callback_actions = true # Allow web console access from any IP this is ok in development 🙃 - config.web_console.whitelisted_ips = '0.0.0.0/0' + config.web_console.allowed_ips = '0.0.0.0/0' # Mailer configuration for inquiries/requests config.action_mailer.perform_deliveries = false @@ -92,23 +92,22 @@ if ENV['ACTIVE_RECORD_QUIET'] ActiveRecord::Base.logger = Rails.logger.clone ActiveRecord::Base.logger.level = Logger::INFO - puts "=> ActiveRecord Logging: QUIET" + puts '=> ActiveRecord Logging: QUIET' end end # routes, locales, etc. This feature depends on the listen gem. config.file_watcher = ActiveSupport::EventedFileUpdateChecker - puts "=> Elektron Logging: QUIET" if ENV['ELEKTRON_QUIET'] + puts '=> Elektron Logging: QUIET' if ENV['ELEKTRON_QUIET'] # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true - + # Uncomment this line when testing email service # When generating URLs (like admin_inquiries_url) from a background job or a mailer, you need to tell Rails what host to use from rails c. # config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } # Enable stdout logger config.logger = Logger.new(STDOUT) - end diff --git a/config/initializers/secret_key_base.rb b/config/initializers/secret_key_base.rb new file mode 100644 index 0000000000..968e14b3e6 --- /dev/null +++ b/config/initializers/secret_key_base.rb @@ -0,0 +1,19 @@ +# Configure secret_key_base for Rails 7.1+ +# This replaces the deprecated config/secrets.yml file + +Rails.application.configure do + # Set secret_key_base from environment or generate a test key + config.secret_key_base = case Rails.env + when 'production' + ENV['MONSOON_RAILS_SECRET_TOKEN'] || raise('MONSOON_RAILS_SECRET_TOKEN environment variable must be set in production') + when 'test' + # Generate a consistent test key + '4a49f663c106f4f502f0bf5b48ae7f3f8d08b51875dda2b87611c80050f57345dea5c97dc310b900161e1bdf98787ced3eaf75b3353b8efb80a05ad78d2ea6ba' + when 'development' + # Generate a consistent development key + '2fbd53431148199e61690926ffa721dc620f22c8fb923a7a87987bf313aa890e046c7e6d164be855d8519b7ca280e8156d0b55b78f43d6751dc39c17c88a0078' + else + # For other environments, try ENV or generate + ENV['SECRET_KEY_BASE'] || SecureRandom.hex(64) + end +end diff --git a/config/secrets.yml b/config/secrets.yml deleted file mode 100644 index d3cb266034..0000000000 --- a/config/secrets.yml +++ /dev/null @@ -1,32 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Your secret key is used for verifying the integrity of signed cookies. -# If you change this key, all old signed cookies will become invalid! - -# Make sure the secret is at least 30 characters and all random, -# no regular words or you'll be exposed to dictionary attacks. -# You can use `rails secret` to generate a secure secret key. - -# Make sure the secrets in this file are kept private -# if you're sharing your code publicly. - -# Shared secrets are available across all environments. - -# shared: -# api_key: a1B2c3D4e5F6 - -# Environmental secrets are only available for that specific environment. - -development: - secret_key_base: 2fbd53431148199e61690926ffa721dc620f22c8fb923a7a87987bf313aa890e046c7e6d164be855d8519b7ca280e8156d0b55b78f43d6751dc39c17c88a0078 - -test: - secret_key_base: 4a49f663c106f4f502f0bf5b48ae7f3f8d08b51875dda2b87611c80050f57345dea5c97dc310b900161e1bdf98787ced3eaf75b3353b8efb80a05ad78d2ea6ba - -# Do not keep production secrets in the unencrypted secrets file. -# Instead, either read values from the environment. -# Or, use `bin/rails secrets:setup` to configure encrypted secrets -# and move the `production:` environment over there. - -production: - secret_key_base: <%= ENV["MONSOON_RAILS_SECRET_TOKEN"] %> diff --git a/plugins/metrics/test/test_helper.rb b/plugins/metrics/test/test_helper.rb index b256102c75..ce800fedb2 100644 --- a/plugins/metrics/test/test_helper.rb +++ b/plugins/metrics/test/test_helper.rb @@ -1,24 +1,24 @@ -require File.expand_path("../../test/dummy/config/environment.rb", __FILE__) +require File.expand_path('../test/dummy/config/environment.rb', __dir__) ActiveRecord::Migrator.migrations_paths = [ - File.expand_path("../../test/dummy/db/migrate", __FILE__), + File.expand_path('../test/dummy/db/migrate', __dir__) ] ActiveRecord::Migrator.migrations_paths << File.expand_path( - "../../db/migrate", - __FILE__, + '../db/migrate', + __dir__ ) -require "rails/test_help" +require 'rails/test_help' # Filter out Minitest backtrace while allowing backtrace from other libraries # to be shown. Minitest.backtrace_filter = Minitest::BacktraceFilter.new # Load fixtures from the engine -if ActiveSupport::TestCase.respond_to?(:fixture_path=) - ActiveSupport::TestCase.fixture_path = - File.expand_path("../fixtures", __FILE__) - ActionDispatch::IntegrationTest.fixture_path = - ActiveSupport::TestCase.fixture_path +if ActiveSupport::TestCase.respond_to?(:fixture_paths=) + ActiveSupport::TestCase.fixture_paths = + [File.expand_path('fixtures', __dir__)] + ActionDispatch::IntegrationTest.fixture_paths = + ActiveSupport::TestCase.fixture_paths ActiveSupport::TestCase.file_fixture_path = - ActiveSupport::TestCase.fixture_path + "/files" + ActiveSupport::TestCase.fixture_paths.first + '/files' ActiveSupport::TestCase.fixtures :all end diff --git a/plugins/monsoon-openstack-auth/lib/monsoon_openstack_auth/authentication/auth_session.rb b/plugins/monsoon-openstack-auth/lib/monsoon_openstack_auth/authentication/auth_session.rb index fcbe400c0c..b64a411e94 100644 --- a/plugins/monsoon-openstack-auth/lib/monsoon_openstack_auth/authentication/auth_session.rb +++ b/plugins/monsoon-openstack-auth/lib/monsoon_openstack_auth/authentication/auth_session.rb @@ -76,8 +76,6 @@ def create_from_login_form(controller, username, password, options = {}) { domain: domain_id } elsif domain_name && !domain_name.empty? { domain_name: domain_name } - else - nil end # reset session-id for Session Fixation @@ -123,7 +121,7 @@ def reset_session(controller) return unless token_store dump = token_store.dump - controller.send('reset_session') + controller.send(:reset_session) token_store.restore(dump) end @@ -146,7 +144,7 @@ def token_store(controller) def two_factor_cookie_valid?(controller) return false unless controller.request.cookies[TWO_FACTOR_AUTHENTICATION] - crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31]) + crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secret_key_base[0..31]) value = begin crypt.decrypt_and_verify(controller.request.cookies[TWO_FACTOR_AUTHENTICATION]) rescue StandardError @@ -157,7 +155,7 @@ def two_factor_cookie_valid?(controller) # set cookie for two factor authentication def set_two_factor_cookie(controller) - crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31]) + crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secret_key_base[0..31]) value = crypt.encrypt_and_sign('valid') controller.response.set_cookie(TWO_FACTOR_AUTHENTICATION, { value: value, expires: Time.now + 4.hours, path: '/', domain: '.cloud.sap' }) @@ -190,7 +188,7 @@ def rescope_token(requested_scope = @scope) return unless token # token = @session_store.token - domain = token[:domain] + domain = token[:domain] project = token[:project] if requested_scope[:project] @@ -283,7 +281,7 @@ def validate_auth_token # end rescue StandardError => e class_name = e.class.name - if class_name.start_with?('Excon') or class_name.start_with?('Fog') + if class_name.start_with?('Excon', 'Fog') MonsoonOpenstackAuth.logger.error "token validation failed #{e}." else MonsoonOpenstackAuth.logger.error "unknown error #{e}." @@ -305,7 +303,6 @@ def validate_http_basic # basic auth is allowed begin basic_auth_presented = false - user = nil @controller.authenticate_with_http_basic do |username, password| # basic auth is presented basic_auth_presented = true @@ -425,8 +422,6 @@ def validate_access_key return false end - user = nil - access_key = params[:access_key] || params[:rails_auth_token] if access_key token = @api_client.authenticate_with_access_key(access_key) @@ -494,6 +489,7 @@ def login_auth_token(auth_token) end return false unless auth_token + begin # create auth token token = @api_client.authenticate_with_token(auth_token) diff --git a/plugins/monsoon-openstack-auth/spec/lib/monsoon_openstack_auth/authentication/auth_session_spec.rb b/plugins/monsoon-openstack-auth/spec/lib/monsoon_openstack_auth/authentication/auth_session_spec.rb index 5a7b36a8af..ab7a17522a 100644 --- a/plugins/monsoon-openstack-auth/spec/lib/monsoon_openstack_auth/authentication/auth_session_spec.rb +++ b/plugins/monsoon-openstack-auth/spec/lib/monsoon_openstack_auth/authentication/auth_session_spec.rb @@ -19,10 +19,14 @@ allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:validate_token).with(test_token[:value]).and_return(test_token) allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:validate_token).with('INVALID_TOKEN').and_return(nil) - allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('test', 'secret').and_return(test_token) - allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('me', 'me').and_return(nil) - allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('test', 'test', anything).and_return(test_token) - allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_token).with(anything, anything).and_return(test_token) + allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('test', + 'secret').and_return(test_token) + allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('me', + 'me').and_return(nil) + allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('test', + 'test', anything).and_return(test_token) + allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_token).with(anything, + anything).and_return(test_token) allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_external_user).and_return(test_token) allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_access_key).with('good_key').and_return(test_token) allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_access_key).with('bad_key').and_return(nil) @@ -31,18 +35,16 @@ context 'two factor is required' do subject { MonsoonOpenstackAuth::Authentication::AuthSession } describe '::check_authentication' do - before :each do @controller = double('controller', - params: { after_login: "login", domain_id: "test" }, - request: double('request').as_null_object, - monsoon_openstack_auth: double('auth-routes'), - ) + params: { after_login: 'login', domain_id: 'test' }, + request: double('request').as_null_object, + monsoon_openstack_auth: double('auth-routes')) # Set up new_session_path to accept parameters allow(@controller.monsoon_openstack_auth).to receive(:new_session_path) do |*args| if args.any? - "http://localhost/auth/sessions/new" + 'http://localhost/auth/sessions/new' else 'http://localhost/auth/sessions/new' end @@ -59,7 +61,7 @@ it 'should redirect user to login form' do expect(@controller.monsoon_openstack_auth).to receive( :new_session_path - ).with(hash_including(domain_fid: "test", after_login: "login")) + ).with(hash_including(domain_fid: 'test', after_login: 'login')) expect(@controller).to receive(:redirect_to).with('http://localhost/auth/sessions/new', two_factor: true) subject.check_authentication(@controller, two_factor: true) end @@ -72,7 +74,7 @@ it 'should redirect user to login form' do expect(@controller.monsoon_openstack_auth).to receive(:two_factor_path) - .with(hash_including(after_login: "login", domain_fid: "test", domain_id: nil, domain_name: nil)) + .with(hash_including(after_login: 'login', domain_fid: 'test', domain_id: nil, domain_name: nil)) expect(@controller).to receive(:redirect_to).with('http://localhost/auth/sessions/passcode') subject.check_authentication(@controller, two_factor: true) end @@ -93,13 +95,17 @@ context 'included in controller', type: :controller do before do - controller.main_app.stub(:root_path).and_return('/') - controller.monsoon_openstack_auth.stub(:new_session_path).and_return('/auth/sessions/new') - controller.monsoon_openstack_auth.stub(:login_path).and_return('/auth/sessions/new') + allow(controller.main_app).to receive(:root_path).and_return('/') + allow(controller.monsoon_openstack_auth).to receive(:new_session_path).and_return('/auth/sessions/new') + allow(controller.monsoon_openstack_auth).to receive(:login_path).and_return('/auth/sessions/new') end controller(ActionController::Base) do # anonymous subclass of ActionController::Base - authentication_required region: ->(c) { c.params[:region_id] }, domain: ->(c) { c.params[:domain] }, project: ->(c) { c.params[:project] } + authentication_required region: ->(c) { c.params[:region_id] }, domain: lambda { |c| + c.params[:domain] + }, project: lambda { |c| + c.params[:project] + } def index head :ok @@ -108,11 +114,11 @@ def index context 'token auth is allowed' do before :each do - MonsoonOpenstackAuth.configuration.stub(:token_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:basic_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:sso_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:form_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:access_key_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:token_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:basic_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:sso_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:form_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:access_key_auth_allowed?) { false } end context 'no auth token presented' do @@ -157,11 +163,11 @@ def index context 'basic auth is allowed' do before :each do - MonsoonOpenstackAuth.configuration.stub(:token_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:basic_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:sso_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:form_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:access_key_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:token_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:basic_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:sso_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:form_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:access_key_auth_allowed?) { false } end context 'no basic auth presented' do @@ -184,7 +190,8 @@ def index context 'valid basic auth presented' do it 'should authenticate user' do expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).and_return({}) - request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('test', 'secret') + request.env['HTTP_AUTHORIZATION'] = + ActionController::HttpAuthentication::Basic.encode_credentials('test', 'secret') get 'index' expect(controller.current_user).not_to be(nil) end @@ -193,11 +200,11 @@ def index context 'sso auth is allowed' do before :each do - MonsoonOpenstackAuth.configuration.stub(:token_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:basic_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:sso_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:form_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:access_key_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:token_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:basic_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:sso_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:form_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:access_key_auth_allowed?) { false } end context 'no sso header presented' do @@ -224,11 +231,11 @@ def index context 'acccess_key auth is allowed' do before :each do - MonsoonOpenstackAuth.configuration.stub(:token_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:basic_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:sso_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:access_key_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:form_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:token_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:basic_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:sso_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:access_key_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:form_auth_allowed?) { false } end context 'no access key param presented' do @@ -243,7 +250,7 @@ def index it 'should authenticate user' do expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_access_key).and_return({}) - get 'index', params: {access_key: 'good_key'} + get 'index', params: { access_key: 'good_key' } expect(controller.current_user).not_to be(nil) end end @@ -252,14 +259,14 @@ def index it 'should authenticate user' do expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_access_key).and_return({}) - get 'index', params: {rails_auth_token: 'good_key'} + get 'index', params: { rails_auth_token: 'good_key' } expect(controller.current_user).not_to be(nil) end end context 'invalid access key param presented' do it "should redirect to main app's root path" do - get 'index', params: {access_key: 'bad_key'} + get 'index', params: { access_key: 'bad_key' } expect(response).to redirect_to(controller.main_app.root_path) expect(flash[:notice]).to eq 'User is not authenticated!' end @@ -267,7 +274,7 @@ def index context 'invalid rails_auth_token param presented' do it "should redirect to main app's root path" do - get 'index', params: {rails_auth_token: 'bad_key'} + get 'index', params: { rails_auth_token: 'bad_key' } expect(response).to redirect_to(controller.main_app.root_path) expect(flash[:notice]).to eq 'User is not authenticated!' end @@ -276,11 +283,11 @@ def index context 'form auth is allowed' do before :each do - MonsoonOpenstackAuth.configuration.stub(:token_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:basic_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:sso_auth_allowed?) { false } - MonsoonOpenstackAuth.configuration.stub(:form_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:access_key_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:token_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:basic_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:sso_auth_allowed?) { false } + allow(MonsoonOpenstackAuth.configuration).to receive(:form_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:access_key_auth_allowed?) { false } end context 'session token not presented' do @@ -290,7 +297,7 @@ def index end it 'should authenticate user from auth token by given domain_id' do - get 'index', params: {region_id: 'europe', domain: 'default'} + get 'index', params: { region_id: 'europe', domain: 'default' } expect(response).to redirect_to(controller.monsoon_openstack_auth.login_path('default')) end end @@ -302,7 +309,7 @@ def index end it 'should authenticate user from session token' do - get 'index', params: {domain: test_token_scope[:domain_id], project: test_token_scope[:project_id]} + get 'index', params: { domain: test_token_scope[:domain_id], project: test_token_scope[:project_id] } expect(controller.current_user).not_to be(nil) expect(controller.current_user.token).to eq(test_token[:value]) end @@ -311,11 +318,11 @@ def index context 'all auth methods are allowed' do before :each do - MonsoonOpenstackAuth.configuration.stub(:token_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:basic_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:sso_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:form_auth_allowed?) { true } - MonsoonOpenstackAuth.configuration.stub(:access_key_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:token_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:basic_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:sso_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:form_auth_allowed?) { true } + allow(MonsoonOpenstackAuth.configuration).to receive(:access_key_auth_allowed?) { true } end it 'authenticates from session' do @@ -323,7 +330,8 @@ def index @token_store.set_token(test_token) request.headers['X-Auth-Token'] = test_token[:value] - request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('test', 'secret') + request.env['HTTP_AUTHORIZATION'] = + ActionController::HttpAuthentication::Basic.encode_credentials('test', 'secret') request.env['HTTP_SSL_CLIENT_VERIFY'] = 'SUCCESS' # todo request.env['HTTP_SSL_CLIENT_CERT'] = '--a certificate--' @@ -335,14 +343,15 @@ def index expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_with_token) expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_external_user) - get 'index', params: {domain: test_token_domain, project: test_token_project} + get 'index', params: { domain: test_token_domain, project: test_token_project } expect(controller.current_user).not_to be(nil) expect(controller.current_user.token).to eq(test_token[:value]) end it 'authenticates from auth token' do request.headers['X-Auth-Token'] = test_token[:value] - request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('test', 'secret') + request.env['HTTP_AUTHORIZATION'] = + ActionController::HttpAuthentication::Basic.encode_credentials('test', 'secret') request.env['HTTP_SSL_CLIENT_VERIFY'] = 'SUCCESS' # todo request.env['HTTP_SSL_CLIENT_CERT'] = '--a certificate--' @@ -352,7 +361,7 @@ def index expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_with_token) expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_external_user) - get 'index', params: {domain: test_token_domain, project: test_token_project} + get 'index', params: { domain: test_token_domain, project: test_token_project } expect(controller.current_user).not_to be(nil) expect(controller.current_user.token).to eq(test_token[:value]) expect(MonsoonOpenstackAuth.api_client).to have_received(:validate_token) @@ -360,11 +369,12 @@ def index it 'authenticates from sso' do domain = double('domain') - domain.stub(:id).and_return('o-default') + allow(domain).to receive(:id).and_return('o-default') allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:domain_by_name).with('default').and_return(domain) - request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('test', 'secret') + request.env['HTTP_AUTHORIZATION'] = + ActionController::HttpAuthentication::Basic.encode_credentials('test', 'secret') request.env['HTTP_SSL_CLIENT_VERIFY'] = 'SUCCESS' # TODO request.env['HTTP_SSL_CLIENT_CERT'] = '--a certificate--' @@ -374,7 +384,7 @@ def index expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_with_token) expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_with_credentials) - get 'index', params: {domain: test_token_domain, project: test_token_project} + get 'index', params: { domain: test_token_domain, project: test_token_project } expect(controller.current_user).not_to be(nil) expect(controller.current_user.token).to eq(test_token[:value]) expect(MonsoonOpenstackAuth.api_client).to have_received( @@ -389,7 +399,7 @@ def index it 'authenticate from sso ignoring domain' do domain = double('domain') - domain.stub(:id).and_return('o-default') + allow(domain).to receive(:id).and_return('o-default') allow_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive( :domain_by_name @@ -408,7 +418,7 @@ def index expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_with_token) expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_with_credentials) - get 'index', params: {domain: test_token_domain, project: test_token_project} + get 'index', params: { domain: test_token_domain, project: test_token_project } expect(controller.current_user).not_to be(nil) expect(controller.current_user.token).to eq(test_token[:value]) @@ -429,7 +439,7 @@ def index expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_with_credentials) expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).not_to receive(:authenticate_external_user) - get 'index', params: {access_key: 'good_key', domain: test_token_domain, project: test_token_project} + get 'index', params: { access_key: 'good_key', domain: test_token_domain, project: test_token_project } expect(controller.current_user).not_to be(nil) expect(controller.current_user.token).to eq(test_token[:value]) expect(MonsoonOpenstackAuth.api_client).to have_received(:authenticate_with_access_key) @@ -439,21 +449,29 @@ def index describe '::create_from_login_form' do context 'domain_name is nil' do it 'should call authenticate using id and password' do - expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('test', 'test', nil) + expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with( + 'test', 'test', nil + ) MonsoonOpenstackAuth::Authentication::AuthSession.create_from_login_form(controller, 'test', 'test') end end context 'domain_id is not nil' do it 'should call authenticate using id and password' do - expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('test', 'test', domain: 'test_domain') - MonsoonOpenstackAuth::Authentication::AuthSession.create_from_login_form(controller, 'test', 'test', domain_id: 'test_domain') + expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with( + 'test', 'test', domain: 'test_domain' + ) + MonsoonOpenstackAuth::Authentication::AuthSession.create_from_login_form(controller, 'test', 'test', + domain_id: 'test_domain') end end context 'domain_name is not nil' do it 'should call authenticate using id and password' do # allow(@driver).to receive(:authenticate).with({ auth: { identity: { methods: ["password"], password:{user: {name: 'test', password: 'test', domain: {id: 'test_domain'} } } } } }) - expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with('test', 'test', domain_name: 'test_domain') - MonsoonOpenstackAuth::Authentication::AuthSession.create_from_login_form(controller, 'test', 'test', domain_name: 'test_domain') + expect_any_instance_of(MonsoonOpenstackAuth::ApiClient).to receive(:authenticate_with_credentials).with( + 'test', 'test', domain_name: 'test_domain' + ) + MonsoonOpenstackAuth::Authentication::AuthSession.create_from_login_form(controller, 'test', 'test', + domain_name: 'test_domain') end end end @@ -464,7 +482,8 @@ def index allow_any_instance_of(MonsoonOpenstackAuth::Authentication::AuthSession).to receive(:authenticated?).and_return(false) expect do - MonsoonOpenstackAuth::Authentication::AuthSession.check_authentication(controller, domain: 'aaa', project: 'bbb', raise_error: true) + MonsoonOpenstackAuth::Authentication::AuthSession.check_authentication(controller, domain: 'aaa', + project: 'bbb', raise_error: true) end.to raise_error(MonsoonOpenstackAuth::Authentication::NotAuthorized) end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index ebbd65a03a..07b5c3f5b9 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,17 +1,17 @@ # frozen_string_literal: true # rspec does not load sassc gem. I don't why, but this hack helps! -require File.join(Gem.loaded_specs["sassc"].full_gem_path, "lib/sassc") +require File.join(Gem.loaded_specs['sassc'].full_gem_path, 'lib/sassc') # This file is copied to spec/ when you run 'rails generate rspec:install' -ENV["RAILS_ENV"] ||= "test" -require File.expand_path("../config/environment", __dir__) -require "rspec/rails" +ENV['RAILS_ENV'] ||= 'test' +require File.expand_path('../config/environment', __dir__) +require 'rspec/rails' require File.join( - Gem.loaded_specs["monsoon-openstack-auth"].full_gem_path, - "spec/support/authentication_stub", - ) + Gem.loaded_specs['monsoon-openstack-auth'].full_gem_path, + 'spec/support/authentication_stub' +) # Requires supporting ruby files with custom matchers and macros, etc, in # spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are @@ -20,7 +20,7 @@ # run twice. It is recommended that you do not name files matching this glob to # end with _spec.rb. You can configure this pattern with with the --pattern # option on the command line or in ~/.rspec, .rspec or `.rspec-local`. -Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f } +Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f } # Checks for pending migrations before tests are run. # If you are not using ActiveRecord, you can remove this line. @@ -31,7 +31,7 @@ module AuthFirstOrdering def self.order(examples) auth_examples = [] other_examples = [] - + examples.each do |example| file_path = example.metadata[:example_group][:file_path] if file_path.include?('plugins/monsoon-openstack-auth') @@ -40,15 +40,14 @@ def self.order(examples) other_examples << example end end - + puts "Auth plugin tests: #{auth_examples.length}, Other tests: #{other_examples.length}" - + # Return auth tests first, then others auth_examples + other_examples end end - RSpec.configure do |config| config.full_backtrace = false @@ -61,7 +60,7 @@ def self.order(examples) # config.mock_with :rr # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures - config.fixture_path = "#{::Rails.root}/spec/fixtures" + config.fixture_paths = ["#{::Rails.root}/spec/fixtures"] # If you're not using ActiveRecord, or you'd prefer not to run each of your # examples within a transaction, remove the following line or assign false @@ -78,9 +77,9 @@ def self.order(examples) # the seed, which is printed after each run. # --seed 1234 - # Custom order: Run monsoon-openstack-auth tests first to prevent authentication + # Custom order: Run monsoon-openstack-auth tests first to prevent authentication # stub pollution. Other plugins (lbaas2, email) modify authentication_stub data, - # but random order can cause auth tests to reset stubs mid-execution, leading + # but random order can cause auth tests to reset stubs mid-execution, leading # to flaky tests and state pollution between plugins. config.register_ordering :auth_first do |examples| auth_tests, other_tests = examples.partition do |example| @@ -115,11 +114,11 @@ def self.order(examples) # set test config variables Rails.configuration.keystone_endpoint = - "http://localhost:8183/v3/auth/tokens" - Rails.configuration.default_region = "europe" - Rails.configuration.service_user_id = "test" - Rails.configuration.service_user_password = "test" - Rails.configuration.service_user_domain_name = "test" + 'http://localhost:8183/v3/auth/tokens' + Rails.configuration.default_region = 'europe' + Rails.configuration.service_user_id = 'test' + Rails.configuration.service_user_password = 'test' + Rails.configuration.service_user_domain_name = 'test' end config.after(:all) { DatabaseCleaner.clean } @@ -128,35 +127,33 @@ def self.order(examples) # stub region detection region = - ( - AuthenticationStub.test_token["catalog"].first["endpoints"].first[ - "region" + AuthenticationStub.test_token['catalog'].first['endpoints'].first[ + 'region' ] || - AuthenticationStub.test_token["catalog"].first["endpoints"].first[ - "region_id" - ] - ) + AuthenticationStub.test_token['catalog'].first['endpoints'].first[ + 'region_id' + ] allow(Core).to receive(:locate_region).and_return(region) # stub service user and cloud admin service_user = double( - "service_user", - id: "123", - name: "service_user_name", - email: "service_user_email", - full_name: "service_user_fullname", + 'service_user', + id: '123', + name: 'service_user_name', + email: 'service_user_email', + full_name: 'service_user_fullname' ).as_null_object - cloud_admin = double("cloud_admin").as_null_object + cloud_admin = double('cloud_admin').as_null_object # allow_any_instance_of(ServiceLayer::IdentityService) # .to receive(:has_domain_access).and_return true # allow_any_instance_of(ServiceLayer::IdentityService) # .to receive(:has_project_access).and_return true - user_identity = double("user identity service").as_null_object + user_identity = double('user identity service').as_null_object allow_any_instance_of(::ApplicationController).to receive( - :services, + :services ).and_wrap_original do |m| services = m.call allow(services).to receive(:identity).and_return user_identity @@ -167,20 +164,20 @@ def self.order(examples) allow(user_identity).to receive(:has_project_access).and_return true allow_any_instance_of(::ApplicationController).to receive( - :service_user, + :service_user ).and_return(service_user) allow_any_instance_of(::ApplicationController).to receive( - :cloud_admin, + :cloud_admin ).and_return(cloud_admin) # stub user_projects which is called in each request allow_any_instance_of(::DashboardController).to receive( - :load_active_project, + :load_active_project ).and_return([]) # stub check_terms_of_use which is called in each request allow_any_instance_of(::DashboardController).to receive( - :check_terms_of_use, + :check_terms_of_use ).and_return(true) end end