_G.spy = spy local mock_env = require("spec.env_mock") describe("smr login",function() setup(mock_env.setup) teardown(mock_env.teardown) it("should allow someone to claim an account",function() mock_env.mockdb() local claim_post = require("endpoints.claim_post") configure() claim_req = { method = "POST", host = "test.host", path = "/_claim", args = { user = "user" } } claim_post(claim_req) assert( claim_req.responsecode == 200, "Login did not respond with a 200 code" ) assert( claim_req.response_headers, "Login did not have response headers." ) assert( claim_req.response_headers["Content-Disposition"], "Login did not have a Content Disposition header to set filename" ) assert( string.find(claim_req.response_headers["Content-Disposition"],"attachment"), "Login did not mark passfile as an attachment" ) assert( claim_req.response_headers["Content-Disposition"]:find(".passfile"), "Login did not name the returned file with the .passfile extension." ) assert( claim_req.response_headers["Content-Type"], "Login did not respond with a Content-Type" ) assert( claim_req.response_headers["Content-Type"] == "application/octet-stream", "Login did not mark Content-Type correctly (application/octet-stream)" ) assert( claim_req.response, "Login did not return a passfile" ) end) it("should give a session cookie when logging in with a user",function() mock_env.mockdb() local claim_post = require("endpoints.claim_post") local login_post = require("endpoints.login_post") local config = require("config") configure() local claim_req = { method = "POST", host = "test.host", path = "/_claim", args = { user = "user" } } claim_post(claim_req) login_req = { method = "POST", host = "test.host", path = "/_login", args = { user = "user" }, file = { pass = claim_req.response } } login_post(login_req) local code = login_req.responsecode assert( code >= 300 and code <= 400, "Sucessful login should redirect the user" ) assert( login_req.response_headers, "Sucessful login should have response headers" ) assert( login_req.response_headers["set-cookie"], "Sucessful login should set a cookie on the client" ) local cookie = login_req.response_headers["set-cookie"] local domain_noport = string.match(config.domain,"(.-):?%d*$") assert( string.find(cookie,"session="), "Sucessful login should set a cookie named 'session'" ) assert( string.find(cookie,"Domain="..domain_noport), "Cookies should only be set for the configured domain" ) assert( string.find(cookie,"HttpOnly"), "Cookies should have the HttpOnly flag set" ) assert( string.find(cookie,"Secure"), "Cookies should have the secure flag set" ) assert( login_req.response_headers["Location"], "Sucessful login should redirect to a location" ) assert( login_req.response_headers["Location"] == "https://user." .. config.domain, "Login redirect should get domain from config file" ) end) end)