From 2f9d3b0e1f2797759e0cffc1768cc8e216f503d3 Mon Sep 17 00:00:00 2001 From: Geoff Wilson Date: Sat, 24 Aug 2024 16:08:09 -0400 Subject: [PATCH] Added test for domain_ownership logic --- app/lib/services/domain_ownership_service.rb | 1 + app/models/domain_info.rb | 2 +- .../services/domain_ownership_service_test.rb | 46 +++++++++++++++++++ test/models/cert_isssue_request_test.rb | 1 - test/test_helper.rb | 2 + 5 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 test/lib/services/domain_ownership_service_test.rb diff --git a/app/lib/services/domain_ownership_service.rb b/app/lib/services/domain_ownership_service.rb index e31bca1..16b1a12 100644 --- a/app/lib/services/domain_ownership_service.rb +++ b/app/lib/services/domain_ownership_service.rb @@ -8,6 +8,7 @@ def authorize!(identity, cert_req) (domain.group_delegation && (domain.groups & identity.groups).any?)) end + nil end private diff --git a/app/models/domain_info.rb b/app/models/domain_info.rb index f176757..ce724d5 100644 --- a/app/models/domain_info.rb +++ b/app/models/domain_info.rb @@ -4,5 +4,5 @@ class DomainInfo attribute :owner, :string attribute :groups, array: :string, default: [] - attribute :group_delegation, :bool, default: false + attribute :group_delegation, :boolean, default: false end diff --git a/test/lib/services/domain_ownership_service_test.rb b/test/lib/services/domain_ownership_service_test.rb new file mode 100644 index 0000000..1568f7a --- /dev/null +++ b/test/lib/services/domain_ownership_service_test.rb @@ -0,0 +1,46 @@ +require "test_helper" + +class DomainOwnershipServiceTest < ActiveSupport::TestCase + def setup + @identity = Identity.new(subject: "test@example.com", groups: ["admin_group"]) + @domain = DomainInfo.new(owner: "test@example.com", group_delegation: false, groups: ["admin_group"]) + end + + test "#authorize! with matching owner" do + ds = Services::DomainOwnershipService.new + ds.stub :get_domain_name, @domain do + assert_nil(ds.authorize!(@identity, CertIssueRequest.new)) + end + end + + test "#authorize! with non-matching owner" do + ds = Services::DomainOwnershipService.new + @domain.owner = "different_owner@example.com" + ds.stub :get_domain_name, @domain do + assert_raises(AuthError) do + ds.authorize!(@identity, CertIssueRequest.new) + end + end + end + + test "#authorize! with matching group" do + ds = Services::DomainOwnershipService.new + @domain.owner = "different_owner@example.com" + @domain.group_delegation = true + ds.stub :get_domain_name, @domain do + assert_nil(ds.authorize!(@identity, CertIssueRequest.new)) + end + end + + test "#authorize! with non-matching group" do + ds = Services::DomainOwnershipService.new + @domain.owner = "different_owner@example.com" + @identity.groups = ["different_group"] + ds.stub :get_domain_name, @domain do + assert_raises(AuthError) do + ds.authorize!(@identity, CertIssueRequest.new) + end + end + end + +end diff --git a/test/models/cert_isssue_request_test.rb b/test/models/cert_isssue_request_test.rb index 8738915..060ef95 100644 --- a/test/models/cert_isssue_request_test.rb +++ b/test/models/cert_isssue_request_test.rb @@ -70,7 +70,6 @@ def setup assert_not @cert_issue_request.valid? end - test "fqdns should return alt_names plus common_name" do assert_equal [ "alt1.example.com", "alt2.example.com", "example.com" ], @cert_issue_request.fqdns end diff --git a/test/test_helper.rb b/test/test_helper.rb index 0c22470..c89aa89 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -1,6 +1,8 @@ ENV["RAILS_ENV"] ||= "test" require_relative "../config/environment" require "rails/test_help" +require "minitest" +require "minitest/mock" module ActiveSupport class TestCase