diff --git a/test/integration/secrets_test.rb b/test/integration/secrets_test.rb index ae63b47..beb461c 100644 --- a/test/integration/secrets_test.rb +++ b/test/integration/secrets_test.rb @@ -1,6 +1,14 @@ require "test_helper" class SecretsTest < ActionDispatch::IntegrationTest + setup do + jwt_json = unique_jwt + @jwt_groups = jwt_json["groups"] + @jwt_authorized = make_signed_jwt(jwt_json) + jwt_read_group_json = unique_jwt.tap { |h| h["groups"] = @jwt_groups } + @jwt_read_group = make_signed_jwt(jwt_read_group_json) + end + test "#create unauthorized" do post secrets_path assert_response :unauthorized @@ -22,7 +30,7 @@ class SecretsTest < ActionDispatch::IntegrationTest test "#update an existing secret with same user is authorized" do existing_path = create_secret assert_response :success - create_secret(jwt_authorized, existing_path) + create_secret(@jwt_authorized, existing_path) assert_response :success end @@ -36,7 +44,7 @@ class SecretsTest < ActionDispatch::IntegrationTest test "#show" do path = create_secret # view the secret - get secret_path(path), headers: { "Authorization" => "Bearer #{jwt_authorized}" } + get secret_path(path), headers: { "Authorization" => "Bearer #{@jwt_authorized}" } assert_response :success %w[ data metadata lease_id ].each do |key| assert_includes response.parsed_body["secret"].keys, key @@ -46,7 +54,7 @@ class SecretsTest < ActionDispatch::IntegrationTest test "#show with read_group is authorized" do path = create_secret # view the secret - get secret_path(path), headers: { "Authorization" => "Bearer #{jwt_read_group}" } + get secret_path(path), headers: { "Authorization" => "Bearer #{@jwt_read_group}" } assert_response :success %w[ data metadata lease_id ].each do |key| assert_includes response.parsed_body["secret"].keys, key @@ -56,23 +64,28 @@ class SecretsTest < ActionDispatch::IntegrationTest test "#delete" do path = create_secret # delete the secret - delete destroy_secret_path(path), headers: { "Authorization" => "Bearer #{jwt_authorized}" } + delete destroy_secret_path(path), headers: { "Authorization" => "Bearer #{@jwt_authorized}" } assert_response :success end test "#delete with a read-authorized user is unauthorized" do path = create_secret # delete the secret - delete destroy_secret_path(path), headers: { "Authorization" => "Bearer #{jwt_read_group}" } + delete destroy_secret_path(path), headers: { "Authorization" => "Bearer #{@jwt_read_group}" } assert_response :unauthorized end private - def create_secret(jwt = jwt_authorized, path = "top/secret/#{SecureRandom.hex}") + def create_secret(jwt = @jwt_authorized, path = "top/secret/#{SecureRandom.hex}", groups = @jwt_groups) # create the secret post secrets_path, headers: { "Authorization" => "Bearer #{jwt}" }, - params: { secret: { path: path, data: { password: "sicr3t" }, groups: "read_group" } } + params: { secret: { path: path, data: { password: "sicr3t" }, groups: groups.join(",") } } path end + + def unique_jwt + { "sub"=>SecureRandom.hex, "name"=>"John Doe", "iat"=>1516239022, + "groups"=>[ SecureRandom.hex ], "aud"=>"astral" } + end end diff --git a/test/test_helper.rb b/test/test_helper.rb index ad9629b..a54f73b 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -14,8 +14,13 @@ class TestCase fixtures :all # Helper methods + + def make_signed_jwt(json) + JWT.encode(json, Config[:jwt_signing_key]) + end + def jwt_authorized - @@authorized_token ||= JWT.encode(@@authorized_data, Config[:jwt_signing_key]) + @@authorized_token ||= make_signed_jwt(@@authorized_data) end def jwt_unauthorized @@ -23,7 +28,7 @@ def jwt_unauthorized end def jwt_read_group - @@read_group_token ||= JWT.encode(@@read_group_data, Config[:jwt_signing_key]) + @@read_group_token ||= make_signed_jwt(@@read_group_data) end private