diff options
| author | Daniel DeLeo <dan@opscode.com> | 2010-07-21 13:49:01 -0700 |
|---|---|---|
| committer | Daniel DeLeo <dan@opscode.com> | 2010-07-21 13:49:01 -0700 |
| commit | a31bf8e240e2d00e002fd70b82b41d30716c7ecf (patch) | |
| tree | 62eff18211a209dc81499c756aa26b1b287620d2 /spec | |
| parent | 62814ae8eab5b7e95f29095cb732b50acb1611a7 (diff) | |
| download | mixlib-authentication-a31bf8e240e2d00e002fd70b82b41d30716c7ecf.tar.gz | |
[CHEF-761] provide visibility into time skew related auth failures
higher layers will use this to inform the user if they got a 401 b/c of
incorrect clock on the client
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/mixlib/authentication/mixlib_authentication_spec.rb | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/spec/mixlib/authentication/mixlib_authentication_spec.rb b/spec/mixlib/authentication/mixlib_authentication_spec.rb index f371e54..4b16e93 100644 --- a/spec/mixlib/authentication/mixlib_authentication_spec.rb +++ b/spec/mixlib/authentication/mixlib_authentication_spec.rb @@ -64,6 +64,7 @@ class MockFile end # Uncomment this to get some more info from the methods we're testing. +#Mixlib::Authentication::Log.logger = Logger.new(STDERR) #Mixlib::Authentication::Log.level :debug describe "Mixlib::Authentication::SignedHeaderAuth" do @@ -152,8 +153,8 @@ describe "Mixlib::Authentication::SignatureVerification" do mock_request = MockRequest.new(PATH, request_params, PASSENGER_HEADERS, "") Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ) - service = Mixlib::Authentication::SignatureVerification.new - res = service.authenticate_user_request(mock_request, @user_private_key) + auth_req = Mixlib::Authentication::SignatureVerification.new + res = auth_req.authenticate_user_request(mock_request, @user_private_key) res.should_not be_nil end @@ -164,9 +165,42 @@ describe "Mixlib::Authentication::SignatureVerification" do mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, headers, BODY) Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ) - service = Mixlib::Authentication::SignatureVerification.new - res = service.authenticate_user_request(mock_request, @user_private_key) + auth_req = Mixlib::Authentication::SignatureVerification.new + res = auth_req.authenticate_user_request(mock_request, @user_private_key) + res.should be_nil + + auth_req.should_not be_a_valid_request + auth_req.should be_a_valid_timestamp + auth_req.should be_a_valid_signature + auth_req.should_not be_a_valid_content_hash + end + + it "shouldn't authenticate if the timestamp is not within bounds" do + mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, MERB_HEADERS, BODY) + Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ - 1000) + + auth_req = Mixlib::Authentication::SignatureVerification.new + res = auth_req.authenticate_user_request(mock_request, @user_private_key) + res.should be_nil + auth_req.should_not be_a_valid_request + auth_req.should_not be_a_valid_timestamp + auth_req.should be_a_valid_signature + auth_req.should be_a_valid_content_hash + end + + it "shouldn't authenticate if the signature is wrong" do + headers = MERB_HEADERS.dup + headers["HTTP_X_OPS_AUTHORIZATION_1"] = "epicfail" + mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, headers, BODY) + Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ) + + auth_req = Mixlib::Authentication::SignatureVerification.new + res = auth_req.authenticate_user_request(mock_request, @user_private_key) res.should be_nil + auth_req.should_not be_a_valid_request + auth_req.should_not be_a_valid_signature + auth_req.should be_a_valid_timestamp + auth_req.should be_a_valid_content_hash end end |