github
/
hub
зеркало из https://github.com/mislav/hub.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
hub/features/authentication.feature

260 строки
8.8 KiB
Gherkin
Исходник Обычный вид История

test OAuth authentication flow
2012-05-08 15:01:35 +04:00
Feature: OAuth authentication
Background:
Given I am in "dotfiles" git repo
Scenario: Ask for username & password, create authorization
Given the GitHub API server:
"""
require 'rack/auth/basic'
get('/authorizations') { '[]' }
post('/authorizations') {
auth = Rack::Auth::Basic::Request.new(env)
halt 401 unless auth.credentials == %w[mislav kitty]
simplify assertion of supplied API params
2013-05-12 14:33:51 +04:00
assert :scopes => ['repo']
abandon the nasty JSON hack for Sinatra responses I tried to hack Sinatra to automatically serialize non-string response bodies as JSON, but this is not straightforward due to sinatra/sinatra#512 and doesn't really work in a whole lot of edge-cases. Introduced a simple `json` helper and now using that instead of `body`.
2012-10-10 15:50:23 +04:00
json :token => 'OTOKEN'
test OAuth authentication flow
2012-05-08 15:01:35 +04:00
}
persist correctly capitalized login name for the user Fixes #263
2012-11-24 23:22:22 +04:00
get('/user') {
halt 401 unless request.env['HTTP_AUTHORIZATION'] == 'token OTOKEN'
json :login => 'MiSlAv'
}
`create` command uses API response to assign remote URL This ensures we end up with the correct capitalization of user's login name, and gives the opportunity to the server to change the project name without having us choke on it. Fixes #263
2012-11-22 15:55:28 +04:00
post('/user/repos') {
persist correctly capitalized login name for the user Fixes #263
2012-11-24 23:22:22 +04:00
halt 401 unless request.env['HTTP_AUTHORIZATION'] == 'token OTOKEN'
`create` command uses API response to assign remote URL This ensures we end up with the correct capitalization of user's login name, and gives the opportunity to the server to change the project name without having us choke on it. Fixes #263
2012-11-22 15:55:28 +04:00
json :full_name => 'mislav/dotfiles'
}
test OAuth authentication flow
2012-05-08 15:01:35 +04:00
"""
When I run `hub create` interactively
When I type "mislav"
And I type "kitty"
Then the output should contain "github.com username:"
And the output should contain "github.com password for mislav (never stored):"
And the exit status should be 0
Use current user's login for config user name
2014-03-13 21:28:01 +04:00
And the file "../home/.config/hub" should contain 'user = "MiSlAv"'
And the file "../home/.config/hub" should contain 'access_token = "OTOKEN"'
mode for ~/.config/hub is 0600 now Fixes #120
2012-07-19 01:18:08 +04:00
And the file "../home/.config/hub" should have mode "0600"
test OAuth authentication flow
2012-05-08 15:01:35 +04:00
Scenario: Ask for username & password, re-use existing authorization
Given the GitHub API server:
"""
require 'rack/auth/basic'
get('/authorizations') {
auth = Rack::Auth::Basic::Request.new(env)
halt 401 unless auth.credentials == %w[mislav kitty]
abandon the nasty JSON hack for Sinatra responses I tried to hack Sinatra to automatically serialize non-string response bodies as JSON, but this is not straightforward due to sinatra/sinatra#512 and doesn't really work in a whole lot of edge-cases. Introduced a simple `json` helper and now using that instead of `body`.
2012-10-10 15:50:23 +04:00
json [
Respect `note_url`, not `app.url` field in Authorizations API Technically, they're going to be the same values for OAuth tokens created via the API, but since we write to `note_url` field it makes sense to use the same field to read the value back, for consistency.
2014-02-28 18:57:52 +04:00
{:token => 'SKIPPD', :note_url => 'http://example.com'},
{:token => 'OTOKEN', :note_url => 'http://hub.github.com/'}
test OAuth authentication flow
2012-05-08 15:01:35 +04:00
]
}
persist correctly capitalized login name for the user Fixes #263
2012-11-24 23:22:22 +04:00
get('/user') {
json :login => 'mislav'
}
`create` command uses API response to assign remote URL This ensures we end up with the correct capitalization of user's login name, and gives the opportunity to the server to change the project name without having us choke on it. Fixes #263
2012-11-22 15:55:28 +04:00
post('/user/repos') {
json :full_name => 'mislav/dotfiles'
}
test OAuth authentication flow
2012-05-08 15:01:35 +04:00
"""
When I run `hub create` interactively
When I type "mislav"
And I type "kitty"
Then the output should contain "github.com password for mislav (never stored):"
And the exit status should be 0
Fix OAuthAppURL
2014-03-13 22:05:48 +04:00
And the file "../home/.config/hub" should contain 'access_token = "OTOKEN"'
test OAuth authentication flow
2012-05-08 15:01:35 +04:00
Fix reusing old OAuth tokens stored in Authorizations API For people who are using hub for a longer time now, hub has stored an OAuth token in Authorizations API with a `note_url` value that is now outdated (e.g. "http://defunkt.io/hub/"). The newer `oauth_app_url` doesn't match that, so the token is not reused. Hub tries to create a new OAuth token with a `note` that says "hub" which fails with a 422 because it already exists. This fixes reusing old OAuth tokens even if the `note_url` doesn't match anymore. Any key with `note` that says "hub" will get reused. Fixes #496
2014-02-28 19:17:01 +04:00
Scenario: Re-use existing authorization with an old URL
Given the GitHub API server:
"""
require 'rack/auth/basic'
get('/authorizations') {
auth = Rack::Auth::Basic::Request.new(env)
halt 401 unless auth.credentials == %w[mislav kitty]
json [
{:token => 'OTOKEN', :note => 'hub', :note_url => 'http://defunkt.io/hub/'}
]
}
post('/authorizations') {
status 422
json :message => "Validation Failed",
:errors => [{:resource => "OauthAccess", :code => "already_exists", :field => "description"}]
}
get('/user') {
json :login => 'mislav'
}
post('/user/repos') {
json :full_name => 'mislav/dotfiles'
}
"""
When I run `hub create` interactively
When I type "mislav"
And I type "kitty"
Then the output should contain "github.com password for mislav (never stored):"
And the exit status should be 0
Update to use note and note_url for auth
2014-04-11 08:04:05 +04:00
And the file "../home/.config/hub" should contain 'access_token = "OTOKEN"'
Fix reusing old OAuth tokens stored in Authorizations API For people who are using hub for a longer time now, hub has stored an OAuth token in Authorizations API with a `note_url` value that is now outdated (e.g. "http://defunkt.io/hub/"). The newer `oauth_app_url` doesn't match that, so the token is not reused. Hub tries to create a new OAuth token with a `note` that says "hub" which fails with a 422 because it already exists. This fixes reusing old OAuth tokens even if the `note_url` doesn't match anymore. Any key with `note` that says "hub" will get reused. Fixes #496
2014-02-28 19:17:01 +04:00
Fix API 422 error: `Duplicate value for "description"` When looking up an existing hub token among user's authorizations, be sure to fetch all results by following pagination links. Previously we just stopped at the 1st page, and if the token for hub didn't appear there we would try to create it, which would result in a 422 validation error if it already existed. References 1e4477b566c01aadfd807fc77ab4596ec164aed2 Fixes #531, fixes #558, fixes #563
2014-05-15 22:10:44 +04:00
Scenario: Re-use existing authorization found on page 3
Given the GitHub API server:
"""
get('/authorizations') {
assert_basic_auth 'mislav', 'kitty'
page = (params[:page] || 1).to_i
if page < 3
response.headers['Link'] = %(<#{url}?page=#{page+1}>; rel="next")
json []
else
json [
{:token => 'OTOKEN', :note => 'hub', :note_url => 'http://hub.github.com/'}
]
end
}
post('/authorizations') {
status 422
json :message => "Validation Failed",
:errors => [{:resource => "OauthAccess", :code => "already_exists", :field => "description"}]
Fix reusing old OAuth tokens stored in Authorizations API For people who are using hub for a longer time now, hub has stored an OAuth token in Authorizations API with a `note_url` value that is now outdated (e.g. "http://defunkt.io/hub/"). The newer `oauth_app_url` doesn't match that, so the token is not reused. Hub tries to create a new OAuth token with a `note` that says "hub" which fails with a 422 because it already exists. This fixes reusing old OAuth tokens even if the `note_url` doesn't match anymore. Any key with `note` that says "hub" will get reused. Fixes #496
2014-02-28 19:17:01 +04:00
}
get('/user') {
json :login => 'mislav'
}
post('/user/repos') {
json :full_name => 'mislav/dotfiles'
}
"""
When I run `hub create` interactively
When I type "mislav"
And I type "kitty"
Then the output should contain "github.com password for mislav (never stored):"
And the exit status should be 0
Paginate API authorizations when searching for existing hub token
2014-07-26 02:53:37 +04:00
And the file "../home/.config/hub" should contain 'access_token = "OTOKEN"'
Fix reusing old OAuth tokens stored in Authorizations API For people who are using hub for a longer time now, hub has stored an OAuth token in Authorizations API with a `note_url` value that is now outdated (e.g. "http://defunkt.io/hub/"). The newer `oauth_app_url` doesn't match that, so the token is not reused. Hub tries to create a new OAuth token with a `note` that says "hub" which fails with a 422 because it already exists. This fixes reusing old OAuth tokens even if the `note_url` doesn't match anymore. Any key with `note` that says "hub" will get reused. Fixes #496
2014-02-28 19:17:01 +04:00
respect $GITHUB_USER & $GITHUB_PASSWORD Fixes #245
2012-11-06 00:40:12 +04:00
Scenario: Credentials from GITHUB_USER & GITHUB_PASSWORD
Given the GitHub API server:
"""
require 'rack/auth/basic'
get('/authorizations') {
auth = Rack::Auth::Basic::Request.new(env)
halt 401 unless auth.credentials == %w[mislav kitty]
json [
Respect `note_url`, not `app.url` field in Authorizations API Technically, they're going to be the same values for OAuth tokens created via the API, but since we write to `note_url` field it makes sense to use the same field to read the value back, for consistency.
2014-02-28 18:57:52 +04:00
{:token => 'OTOKEN', :note_url => 'http://hub.github.com/'}
respect $GITHUB_USER & $GITHUB_PASSWORD Fixes #245
2012-11-06 00:40:12 +04:00
]
}
persist correctly capitalized login name for the user Fixes #263
2012-11-24 23:22:22 +04:00
get('/user') {
json :login => 'mislav'
}
`create` command uses API response to assign remote URL This ensures we end up with the correct capitalization of user's login name, and gives the opportunity to the server to change the project name without having us choke on it. Fixes #263
2012-11-22 15:55:28 +04:00
post('/user/repos') {
json :full_name => 'mislav/dotfiles'
}
respect $GITHUB_USER & $GITHUB_PASSWORD Fixes #245
2012-11-06 00:40:12 +04:00
"""
Given $GITHUB_USER is "mislav"
And $GITHUB_PASSWORD is "kitty"
When I successfully run `hub create`
Then the output should not contain "github.com password for mislav"
Change expectation from oauth_token to access_token
2014-03-13 22:08:31 +04:00
And the file "../home/.config/hub" should contain 'access_token = "OTOKEN"'
respect $GITHUB_USER & $GITHUB_PASSWORD Fixes #245
2012-11-06 00:40:12 +04:00
test OAuth authentication flow
2012-05-08 15:01:35 +04:00
Scenario: Wrong password
Given the GitHub API server:
"""
require 'rack/auth/basic'
get('/authorizations') {
auth = Rack::Auth::Basic::Request.new(env)
halt 401 unless auth.credentials == %w[mislav kitty]
}
"""
When I run `hub create` interactively
When I type "mislav"
And I type "WRONG"
Then the stderr should contain "Error creating repository: Unauthorized (HTTP 401)"
And the exit status should be 1
And the file "../home/.config/hub" should not exist
enable two-factor authentication fixes #399 http://developer.github.com/v3/auth/#working-with-two-factor-authentication
2013-09-20 02:29:09 +04:00
fix two factor authentication when creating a new token Enable to create a new OAuth token even when user enabled two factor authentication. References #399
2013-10-01 13:53:29 +04:00
Scenario: Two-factor authentication, create authorization
Given the GitHub API server:
"""
require 'rack/auth/basic'
get('/authorizations') {
auth = Rack::Auth::Basic::Request.new(env)
halt 401 unless auth.credentials == %w[mislav kitty]
if request.env['HTTP_X_GITHUB_OTP'] != "112233"
Make X-GitHub-OTP exactly as what the API server returns
2014-03-25 02:47:03 +04:00
response.headers['X-GitHub-OTP'] = "required; app"
fix two factor authentication when creating a new token Enable to create a new OAuth token even when user enabled two factor authentication. References #399
2013-10-01 13:53:29 +04:00
halt 401
end
json [ ]
}
post('/authorizations') {
auth = Rack::Auth::Basic::Request.new(env)
halt 401 unless auth.credentials == %w[mislav kitty]
Fix 2FA for users that receive code via SMS hub initially tries to fetch user's existing OAuth token for hub if it exists, and will prompt the user for a 2FA code. However those who receive it via SMS would never get the code since a GET to GitHub's Authorizations API purposely doesn't trigger an SMS. There's some discussion as to whether this is an API bug for not, but in the meantime, make a dummy POST request for the sole reason of triggering the SMS. Fixes #412, closes #435, closes #445
2013-12-18 16:56:08 +04:00
halt 412 unless params[:scopes]
fix two factor authentication when creating a new token Enable to create a new OAuth token even when user enabled two factor authentication. References #399
2013-10-01 13:53:29 +04:00
if request.env['HTTP_X_GITHUB_OTP'] != "112233"
Make X-GitHub-OTP exactly as what the API server returns
2014-03-25 02:47:03 +04:00
response.headers['X-GitHub-OTP'] = "required; app"
fix two factor authentication when creating a new token Enable to create a new OAuth token even when user enabled two factor authentication. References #399
2013-10-01 13:53:29 +04:00
halt 401
end
json :token => 'OTOKEN'
}
get('/user') {
json :login => 'mislav'
}
post('/user/repos') {
json :full_name => 'mislav/dotfiles'
}
"""
When I run `hub create` interactively
When I type "mislav"
And I type "kitty"
And I type "112233"
Then the output should contain "github.com password for mislav (never stored):"
Then the output should contain "two-factor authentication code:"
And the exit status should be 0
Change expectation from oauth_token to access_token
2014-03-13 22:08:31 +04:00
And the file "../home/.config/hub" should contain 'access_token = "OTOKEN"'
fix two factor authentication when creating a new token Enable to create a new OAuth token even when user enabled two factor authentication. References #399
2013-10-01 13:53:29 +04:00
Scenario: Two-factor authentication, re-use existing authorization
enable two-factor authentication fixes #399 http://developer.github.com/v3/auth/#working-with-two-factor-authentication
2013-09-20 02:29:09 +04:00
Given the GitHub API server:
"""
Fix 2FA for users that receive code via SMS hub initially tries to fetch user's existing OAuth token for hub if it exists, and will prompt the user for a 2FA code. However those who receive it via SMS would never get the code since a GET to GitHub's Authorizations API purposely doesn't trigger an SMS. There's some discussion as to whether this is an API bug for not, but in the meantime, make a dummy POST request for the sole reason of triggering the SMS. Fixes #412, closes #435, closes #445
2013-12-18 16:56:08 +04:00
token = 'OTOKEN'
post('/authorizations') {
assert_basic_auth 'mislav', 'kitty'
token << 'SMS'
status 412
}
enable two-factor authentication fixes #399 http://developer.github.com/v3/auth/#working-with-two-factor-authentication
2013-09-20 02:29:09 +04:00
get('/authorizations') {
Fix 2FA for users that receive code via SMS hub initially tries to fetch user's existing OAuth token for hub if it exists, and will prompt the user for a 2FA code. However those who receive it via SMS would never get the code since a GET to GitHub's Authorizations API purposely doesn't trigger an SMS. There's some discussion as to whether this is an API bug for not, but in the meantime, make a dummy POST request for the sole reason of triggering the SMS. Fixes #412, closes #435, closes #445
2013-12-18 16:56:08 +04:00
assert_basic_auth 'mislav', 'kitty'
enable two-factor authentication fixes #399 http://developer.github.com/v3/auth/#working-with-two-factor-authentication
2013-09-20 02:29:09 +04:00
if request.env['HTTP_X_GITHUB_OTP'] != "112233"
Make X-GitHub-OTP exactly as what the API server returns
2014-03-25 02:47:03 +04:00
response.headers['X-GitHub-OTP'] = "required; app"
enable two-factor authentication fixes #399 http://developer.github.com/v3/auth/#working-with-two-factor-authentication
2013-09-20 02:29:09 +04:00
halt 401
end
Fix 2FA for users that receive code via SMS hub initially tries to fetch user's existing OAuth token for hub if it exists, and will prompt the user for a 2FA code. However those who receive it via SMS would never get the code since a GET to GitHub's Authorizations API purposely doesn't trigger an SMS. There's some discussion as to whether this is an API bug for not, but in the meantime, make a dummy POST request for the sole reason of triggering the SMS. Fixes #412, closes #435, closes #445
2013-12-18 16:56:08 +04:00
json [ {
:token => token,
Respect `note_url`, not `app.url` field in Authorizations API Technically, they're going to be the same values for OAuth tokens created via the API, but since we write to `note_url` field it makes sense to use the same field to read the value back, for consistency.
2014-02-28 18:57:52 +04:00
:note_url => 'http://hub.github.com/'
Fix 2FA for users that receive code via SMS hub initially tries to fetch user's existing OAuth token for hub if it exists, and will prompt the user for a 2FA code. However those who receive it via SMS would never get the code since a GET to GitHub's Authorizations API purposely doesn't trigger an SMS. There's some discussion as to whether this is an API bug for not, but in the meantime, make a dummy POST request for the sole reason of triggering the SMS. Fixes #412, closes #435, closes #445
2013-12-18 16:56:08 +04:00
} ]
enable two-factor authentication fixes #399 http://developer.github.com/v3/auth/#working-with-two-factor-authentication
2013-09-20 02:29:09 +04:00
}
get('/user') {
json :login => 'mislav'
}
post('/user/repos') {
json :full_name => 'mislav/dotfiles'
}
"""
When I run `hub create` interactively
When I type "mislav"
And I type "kitty"
And I type "112233"
Then the output should contain "github.com password for mislav (never stored):"
Then the output should contain "two-factor authentication code:"
And the exit status should be 0
Change expectation from oauth_token to access_token
2014-03-13 22:08:31 +04:00
And the file "../home/.config/hub" should contain 'access_token = "OTOKENSMS"'
add test for special characters during authentication references #407
2013-09-30 09:25:36 +04:00
Scenario: Special characters in username & password
Given the GitHub API server:
"""
get('/authorizations') { '[]' }
post('/authorizations') {
Rewrite API auth to allow Enterprise email login API authentication and persisting of credentials in Config was convoluted and inflexible, and it wasn't possible to log in with different credentials than your GitHub screen name. Since Enterprise supports different authentication schemes, it's important to allow emails for login as well (or any string for that matter) and retrieve the user's screen name after successful authentication. This also improves handling special characters in Basic Auth usernames and passwords. Fixes #407
2013-10-12 01:15:35 +04:00
assert_basic_auth 'mislav@example.com', 'my pass@phrase ok?'
add test for special characters during authentication references #407
2013-09-30 09:25:36 +04:00
json :token => 'OTOKEN'
}
get('/user') {
json :login => 'mislav'
}
Rewrite API auth to allow Enterprise email login API authentication and persisting of credentials in Config was convoluted and inflexible, and it wasn't possible to log in with different credentials than your GitHub screen name. Since Enterprise supports different authentication schemes, it's important to allow emails for login as well (or any string for that matter) and retrieve the user's screen name after successful authentication. This also improves handling special characters in Basic Auth usernames and passwords. Fixes #407
2013-10-12 01:15:35 +04:00
get('/repos/mislav/dotfiles') { status 200 }
add test for special characters during authentication references #407
2013-09-30 09:25:36 +04:00
"""
When I run `hub create` interactively
Rewrite API auth to allow Enterprise email login API authentication and persisting of credentials in Config was convoluted and inflexible, and it wasn't possible to log in with different credentials than your GitHub screen name. Since Enterprise supports different authentication schemes, it's important to allow emails for login as well (or any string for that matter) and retrieve the user's screen name after successful authentication. This also improves handling special characters in Basic Auth usernames and passwords. Fixes #407
2013-10-12 01:15:35 +04:00
When I type "mislav@example.com"
add test for special characters during authentication references #407
2013-09-30 09:25:36 +04:00
And I type "my pass@phrase ok?"
Rewrite API auth to allow Enterprise email login API authentication and persisting of credentials in Config was convoluted and inflexible, and it wasn't possible to log in with different credentials than your GitHub screen name. Since Enterprise supports different authentication schemes, it's important to allow emails for login as well (or any string for that matter) and retrieve the user's screen name after successful authentication. This also improves handling special characters in Basic Auth usernames and passwords. Fixes #407
2013-10-12 01:15:35 +04:00
Then the output should contain "github.com password for mislav@example.com (never stored):"
And the exit status should be 0
Make sure special characters work in cukes
2014-03-13 22:47:36 +04:00
And the file "../home/.config/hub" should contain 'user = "mislav"'
Change expectation from oauth_token to access_token
2014-03-13 22:08:31 +04:00
And the file "../home/.config/hub" should contain 'access_token = "OTOKEN"'