Bug 557589 - code audit and create unit test plan for service.js [r=mconnor]

Part 5: Tests for checkUsername, createAccount, changePassword

services/sync/modules/service.js

@@ -828,6 +828,9 @@ WeaveSvc.prototype = {
     let url = this.userAPI + username;
     let res = new Resource(url);
     res.authenticator = new Weave.NoOpAuthenticator();
+
+    // Hint to server to allow scripted user creation or otherwise
+    // ignore captcha.
     if (Svc.Prefs.isSet("admin-secret"))
       res.setHeader("X-Weave-Secret", Svc.Prefs.get("admin-secret", ""));
 

services/sync/tests/unit/test_service_changePassword.js

@@ -0,0 +1,57 @@
+Cu.import("resource://services-sync/service.js");
+Cu.import("resource://services-sync/constants.js");
+
+function run_test() {
+  var requestBody;
+  function send(statusCode, status, body) {
+    return function(request, response) {
+      requestBody = readBytesFromInputStream(request.bodyInputStream);
+      response.setStatusLine(request.httpVersion, statusCode, status);
+      response.bodyOutputStream.write(body, body.length);
+    };
+  }
+
+  let server;
+
+  try {
+
+    Weave.Service.serverURL = "http://localhost:8080/";
+    Weave.Service.username = "johndoe";
+    Weave.Service.password = "ilovejane";
+
+    _("changePassword() returns false for a network error, the password won't change.");
+    let res = Weave.Service.changePassword("ILoveJane83");
+    do_check_false(res);
+    do_check_eq(Weave.Service.password, "ilovejane");
+
+    _("Let's fire up the server and actually change the password.");
+    server  = httpd_setup({
+      "/user/1.0/johndoe/password": send(200, "OK", ""),
+      "/user/1.0/janedoe/password": send(401, "Unauthorized", "Forbidden!")
+    });
+
+    res = Weave.Service.changePassword("ILoveJane83");
+    do_check_true(res);
+    do_check_eq(Weave.Service.password, "ILoveJane83");
+
+    _("Make sure the password has been persisted in the login manager.");
+    let logins = Weave.Svc.Login.findLogins({}, PWDMGR_HOST, null,
+                                            PWDMGR_PASSWORD_REALM);
+    do_check_eq(logins[0].password, "ILoveJane83");
+
+    _("changePassword() returns false for a server error, the password won't change.");
+    Weave.Svc.Login.removeAllLogins();
+    Weave.Service.username = "janedoe";
+    Weave.Service.password = "ilovejohn";
+    res = Weave.Service.changePassword("ILoveJohn86");
+    do_check_false(res);
+    do_check_eq(Weave.Service.password, "ilovejohn");
+
+  } finally {
+    Weave.Svc.Prefs.resetBranch("");
+    Weave.Svc.Login.removeAllLogins();
+    if (server) {
+      server.stop(function() {});
+    }
+  }
+}

services/sync/tests/unit/test_service_checkUsername.js

@@ -0,0 +1,31 @@
+Cu.import("resource://services-sync/service.js");
+
+function send(statusCode, status, body) {
+  return function(request, response) {
+    response.setStatusLine(request.httpVersion, statusCode, status);
+    response.bodyOutputStream.write(body, body.length);
+  };
+}
+
+function run_test() {
+  let server = httpd_setup({
+    "/user/1.0/johndoe": send(200, "OK", "1"),
+    "/user/1.0/janedoe": send(200, "OK", "0")
+  });
+  try {
+    Weave.Service.serverURL = "http://localhost:8080/";
+
+    _("A 404 will be recorded as 'generic-server-error'");
+    do_check_eq(Weave.Service.checkUsername("jimdoe"), "generic-server-error");
+
+    _("Username that's not available.");
+    do_check_eq(Weave.Service.checkUsername("johndoe"), "notAvailable");
+
+    _("Username that's available.");
+    do_check_eq(Weave.Service.checkUsername("janedoe"), "available");
+
+  } finally {
+    Weave.Svc.Prefs.resetBranch("");
+    server.stop(function() {});
+  }
+}

services/sync/tests/unit/test_service_createAccount.js

@@ -0,0 +1,56 @@
+Cu.import("resource://services-sync/service.js");
+
+function run_test() {
+  var requestBody;
+  var secretHeader;
+  function send(statusCode, status, body) {
+    return function(request, response) {
+      requestBody = readBytesFromInputStream(request.bodyInputStream);
+      if (request.hasHeader("X-Weave-Secret")) {
+        secretHeader = request.getHeader("X-Weave-Secret");
+      }
+
+      response.setStatusLine(request.httpVersion, statusCode, status);
+      response.bodyOutputStream.write(body, body.length);
+    };
+  }
+
+  let server = httpd_setup({
+    "/user/1.0/johndoe": send(200, "OK", "0"),
+    "/user/1.0/janedoe": send(400, "Bad Request", "2"),
+    "/user/1.0/jimdoe": send(500, "Server Error", "Server Error")
+  });
+  try {
+    Weave.Service.serverURL = "http://localhost:8080/";
+
+    _("Create an account.");
+    let res = Weave.Service.createAccount("johndoe", "mysecretpw", "john@doe",
+                                          "challenge", "response");
+    do_check_eq(res, null);
+    let payload = JSON.parse(requestBody);
+    do_check_eq(payload.password, "mysecretpw");
+    do_check_eq(payload.email, "john@doe");
+    do_check_eq(payload["captcha-challenge"], "challenge");
+    do_check_eq(payload["captcha-response"], "response");
+
+    _("Invalid captcha or other user-friendly error.");
+    res = Weave.Service.createAccount("janedoe", "anothersecretpw", "jane@doe",
+                                      "challenge", "response");
+    do_check_eq(res, "invalid-captcha");
+
+    _("Generic server error.");
+    res = Weave.Service.createAccount("jimdoe", "preciousss", "jim@doe",
+                                      "challenge", "response");
+    do_check_eq(res, "generic-server-error");
+
+    _("Admin secret preference is passed as HTTP header token.");
+    Weave.Svc.Prefs.set("admin-secret", "my-server-secret");
+    res = Weave.Service.createAccount("johndoe", "mysecretpw", "john@doe",
+                                      "challenge", "response");
+    do_check_eq(secretHeader, "my-server-secret");
+
+  } finally {
+    Weave.Svc.Prefs.resetBranch("");
+    server.stop(function() {});
+  }
+}