diff options
Diffstat (limited to 'test/rubygems/test_gem_commands_push_command.rb')
| -rw-r--r-- | test/rubygems/test_gem_commands_push_command.rb | 210 |
1 files changed, 168 insertions, 42 deletions
diff --git a/test/rubygems/test_gem_commands_push_command.rb b/test/rubygems/test_gem_commands_push_command.rb index f38a2ae7a1..a7a18ff4ab 100644 --- a/test/rubygems/test_gem_commands_push_command.rb +++ b/test/rubygems/test_gem_commands_push_command.rb @@ -1,6 +1,9 @@ # frozen_string_literal: true + require_relative "helper" +require_relative "multifactor_auth_utilities" require "rubygems/commands/push_command" +require "rubygems/config_file" class TestGemCommandsPushCommand < Gem::TestCase def setup @@ -24,7 +27,7 @@ class TestGemCommandsPushCommand < Gem::TestCase @host = "https://rubygems.example" @api_key = Gem.configuration.rubygems_api_key - @fetcher = Gem::FakeFetcher.new + @fetcher = Gem::MultifactorAuthFetcher.new Gem::RemoteFetcher.fetcher = @fetcher @cmd = Gem::Commands::PushCommand.new @@ -55,9 +58,9 @@ class TestGemCommandsPushCommand < Gem::TestCase @cmd.send_gem(@path) end - assert_match %r{Pushing gem to #{@host}...}, @ui.output + assert_match(/Pushing gem to #{@host}.../, @ui.output) - assert_equal Net::HTTP::Post, @fetcher.last_request.class + assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class assert_equal Gem.read_binary(@path), @fetcher.last_request.body assert_equal File.size(@path), @fetcher.last_request["Content-Length"].to_i assert_equal "application/octet-stream", @fetcher.last_request["Content-Type"] @@ -68,13 +71,13 @@ class TestGemCommandsPushCommand < Gem::TestCase def test_execute @response = "Successfully registered gem: freewill (1.0.0)" - @fetcher.data["#{Gem.host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") @cmd.options[:args] = [@path] @cmd.execute - assert_equal Net::HTTP::Post, @fetcher.last_request.class + assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class assert_equal Gem.read_binary(@path), @fetcher.last_request.body assert_equal "application/octet-stream", @fetcher.last_request["Content-Type"] @@ -84,7 +87,7 @@ class TestGemCommandsPushCommand < Gem::TestCase host = "https://other.example" @response = "Successfully registered gem: freewill (1.0.0)" - @fetcher.data["#{host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") @fetcher.data["#{Gem.host}/api/v1/gems"] = ["fail", 500, "Internal Server Error"] @@ -93,7 +96,7 @@ class TestGemCommandsPushCommand < Gem::TestCase @cmd.execute - assert_equal Net::HTTP::Post, @fetcher.last_request.class + assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class assert_equal Gem.read_binary(@path), @fetcher.last_request.body assert_equal "application/octet-stream", @fetcher.last_request["Content-Type"] @@ -105,7 +108,7 @@ class TestGemCommandsPushCommand < Gem::TestCase end @response = "Successfully registered gem: freewill (1.0.0)" - @fetcher.data["#{@spec.metadata['allowed_push_host']}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{@spec.metadata["allowed_push_host"]}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") @fetcher.data["#{Gem.host}/api/v1/gems"] = ["fail", 500, "Internal Server Error"] @@ -113,7 +116,7 @@ class TestGemCommandsPushCommand < Gem::TestCase @cmd.execute - assert_equal Net::HTTP::Post, @fetcher.last_request.class + assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class assert_equal Gem.read_binary(@path), @fetcher.last_request.body assert_equal "application/octet-stream", @fetcher.last_request["Content-Type"] @@ -136,7 +139,7 @@ class TestGemCommandsPushCommand < Gem::TestCase ENV["RUBYGEMS_HOST"] = @host Gem.configuration.disable_default_gem_server = true @response = "Successfully registered gem: freewill (1.0.0)" - @fetcher.data["#{@host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") send_battery end @@ -156,21 +159,21 @@ class TestGemCommandsPushCommand < Gem::TestCase } File.open Gem.configuration.credentials_path, "w" do |f| - f.write keys.to_yaml + f.write Gem::ConfigFile.dump_with_rubygems_yaml(keys) end Gem.configuration.load_api_keys FileUtils.rm Gem.configuration.credentials_path @response = "Successfully registered gem: freebird (1.0.1)" - @fetcher.data["#{@host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") send_battery end def test_sending_gem @response = "Successfully registered gem: freewill (1.0.0)" - @fetcher.data["#{@host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") send_battery end @@ -190,14 +193,14 @@ class TestGemCommandsPushCommand < Gem::TestCase } File.open Gem.configuration.credentials_path, "w" do |f| - f.write keys.to_yaml + f.write Gem::ConfigFile.dump_with_rubygems_yaml(keys) end Gem.configuration.load_api_keys FileUtils.rm Gem.configuration.credentials_path @response = "Successfully registered gem: freebird (1.0.1)" - @fetcher.data["#{@host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") send_battery end @@ -212,7 +215,7 @@ class TestGemCommandsPushCommand < Gem::TestCase ENV["GEM_HOST_API_KEY"] = "PRIVKEY" @response = "Successfully registered gem: freebird (1.0.1)" - @fetcher.data["#{@host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") send_battery end @@ -227,18 +230,18 @@ class TestGemCommandsPushCommand < Gem::TestCase @api_key = "DOESNTMATTER" keys = { - :rubygems_api_key => @api_key, + rubygems_api_key: @api_key, } File.open Gem.configuration.credentials_path, "w" do |f| - f.write keys.to_yaml + f.write Gem::ConfigFile.dump_with_rubygems_yaml(keys) end Gem.configuration.load_api_keys FileUtils.rm Gem.configuration.credentials_path @response = "Successfully registered gem: freebird (1.0.1)" - @fetcher.data["#{@host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") send_battery end @@ -272,7 +275,7 @@ class TestGemCommandsPushCommand < Gem::TestCase } File.open Gem.configuration.credentials_path, "w" do |f| - f.write keys.to_yaml + f.write Gem::ConfigFile.dump_with_rubygems_yaml(keys) end Gem.configuration.load_api_keys @@ -302,21 +305,21 @@ class TestGemCommandsPushCommand < Gem::TestCase } File.open Gem.configuration.credentials_path, "w" do |f| - f.write keys.to_yaml + f.write Gem::ConfigFile.dump_with_rubygems_yaml(keys) end Gem.configuration.load_api_keys FileUtils.rm Gem.configuration.credentials_path @response = "Successfully registered gem: freebird (1.0.1)" - @fetcher.data["#{host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") # do not set @host use_ui(@ui) { @cmd.send_gem(@path) } - assert_match %r{Pushing gem to #{host}...}, @ui.output + assert_match(/Pushing gem to #{host}.../, @ui.output) - assert_equal Net::HTTP::Post, @fetcher.last_request.class + assert_equal Gem::Net::HTTP::Post, @fetcher.last_request.class assert_equal Gem.read_binary(@path), @fetcher.last_request.body assert_equal File.size(@path), @fetcher.last_request["Content-Length"].to_i assert_equal "application/octet-stream", @fetcher.last_request["Content-Type"] @@ -325,6 +328,27 @@ class TestGemCommandsPushCommand < Gem::TestCase assert_match @response, @ui.output end + def test_sending_gem_to_host_permanent_redirect + @host = "http://rubygems.example" + redirected_uri = "https://rubygems.example/api/v1/gems" + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create( + body: "", + code: 308, + msg: "Permanent Redirect", + headers: { "Location" => redirected_uri } + ) + + assert_raise Gem::MockGemUi::TermError do + use_ui @ui do + @cmd.instance_variable_set :@host, @host + @cmd.send_gem(@path) + end + end + + response = "The request has redirected permanently to #{redirected_uri}. Please check your defined push host URL." + assert_match response, @ui.output + end + def test_raises_error_with_no_arguments def @cmd.sign_in(*); end assert_raise Gem::CommandLineError do @@ -334,7 +358,7 @@ class TestGemCommandsPushCommand < Gem::TestCase def test_sending_gem_denied response = "You don't have permission to push to this gem" - @fetcher.data["#{@host}/api/v1/gems"] = [response, 403, "Forbidden"] + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create(body: response, code: 403, msg: "Forbidden") @cmd.instance_variable_set :@host, @host assert_raise Gem::MockGemUi::TermError do @@ -348,7 +372,7 @@ class TestGemCommandsPushCommand < Gem::TestCase def test_sending_gem_key @response = "Successfully registered gem: freewill (1.0.0)" - @fetcher.data["#{@host}/api/v1/gems"] = [@response, 200, "OK"] + @fetcher.data["#{@host}/api/v1/gems"] = HTTPResponseFactory.create(body: @response, code: 200, msg: "OK") File.open Gem.configuration.credentials_path, "a" do |f| f.write ":other: 701229f217cdf23b1344c7b4b54ca97" end @@ -363,13 +387,9 @@ class TestGemCommandsPushCommand < Gem::TestCase end def test_otp_verified_success - response_fail = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry." response_success = "Successfully registered gem: freewill (1.0.0)" - @fetcher.data["#{Gem.host}/api/v1/gems"] = [ - [response_fail, 401, "Unauthorized"], - [response_success, 200, "OK"], - ] + @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success) @otp_ui = Gem::MockGemUi.new "111111\n" use_ui @otp_ui do @@ -384,7 +404,9 @@ class TestGemCommandsPushCommand < Gem::TestCase def test_otp_verified_failure response = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry." - @fetcher.data["#{Gem.host}/api/v1/gems"] = [response, 401, "Unauthorized"] + @fetcher.data["#{Gem.host}/api/v1/gems"] = HTTPResponseFactory.create(body: response, code: 401, msg: "Unauthorized") + @fetcher.data["#{Gem.host}/api/v1/webauthn_verification"] = + HTTPResponseFactory.create(body: "You don't have any security devices", code: 422, msg: "Unprocessable Entity") @otp_ui = Gem::MockGemUi.new "111111\n" assert_raise Gem::MockGemUi::TermError do @@ -399,18 +421,120 @@ class TestGemCommandsPushCommand < Gem::TestCase assert_equal "111111", @fetcher.last_request["OTP"] end + def test_with_webauthn_enabled_success + response_success = "Successfully registered gem: freewill (1.0.0)" + server = Gem::MockTCPServer.new + + @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success) + @fetcher.respond_with_webauthn_url + + TCPServer.stub(:new, server) do + Gem::GemcutterUtilities::WebauthnListener.stub(:listener_thread, Thread.new { Thread.current[:otp] = "Uvh6T57tkWuUnWYo" }) do + use_ui @ui do + @cmd.send_gem(@path) + end + end + end + + assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \ + "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \ + "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output + assert_match "You are verified with a security device. You may close the browser window.", @ui.output + assert_equal "Uvh6T57tkWuUnWYo", @fetcher.last_request["OTP"] + assert_match response_success, @ui.output + end + + def test_with_webauthn_enabled_failure + response_success = "Successfully registered gem: freewill (1.0.0)" + server = Gem::MockTCPServer.new + error = Gem::WebauthnVerificationError.new("Something went wrong") + + @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success) + @fetcher.respond_with_webauthn_url + + error = assert_raise Gem::MockGemUi::TermError do + TCPServer.stub(:new, server) do + Gem::GemcutterUtilities::WebauthnListener.stub(:listener_thread, Thread.new { Thread.current[:error] = error }) do + use_ui @ui do + @cmd.send_gem(@path) + end + end + end + end + assert_equal 1, error.exit_code + + assert_match @fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key + assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \ + "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \ + "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output + assert_match "ERROR: Security device verification failed: Something went wrong", @ui.error + refute_match "You are verified with a security device. You may close the browser window.", @ui.output + refute_match response_success, @ui.output + end + + def test_with_webauthn_enabled_success_with_polling + response_success = "Successfully registered gem: freewill (1.0.0)" + server = Gem::MockTCPServer.new + + @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success) + @fetcher.respond_with_webauthn_url + @fetcher.respond_with_webauthn_polling("Uvh6T57tkWuUnWYo") + + TCPServer.stub(:new, server) do + use_ui @ui do + @cmd.send_gem(@path) + end + end + + assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \ + "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, " \ + "you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output + assert_match "You are verified with a security device. You may close the browser window.", @ui.output + assert_equal "Uvh6T57tkWuUnWYo", @fetcher.last_request["OTP"] + assert_match response_success, @ui.output + end + + def test_with_webauthn_enabled_failure_with_polling + response_success = "Successfully registered gem: freewill (1.0.0)" + server = Gem::MockTCPServer.new + + @fetcher.respond_with_require_otp("#{Gem.host}/api/v1/gems", response_success) + @fetcher.respond_with_webauthn_url + @fetcher.respond_with_webauthn_polling_failure + + error = assert_raise Gem::MockGemUi::TermError do + TCPServer.stub(:new, server) do + use_ui @ui do + @cmd.send_gem(@path) + end + end + end + assert_equal 1, error.exit_code + + assert_match @fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key + assert_match "You have enabled multi-factor authentication. Please visit #{@fetcher.webauthn_url_with_port(server.port)} " \ + "to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin " \ + "command with the `--otp [your_code]` option.", @ui.output + assert_match "ERROR: Security device verification failed: The token in the link you used has either expired " \ + "or been used already.", @ui.error + refute_match "You are verified with a security device. You may close the browser window.", @ui.output + refute_match response_success, @ui.output + end + def test_sending_gem_unathorized_api_key_with_mfa_enabled response_mfa_enabled = "You have enabled multifactor authentication but your request doesn't have the correct OTP code. Please check it and retry." response_forbidden = "The API key doesn't have access" response_success = "Successfully registered gem: freewill (1.0.0)" @fetcher.data["#{@host}/api/v1/gems"] = [ - [response_mfa_enabled, 401, "Unauthorized"], - [response_forbidden, 403, "Forbidden"], - [response_success, 200, "OK"], + HTTPResponseFactory.create(body: response_mfa_enabled, code: 401, msg: "Unauthorized"), + HTTPResponseFactory.create(body: response_forbidden, code: 403, msg: "Forbidden"), + HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"), ] + @fetcher.data["#{@host}/api/v1/webauthn_verification"] = + HTTPResponseFactory.create(body: "You don't have any security devices", code: 422, msg: "Unprocessable Entity") - @fetcher.data["#{@host}/api/v1/api_key"] = ["", 200, "OK"] + @fetcher.data["#{@host}/api/v1/api_key"] = HTTPResponseFactory.create(body: "", code: 200, msg: "OK") @cmd.instance_variable_set :@host, @host @cmd.instance_variable_set :@scope, :push_rubygem @@ -423,7 +547,7 @@ class TestGemCommandsPushCommand < Gem::TestCase access_notice = "The existing key doesn't have access of push_rubygem on https://rubygems.example. Please sign in to update access." assert_match mfa_notice, @ui.output assert_match access_notice, @ui.output - assert_match "Email:", @ui.output + assert_match "Username/email:", @ui.output assert_match "Password:", @ui.output assert_match "Added push_rubygem scope to the existing API key", @ui.output assert_match response_success, @ui.output @@ -438,17 +562,19 @@ class TestGemCommandsPushCommand < Gem::TestCase response_profile = "mfa: disabled\n" @fetcher.data["#{@host}/api/v1/gems"] = [ - [response_success, 200, "OK"], + HTTPResponseFactory.create(body: response_success, code: 200, msg: "OK"), ] @fetcher.data["#{@host}/api/v1/api_key"] = [ - [response_mfa_enabled, 401, "Unauthorized"], - ["", 200, "OK"], + HTTPResponseFactory.create(body: response_mfa_enabled, code: 401, msg: "Unauthorized"), + HTTPResponseFactory.create(body: "", code: 200, msg: "OK"), ] @fetcher.data["#{@host}/api/v1/profile/me.yaml"] = [ - [response_profile, 200, "OK"], + HTTPResponseFactory.create(body: response_profile, code: 200, msg: "OK"), ] + @fetcher.data["#{@host}/api/v1/webauthn_verification"] = + HTTPResponseFactory.create(body: "You don't have any security devices", code: 422, msg: "Unprocessable Entity") @cmd.instance_variable_set :@scope, :push_rubygem @cmd.options[:args] = [@path] @@ -462,7 +588,7 @@ class TestGemCommandsPushCommand < Gem::TestCase mfa_notice = "You have enabled multi-factor authentication. Please enter OTP code." assert_match mfa_notice, @ui.output assert_match "Enter your https://rubygems.example credentials.", @ui.output - assert_match "Email:", @ui.output + assert_match "Username/email:", @ui.output assert_match "Password:", @ui.output assert_match "Signed in with API key:", @ui.output assert_match response_success, @ui.output |