1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# frozen_string_literal: true
require_relative "helper"
require "rubygems/gemcutter_utilities/webauthn_poller"
require "rubygems/gemcutter_utilities"
class WebauthnPollerTest < Gem::TestCase
def setup
super
@host = Gem.host
@webauthn_url = "#{@host}/api/v1/webauthn_verification/odow34b93t6aPCdY"
@fetcher = Gem::FakeFetcher.new
Gem::RemoteFetcher.fetcher = @fetcher
@credentials = {
email: "email@example.com",
password: "password",
}
end
def test_poll_thread_success
@fetcher.data["#{@webauthn_url}/status.json"] = Gem::HTTPResponseFactory.create(
body: "{\"status\":\"success\",\"code\":\"Uvh6T57tkWuUnWYo\"}",
code: 200,
msg: "OK"
)
thread = Gem::GemcutterUtilities::WebauthnPoller.poll_thread({}, @host, @webauthn_url, @credentials)
thread.join
assert_equal thread[:otp], "Uvh6T57tkWuUnWYo"
end
def test_poll_thread_webauthn_verification_error
@fetcher.data["#{@webauthn_url}/status.json"] = Gem::HTTPResponseFactory.create(
body: "HTTP Basic: Access denied.",
code: 401,
msg: "Unauthorized"
)
thread = Gem::GemcutterUtilities::WebauthnPoller.poll_thread({}, @host, @webauthn_url, @credentials)
thread.join
assert_equal thread[:error].message, "Security device verification failed: Unauthorized"
end
def test_poll_thread_timeout_error
raise_error = ->(*_args) { raise Gem::Timeout::Error, "execution expired" }
Gem::Timeout.stub(:timeout, raise_error) do
thread = Gem::GemcutterUtilities::WebauthnPoller.poll_thread({}, @host, @webauthn_url, @credentials)
thread.join
assert_equal thread[:error].message, "execution expired"
end
end
def test_poll_for_otp_success
@fetcher.data["#{@webauthn_url}/status.json"] = Gem::HTTPResponseFactory.create(
body: "{\"status\":\"success\",\"code\":\"Uvh6T57tkWuUnWYo\"}",
code: 200,
msg: "OK"
)
otp = Gem::GemcutterUtilities::WebauthnPoller.new({}, @host).poll_for_otp(@webauthn_url, @credentials)
assert_equal otp, "Uvh6T57tkWuUnWYo"
end
def test_poll_for_otp_pending_sleeps
@fetcher.data["#{@webauthn_url}/status.json"] = Gem::HTTPResponseFactory.create(
body: "{\"status\":\"pending\",\"message\":\"Security device authentication is still pending.\"}",
code: 200,
msg: "OK"
)
assert_raise Gem::Timeout::Error do
Gem::Timeout.timeout(0.1) do
Gem::GemcutterUtilities::WebauthnPoller.new({}, @host).poll_for_otp(@webauthn_url, @credentials)
end
end
end
def test_poll_for_otp_not_http_success
@fetcher.data["#{@webauthn_url}/status.json"] = Gem::HTTPResponseFactory.create(
body: "HTTP Basic: Access denied.",
code: 401,
msg: "Unauthorized"
)
error = assert_raise Gem::WebauthnVerificationError do
Gem::GemcutterUtilities::WebauthnPoller.new({}, @host).poll_for_otp(@webauthn_url, @credentials)
end
assert_equal error.message, "Security device verification failed: Unauthorized"
end
def test_poll_for_otp_invalid_format
@fetcher.data["#{@webauthn_url}/status.json"] = Gem::HTTPResponseFactory.create(
body: "{}",
code: 200,
msg: "OK"
)
error = assert_raise Gem::WebauthnVerificationError do
Gem::GemcutterUtilities::WebauthnPoller.new({}, @host).poll_for_otp(@webauthn_url, @credentials)
end
assert_equal error.message, "Security device verification failed: Invalid response from server"
end
def test_poll_for_otp_invalid_status
@fetcher.data["#{@webauthn_url}/status.json"] = Gem::HTTPResponseFactory.create(
body: "{\"status\":\"expired\",\"message\":\"The token in the link you used has either expired or been used already.\"}",
code: 200,
msg: "OK"
)
error = assert_raise Gem::WebauthnVerificationError do
Gem::GemcutterUtilities::WebauthnPoller.new({}, @host).poll_for_otp(@webauthn_url, @credentials)
end
assert_equal error.message,
"Security device verification failed: The token in the link you used has either expired or been used already."
end
end
|
