Top Level Namespace

Extended by:
Cucumber::Formatter::ANSIColor
Includes:
AuthenticatedTestHelper, StoryGenerator

Defined Under Namespace

Modules: ActionView, ApplicationHelper, AuthenticatedSystem, AuthenticatedTestHelper, Authentication, Authorization, CalendarDateSelect, Factory, Faker, InPlaceEditing, InPlaceMacrosHelper, IterationsHelper, NavigationHelpers, OutcomesHelper, PreconditionsHelper, Rails, ReleasesHelper, SessionsHelper, StoriesHelper, StoryGenerator, ToFooFromStory, Trustification, UsersHelper Classes: AddActivationFieldsToUser, AddAuthorIdToStory, AddDefaultAdminUser, AddIsAdminPropertyToUser, AddSlugToStories, AddStateToUser, AddStatusToStory, AddTitleToStories, ApplicationController, ApplicationHelperTest, AuthenticatedGenerator, Branston, BrowsingTest, Client, ClientTest, CreateIterations, CreateOutcomes, CreateParticipations, CreatePreconditions, CreateReleases, CreateScenarios, CreateStories, CreateUsers, InPlaceEditingTest, Iteration, IterationTest, IterationsController, IterationsControllerTest, IterationsHelperTest, Outcome, OutcomeTest, OutcomesController, OutcomesControllerTest, OutcomesHelperTest, Participation, ParticipationTest, Precondition, PreconditionTest, PreconditionsController, PreconditionsControllerTest, PreconditionsHelperTest, Release, ReleaseTest, ReleasesController, ReleasesControllerTest, ReleasesHelperTest, RemoveIsAdminPropertyAndAddRoleInstead, Scenario, ScenarioTest, ScenariosController, ScenariosControllerTest, SessionsController, SessionsControllerTest, SetDefaultUserStateToActive, SetDefaultUserStateToPending, StoriesController, StoriesControllerTest, StoriesHelperTest, Story, StoryGeneratorTest, StoryTest, String, User, UserTest, UsersController, UsersControllerTest

Constant Summary collapse

RAILS_ROOT =

Don’t change this file! Configure your app in config/environment.rb and config/environments/*.rb

"#{File.dirname(__FILE__)}/.."
BRANSTON_HOME =
Dir.pwd + '/.branston'
PORT =
3970
FEATURE_PATH =

Use SQL instead of Active Record’s schema dumper when creating the test database. This is necessary if your schema can’t be completely dumped by the schema dumper, like if you have constraints or database-specific column types config.active_record.schema_format = :sql

'test/features/'
REST_AUTH_SITE_KEY =

A Site key gives additional protection against a dictionary attack if your DB is ever compromised. With no site key, we store

DB_password = hash(user_password, DB_user_salt)

If your database were to be compromised you’d be vulnerable to a dictionary attack on all your stupid users’ passwords. With a site key, we store

DB_password = hash(user_password, DB_user_salt, Code_site_key)

That means an attacker needs access to both your site’s code and its database to mount an “offline dictionary attack.”:www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html

It’s probably of minor importance, but recommended by best practices: ‘defense in depth’. Needless to say, if you upload this to github or the youtubes or otherwise place it in public view you’ll kinda defeat the point. Your users’ passwords are still secure, and the world won’t end, but defense_in_depth -= 1.

Please note: if you change this, all the passwords will be invalidated, so DO keep it someplace secure. Use the random value given or type in the lyrics to your favorite Jay-Z song or something; any moderately long, unpredictable text.

'<%= $rest_auth_site_key_from_generator %>'
REST_AUTH_DIGEST_STRETCHES =

Repeated applications of the hash make brute force (even with a compromised database and site key) harder, and scale with Moore’s law.

bq. "To squeeze the most security out of a limited-entropy password or
passphrase, we can use two techniques [salting and stretching]... that are
so simple and obvious that they should be used in every password system.
There is really no excuse not to use them." http://tinyurl.com/37lb73
Practical Security (Ferguson & Scheier) p350

A modest 10 foldings (the default here) adds 3ms. This makes brute forcing 10 times harder, while reducing an app that otherwise serves 100 reqs/s to 78 signin reqs/s, an app that does 10reqs/s to 9.7 reqs/s

More:

'<%= $rest_auth_digest_stretches_from_generator %>'
RE_User =
%r{(?:(?:the )? *(\w+) *)}
RE_User_TYPE =
%r{(?: *(\w+)? *)}
RE_POLITENESS =
/(?:please|sorry|thank(?:s| you))/i
RE_PRETTY_RESOURCE =
/the (index|show|new|create|edit|update|destroy) (\w+) (page|form)/i
RE_THE_FOO_PAGE =
/the '?([^']*)'? (page|form)/i
RE_QUOTED_PATH =
/^'([^']*)'$/i

Constants included from StoryGenerator

StoryGenerator::ALPHABET

Instance Method Summary collapse

Methods included from AuthenticatedTestHelper

#authorize_as, #login_as

Methods included from StoryGenerator

#feature_filename, #generate, #step_filename

Instance Method Details

#create_user(user_params = {}) ⇒ Object



102
103
104
105
106
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 102

def create_user(user_params={})
  @user_params       ||= user_params
  post "/users", :user => user_params
  @user = User.(user_params['login'])
end

#create_user!(user_type, user_params) ⇒ Object



108
109
110
111
112
113
114
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 108

def create_user!(user_type, user_params)
  user_params['password_confirmation'] ||= user_params['password'] ||= user_params['password']
  create_user user_params
  response.should redirect_to('/')
  follow_redirect!

end

#dump_responseObject

Spew response onto screen – painful but scrolling >> debugger



70
71
72
73
74
75
76
77
78
79
80
81
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/rest_auth_features_helper.rb', line 70

def dump_response
  # note that @request and @template won't to_yaml and that @session includes @cgi
  response_methods = response.instance_variables         - ['@request', '@template', '@cgi']
  request_methods  = response.request.instance_variables - ['@session_options_with_string_keys', '@cgi', '@session']
  response_methods.map!{|attr| attr.gsub(/^@/,'')}.sort!
  request_methods.map!{ |attr| attr.gsub(/^@/,'')}.sort!
  puts '', '*' * 75,
    response.instance_values.slice(*response_methods).to_yaml,
    "*" * 75, '',
    response.request.instance_values.slice(*request_methods).to_yaml,
    "*" * 75, ''
end

#find_resource(resource, conditions) ⇒ Object

Given a class name ‘resource’ and a hash of conditsion, find a model



142
143
144
145
146
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 142

def find_resource resource, conditions
  klass, instance = parse_resource_args resource
  conditions = conditions.to_hash_from_story unless (conditions.is_a? Hash)
  klass.find(:first, :conditions => conditions)
end

#grok_path(path) ⇒ Object



152
153
154
155
156
157
158
159
160
161
162
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb', line 152

def grok_path path
  path.gsub(/\s+again$/,'') # strip trailing ' again'
  case
  when path == 'the home page'    then dest = '/'
  when path =~ RE_PRETTY_RESOURCE then dest = template_for $1, $2
  when path =~ RE_THE_FOO_PAGE    then dest = $1
  when path =~ RE_QUOTED_PATH     then dest = $1
  else                                 dest = path
  end
  dest
end

#have_flash(notice, *args) ⇒ Object



145
146
147
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb', line 145

def have_flash notice, *args
  have_tag("div.#{notice}", *args)
end

#instantize(string) ⇒ Object



63
64
65
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/rest_auth_features_helper.rb', line 63

def instantize(string)
  instance_variable_get("@#{string}")
end

#keep_instance!(resource, object) ⇒ Object

Keep the object around in a local instance variable @resource.

So, for instance,

klass, instance = parse_resource_args 'user'
instance = klass.new({login => 'me', password => 'monkey', ...})
keep_instance! resource, instance

keeps the just-constructed User model in the @user instance variable.



176
177
178
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 176

def keep_instance! resource, object
  instance_variable_set("@#{resource}", object)
end

#log_in_user(user_params = nil) ⇒ Object



118
119
120
121
122
123
124
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 118

def  user_params=nil
  @user_params ||= user_params
  user_params  ||= @user_params
  post "/session", user_params
  @user = User.(user_params['login'])
  controller.current_user
end

#log_in_user!(*args) ⇒ Object



126
127
128
129
130
131
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 126

def  *args
   *args
  response.should redirect_to('/')
  follow_redirect!
  response.should have_flash("notice", /Logged in successfully/)
end

#log_outObject

User account actions.

The ! methods are ‘just get the job done’. It’s true, they do some testing of their own – thus un-DRY’ing tests that do and should live in the user account stories – but the repetition is ultimately important so that a faulty test setup fails early.



92
93
94
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 92

def log_out
  get '/sessions/destroy'
end

#log_out!Object



96
97
98
99
100
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 96

def log_out!
  log_out
  response.should redirect_to('/')
  follow_redirect!
end

#memorize_forget_all!Object



163
164
165
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 163

def memorize_forget_all!
  @_memorized = {}
end

#memorize_resource_value(resource, attr) ⇒ Object

Simple, brittle, useful: store the given resource’s attribute so we can compare it later.



152
153
154
155
156
157
158
159
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 152

def memorize_resource_value resource, attr
  klass, instance = parse_resource_args resource
  value = instance.send(attr)
  @_memorized ||= {}
  @_memorized[resource] ||= {}
  @_memorized[resource][attr] = value
  value
end

#named_user(login) ⇒ Object



74
75
76
77
78
79
80
81
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 74

def named_user 
  user_params = {
    'admin'   => {'id' => 1, 'login' => 'addie', 'password' => '1234addie', 'email' => '[email protected]',       },
    'oona'    => {          'login' => 'oona',   'password' => '1234oona',  'email' => '[email protected]'},
    'reggie'  => {          'login' => 'reggie', 'password' => 'monkey',    'email' => '[email protected]' },
    }
  user_params[.downcase]
end

#parse_resource_args(resource, attributes = nil) ⇒ Object

Turn a resource name and a to_hash_from_story string like

"attr: 'value', attr2: 'value2', ... , and attrN: 'valueN'"

into

* klass      -- the class matching that Resource
* instance   -- the possibly-preexisting local instance value @resource
* attributes -- a hash matching the given attribute-list string


132
133
134
135
136
137
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 132

def parse_resource_args resource, attributes=nil
  instance   = instantize resource
  klass      = resource.classify.constantize
  attributes = attributes.to_hash_from_story if attributes
  [klass, instance, attributes]
end

#recall_resource_value(resource, attr) ⇒ Object



160
161
162
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 160

def recall_resource_value resource, attr
  @_memorized[resource][attr]
end

#template_for(action, resource) ⇒ Object

turns ‘new’, ‘road bikes’ into ‘road_bikes/new’ note that it’s “action resource”



166
167
168
# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb', line 166

def template_for(action, resource)
  "#{resource.gsub(" ","_")}/#{action}"
end