Top Level Namespace

Extended by:

Cucumber::Formatter::ANSIColor

Includes:

AuthenticatedTestHelper, StoryGenerator

Defined Under Namespace

Modules: ActionView, ApplicationHelper, AuthenticatedSystem, AuthenticatedTestHelper, Authentication, Authorization, CalendarDateSelect, Factory, Faker, InPlaceEditing, InPlaceMacrosHelper, IterationsHelper, NavigationHelpers, OutcomesHelper, PreconditionsHelper, Rails, ReleasesHelper, SessionsHelper, StoriesHelper, StoryGenerator, ToFooFromStory, Trustification, UsersHelper Classes: AddActivationFieldsToUser, AddAuthorIdToStory, AddDefaultAdminUser, AddIsAdminPropertyToUser, AddSlugToStories, AddStateToUser, AddStatusToStory, AddTitleToStories, ApplicationController, ApplicationHelperTest, AuthenticatedGenerator, Branston, BrowsingTest, Client, ClientTest, CreateIterations, CreateOutcomes, CreateParticipations, CreatePreconditions, CreateReleases, CreateScenarios, CreateStories, CreateUsers, InPlaceEditingTest, Iteration, IterationTest, IterationsController, IterationsControllerTest, IterationsHelperTest, Outcome, OutcomeTest, OutcomesController, OutcomesControllerTest, OutcomesHelperTest, Participation, ParticipationTest, Precondition, PreconditionTest, PreconditionsController, PreconditionsControllerTest, PreconditionsHelperTest, Release, ReleaseTest, ReleasesController, ReleasesControllerTest, ReleasesHelperTest, RemoveIsAdminPropertyAndAddRoleInstead, Scenario, ScenarioTest, ScenariosController, ScenariosControllerTest, SessionsController, SessionsControllerTest, SetDefaultUserStateToActive, SetDefaultUserStateToPending, StoriesController, StoriesControllerTest, StoriesHelperTest, Story, StoryGeneratorTest, StoryTest, String, User, UserTest, UsersController, UsersControllerTest

Constant Summary

RAILS_ROOT =

Don’t change this file! Configure your app in config/environment.rb and config/environments/*.rb

"#{File.dirname(__FILE__)}/.."

BRANSTON_HOME =

Dir.pwd + '/.branston'

PORT =

3970

FEATURE_PATH =

Use SQL instead of Active Record’s schema dumper when creating the test database. This is necessary if your schema can’t be completely dumped by the schema dumper, like if you have constraints or database-specific column types config.active_record.schema_format = :sql

'test/features/'

REST_AUTH_SITE_KEY =

A Site key gives additional protection against a dictionary attack if your DB is ever compromised. With no site key, we store

DB_password = hash(user_password, DB_user_salt)

If your database were to be compromised you’d be vulnerable to a dictionary attack on all your stupid users’ passwords. With a site key, we store

DB_password = hash(user_password, DB_user_salt, Code_site_key)

That means an attacker needs access to both your site’s code and its database to mount an “offline dictionary attack.”:www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/web-authentication.html

It’s probably of minor importance, but recommended by best practices: ‘defense in depth’. Needless to say, if you upload this to github or the youtubes or otherwise place it in public view you’ll kinda defeat the point. Your users’ passwords are still secure, and the world won’t end, but defense_in_depth -= 1.

Please note: if you change this, all the passwords will be invalidated, so DO keep it someplace secure. Use the random value given or type in the lyrics to your favorite Jay-Z song or something; any moderately long, unpredictable text.

'<%= $rest_auth_site_key_from_generator %>'

REST_AUTH_DIGEST_STRETCHES =

Repeated applications of the hash make brute force (even with a compromised database and site key) harder, and scale with Moore’s law.

bq. "To squeeze the most security out of a limited-entropy password or
passphrase, we can use two techniques [salting and stretching]... that are
so simple and obvious that they should be used in every password system.
There is really no excuse not to use them." http://tinyurl.com/37lb73
Practical Security (Ferguson & Scheier) p350

A modest 10 foldings (the default here) adds 3ms. This makes brute forcing 10 times harder, while reducing an app that otherwise serves 100 reqs/s to 78 signin reqs/s, an app that does 10reqs/s to 9.7 reqs/s

More:

• www.owasp.org/index.php/Hashing_Java

• “An Illustrated Guide to Cryptographic Hashes”:www.unixwiz.net/techtips/iguide-crypto-hashes.html

'<%= $rest_auth_digest_stretches_from_generator %>'

RE_User =

%r{(?:(?:the )? *(\w+) *)}

RE_User_TYPE =

%r{(?: *(\w+)? *)}

RE_POLITENESS =

/(?:please|sorry|thank(?:s| you))/i

RE_PRETTY_RESOURCE =

/the (index|show|new|create|edit|update|destroy) (\w+) (page|form)/i

RE_THE_FOO_PAGE =

/the '?([^']*)'? (page|form)/i

RE_QUOTED_PATH =

/^'([^']*)'$/i

Constants included from StoryGenerator

StoryGenerator::ALPHABET

Instance Method Summary

• #create_user(user_params = {}) ⇒ Object
• #create_user!(user_type, user_params) ⇒ Object
• #dump_response ⇒ Object

  Spew response onto screen – painful but scrolling >> debugger.

• #find_resource(resource, conditions) ⇒ Object

  Given a class name ‘resource’ and a hash of conditsion, find a model.

• #grok_path(path) ⇒ Object
• #have_flash(notice, *args) ⇒ Object
• #instantize(string) ⇒ Object
• #keep_instance!(resource, object) ⇒ Object

  Keep the object around in a local instance variable @resource.

• #log_in_user(user_params = nil) ⇒ Object
• #log_in_user!(*args) ⇒ Object
• #log_out ⇒ Object

  User account actions.

• #log_out! ⇒ Object
• #memorize_forget_all! ⇒ Object
• #memorize_resource_value(resource, attr) ⇒ Object

  Simple, brittle, useful: store the given resource’s attribute so we can compare it later.

• #named_user(login) ⇒ Object
• #parse_resource_args(resource, attributes = nil) ⇒ Object

  Turn a resource name and a to_hash_from_story string like “attr: ‘value’, attr2: ‘value2’, …

• #recall_resource_value(resource, attr) ⇒ Object
• #template_for(action, resource) ⇒ Object

  turns ‘new’, ‘road bikes’ into ‘road_bikes/new’ note that it’s “action resource”.

Methods included from AuthenticatedTestHelper

#authorize_as, #login_as

Methods included from StoryGenerator

#feature_filename, #generate, #step_filename

Instance Method Details

#create_user(user_params = {}) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 102

def create_user(user_params={})
  @user_params       ||= user_params
  post "/users", :user => user_params
  @user = User.find_by_login(user_params['login'])
end

#create_user!(user_type, user_params) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 108

def create_user!(user_type, user_params)
  user_params['password_confirmation'] ||= user_params['password'] ||= user_params['password']
  create_user user_params
  response.should redirect_to('/')
  follow_redirect!

end

#dump_response ⇒ Object

Spew response onto screen – painful but scrolling >> debugger

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/rest_auth_features_helper.rb', line 70

def dump_response
  # note that @request and @template won't to_yaml and that @session includes @cgi
  response_methods = response.instance_variables         - ['@request', '@template', '@cgi']
  request_methods  = response.request.instance_variables - ['@session_options_with_string_keys', '@cgi', '@session']
  response_methods.map!{|attr| attr.gsub(/^@/,'')}.sort!
  request_methods.map!{ |attr| attr.gsub(/^@/,'')}.sort!
  puts '', '*' * 75,
    response.instance_values.slice(*response_methods).to_yaml,
    "*" * 75, '',
    response.request.instance_values.slice(*request_methods).to_yaml,
    "*" * 75, ''
end

#find_resource(resource, conditions) ⇒ Object

Given a class name ‘resource’ and a hash of conditsion, find a model

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 142

def find_resource resource, conditions
  klass, instance = parse_resource_args resource
  conditions = conditions.to_hash_from_story unless (conditions.is_a? Hash)
  klass.find(:first, :conditions => conditions)
end

#grok_path(path) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb', line 152

def grok_path path
  path.gsub(/\s+again$/,'') # strip trailing ' again'
  case
  when path == 'the home page'    then dest = '/'
  when path =~ RE_PRETTY_RESOURCE then dest = template_for $1, $2
  when path =~ RE_THE_FOO_PAGE    then dest = $1
  when path =~ RE_QUOTED_PATH     then dest = $1
  else                                 dest = path
  end
  dest
end

#have_flash(notice, *args) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb', line 145

def have_flash notice, *args
  have_tag("div.#{notice}", *args)
end

#instantize(string) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/rest_auth_features_helper.rb', line 63

def instantize(string)
  instance_variable_get("@#{string}")
end

#keep_instance!(resource, object) ⇒ Object

Keep the object around in a local instance variable @resource.

So, for instance,

klass, instance = parse_resource_args 'user'
instance = klass.new({login => 'me', password => 'monkey', ...})
keep_instance! resource, instance

keeps the just-constructed User model in the @user instance variable.

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 176

def keep_instance! resource, object
  instance_variable_set("@#{resource}", object)
end

#log_in_user(user_params = nil) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 118

def log_in_user user_params=nil
  @user_params ||= user_params
  user_params  ||= @user_params
  post "/session", user_params
  @user = User.find_by_login(user_params['login'])
  controller.current_user
end

#log_in_user!(*args) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 126

def log_in_user! *args
  log_in_user *args
  response.should redirect_to('/')
  follow_redirect!
  response.should have_flash("notice", /Logged in successfully/)
end

#log_out ⇒ Object

User account actions.

The ! methods are ‘just get the job done’. It’s true, they do some testing of their own – thus un-DRY’ing tests that do and should live in the user account stories – but the repetition is ultimately important so that a faulty test setup fails early.

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 92

def log_out
  get '/sessions/destroy'
end

#log_out! ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 96

def log_out!
  log_out
  response.should redirect_to('/')
  follow_redirect!
end

#memorize_forget_all! ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 163

def memorize_forget_all!
  @_memorized = {}
end

#memorize_resource_value(resource, attr) ⇒ Object

Simple, brittle, useful: store the given resource’s attribute so we can compare it later.

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 152

def memorize_resource_value resource, attr
  klass, instance = parse_resource_args resource
  value = instance.send(attr)
  @_memorized ||= {}
  @_memorized[resource] ||= {}
  @_memorized[resource][attr] = value
  value
end

#named_user(login) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/user_steps.rb', line 74

def named_user login
  user_params = {
    'admin'   => {'id' => 1, 'login' => 'addie', 'password' => '1234addie', 'email' => 'admin@example.com',       },
    'oona'    => {          'login' => 'oona',   'password' => '1234oona',  'email' => 'unactivated@example.com'},
    'reggie'  => {          'login' => 'reggie', 'password' => 'monkey',    'email' => 'registered@example.com' },
    }
  user_params[login.downcase]
end

#parse_resource_args(resource, attributes = nil) ⇒ Object

Turn a resource name and a to_hash_from_story string like

"attr: 'value', attr2: 'value2', ... , and attrN: 'valueN'"

into

* klass      -- the class matching that Resource
* instance   -- the possibly-preexisting local instance value @resource
* attributes -- a hash matching the given attribute-list string

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 132

def parse_resource_args resource, attributes=nil
  instance   = instantize resource
  klass      = resource.classify.constantize
  attributes = attributes.to_hash_from_story if attributes
  [klass, instance, attributes]
end

#recall_resource_value(resource, attr) ⇒ Object

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_resource_steps.rb', line 160

def recall_resource_value resource, attr
  @_memorized[resource][attr]
end

#template_for(action, resource) ⇒ Object

turns ‘new’, ‘road bikes’ into ‘road_bikes/new’ note that it’s “action resource”

# File 'lib/branston/vendor/plugins/restful_authentication/generators/authenticated/templates/features/step_definitions/ra_response_steps.rb', line 166

def template_for(action, resource)
  "#{resource.gsub(" ","_")}/#{action}"
end