From 70693d9b90fbc5d060901144bfa1e36450474fe7 Mon Sep 17 00:00:00 2001
From: Rudis Muiznieks <rudis@sitosis.com>
Date: Sat, 18 Jul 2020 17:28:42 -0500
Subject: [PATCH] added signed plan and verification tests

---
 test/run.sh                 | 47 ++++++++++++++++++++++++++++++++++---
 test/signed-create.json     |  1 +
 test/signed-verify-bad.json |  1 +
 test/signed-verify.json     |  1 +
 4 files changed, 47 insertions(+), 3 deletions(-)
 create mode 100644 test/signed-create.json
 create mode 100644 test/signed-verify-bad.json
 create mode 100644 test/signed-verify.json

diff --git a/test/run.sh b/test/run.sh
index fee7f0f..86070b5 100755
--- a/test/run.sh
+++ b/test/run.sh
@@ -106,13 +106,13 @@ curl_test 'Register a new user' 200 'application/json' -XPOST -d "$REQ_DATA" loc
 
 curl_test 'Rate limit registrations' 429 'application/json' -XPOST -d "$REQ_DATA" localhost:$PORT/users/$TEST_USER
 
-token=$(echo "select pw_token from users where email='$TEST_USER'" | sqlite3 "$BASEDIR/data/test.db")
+pw_token=$(echo "select pw_token from users where email='$TEST_USER'" | sqlite3 "$BASEDIR/data/test.db")
 
 curl_test 'Reject bad verification token' 400 'text/html' localhost:$PORT/users/$TEST_USER?token=thisiswrong
 
-curl_test 'Reject bad verification email' 404 'text/html' localhost:$PORT/users/testuser@exmapl3.com?token=$token
+curl_test 'Reject bad verification email' 404 'text/html' localhost:$PORT/users/testuser@exmapl3.com?token=$pw_token
 
-curl_test 'Verify email address' 200 'text/html' localhost:$PORT/users/$TEST_USER?token=$token
+curl_test 'Verify email address' 200 'text/html' localhost:$PORT/users/$TEST_USER?token=$pw_token
 
 curl_test 'Reject incorrect email' 401 'application/json' -u testuser@exampl3.com:test1234 localhost:$PORT/token
 
@@ -165,6 +165,47 @@ curl_test 'Check missing plan in html using querystring' 404 'text/html' localho
 
 curl_test 'Check missing plan in text by omitting accept' 404 'text/plain' localhost:$PORT/plan/testuser@exampl3.com
 
+curl_test 'Delete authentication token' 200 'application/json' -u $TEST_USER:test1234 -XDELETE localhost:$PORT/token
+
+curl_test 'Reject deleted authentication token' 401 'application/json' -XPUT -d "{\"plan\":\"this should fail\",\"auth\":\"$token\"}" localhost:$PORT/plan/$TEST_USER
+
+curl_test 'Get new authentication token' 200 'application/json' -u $TEST_USER:test1234 localhost:$PORT/token
+
+token=$(echo "$TEST_CONTENT" | jq -r '.token')
+
+curl_test 'Accept new authentication token' 200 'application/json' -XPUT -d "{\"plan\":\"this should not fail\",\"auth\":\"$token\"}" localhost:$PORT/plan/$TEST_USER
+
+curl_test 'Generate password reset token' 200 'text/html' localhost:$PORT/users/$TEST_USER/pwtoken
+
+pw_token=$(echo "select pw_token from users where email='$TEST_USER'" | sqlite3 "$BASEDIR/data/test.db")
+
+curl_test 'Reject invalid password reset token' 400 'application/json' -XPUT -d "{\"password\":\"newpassword\",\"pwtoken\":\"thisiswrong\"}" localhost:$PORT/users/$TEST_USER
+
+curl_test 'Reset password' 200 'application/json' -XPUT -d "{\"password\":\"newpassword\",\"pwtoken\":\"$pw_token\"}" localhost:$PORT/users/$TEST_USER
+
+curl_test 'Reject authentication token after password reset' 401 'application/json' -XPUT -d "{\"plan\":\"this should fail\",\"auth\":\"$token\"}" localhost:$PORT/plan/$TEST_USER
+
+curl_test 'Reject old password' 401 'application/json' -u $TEST_USER:test1234 localhost:$PORT/token
+
+curl_test 'Get authentication token with new password' 200 'application/json' -u $TEST_USER:newpassword localhost:$PORT/token
+
+token=$(echo "$TEST_CONTENT" | jq -r '.token')
+
+export TEST_EXPORTED_TOKEN=$token
+put_data=$(cat "$BASEDIR/signed-create.json" | envsubst)
+curl_test 'Create signed plan' 200 'application/json' -XPUT -d "$put_data" localhost:$PORT/plan/$TEST_USER
+
+post_data=$(<"$BASEDIR/signed-verify-bad.json")
+curl_test 'Fail to verify with bad pubkey' 200 'application/json' -XPOST -d "$post_data" localhost:$PORT/verify/$TEST_USER \
+  && assert_equal_jq '.verified' 0 \
+  && assert_equal_jq '.plan' 'null'
+
+post_data=$(<"$BASEDIR/signed-verify.json")
+curl_test 'Verify signed plan' 200 'application/json' -XPOST -d "$post_data" localhost:$PORT/verify/$TEST_USER \
+  && assert_equal_jq '.verified' 1 \
+  && assert_equal_jq '.plan' 'this is a plan
+that is signed'
+
 ###############
 # Test Teardown
 ###############
diff --git a/test/signed-create.json b/test/signed-create.json
new file mode 100644
index 0000000..98788e6
--- /dev/null
+++ b/test/signed-create.json
@@ -0,0 +1 @@
+{"plan":"this is a plan\nthat is signed\n","signature":"-----BEGIN PGP SIGNATURE-----\n\niQEzBAABCAAdFiEELxP8NJfva+suNmdu5BI4x54LZboFAl8TcMcACgkQ5BI4x54L\nZbofjgf/dwX1WmH9M8jLVddofR00QxFQUL9buOhkfOkk+yQ6ofIgONxoaF6rYPmd\nW5dRHqqcaVSZ4eowSpnUv+k1vNYW+qtuiiiBo+Yjqq+L0RINCUCQYtx1hNmhpruR\nmyUcfYz7BFMgbltmnnrmVtK4UzsiYpuQHWZIIprh6BmJ9QV747Km8iwlD3TwgEsh\nyMFVvToZuaYTXJhiQ5QzafpFFGoxfZ+v4FqVBs8ahXRvQojIB7Dvc6rl/dfjBMS6\nRWQCZ9+YZt0UsdIE5fEdsqDilXQZqT4rO3UJNy6crZGEvENy7UchQOgf/DIMTR2h\nZ7i5n0DPGi87YJSrgxyO4AxQ7OqzFg==\n=pUCT\n-----END PGP SIGNATURE-----","auth":"${TEST_EXPORTED_TOKEN}"}
diff --git a/test/signed-verify-bad.json b/test/signed-verify-bad.json
new file mode 100644
index 0000000..5754918
--- /dev/null
+++ b/test/signed-verify-bad.json
@@ -0,0 +1 @@
+{"pubkey":"-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQENBFxAsoUBCACo1b9nS1nUcMKohKMTeqItFeXGPdyfVOT5+mwgWfb3DRnIjUOd\nQ7ds2FAMAImEGorWRmqIDgp1tuUnkMk14vp6QK61dzvBgQhIzsAHDSzkrqc1PANp\nWaVAjrmZsAcHL54xGx46RzG7g9Xlbz4FdxhLZsUKycPaLR11/B9aA0LfFjpXKJpF\nQD0a+4PLOS4End/ANsVcSpTkmYP73e0WtwAjuT3v0OPG8OPEGgni/Vz0boH5M2Ab\nrQQJZuQvs7CCK+GRzedMwhySCVgfoWR01DmGcR5lg7Ib/XGPSTM9Sw7qWbFJenJM\n478kzm/mDkvNtZcS+FvGzv6LN7p/54M2qJ+DABEBAAG0I1J1ZGlzIE11aXpuaWVr\ncyA8cnVkaXNAc2l0b3Npcy5jb20+iQFOBBMBCAA4FiEEEgvnEVx6xhqlqyFXyr8v\nhu94hPkFAlxAsoUCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQyr8vhu94\nhPn8hAf9HdpQ1MUMvOmEDWX9rBT/xPVQROVBvt5vfPdVgIgwB3ZbfRkGvNdFZFqg\nbGGszYyHDtaRd4LtZ83tejtHTTgz52P0OVWL2Fvx5yUY3/BZHmWMMgVENXw21NN0\nbNHPmO4HJzpXDCQFX4KYNntQJo1a7xuZTsnxQwN4JuQGubO5I4tNddVtD09f+3wA\nPDUGJblukoLuYVIk95DcpbUzT178KAShfevZjwPd3jhSFtqIvODmyQba2lSlcm0J\nTnTcwUJlFWujvNyP6Ejh1vCaGCJVxLJO+2ZrVPiQuVuzUs6S2fH4j+g5NvEMzJOT\nEcv4+A+g3lX9OxHcHkng+jigPVP8Q7kBDQRcQLKFAQgAwAEfbWUefsF2eTK1R3X7\nd9LuagIZq64ZZjOB6wp5zqzxjvyeckFMeNCHC4sqnCkLg02z3EHQKZ06OmerqZq+\n7N44b+hzr0QsmYS8syJEyEtrQ6K1ZGifWmLP48NuVnkAw1J8ptPBaSEcu/sAV1+J\nrxHzbm1lCAhW9BhPFAxyUo/s8EZvqSQM+lbIqSoMKFvTPMuSKq1T5Cn4QOYasZLs\nHIEK4OaTZATQaKNO2vGM0uyRt3fHgOkLRcRIJplOPGjkafrPxF9rvHO9oY+IZ7kU\n5Nwyhz0Q6Q6IwU5PdoHcnbhvvr4mXmEydsNSa18qfRcQdtCoOui+l0XfBnHwCwWR\njwARAQABiQE2BBgBCAAgFiEEEgvnEVx6xhqlqyFXyr8vhu94hPkFAlxAsoUCGwwA\nCgkQyr8vhu94hPm9cAf9GzauKsYP3PqwUYZyWM7ZkHBK7l5FhIJAmMDBmZdUZS3v\nrrPVLIguFAeS8udcgsUAQP56DbVKr7YgyZ9bd2H8rXVjpngUGl52r8pypzFG6/lV\nLx54t20e+IhSmYOS/Tqg8G49VXitV9A4qaRmDg1ZuO8RUs/ROkuv5Goa95dD2Dej\nj+hTjYq9cgwcA0L15EtJ+EIn/Bt+dzWesSWvdQVV3v9CXLzCqWu/uwzNuUFGB9I4\nQZWPu+OscxtYqMxKPCEzErnteIs5D4YKzMCjwvGMIt+SJ6ZV9Ns4hFI7LTPtzWnE\n5FRIZCq2o3JkIu/JyUGQrKl3e2f2toxATgmjw5xAwA==\n=LEyI\n-----END PGP PUBLIC KEY BLOCK-----"}
diff --git a/test/signed-verify.json b/test/signed-verify.json
new file mode 100644
index 0000000..836ae8c
--- /dev/null
+++ b/test/signed-verify.json
@@ -0,0 +1 @@
+{"pubkey":"-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQENBF8TaycBCADdvPY8mzLaMfSabcTyZVSO3cVZbojLMGfUCifGTB0K33AUSuRJ\nIQ/UPjonjGYkbqoQMC31XII0pPTt8WNeqHwaCaU83TMvIFz7c4HouB9prkdAGkSa\nn8yGq0Gr87/0eyWRkNvsoiJ8yU6kzYSjPEe3Tw8QFiTY2z4YvYBctmkAtI/NpYTd\n5oBizFhrsZtLcUxqjLqDaeQpcPxjEwqY4lIAiTS6aOhL8ziXxBYm2gx0DTEz261Z\nXNx0+SSYYi9RaiGwp96RXPMdAe4WBPm9i00GL86xJ+Gh5oCSd7zlz3qJovXcrZA7\njby/qcezaTVO9aoU0q+IqQUC4UQuiYurBgnrABEBAAG0KGRvdHBsYW4gb25saW5l\nIDxuby1yZXBseUBkb3RwbGFuLm9ubGluZT6JAVQEEwEIAD4WIQQvE/w0l+9r6y42\nZ27kEjjHngtlugUCXxNrJwIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX\ngAAKCRDkEjjHngtlujcNCADdbqUDZ/sFPDIK6V0oDdRYGAfFCiFtAm0hiQ3p6UC9\ngRhvxnWh4X38o5Z3ghBTpd4GOVsdD0C7WA3UvS/Or11Or6GPwM5O077RaL04cvNG\n2aB3QOSNTqoElyuaUfRx6B6HYcvMTpgCcHvYyDCPuwt1msEWYJLWR4o0SwuCekzR\nDZjuu9fEt+1b4Xfa38x2LPET4Udz8875kftmPWPkQkY9msWDqTknxcav+RSYMvlG\nCARNV/B17sNbCnNVVstF7vVDRabKC8NEgWgpPyd8qya5lniN8TkfMMICU1OxqrsB\n/GBWV4fchyU1rmheDzAlBG3Cc2DfBlRMBtvIfoUvlVyOuQENBF8TaycBCADKEzdy\nZrtwNobQqNhLQuIovpAWAZ0fcVE1ZLEHEAjcnZM4lP+psmhXrcc1BABaW5z54fNU\nnDYovFgQA8YSklNd6XuIah+EVHl9PkMUCjcWV6Izs5ExjuGXdI5XisNWpY1le+n2\nKnMwVKta+UsQ1+omEfDR0AKpAZT3G4xIEx/C4LQIBc1XCAkV1Fflha6x2JFJt6jZ\ncwoWmbLtHK8maWdv09sNkTU4+vxLGiQkJbeYuUWlh2cHysMO1OAoc8zjlK+xFK09\nmm3OayMNg1LgRRrJ8AEwftfDtz2UKIq1YdFGcPGbp8IGJHPSM0VIhGewg6qZluXl\nLXcrq+vHfDEtlrhlABEBAAGJATwEGAEIACYWIQQvE/w0l+9r6y42Z27kEjjHngtl\nugUCXxNrJwIbDAUJA8JnAAAKCRDkEjjHngtlurzoB/sGZxpT9QA0tbDETAtExU9F\nYR6Yqho19FUdMlmKk7pGEJMnCFdcLoDn7o0F1OD8UvpFXVofzd6bHqCXyvQS22Pf\n2BrKHL+4UqN5ETppy4NzV3bXifOJGAbR3JFX8P2zS1opvsa69te/dSiTdwjcOd4E\nhwAiL5H1lyiEczL0w+Pyes7qfAye7IEOGcgXtmlQL/7SAzmBZLcADt/6UPYRT8b4\nCfGqL2mXhwMp9euXmTA/I47Y6tf8PNQupqHWvYjTH8OOXazsLUqgLDKzjH7t5mdD\nFecCDS4CtC6xPm1rGQyikS3UCKR96RTiacP7BTqnAQUk9ZYO38/lDSwf8hSOsM2R\n=neJG\n-----END PGP PUBLIC KEY BLOCK-----"}