about summary refs log tree commit diff
path: root/spec
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2019-03-18 21:00:55 +0100
committerGitHub <noreply@github.com>2019-03-18 21:00:55 +0100
commit9c4cbdbafb0324ae259e10865b90ed1ed0255bdd (patch)
tree9d1d884fb1753f110683d7ff78912cdf868ec635 /spec
parent42c581c45853cf08f2c9c521d59a2194ef2d9c61 (diff)
Add Keybase integration (#10297)
* create account_identity_proofs table

* add endpoint for keybase to check local proofs

* add async task to update validity and liveness of proofs from keybase

* first pass keybase proof CRUD

* second pass keybase proof creation

* clean up proof list and add badges

* add avatar url to keybase api

* Always highlight the “Identity Proofs” navigation item when interacting with proofs.

* Update translations.

* Add profile URL.

* Reorder proofs.

* Add proofs to bio.

* Update settings/identity_proofs front-end.

* Use `link_to`.

* Only encode query params if they exist.

URLs without params had a trailing `?`.

* Only show live proofs.

* change valid to active in proof list and update liveness before displaying

* minor fixes

* add keybase config at well-known path

* extremely naive feature flagging off the identity proof UI

* fixes for rubocop

* make identity proofs page resilient to potential keybase issues

* normalize i18n

* tweaks for brakeman

* remove two unused translations

* cleanup and add more localizations

* make keybase_contacts an admin setting

* fix ExternalProofService my_domain

* use Addressable::URI in identity proofs

* use active model serializer for keybase proof config

* more cleanup of keybase proof config

* rename proof is_valid and is_live to proof_valid and proof_live

* cleanup

* assorted tweaks for more robust communication with keybase

* Clean up

* Small fixes

* Display verified identity identically to verified links

* Clean up unused CSS

* Add caching for Keybase avatar URLs

* Remove keybase_contacts setting
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/api/proofs_controller_spec.rb96
-rw-r--r--spec/controllers/settings/identity_proofs_controller_spec.rb112
-rw-r--r--spec/controllers/well_known/keybase_proof_config_controller_spec.rb15
-rw-r--r--spec/fabricators/account_identity_proof_fabricator.rb8
-rw-r--r--spec/lib/proof_provider/keybase/verifier_spec.rb82
5 files changed, 313 insertions, 0 deletions
diff --git a/spec/controllers/api/proofs_controller_spec.rb b/spec/controllers/api/proofs_controller_spec.rb
new file mode 100644
index 000000000..dbde4927f
--- /dev/null
+++ b/spec/controllers/api/proofs_controller_spec.rb
@@ -0,0 +1,96 @@
+require 'rails_helper'
+
+describe Api::ProofsController do
+  let(:alice) { Fabricate(:account, username: 'alice') }
+
+  before do
+    stub_request(:get, 'https://keybase.io/_/api/1.0/sig/proof_valid.json?domain=cb6e6126.ngrok.io&kb_username=crypto_alice&sig_hash=111111111111111111111111111111111111111111111111111111111111111111&username=alice').to_return(status: 200, body: '{"proof_valid":true,"proof_live":false}')
+    stub_request(:get, 'https://keybase.io/_/api/1.0/sig/proof_live.json?domain=cb6e6126.ngrok.io&kb_username=crypto_alice&sig_hash=111111111111111111111111111111111111111111111111111111111111111111&username=alice').to_return(status: 200, body: '{"proof_valid":true,"proof_live":true}')
+    stub_request(:get, 'https://keybase.io/_/api/1.0/sig/proof_valid.json?domain=cb6e6126.ngrok.io&kb_username=hidden_alice&sig_hash=222222222222222222222222222222222222222222222222222222222222222222&username=alice').to_return(status: 200, body: '{"proof_valid":true,"proof_live":true}')
+    stub_request(:get, 'https://keybase.io/_/api/1.0/sig/proof_live.json?domain=cb6e6126.ngrok.io&kb_username=hidden_alice&sig_hash=222222222222222222222222222222222222222222222222222222222222222222&username=alice').to_return(status: 200, body: '{"proof_valid":true,"proof_live":true}')
+  end
+
+  describe 'GET #index' do
+    describe 'with a non-existent username' do
+      it '404s' do
+        get :index, params: { username: 'nonexistent', provider: 'keybase' }
+
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+
+    describe 'with a user that has no proofs' do
+      it 'is an empty list of signatures' do
+        get :index, params: { username: alice.username, provider: 'keybase' }
+
+        expect(body_as_json[:signatures]).to eq []
+      end
+    end
+
+    describe 'with a user that has a live, valid proof' do
+      let(:token1) { '111111111111111111111111111111111111111111111111111111111111111111' }
+      let(:kb_name1) { 'crypto_alice' }
+
+      before do
+        Fabricate(:account_identity_proof, account: alice, verified: true, live: true, token: token1, provider_username: kb_name1)
+      end
+
+      it 'is a list with that proof in it' do
+        get :index, params: { username: alice.username, provider: 'keybase' }
+
+        expect(body_as_json[:signatures]).to eq [
+          { kb_username: kb_name1, sig_hash: token1 },
+        ]
+      end
+
+      describe 'add one that is neither live nor valid' do
+        let(:token2) { '222222222222222222222222222222222222222222222222222222222222222222' }
+        let(:kb_name2) { 'hidden_alice' }
+
+        before do
+          Fabricate(:account_identity_proof, account: alice, verified: false, live: false, token: token2, provider_username: kb_name2)
+        end
+
+        it 'is a list with both proofs' do
+          get :index, params: { username: alice.username, provider: 'keybase' }
+
+          expect(body_as_json[:signatures]).to eq [
+            { kb_username: kb_name1, sig_hash: token1 },
+            { kb_username: kb_name2, sig_hash: token2 },
+          ]
+        end
+      end
+    end
+
+    describe 'a user that has an avatar' do
+      let(:alice) { Fabricate(:account, username: 'alice', avatar: attachment_fixture('avatar.gif')) }
+
+      context 'and a proof' do
+        let(:token1) { '111111111111111111111111111111111111111111111111111111111111111111' }
+        let(:kb_name1) { 'crypto_alice' }
+
+        before do
+          Fabricate(:account_identity_proof, account: alice, verified: true, live: true, token: token1, provider_username: kb_name1)
+          get :index, params: { username: alice.username, provider: 'keybase' }
+        end
+
+        it 'has two keys: signatures and avatar' do
+          expect(body_as_json.keys).to match_array [:signatures, :avatar]
+        end
+
+        it 'has the correct signatures' do
+          expect(body_as_json[:signatures]).to eq [
+            { kb_username: kb_name1, sig_hash: token1 },
+          ]
+        end
+
+        it 'has the correct avatar url' do
+          first_part = 'https://cb6e6126.ngrok.io/system/accounts/avatars/'
+          last_part  = 'original/avatar.gif'
+
+          expect(body_as_json[:avatar]).to match /#{Regexp.quote(first_part)}(?:\d{3,5}\/){3}#{Regexp.quote(last_part)}/
+        end
+      end
+    end
+  end
+end
diff --git a/spec/controllers/settings/identity_proofs_controller_spec.rb b/spec/controllers/settings/identity_proofs_controller_spec.rb
new file mode 100644
index 000000000..46af3ccf4
--- /dev/null
+++ b/spec/controllers/settings/identity_proofs_controller_spec.rb
@@ -0,0 +1,112 @@
+require 'rails_helper'
+
+describe Settings::IdentityProofsController do
+  render_views
+
+  let(:user) { Fabricate(:user) }
+  let(:valid_token) { '1'*66 }
+  let(:kbname) { 'kbuser' }
+  let(:provider) { 'keybase' }
+  let(:findable_id) { Faker::Number.number(5) }
+  let(:unfindable_id) { Faker::Number.number(5) }
+  let(:postable_params) do
+    { account_identity_proof: { provider: provider, provider_username: kbname, token: valid_token } }
+  end
+
+  before do
+    allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:status) { { 'proof_valid' => true, 'proof_live' => true } }
+    sign_in user, scope: :user
+  end
+
+  describe 'new proof creation' do
+    context 'GET #new with no existing proofs' do
+      it 'redirects to :index' do
+        get :new
+        expect(response).to redirect_to settings_identity_proofs_path
+      end
+    end
+
+    context 'POST #create' do
+      context 'when saving works' do
+        before do
+          allow(ProofProvider::Keybase::Worker).to receive(:perform_async)
+          allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true }
+          allow_any_instance_of(AccountIdentityProof).to receive(:on_success_path) { root_url }
+        end
+
+        it 'serializes a ProofProvider::Keybase::Worker' do
+          expect(ProofProvider::Keybase::Worker).to receive(:perform_async)
+          post :create, params: postable_params
+        end
+
+        it 'delegates redirection to the proof provider' do
+          expect_any_instance_of(AccountIdentityProof).to receive(:on_success_path)
+          post :create, params: postable_params
+          expect(response).to redirect_to root_url
+        end
+      end
+
+      context 'when saving fails' do
+        before do
+          allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { false }
+        end
+
+        it 'redirects to :index' do
+          post :create, params: postable_params
+          expect(response).to redirect_to settings_identity_proofs_path
+        end
+
+        it 'flashes a helpful message' do
+          post :create, params: postable_params
+          expect(flash[:alert]).to eq I18n.t('identity_proofs.errors.failed', provider: 'Keybase')
+        end
+      end
+
+      context 'it can also do an update if the provider and username match an existing proof' do
+        before do
+          allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true }
+          allow(ProofProvider::Keybase::Worker).to receive(:perform_async)
+          Fabricate(:account_identity_proof, account: user.account, provider: provider, provider_username: kbname)
+          allow_any_instance_of(AccountIdentityProof).to receive(:on_success_path) { root_url }
+        end
+
+        it 'calls update with the new token' do
+          expect_any_instance_of(AccountIdentityProof).to receive(:save) do |proof|
+            expect(proof.token).to eq valid_token
+          end
+
+          post :create, params: postable_params
+        end
+      end
+    end
+  end
+
+  describe 'GET #index' do
+    context 'with no existing proofs' do
+      it 'shows the helpful explanation' do
+        get :index
+        expect(response.body).to match I18n.t('identity_proofs.explanation_html')
+      end
+    end
+
+    context 'with two proofs' do
+      before do
+        allow_any_instance_of(ProofProvider::Keybase::Verifier).to receive(:valid?) { true }
+        @proof1 = Fabricate(:account_identity_proof, account: user.account)
+        @proof2 = Fabricate(:account_identity_proof, account: user.account)
+        allow_any_instance_of(AccountIdentityProof).to receive(:badge) { double(avatar_url: '', profile_url: '', proof_url: '') }
+        allow_any_instance_of(AccountIdentityProof).to receive(:refresh!) { }
+      end
+
+      it 'has the first proof username on the page' do
+        get :index
+        expect(response.body).to match /#{Regexp.quote(@proof1.provider_username)}/
+      end
+
+      it 'has the second proof username on the page' do
+        get :index
+        expect(response.body).to match /#{Regexp.quote(@proof2.provider_username)}/
+      end
+    end
+  end
+end
diff --git a/spec/controllers/well_known/keybase_proof_config_controller_spec.rb b/spec/controllers/well_known/keybase_proof_config_controller_spec.rb
new file mode 100644
index 000000000..9067e676d
--- /dev/null
+++ b/spec/controllers/well_known/keybase_proof_config_controller_spec.rb
@@ -0,0 +1,15 @@
+require 'rails_helper'
+
+describe WellKnown::KeybaseProofConfigController, type: :controller do
+  render_views
+
+  describe 'GET #show' do
+    it 'renders json' do
+      get :show
+
+      expect(response).to have_http_status(200)
+      expect(response.content_type).to eq 'application/json'
+      expect { JSON.parse(response.body) }.not_to raise_exception
+    end
+  end
+end
diff --git a/spec/fabricators/account_identity_proof_fabricator.rb b/spec/fabricators/account_identity_proof_fabricator.rb
new file mode 100644
index 000000000..94f40dfd6
--- /dev/null
+++ b/spec/fabricators/account_identity_proof_fabricator.rb
@@ -0,0 +1,8 @@
+Fabricator(:account_identity_proof) do
+  account
+  provider 'keybase'
+  provider_username { sequence(:provider_username) { |i| "#{Faker::Lorem.characters(15)}" } }
+  token { sequence(:token) { |i| "#{i}#{Faker::Crypto.sha1()*2}"[0..65] } }
+  verified false
+  live false
+end
diff --git a/spec/lib/proof_provider/keybase/verifier_spec.rb b/spec/lib/proof_provider/keybase/verifier_spec.rb
new file mode 100644
index 000000000..4ce67da9c
--- /dev/null
+++ b/spec/lib/proof_provider/keybase/verifier_spec.rb
@@ -0,0 +1,82 @@
+require 'rails_helper'
+
+describe ProofProvider::Keybase::Verifier do
+  let(:my_domain) { Rails.configuration.x.local_domain }
+
+  let(:keybase_proof) do
+    local_proof = AccountIdentityProof.new(
+      provider: 'Keybase',
+      provider_username: 'cryptoalice',
+      token: '11111111111111111111111111'
+    )
+
+    described_class.new('alice', 'cryptoalice', '11111111111111111111111111')
+  end
+
+  let(:query_params) do
+    "domain=#{my_domain}&kb_username=cryptoalice&sig_hash=11111111111111111111111111&username=alice"
+  end
+
+  describe '#valid?' do
+    let(:base_url) { 'https://keybase.io/_/api/1.0/sig/proof_valid.json' }
+
+    context 'when valid' do
+      before do
+        json_response_body = '{"status":{"code":0,"name":"OK"},"proof_valid":true}'
+        stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body)
+      end
+
+      it 'calls out to keybase and returns true' do
+        expect(keybase_proof.valid?).to eq true
+      end
+    end
+
+    context 'when invalid' do
+      before do
+        json_response_body = '{"status":{"code":0,"name":"OK"},"proof_valid":false}'
+        stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body)
+      end
+
+      it 'calls out to keybase and returns false' do
+        expect(keybase_proof.valid?).to eq false
+      end
+    end
+
+    context 'with an unexpected api response' do
+      before do
+        json_response_body = '{"status":{"code":100,"desc":"wrong size hex_id","fields":{"sig_hash":"wrong size hex_id"},"name":"INPUT_ERROR"}}'
+        stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body)
+      end
+
+      it 'swallows the error and returns false' do
+        expect(keybase_proof.valid?).to eq false
+      end
+    end
+  end
+
+  describe '#status' do
+    let(:base_url) { 'https://keybase.io/_/api/1.0/sig/proof_live.json' }
+
+    context 'with a normal response' do
+      before do
+        json_response_body = '{"status":{"code":0,"name":"OK"},"proof_live":false,"proof_valid":true}'
+        stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body)
+      end
+
+      it 'calls out to keybase and returns the status fields as proof_valid and proof_live' do
+        expect(keybase_proof.status).to include({ 'proof_valid' => true, 'proof_live' => false })
+      end
+    end
+
+    context 'with an unexpected keybase response' do
+      before do
+        json_response_body = '{"status":{"code":100,"desc":"missing non-optional field sig_hash","fields":{"sig_hash":"missing non-optional field sig_hash"},"name":"INPUT_ERROR"}}'
+        stub_request(:get, "#{base_url}?#{query_params}").to_return(status: 200, body: json_response_body)
+      end
+
+      it 'raises a ProofProvider::Keybase::UnexpectedResponseError' do
+        expect { keybase_proof.status }.to raise_error ProofProvider::Keybase::UnexpectedResponseError
+      end
+    end
+  end
+end