Auth test coverage

lib/stackfooter/api_key_registry.ex

@@ -25,8 +25,18 @@ defmodule Stackfooter.ApiKeyRegistry do
     end
   end
 
+  def reset_api_keys(pid) do
+    GenServer.call(pid, :reset)
+  end
+
+  def handle_call(:reset, _from, api_keys) do
+    :ets.delete_all_objects(api_keys)
+    {:reply, :ok, api_keys}
+  end
+
   def handle_call({:add_key, api_key, account}, _from, api_keys) do
     :ets.insert(api_keys, {api_key, account})
+
     {:reply, {:ok, {api_key, account}}, api_keys}
   end
 end

test/controllers/admin_controller_test.exs

@@ -6,6 +6,8 @@ defmodule Stackfooter.AdminControllerTest do
   @non_admin_apikey "KVi7irGjY8ZhYg6B20QU7H6IIbhWmyt0"
 
   setup_all do
+    reset_api_keys()
+
     ApiKeyRegistry.add_key(Stackfooter.ApiKeyRegistry, "KVi7irGjY8ZhYg6B20QU7H6IIbhWmyt0", "rjsamson1234")
 
     :ok
@@ -27,6 +29,8 @@ defmodule Stackfooter.AdminControllerTest do
       Venue.place_order(venue, %{direction: "sell", symbol: "NYC", qty: 7, price: x, account: "admin", orderType: "limit"})
     end)
 
+    ApiKeyRegistry.add_key(Stackfooter.ApiKeyRegistry, "KVi7irGjY8ZhYg6B20QU7H6IIbhWmyt0", "rjsamson1234")
+
     :ok
   end
 

test/controllers/api_controller_test.exs

@@ -1,6 +1,11 @@
 defmodule Stackfooter.ApiControllerTest do
   use Stackfooter.ConnCase
 
+  setup_all do
+    reset_api_keys()
+    :ok
+  end
+
   test "API Heartbeat", %{conn: conn} do
     conn = get(conn, "/ob/api/heartbeat")
     resp = json_response(conn, 200)

test/controllers/console_controller_test.exs

@@ -0,0 +1,29 @@
+defmodule Stackfooter.ConsoleControllerTest do
+  use Stackfooter.ConnCase
+
+  @apikey "4cy7uf63Lw2Sx6652YmLwBKy662weU4q"
+
+  setup config do
+    reset_api_keys()
+
+    if username = config[:login_as] do
+      user = insert_user(username: username, api_keys: [@apikey])
+      conn = assign(build_conn(), :current_user, user)
+
+      {:ok, conn: conn, user: user}
+    else
+      {:ok, conn: build_conn()}
+    end
+  end
+
+  @tag login_as: "rjsamson1234"
+  test "Trade path is authenticated", %{conn: conn, user: _user} do
+    conn = get(conn, "/console")
+    assert html_response(conn, 200) =~ "rjsamson1234"
+  end
+
+  test "Redirects if not authenticated", %{conn: conn} do
+    conn = get(conn, "/console")
+    assert redirected_to(conn) == session_path(conn, :new)
+  end
+end

test/controllers/page_controller_test.exs

@@ -1,6 +1,11 @@
 defmodule Stackfooter.PageControllerTest do
   use Stackfooter.ConnCase
 
+  setup_all do
+    reset_api_keys()
+    :ok
+  end
+
   test "GET /", %{conn: conn} do
     conn = get conn, "/"
     assert html_response(conn, 200) =~ "Stackfooter"

test/controllers/score_controller_test.exs

@@ -6,6 +6,8 @@ defmodule Stackfooter.ScoreControllerTest do
   @non_admin_apikey "KVi7irGjY8ZhYg6B20QU7H6IIbhWmyt0"
 
   setup_all do
+    reset_api_keys()
+
     ApiKeyRegistry.add_key(Stackfooter.ApiKeyRegistry, "KVi7irGjY8ZhYg6B20QU7H6IIbhWmyt0", "rjsamson1234")
 
     {:ok, venue} = VenueRegistry.lookup(Stackfooter.VenueRegistry, "OBEX")

test/controllers/trade_controller_test.exs

@@ -0,0 +1,29 @@
+defmodule Stackfooter.TradeControllerTest do
+  use Stackfooter.ConnCase
+
+  @apikey "4cy7uf63Lw2Sx6652YmLwBKy662weU4q"
+
+  setup config do
+    reset_api_keys()
+
+    if username = config[:login_as] do
+      user = insert_user(username: username, api_keys: [@apikey])
+      conn = assign(build_conn(), :current_user, user)
+
+      {:ok, conn: conn, user: user}
+    else
+      {:ok, conn: build_conn()}
+    end
+  end
+
+  @tag login_as: "rjsamson1234"
+  test "Trade path is authenticated", %{conn: conn, user: _user} do
+    conn = get(conn, "/trade")
+    assert html_response(conn, 200) =~ "rjsamson1234"
+  end
+
+  test "Redirects if not authenticated", %{conn: conn} do
+    conn = get(conn, "/trade")
+    assert redirected_to(conn) == session_path(conn, :new)
+  end
+end

test/controllers/venue_controller_test.exs

@@ -4,6 +4,11 @@ defmodule Stackfooter.VenueControllerTest do
 
   @apikey "4cy7uf63Lw2Sx6652YmLwBKy662weU4q"
 
+  setup_all do
+    reset_api_keys()
+    :ok
+  end
+
   test "returns all open venues" do
     conn = get(build_conn(), "/ob/api/venues/")
     resp = json_response(conn, 200)

test/otp/api_key_registry_test.exs

@@ -3,6 +3,7 @@ defmodule Stackfooter.ApiKeyRegistryTest do
   alias Stackfooter.ApiKeyRegistry
 
   setup do
+    Stackfooter.ApiKeyRegistry.reset_api_keys(Stackfooter.ApiKeyRegistry)
     Stackfooter.ApiKeyRegistry.add_key(Stackfooter.ApiKeyRegistry, "4cy7uf63Lw2Sx6652YmLwBKy662weU4q", "admin")
     Stackfooter.ApiKeyRegistry.add_key(Stackfooter.ApiKeyRegistry, "7eWeGhc8n0va5bjT66C0Vl1fBw2618BJ", "rjsamson")
 
@@ -14,4 +15,11 @@ defmodule Stackfooter.ApiKeyRegistryTest do
 
     assert all_accounts == ["RJSAMSON", "ADMIN"]
   end
+
+  test "resets all API keys" do
+    Stackfooter.ApiKeyRegistry.reset_api_keys(Stackfooter.ApiKeyRegistry)
+    all_accounts = ApiKeyRegistry.all_account_names(ApiKeyRegistry)
+
+    assert all_accounts == []
+  end
 end

test/support/channel_case.ex

@@ -25,7 +25,7 @@ defmodule Stackfooter.ChannelCase do
       import Ecto.Changeset
       import Ecto.Query, only: [from: 1, from: 2]
 
-
+      import Stackfooter.TestHelpers
       # The default endpoint for testing
       @endpoint Stackfooter.Endpoint
     end

test/support/conn_case.ex

@@ -26,6 +26,7 @@ defmodule Stackfooter.ConnCase do
       import Ecto.Query, only: [from: 1, from: 2]
 
       import Stackfooter.Router.Helpers
+      import Stackfooter.TestHelpers
 
       # The default endpoint for testing
       @endpoint Stackfooter.Endpoint
@@ -36,6 +37,7 @@ defmodule Stackfooter.ConnCase do
     # unless tags[:async] do
     #   Ecto.Adapters.SQL.restart_test_transaction(Stackfooter.Repo, [])
     # end
+
     :ok = Ecto.Adapters.SQL.Sandbox.checkout(Stackfooter.Repo)
 
     unless tags[:async] do

test/support/model_case.ex

@@ -22,6 +22,7 @@ defmodule Stackfooter.ModelCase do
       import Ecto.Changeset
       import Ecto.Query, only: [from: 1, from: 2]
       import Stackfooter.ModelCase
+      import Stackfooter.TestHelpers
     end
   end
 

test/support/test_helpers.ex

@@ -1,11 +1,33 @@
 defmodule Stackfooter.TestHelpers do
   def insert_user(attrs \\ %{}) do
+    default_api_key = Application.get_env(:stackfooter, :bootstrap)[:default_api_key]
+    default_account = Application.get_env(:stackfooter, :bootstrap)[:default_account]
+
     params = Dict.merge(%{
-      username: "user#{Base.encode16(:crypto.rand_bytes(8))}",
-      password: "securepassword"
+      username: default_account,
+      password: "securepassword",
+      api_keys: [default_api_key]
       }, attrs)
 
     changeset = Stackfooter.User.changeset(%Stackfooter.User{}, params)
-    Stackfooter.Repo.insert!(changeset)
+    user = Stackfooter.Repo.insert!(changeset)
+
+    api_keys = user.api_keys
+    acct = user.username
+
+    Enum.map(api_keys, fn(key) -> Stackfooter.ApiKeyRegistry.add_key(Stackfooter.ApiKeyRegistry, key, acct) end)
+    user
+  end
+
+  def reset_api_keys do
+    Stackfooter.ApiKeyRegistry.reset_api_keys(Stackfooter.ApiKeyRegistry)
+
+    default_api_key = Application.get_env(:stackfooter, :bootstrap)[:default_api_key]
+    default_account = Application.get_env(:stackfooter, :bootstrap)[:default_account]
+
+    # Default API key(s) to be added on application start.
+    # Add more here, and in config/env.secret.exs
+
+    Stackfooter.ApiKeyRegistry.add_key(Stackfooter.ApiKeyRegistry, default_api_key, default_account)
   end
 end

web/controllers/trade_controller.ex

@@ -7,7 +7,6 @@ defmodule Stackfooter.TradeController do
   def index(conn, _params) do
     username = conn.assigns.current_user.username
     venues = VenueRegistry.all_venue_names(VenueRegistry)
-    IO.inspect venues
     render conn, "index.html", username: username, venues: venues
   end
 end