68 lines
2.0 KiB
Nix
68 lines
2.0 KiB
Nix
|
{ pkgs, ... }:
|
||
|
{
|
||
|
name = "rmfakecloud";
|
||
|
meta = with pkgs.lib.maintainers; {
|
||
|
maintainers = [ martinetd ];
|
||
|
};
|
||
|
|
||
|
nodes.machine = {
|
||
|
services.rmfakecloud = {
|
||
|
enable = true;
|
||
|
storageUrl = "https://local.appspot.com";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
testScript = ''
|
||
|
machine.wait_for_unit("rmfakecloud.service")
|
||
|
machine.wait_for_open_port(3000)
|
||
|
|
||
|
# first login creates user
|
||
|
login_token = machine.succeed("""
|
||
|
curl -sSf -b cookie -c cookie -H "Content-Type: application/json" \
|
||
|
-d'{"email":"test","password":"test"}' -X POST \
|
||
|
http://localhost:3000/ui/api/login
|
||
|
""")
|
||
|
|
||
|
# subsequent different pass or mail should fail, but same login works
|
||
|
machine.fail("""
|
||
|
curl -sSf -H "Content-Type: application/json" \
|
||
|
-d'{"email":"test","password":"test2"}' -X POST \
|
||
|
http://localhost:3000/ui/api/login
|
||
|
""")
|
||
|
machine.fail("""
|
||
|
curl -sSf -H "Content-Type: application/json" \
|
||
|
-d'{"email":"test2","password":"test"}' -X POST
|
||
|
http://localhost:3000/ui/api/login
|
||
|
""")
|
||
|
machine.succeed("""
|
||
|
curl -sSf -H "Content-Type: application/json" \
|
||
|
-d'{"email":"test","password":"test"}' -X POST \
|
||
|
http://localhost:3000/ui/api/login
|
||
|
""")
|
||
|
|
||
|
# can get code from cookie or bearer
|
||
|
machine.succeed("""
|
||
|
curl -sSf -b cookie -c cookie http://localhost:3000/ui/api/newcode
|
||
|
""")
|
||
|
newcode = machine.succeed(f"""
|
||
|
curl -sSf -H "Authorization: Bearer {login_token}" \
|
||
|
http://localhost:3000/ui/api/newcode
|
||
|
""").strip('"')
|
||
|
|
||
|
# ... but not junk
|
||
|
machine.fail(f"""
|
||
|
curl -sSf -H "Authorization: Bearer abc{login_token}" \
|
||
|
http://localhost:3000/ui/api/newcode
|
||
|
""")
|
||
|
|
||
|
# can connect "device" with said code
|
||
|
machine.succeed(f"""
|
||
|
curl -sSf -d '{{"code":"{newcode}", "deviceDesc": "desc", "deviceID":"rm100-123"}}' \
|
||
|
http://localhost:3000/token/json/2/device/new
|
||
|
""")
|
||
|
|
||
|
# for future improvements
|
||
|
machine.log(machine.execute("systemd-analyze security rmfakecloud.service")[1])
|
||
|
'';
|
||
|
}
|