Merge pull request 'Add custom LDAP attributes to schema' (#181) from feature/custom_ldap_attributes into master

Reviewed-on: #181 Reviewed-by: greg <greg@noreply.kosmos.org>
2024-03-19 14:46:44 +00:00
parent 095747e89b 43c57c128f
commit 51a3cb60ec
24 changed files with 317 additions and 117 deletions
--- a/spec/requests/settings_spec.rb
+++ b/spec/requests/settings_spec.rb
@@ -2,14 +2,23 @@ require 'rails_helper'

 RSpec.describe "Settings", type: :request do
  let(:user) { create :user, cn: 'mark', ou: 'kosmos.org' }
+  let(:other_user) { create :user, id: 2, cn: 'markymark', ou: 'kosmos.org', email: 'markymark@interscope.com' }

  before do
    login_as user, :scope => :user
+
+    allow_any_instance_of(User).to receive(:dn)
+      .and_return("cn=#{user.cn},ou=kosmos.org,cn=users,dc=kosmos,dc=org")
+    allow_any_instance_of(User).to receive(:nostr_pubkey).and_return(nil)
+
+    allow(LdapManager::FetchUserByNostrKey).to receive(:call).with(
+      pubkey: "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"
+    ).and_return(nil)
  end

-  describe "GET /settings/experiments" do
+  describe "GET /settings/nostr" do
    it "works" do
-      get setting_path(:experiments)
+      get setting_path(:nostr)
      expect(response).to have_http_status(200)
    end
  end
@@ -22,6 +31,11 @@ RSpec.describe "Settings", type: :request do

    context "With valid data" do
      before do
+        expect(LdapManager::UpdateNostrKey).to receive(:call).with(
+          dn: "cn=mark,ou=kosmos.org,cn=users,dc=kosmos,dc=org",
+          pubkey: "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"
+        ).and_return(0)
+
        post set_nostr_pubkey_settings_path, params: {
          signed_event: {
            id: "84f266bbd784551aaa9e35cb0aceb4ee59182a1dab9ab279d9e40dd56ecbbdd3",
@@ -41,41 +55,17 @@ RSpec.describe "Settings", type: :request do
        expect(response).to have_http_status(200)
      end

-      it "saves the pubkey" do
-        expect(user.nostr_pubkey).to eq("07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3")
+      it "informs the user about the success" do
+        expect(flash[:success]).to eq("Public key verification successful")
      end
    end

-    context "With wrong username" do
+    context "With key already in use by someone else" do
      before do
-        post set_nostr_pubkey_settings_path, params: {
-          signed_event: {
-            id: "2e1e20ee762d6a5b5b30835eda9ca03146e4baf82490e53fd75794c08de08ac0",
-            pubkey: "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3",
-            created_at: 1678255391,
-            kind: 1,
-            content: "Connect my public key to admin@kosmos.org (confirmation rMjWEmvcvtTlQkMd)",
-            sig: "2ace19c9db892ac6383848721a3e08b13d90d689fdeac60d9633a623d3f08eb7e0d468f1b3e928d1ea979477c2ec46ee6cdb2d053ef2e4ed3c0630a51d249029"
-          }
-        }.to_json, headers: {
-          "CONTENT_TYPE" => "application/json",
-          "HTTP_ACCEPT" => "application/json"
-        }
-      end
-
-      it "returns a 422 status" do
-        expect(response).to have_http_status(422)
-      end
-
-      it "does not save the pubkey" do
-        expect(user.nostr_pubkey).to be_nil
-      end
-    end
-
-    context "With wrong shared secret" do
-      before do
-        session_stub = { shared_secret: "ho-chi-minh" }
-        allow_any_instance_of(SettingsController).to receive(:session).and_return(session_stub)
+        expect(LdapManager::FetchUserByNostrKey).to receive(:call).with(
+          pubkey: "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"
+        ).and_return(other_user)
+        expect(LdapManager::UpdateNostrKey).not_to receive(:call)

        post set_nostr_pubkey_settings_path, params: {
          signed_event: {
@@ -96,8 +86,67 @@ RSpec.describe "Settings", type: :request do
        expect(response).to have_http_status(422)
      end

-      it "does not save the pubkey" do
-        expect(user.nostr_pubkey).to be_nil
+      it "informs the user about the failure" do
+        expect(flash[:alert]).to eq("Public key already in use for a different account")
+      end
+    end
+
+    context "With wrong username" do
+      before do
+        expect(LdapManager::UpdateNostrKey).not_to receive(:call)
+
+        post set_nostr_pubkey_settings_path, params: {
+          signed_event: {
+            id: "2e1e20ee762d6a5b5b30835eda9ca03146e4baf82490e53fd75794c08de08ac0",
+            pubkey: "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3",
+            created_at: 1678255391,
+            kind: 1,
+            content: "Connect my public key to admin@kosmos.org (confirmation rMjWEmvcvtTlQkMd)",
+            sig: "2ace19c9db892ac6383848721a3e08b13d90d689fdeac60d9633a623d3f08eb7e0d468f1b3e928d1ea979477c2ec46ee6cdb2d053ef2e4ed3c0630a51d249029"
+          }
+        }.to_json, headers: {
+          "CONTENT_TYPE" => "application/json",
+          "HTTP_ACCEPT" => "application/json"
+        }
+      end
+
+      it "returns a 422 status" do
+        expect(response).to have_http_status(422)
+      end
+
+      it "informs the user about the failure" do
+        expect(flash[:alert]).to eq("Public key could not be verified")
+      end
+    end
+
+    context "With wrong shared secret" do
+      before do
+        session_stub = { shared_secret: "ho-chi-minh" }
+        allow_any_instance_of(SettingsController).to receive(:session).and_return(session_stub)
+
+        expect(LdapManager::UpdateNostrKey).not_to receive(:call)
+
+        post set_nostr_pubkey_settings_path, params: {
+          signed_event: {
+            id: "84f266bbd784551aaa9e35cb0aceb4ee59182a1dab9ab279d9e40dd56ecbbdd3",
+            pubkey: "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3",
+            created_at: 1678254161,
+            kind: 1,
+            content: "Connect my public key to mark@kosmos.org (confirmation rMjWEmvcvtTlQkMd)",
+            sig: "96796d420547d6e2c7be5de82a2ce7a48be99aac6415464a6081859ac1a9017305accc0228c630466a57d45ec1c3b456376eb538b76dfdaa2397e3258be02fdd"
+          }
+        }.to_json, headers: {
+          "CONTENT_TYPE" => "application/json",
+          "HTTP_ACCEPT" => "application/json"
+        }
+      end
+
+      it "returns a 422 status" do
+        expect(response).to have_http_status(422)
+      end
+
+      it "informs the user about the failure" do
+        expect(flash[:alert]).to eq("Public key could not be verified")
      end
    end
  end
--- a/spec/requests/well_known_spec.rb
+++ b/spec/requests/well_known_spec.rb
@@ -19,6 +19,11 @@ RSpec.describe "Well-known URLs", type: :request do
    context "user does not have a nostr pubkey configured" do
      let(:user) { create :user, cn: 'spongebob', ou: 'kosmos.org' }

+      before do
+        allow_any_instance_of(User).to receive(:ldap_entry)
+          .and_return({ nostr_key: nil })
+      end
+
      it "returns a 404 status" do
        get "/.well-known/nostr.json?name=spongebob"
        expect(response).to have_http_status(:not_found)
@@ -26,8 +31,12 @@ RSpec.describe "Well-known URLs", type: :request do
    end

    context "user with nostr pubkey" do
-      let(:user) { create :user, cn: 'bobdylan', ou: 'kosmos.org', nostr_pubkey: '438d35a6750d0dd6b75d032af8a768aad76b62f0c70ecb45f9c4d9e63540f7f4' }
-      before { user.save! }
+      let(:user) { create :user, cn: 'bobdylan', ou: 'kosmos.org' }
+      before do
+        user.save!
+        allow_any_instance_of(User).to receive(:nostr_pubkey)
+          .and_return('438d35a6750d0dd6b75d032af8a768aad76b62f0c70ecb45f9c4d9e63540f7f4')
+      end

      it "returns a NIP-05 response" do
        get "/.well-known/nostr.json?name=bobdylan"