From 80051a53b3e5fdf2e7d37b9f419ef9eb5771f40f Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Mon, 7 May 2018 16:53:04 +0200
Subject: [PATCH] checks on private directories

---
 spec/docker_image/image_spec.rb     |  4 +++
 spec/docker_runtime/runtime_spec.rb | 40 +++++++++++++++++++++++++++--
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/spec/docker_image/image_spec.rb b/spec/docker_image/image_spec.rb
index 7964b14..175a2f1 100644
--- a/spec/docker_image/image_spec.rb
+++ b/spec/docker_image/image_spec.rb
@@ -89,6 +89,10 @@ describe 'Dockerfile' do
     it 'has the correct permissions' do
       expect(file(site_conf)).to be_owned_by 'root'
     end
+
+    it 'points to the correct root folder' do
+      expect(file(site_conf).content).to match 'root /var/www/passbolt/webroot'
+    end
   end
 
   describe 'ports exposed' do
diff --git a/spec/docker_runtime/runtime_spec.rb b/spec/docker_runtime/runtime_spec.rb
index f9e7b2f..6ca046b 100644
--- a/spec/docker_runtime/runtime_spec.rb
+++ b/spec/docker_runtime/runtime_spec.rb
@@ -30,6 +30,7 @@ describe 'passbolt_api service' do
         'DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt',
         'DATASOURCES_DEFAULT_USERNAME=passbolt',
         'DATASOURCES_DEFAULT_DATABASE=passbolt',
+        'PASSBOLT_SSL_FORCE=true'
       ],
       'Image' => @image.id)
     @container.start
@@ -44,8 +45,12 @@ describe 'passbolt_api service' do
     @container.kill
   end
 
-  let(:http_path) { "/healthcheck/status.json" }
-  let(:healthcheck) { 'curl -s -o /dev/null -w "%{http_code}" http://localhost/healthcheck/status.json' }
+  let(:healthcheck)       { 'curl -sk -o /dev/null -w "%{http_code}" -H "Host: passbolt.local" https://localhost/healthcheck/status.json' }
+  let(:serverkey)         { 'curl -sk -o /dev/null -w "%{http_code}" -H "Host: passbolt.local" https://localhost/config/gpg/serverkey.asc' }
+  let(:serverkey_private) { 'curl -sk -o /dev/null -w "%{http_code}" -H "Host: passbolt.local" https://localhost/config/gpg/serverkey_private.asc' }
+  let(:tmp)               { 'curl -sk -o /dev/null -w "%{http_code}" -H "Host: passbolt.local" https://localhost/tmp/cache/database/empty' }
+  let(:logs)              { 'curl -sk -o /dev/null -w "%{http_code}" -H "Host: passbolt.local" https://localhost/logs/error.log' }
+  let(:conf_app)          { 'curl -sk -o /dev/null -w "%{http_code}" -H "Host: passbolt.local" https://localhost/conf/app.php' }
 
   describe 'php service' do
     it 'is running supervised' do
@@ -82,4 +87,35 @@ describe 'passbolt_api service' do
       expect(command(healthcheck).stdout).to eq '200'
     end
   end
+
+  describe 'passbolt serverkey unaccessible' do
+    it 'returns 404' do
+      expect(command(serverkey).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt serverkey private unaccessible' do
+    it 'returns 404' do
+      expect(command(serverkey_private).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt tmp folder is unaccessible' do
+    it 'returns 404' do
+      expect(command(tmp).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt conf files can not be retrieved' do
+    it 'returns 404' do
+      expect(command(conf_app).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt error log folder is unaccessible' do
+    it 'returns 404' do
+      expect(command(logs).stdout).to eq '404'
+    end
+  end
+
 end