# -*- coding: utf-8 -*- """ (c) 2015 - Copyright Red Hat Inc Authors: Pierre-Yves Chibon """ from __future__ import unicode_literals, absolute_import import unittest import shutil import sys import os import json from mock import patch sys.path.insert( 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..") ) import pagure.api import pagure.lib import tests class PagureFlaskApiAuthtests(tests.SimplePagureTest): """ Tests for the authentication in the flask API of pagure """ def test_auth_no_data(self): """ Test the authentication when there is nothing in the database. """ output = self.app.post("/api/0/foo/new_issue") self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertEqual( pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"] ) self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"]) headers = {"Authorization": "token aabbbccc"} output = self.app.post("/api/0/foo/new_issue", headers=headers) self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertEqual( pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"] ) self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"]) def test_auth_noacl(self): """ Test the authentication when the token does not have any ACL. """ tests.create_projects(self.session) tests.create_tokens(self.session) output = self.app.post("/api/0/test/new_issue") self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertEqual( pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"] ) self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"]) headers = {"Authorization": "token aaabbbcccddd"} output = self.app.post("/api/0/test/new_issue", headers=headers) self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertEqual( pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"] ) self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"]) def test_auth_expired(self): """ Test the authentication when the token has expired. """ tests.create_projects(self.session) tests.create_tokens(self.session) output = self.app.post("/api/0/test/new_issue") self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertEqual( pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"] ) self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"]) headers = {"Authorization": "token expired_token"} output = self.app.post("/api/0/test/new_issue", headers=headers) self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertEqual( pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"] ) self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"]) def test_auth(self): """ Test the token based authentication. """ tests.create_projects(self.session) tests.create_tokens(self.session) tests.create_tokens_acl(self.session) output = self.app.post("/api/0/test/new_issue") self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertEqual( pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"] ) self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"]) headers = {"Authorization": "token aaabbbcccddd"} output = self.app.post("/api/0/test/new_issue", headers=headers) self.assertEqual(output.status_code, 400) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual( data, { "error": "Invalid or incomplete input submitted", "error_code": "EINVALIDREQ", "errors": { "issue_content": ["This field is required."], "title": ["This field is required."], }, }, ) if __name__ == "__main__": unittest.main(verbosity=2)