1
0

test_pagure_flask_api_auth.py 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2015 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. from __future__ import unicode_literals
  8. __requires__ = ['SQLAlchemy >= 0.8']
  9. import pkg_resources
  10. import unittest
  11. import shutil
  12. import sys
  13. import os
  14. import json
  15. from mock import patch
  16. sys.path.insert(0, os.path.join(os.path.dirname(
  17. os.path.abspath(__file__)), '..'))
  18. import pagure.api
  19. import pagure.lib
  20. import tests
  21. class PagureFlaskApiAuthtests(tests.SimplePagureTest):
  22. """ Tests for the authentication in the flask API of pagure """
  23. def test_auth_no_data(self):
  24. """ Test the authentication when there is nothing in the database.
  25. """
  26. output = self.app.post('/api/0/foo/new_issue')
  27. self.assertEqual(output.status_code, 401)
  28. data = json.loads(output.get_data(as_text=True))
  29. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.name,
  30. data['error_code'])
  31. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data['error'])
  32. headers = {'Authorization': 'token aabbbccc'}
  33. output = self.app.post('/api/0/foo/new_issue', headers=headers)
  34. self.assertEqual(output.status_code, 401)
  35. data = json.loads(output.get_data(as_text=True))
  36. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.name,
  37. data['error_code'])
  38. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data['error'])
  39. def test_auth_noacl(self):
  40. """ Test the authentication when the token does not have any ACL.
  41. """
  42. tests.create_projects(self.session)
  43. tests.create_tokens(self.session)
  44. output = self.app.post('/api/0/test/new_issue')
  45. self.assertEqual(output.status_code, 401)
  46. data = json.loads(output.get_data(as_text=True))
  47. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.name,
  48. data['error_code'])
  49. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data['error'])
  50. headers = {'Authorization': 'token aaabbbcccddd'}
  51. output = self.app.post('/api/0/test/new_issue', headers=headers)
  52. self.assertEqual(output.status_code, 401)
  53. data = json.loads(output.get_data(as_text=True))
  54. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.name,
  55. data['error_code'])
  56. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data['error'])
  57. def test_auth_expired(self):
  58. """ Test the authentication when the token has expired.
  59. """
  60. tests.create_projects(self.session)
  61. tests.create_tokens(self.session)
  62. output = self.app.post('/api/0/test/new_issue')
  63. self.assertEqual(output.status_code, 401)
  64. data = json.loads(output.get_data(as_text=True))
  65. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.name,
  66. data['error_code'])
  67. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data['error'])
  68. headers = {'Authorization': 'token expired_token'}
  69. output = self.app.post('/api/0/test/new_issue', headers=headers)
  70. self.assertEqual(output.status_code, 401)
  71. data = json.loads(output.get_data(as_text=True))
  72. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.name,
  73. data['error_code'])
  74. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data['error'])
  75. def test_auth(self):
  76. """ Test the token based authentication.
  77. """
  78. tests.create_projects(self.session)
  79. tests.create_tokens(self.session)
  80. tests.create_tokens_acl(self.session)
  81. output = self.app.post('/api/0/test/new_issue')
  82. self.assertEqual(output.status_code, 401)
  83. data = json.loads(output.get_data(as_text=True))
  84. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.name,
  85. data['error_code'])
  86. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data['error'])
  87. headers = {'Authorization': 'token aaabbbcccddd'}
  88. output = self.app.post('/api/0/test/new_issue', headers=headers)
  89. self.assertEqual(output.status_code, 400)
  90. data = json.loads(output.get_data(as_text=True))
  91. self.assertDictEqual(
  92. data,
  93. {
  94. "error": "Invalid or incomplete input submitted",
  95. "error_code": "EINVALIDREQ",
  96. "errors": {
  97. "issue_content": ["This field is required."],
  98. "title": ["This field is required."]
  99. }
  100. }
  101. )
  102. if __name__ == '__main__':
  103. unittest.main(verbosity=2)