test_pagure_flask_api_auth.py 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2015 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. from __future__ import unicode_literals, absolute_import
  8. import unittest
  9. import shutil
  10. import sys
  11. import os
  12. import json
  13. from mock import patch
  14. sys.path.insert(
  15. 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
  16. )
  17. import pagure.api
  18. import pagure.lib
  19. import tests
  20. class PagureFlaskApiAuthtests(tests.SimplePagureTest):
  21. """ Tests for the authentication in the flask API of pagure """
  22. def test_auth_no_data(self):
  23. """ Test the authentication when there is nothing in the database.
  24. """
  25. output = self.app.post("/api/0/foo/new_issue")
  26. self.assertEqual(output.status_code, 401)
  27. data = json.loads(output.get_data(as_text=True))
  28. self.assertEqual(
  29. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  30. )
  31. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  32. headers = {"Authorization": "token aabbbccc"}
  33. output = self.app.post("/api/0/foo/new_issue", headers=headers)
  34. self.assertEqual(output.status_code, 401)
  35. data = json.loads(output.get_data(as_text=True))
  36. self.assertEqual(
  37. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  38. )
  39. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  40. def test_auth_noacl(self):
  41. """ Test the authentication when the token does not have any ACL.
  42. """
  43. tests.create_projects(self.session)
  44. tests.create_tokens(self.session)
  45. output = self.app.post("/api/0/test/new_issue")
  46. self.assertEqual(output.status_code, 401)
  47. data = json.loads(output.get_data(as_text=True))
  48. self.assertEqual(
  49. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  50. )
  51. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  52. headers = {"Authorization": "token aaabbbcccddd"}
  53. output = self.app.post("/api/0/test/new_issue", headers=headers)
  54. self.assertEqual(output.status_code, 401)
  55. data = json.loads(output.get_data(as_text=True))
  56. self.assertEqual(
  57. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  58. )
  59. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  60. def test_auth_expired(self):
  61. """ Test the authentication when the token has expired.
  62. """
  63. tests.create_projects(self.session)
  64. tests.create_tokens(self.session)
  65. output = self.app.post("/api/0/test/new_issue")
  66. self.assertEqual(output.status_code, 401)
  67. data = json.loads(output.get_data(as_text=True))
  68. self.assertEqual(
  69. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  70. )
  71. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  72. headers = {"Authorization": "token expired_token"}
  73. output = self.app.post("/api/0/test/new_issue", headers=headers)
  74. self.assertEqual(output.status_code, 401)
  75. data = json.loads(output.get_data(as_text=True))
  76. self.assertEqual(
  77. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  78. )
  79. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  80. def test_auth(self):
  81. """ Test the token based authentication.
  82. """
  83. tests.create_projects(self.session)
  84. tests.create_tokens(self.session)
  85. tests.create_tokens_acl(self.session)
  86. output = self.app.post("/api/0/test/new_issue")
  87. self.assertEqual(output.status_code, 401)
  88. data = json.loads(output.get_data(as_text=True))
  89. self.assertEqual(
  90. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  91. )
  92. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  93. headers = {"Authorization": "token aaabbbcccddd"}
  94. output = self.app.post("/api/0/test/new_issue", headers=headers)
  95. self.assertEqual(output.status_code, 400)
  96. data = json.loads(output.get_data(as_text=True))
  97. self.assertDictEqual(
  98. data,
  99. {
  100. "error": "Invalid or incomplete input submitted",
  101. "error_code": "EINVALIDREQ",
  102. "errors": {
  103. "issue_content": ["This field is required."],
  104. "title": ["This field is required."],
  105. },
  106. },
  107. )
  108. if __name__ == "__main__":
  109. unittest.main(verbosity=2)