1
0

test_pagure_flask_api_auth.py 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2015 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. from __future__ import unicode_literals, absolute_import
  8. import unittest
  9. import shutil
  10. import sys
  11. import os
  12. import json
  13. from mock import patch
  14. sys.path.insert(
  15. 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
  16. )
  17. import pagure.api
  18. import pagure.lib
  19. import tests
  20. class PagureFlaskApiAuthtests(tests.SimplePagureTest):
  21. """Tests for the authentication in the flask API of pagure"""
  22. def test_auth_no_data(self):
  23. """Test the authentication when there is nothing in the database."""
  24. output = self.app.post("/api/0/foo/new_issue")
  25. self.assertEqual(output.status_code, 401)
  26. data = json.loads(output.get_data(as_text=True))
  27. self.assertEqual(
  28. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  29. )
  30. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  31. headers = {"Authorization": "token aabbbccc"}
  32. output = self.app.post("/api/0/foo/new_issue", headers=headers)
  33. self.assertEqual(output.status_code, 401)
  34. data = json.loads(output.get_data(as_text=True))
  35. self.assertEqual(
  36. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  37. )
  38. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  39. def test_auth_noacl(self):
  40. """Test the authentication when the token does not have any ACL."""
  41. tests.create_projects(self.session)
  42. tests.create_tokens(self.session)
  43. output = self.app.post("/api/0/test/new_issue")
  44. self.assertEqual(output.status_code, 401)
  45. data = json.loads(output.get_data(as_text=True))
  46. self.assertEqual(
  47. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  48. )
  49. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  50. headers = {"Authorization": "token aaabbbcccddd"}
  51. output = self.app.post("/api/0/test/new_issue", headers=headers)
  52. self.assertEqual(output.status_code, 401)
  53. data = json.loads(output.get_data(as_text=True))
  54. self.assertEqual(
  55. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  56. )
  57. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  58. def test_auth_expired(self):
  59. """Test the authentication when the token has expired."""
  60. tests.create_projects(self.session)
  61. tests.create_tokens(self.session)
  62. output = self.app.post("/api/0/test/new_issue")
  63. self.assertEqual(output.status_code, 401)
  64. data = json.loads(output.get_data(as_text=True))
  65. self.assertEqual(
  66. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  67. )
  68. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  69. headers = {"Authorization": "token expired_token"}
  70. output = self.app.post("/api/0/test/new_issue", headers=headers)
  71. self.assertEqual(output.status_code, 401)
  72. data = json.loads(output.get_data(as_text=True))
  73. self.assertEqual(
  74. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  75. )
  76. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  77. def test_auth(self):
  78. """Test the token based authentication."""
  79. tests.create_projects(self.session)
  80. tests.create_tokens(self.session)
  81. tests.create_tokens_acl(self.session)
  82. output = self.app.post("/api/0/test/new_issue")
  83. self.assertEqual(output.status_code, 401)
  84. data = json.loads(output.get_data(as_text=True))
  85. self.assertEqual(
  86. pagure.api.APIERROR.EINVALIDTOK.name, data["error_code"]
  87. )
  88. self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])
  89. headers = {"Authorization": "token aaabbbcccddd"}
  90. output = self.app.post("/api/0/test/new_issue", headers=headers)
  91. self.assertEqual(output.status_code, 400)
  92. data = json.loads(output.get_data(as_text=True))
  93. self.assertDictEqual(
  94. data,
  95. {
  96. "error": "Invalid or incomplete input submitted",
  97. "error_code": "EINVALIDREQ",
  98. "errors": {
  99. "issue_content": ["This field is required."],
  100. "title": ["This field is required."],
  101. },
  102. },
  103. )
  104. if __name__ == "__main__":
  105. unittest.main(verbosity=2)