def test_taskrun_anonymous_post(self, guard, mock_request):
"""Test API TaskRun creation and auth for anonymous users"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
task = TaskFactory.create(project=project)
data = dict(
project_id=project.id,
task_id=task.id,
info='my task result')
mock_request.data = json.dumps(data)
# With wrong project_id
mock_request.remote_addr = '127.0.0.0'
data['project_id'] = 100000000000000000
datajson = json.dumps(data)
tmp = self.app.post('/api/taskrun', data=datajson)
err_msg = "This post should fail as the project_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, tmp.data
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid project_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# With wrong task_id
data['project_id'] = task.project_id
data['task_id'] = 100000000000000000000
datajson = json.dumps(data)
tmp = self.app.post('/api/taskrun', data=datajson)
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid task_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# Now with everything fine
data = dict(
project_id=task.project_id,
task_id=task.id,
info='my task result')
datajson = json.dumps(data)
tmp = self.app.post('/api/taskrun', data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
# If the anonymous tries again it should be forbidden
tmp = self.app.post('/api/taskrun', data=datajson)
err_msg = ("Anonymous users should be only allowed to post \
one task_run per task")
assert tmp.status_code == 403, err_msg
def test_taskrun_anonymous_post(self, guard, mock_request):
"""Test API TaskRun creation and auth for anonymous users"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
task = TaskFactory.create(project=project)
data = dict(
project_id=project.id,
task_id=task.id,
info='my task result')
mock_request.data = json.dumps(data)
# With wrong project_id
mock_request.remote_addr = '127.0.0.0'
data['project_id'] = 100000000000000000
datajson = json.dumps(data)
tmp = self.app.post('/api/taskrun', data=datajson)
err_msg = "This post should fail as the project_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, tmp.data
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid project_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# With wrong task_id
data['project_id'] = task.project_id
data['task_id'] = 100000000000000000000
datajson = json.dumps(data)
tmp = self.app.post('/api/taskrun', data=datajson)
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid task_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# Now with everything fine
data = dict(
project_id=task.project_id,
task_id=task.id,
info='my task result')
datajson = json.dumps(data)
tmp = self.app.post('/api/taskrun', data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
# If the anonymous tries again it should be forbidden
tmp = self.app.post('/api/taskrun', data=datajson)
err_msg = ("Anonymous users should be only allowed to post \
one task_run per task")
assert tmp.status_code == 403, err_msg
def test_taskrun_authenticated_post(self, guard):
"""Test API TaskRun creation and auth for authenticated users"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
task = TaskFactory.create(project=project)
data = dict(
project_id=project.id,
task_id=task.id,
info='my task result')
# With wrong project_id
data['project_id'] = 100000000000000000
datajson = json.dumps(data)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
tmp = self.app.post(url, data=datajson)
err_msg = "This post should fail as the project_id is wrong"
err = json.loads(tmp.data)
print err
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid project_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# With wrong task_id
data['project_id'] = task.project_id
data['task_id'] = 100000000000000000000
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson)
err_msg = "This post should fail as the task_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid task_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# Now with everything fine
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result')
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
# If the user tries again it should be forbidden
tmp = self.app.post(url, data=datajson)
assert tmp.status_code == 403, tmp.data
def test_taskrun_authenticated_post(self, guard):
"""Test API TaskRun creation and auth for authenticated users"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
task = TaskFactory.create(project=project)
data = dict(
project_id=project.id,
task_id=task.id,
info='my task result')
# With wrong project_id
data['project_id'] = 100000000000000000
datajson = json.dumps(data)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
tmp = self.app.post(url, data=datajson)
err_msg = "This post should fail as the project_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid project_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# With wrong task_id
data['project_id'] = task.project_id
data['task_id'] = 100000000000000000000
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson)
err_msg = "This post should fail as the task_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid task_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# Now with everything fine
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result')
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
# If the user tries again it should be forbidden
tmp = self.app.post(url, data=datajson)
assert tmp.status_code == 403, tmp.data
def test_post_taskrun_not_creates_result_for_draft_project(self, guard):
"""Test API taskrun post creates a result if project is not published."""
guard.return_value = mock_contributions_guard(True, "a while ago")
project = ProjectFactory.create(published=False)
task = TaskFactory.create(project=project, n_answers=1)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
data = dict(project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result')
datajson = json.dumps(data)
self.app.post(url, data=datajson)
result = result_repo.get_by(project_id=project.id, task_id=task.id)
assert result is None, result
def test_taskrun_created_with_time_it_was_requested_on_creation(
self, guard):
"""Test API taskrun post adds the created timestamp of the moment the task
was requested by the user"""
guard.return_value = mock_contributions_guard(True, "a while ago")
project = ProjectFactory.create()
task = TaskFactory.create(project=project)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
data = dict(project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my result')
datajson = json.dumps(data)
resp = self.app.post(url, data=datajson)
taskrun = task_repo.filter_task_runs_by(task_id=data['task_id'])[0]
assert taskrun.created == "a while ago", taskrun.created
def test_taskrun_is_stored_if_project_is_not_published(self, guard):
"""Test API taskrun post stores the taskrun even if project is not published"""
guard.return_value = mock_contributions_guard(True, "a while ago")
project = ProjectFactory.create(published=False)
task = TaskFactory.create(project=project)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
data = dict(project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my result')
datajson = json.dumps(data)
resp = self.app.post(url, data=datajson)
task_runs = task_repo.filter_task_runs_by(
project_id=data['project_id'])
assert resp.status_code == 200, resp.status_code
assert len(task_runs) == 1, task_runs
assert task_runs[0].info == 'my result', task_runs[0]
def test_taskrun_created_with_time_it_was_requested_on_creation(self, guard):
"""Test API taskrun post adds the created timestamp of the moment the task
was requested by the user"""
guard.return_value = mock_contributions_guard(True, "a while ago")
project = ProjectFactory.create()
task = TaskFactory.create(project=project)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my result')
datajson = json.dumps(data)
resp = self.app.post(url, data=datajson)
taskrun = task_repo.filter_task_runs_by(task_id=data['task_id'])[0]
assert taskrun.created == "a while ago", taskrun.created
def test_taskrun_is_stored_if_project_is_not_published(self, guard):
"""Test API taskrun post stores the taskrun even if project is not published"""
guard.return_value = mock_contributions_guard(True, "a while ago")
project = ProjectFactory.create(published=False)
task = TaskFactory.create(project=project)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my result')
datajson = json.dumps(data)
resp = self.app.post(url, data=datajson)
task_runs = task_repo.filter_task_runs_by(project_id=data['project_id'])
assert resp.status_code == 200, resp.status_code
assert len(task_runs) == 1, task_runs
assert task_runs[0].info == 'my result', task_runs[0]
def test_post_taskrun_not_creates_result_for_draft_project(self, guard):
"""Test API taskrun post creates a result if project is not published."""
guard.return_value = mock_contributions_guard(True, "a while ago")
project = ProjectFactory.create(published=False)
task = TaskFactory.create(project=project, n_answers=1)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result')
datajson = json.dumps(data)
self.app.post(url, data=datajson)
result = result_repo.get_by(project_id=project.id, task_id=task.id)
assert result is not None, result
def test_taskrun_updates_task_state(self, guard, mock_request):
"""Test API TaskRun POST updates task state"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
task = TaskFactory.create(project=project, n_answers=2)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
# Post first taskrun
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result')
datajson = json.dumps(data)
mock_request.data = datajson
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
err_msg = "Task state should be different from completed"
assert task.state == 'ongoing', err_msg
# Post second taskrun
mock_request.remote_addr = '127.0.0.0'
admin = UserFactory.create()
url = '/api/taskrun?api_key=%s' % admin.api_key
data = dict(
project_id=task.project_id,
task_id=task.id,
info='my task result anon')
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
assert r_taskrun['user_ip'] != '127.0.0.0', r_taskrun
err_msg = "Task state should be equal to completed"
assert task.state == 'completed', err_msg
def test_taskrun_updates_task_state(self, guard, mock_request):
"""Test API TaskRun POST updates task state"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
task = TaskFactory.create(project=project, n_answers=2)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
# Post first taskrun
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result')
datajson = json.dumps(data)
mock_request.data = datajson
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
err_msg = "Task state should be different from completed"
assert task.state == 'ongoing', err_msg
# Post second taskrun
mock_request.remote_addr = '127.0.0.0'
url = '/api/taskrun'
data = dict(
project_id=task.project_id,
task_id=task.id,
info='my task result anon')
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
err_msg = "Task state should be equal to completed"
assert task.state == 'completed', err_msg
def test_taskrun_authenticated_external_uid_post(self, guard):
"""Test API TaskRun creation and auth for authenticated external uid"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
url = '/api/auth/project/%s/token' % project.short_name
headers = {'Authorization': project.secret_key}
token = self.app.get(url, headers=headers)
headers['Authorization'] = 'Bearer %s' % token.data
task = TaskFactory.create(project=project)
data = dict(project_id=project.id,
task_id=task.id,
info='my task result',
external_uid='1xa')
# With wrong project_id
data['project_id'] = 100000000000000000
datajson = json.dumps(data)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
tmp = self.app.post(url, data=datajson, headers=headers)
err_msg = "This post should fail as the project_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid project_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# With wrong task_id
data['project_id'] = task.project_id
data['task_id'] = 100000000000000000000
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson, headers=headers)
err_msg = "This post should fail as the task_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid task_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# Now with everything fine
data = dict(project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result',
external_uid='1xa')
datajson = json.dumps(data)
# But without authentication
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 403, r_taskrun
tmp = self.app.post(url, data=datajson, headers=headers)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
# If the user tries again it should be forbidden
tmp = self.app.post(url, data=datajson, headers=headers)
assert tmp.status_code == 403, tmp.data
def test_taskrun_authenticated_external_uid_post(self, guard):
"""Test API TaskRun creation and auth for authenticated external uid"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
url = '/api/auth/project/%s/token' % project.short_name
headers = {'Authorization': project.secret_key}
token = self.app.get(url, headers=headers)
headers['Authorization'] = 'Bearer %s' % token.data
external_uid = 'as2d-4cab-3daf-234a-2344x'
task = TaskFactory.create(project=project)
data = dict(
project_id=project.id,
task_id=task.id,
info='my task result',
external_uid=external_uid)
# With wrong project_id
data['project_id'] = 100000000000000000
datajson = json.dumps(data)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
tmp = self.app.post(url, data=datajson, headers=headers)
err_msg = "This post should fail as the project_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid project_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# With wrong task_id
data['project_id'] = task.project_id
data['task_id'] = 100000000000000000000
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson, headers=headers)
err_msg = "This post should fail as the task_id is wrong"
err = json.loads(tmp.data)
assert tmp.status_code == 403, err_msg
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 403, err_msg
assert err['exception_msg'] == 'Invalid task_id', err_msg
assert err['exception_cls'] == 'Forbidden', err_msg
assert err['target'] == 'taskrun', err_msg
# Now with everything fine
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result',
external_uid=external_uid)
datajson = json.dumps(data)
# But without authentication
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 403, r_taskrun
tmp = self.app.post(url, data=datajson, headers=headers)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
# If the user tries again it should be forbidden
tmp = self.app.post(url, data=datajson, headers=headers)
assert tmp.status_code == 403, tmp.data
