def test_post_resource_auth(self): # Ticket #231. # Test that user restricted access works fine if there's no global # level auth, which is set at resource level instead. # no global auth. app = Eve(settings=self.settings_file) # set auth at resource level instead. resource_def = app.config['DOMAIN'][self.url] resource_def['authentication'] = ValidBasicAuth() resource_def['auth_field'] = 'username' # post with valid auth - must store the document with the correct # auth_field. r = app.test_client().post(self.url, data=self.data, headers=self.valid_auth, content_type='application/json') _, status = self.parse_response(r) # Verify that we can retrieve the same document data, status = self.parse_response( app.test_client().get(self.url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(len(data['_items']), 1) self.assertEqual(data['_items'][0]['ref'], json.loads(self.data)['ref'])
class ApiInstance(object): """ AIMS api instance factory """ def __init__(self): try: self.redis = StrictRedis.from_url(environ.get('REDIS_URI', 'redis://*****:*****@mongo:27017/apidemo')) )
def get_instance(cls, settings=EVE_CONFIG, debug=DEBUG): """ Configure and run bot instance. """ app = Eve(settings=settings) app.debug = debug return app
def run(): DIR = os.path.dirname(__file__) host = os.environ.get('HOST', '127.0.0.1') port = int(os.environ.get('PORT', '5000')) app = Eve(data=SQLAlchemy, auth=TokenAuth, settings='{0}/settings.py'.format(DIR)) db = app.data.driver Base.metadata.bind = db.engine db.Model = Base db.create_all() app.run(host=host, port=port, use_reloader=False)
def setUpClass(cls): SETTINGS['DOMAIN'] = {'eve-mongoengine':{}} app = Eve(settings=SETTINGS) app.debug = True ext = EveMongoengine(app) ext.add_model([SimpleDoc, ComplexDoc, LimitedDoc, FieldsDoc, NonStructuredDoc, Inherited, HawkeyDoc]) cls.ext = ext cls.client = app.test_client() cls.app = app
def main(): app = Eve(auth=None, settings=SETTINGS, validator=ValidatorSQL, data=SQL) # bind SQLAlchemy db = app.data.driver Base.metadata.bind = db.engine db.Model = Base db.create_all() app.run(host='0.0.0.0', debug=True, use_reloader=True)
def get_app(config=None): """ App factory. :param dict config: configuration that can override config from `settings.py` :return: a new SuperdeskEve app instance """ app_config = flask.Config('.') # get content api default conf app_config.from_object('content_api.app.settings') # set some required fields app_config.update({'DOMAIN': {}, 'SOURCES': {}}) try: # override from settings module, but only things defined in default config import settings as server_settings for key in dir(server_settings): if key.isupper() and key in app_config: app_config[key] = getattr(server_settings, key) except ImportError: pass # if exists if config: app_config.update(config) media_storage = SuperdeskGridFSMediaStorage if app_config.get('AMAZON_CONTAINER_NAME'): from superdesk.storage.amazon.amazon_media_storage import AmazonMediaStorage media_storage = AmazonMediaStorage app = Eve( auth=SubscriberTokenAuth, settings=app_config, data=SuperdeskDataLayer, media=media_storage, json_encoder=MongoJSONEncoder, validator=SuperdeskValidator ) _set_error_handlers(app) for module_name in app.config.get('CONTENTAPI_INSTALLED_APPS', []): app_module = importlib.import_module(module_name) try: app_module.init_app(app) except AttributeError: pass app.sentry = SuperdeskSentry(app) return app
def run_daemon(self): app = Eve() app.on_get += general_callback app.on_post_joke += post_joke_callback file_handler = FileHandler('/tmp/funny_jokes_eve_server.log') file_handler.setLevel(logging.INFO) formatter = Formatter( '%(asctime)s %(levelname)s: %(message)s ' '[in %(pathname)s:%(lineno)d]') file_handler.setFormatter(formatter) app.logger.addHandler(file_handler) app.run(host='localhost', port=8888) app.logger.warning("Test Loggin")
def app(): # preapre the mongodb database connection = MongoClient(MONGO_HOST, MONGO_PORT) connection.drop_database(MONGO_DBNAME) # build the Eve App using the settings where the locations # schema is configured directory = os.path.dirname(os.path.realpath(__file__)) settings_file = os.path.join(directory, 'settings.py') app = Eve(settings=settings_file) # save the url url = app.config['DOMAIN']['locations']['url'] # save a instance of test_client app.client = app.test_client() # treeify the resource treeify(app, "locations", 'name') # create a minimal tree node # World # + Europe # + Andorra world, status_code = post( app.client, url, {'name': 'World', 'parent': None}) europe = { 'name': 'Europe', 'parent': world["_id"] } response, _ = post(app.client, url, europe) europe.update(response) andorra = { 'name': 'Andorra', 'parent': europe["_id"] } response, _ = post(app.client, url, andorra) andorra.update(response) # return all that we need Fixture = namedtuple("Fixture", "app client url world europe andorra") return Fixture( app=app, client=app.client, url=url, world=world, europe=europe, andorra=andorra)
class TestBaseMinimal(TestCase): def setUp(self): settings_path = os.path.join(os.path.dirname( os.path.realpath(__file__)), 'testsettings.py') self.headers = {'Content-Type': 'application/json'} self.setupDB() self.apiapp = Eve(settings=settings_path) self.everh = EveRestHooks(self.apiapp) self.local_client = self.apiapp.test_client() def setupDB(self): self.connection = MongoClient(MONGO_HOST, MONGO_PORT) self.connection.drop_database(MONGO_DBNAME) if MONGO_USERNAME: self.connection[MONGO_DBNAME].add_user(MONGO_USERNAME, MONGO_PASSWORD) def bulk_insert(self): pass def dropDB(self): self.connection = MongoClient(MONGO_HOST, MONGO_PORT) self.connection.drop_database(MONGO_DBNAME) self.connection.close()
def create_app(): """ Create an Eve Flask api application """ dirname = os.path.dirname(os.path.realpath(__file__)) app = Eve( auth=RolesAuth, settings=get_config(), static_url_path='', static_folder= dirname + '/static' ) app.add_url_rule('/', 'index', index) return app
def setUp(self): super(TestHMACAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidHMACAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'admin:secret'), self.content_type] self.setUpRoles()
def test_resource_only_auth(self): # no auth at the API level self.app = Eve(settings=self.settings_file) self.test_client = self.app.test_client() # explicit auth for just one resource self.app.config['DOMAIN']['contacts']['authentication'] = \ ValidBasicAuth() self.app.config['DOMAIN']['empty']['authentication'] = ValidTokenAuth() self.app.set_defaults() basic_auth = [('Authorization', 'Basic YWRtaW46c2VjcmV0')] token_auth = [('Authorization', 'Basic dGVzdF90b2tlbjo=')] # 'contacts' endpoints are protected r = self.test_client.get(self.known_resource_url) self.assert401(r.status_code) r = self.test_client.get(self.item_id_url) self.assert401(r.status_code) # both with BasicAuth. _, status = self.parse_response( self.test_client.get(self.known_resource_url, headers=basic_auth)) self.assert200(status) _, status = self.parse_response( self.test_client.get(self.item_id_url, headers=basic_auth)) self.assert200(status) # 'empty' resource endpoint is also protected r = self.test_client.get(self.empty_resource_url) self.assert401(r.status_code) # but with TokenAuth r = self.test_client.get(self.empty_resource_url, headers=token_auth) self.assert200(r.status_code) # other resources are not protected r = self.test_client.get(self.readonly_resource_url) self.assert200(r.status_code)
def initialize(self, debug=False, subcommand='run'): self.log.setLevel(debug) self.get_settings_from_ini() self.settings['DOMAIN'] = register_models() self.settings['RESOURCE_METHODS'] = ['GET', 'POST', 'DELETE'] self.settings['ITEM_METHODS'] = ['GET', 'PATCH', 'PUT', 'DELETE'] self.settings['XML'] = False self.settings['X_DOMAINS'] = '*' self.settings['X_HEADERS'] = ( 'Authorization, If-Match,' ' X-HTTP-Method-Override, Content-Type' ) self.settings['PAGINATION_LIMIT'] = 200 self.settings['MONGO_HOST'] = 'localhost' self.settings['MONGO_PORT'] = 27017 # self.settings['MONGO_USERNAME'] = '******' # self.settings['MONGO_PASSWORD'] = '******' self.settings['MONGO_DBNAME'] = 'alignak-backend' self.app = Eve( settings=self.settings ) Bootstrap(self.app) self.app.register_blueprint(eve_docs, url_prefix='/docs') self.log.debug(pformat(self.app.settings)) self.app.debug = debug
def setUp(self): super(TestTokenAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidTokenAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'Basic dGVzdF90b2tlbjo='), self.content_type] self.setUpRoles()
def setUp(self): self.setupDB() self.settings_file = 'eve/tests/test_settings.py' self.app = Eve(settings=self.settings_file) self.test_client = self.app.test_client() self.domain = self.app.config['DOMAIN'] self.known_resource = 'contacts' self.known_resource_url = ('/%s/' % self.domain[self.known_resource]['url']) self.empty_resource = 'empty' self.empty_resource_url = '/%s/' % self.empty_resource self.unknown_resource = 'unknown' self.unknown_resource_url = '/%s/' % self.unknown_resource self.unknown_item_id = '4f46445fc88e201858000000' self.unknown_item_name = 'unknown' self.unknown_item_id_url = ('/%s/%s/' % (self.domain[self.known_resource]['url'], self.unknown_item_id)) self.unknown_item_name_url = ('/%s/%s/' % (self.domain[self.known_resource]['url'], self.unknown_item_name)) self.readonly_resource = 'payments' self.readonly_resource_url = ( '/%s/' % self.domain[self.readonly_resource]['url']) self.different_resource = 'users' self.different_resource_url = ('/%s/' % self.domain[ self.different_resource]['url'])
class TestHMACAuth(TestBasicAuth): def setUp(self): super(TestHMACAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidHMACAuth) self.test_client = self.app.test_client() self.valid_auth = [("Authorization", "admin:secret"), self.content_type] self.valid_media_auth = [ ("Authorization", "admin:secret"), ("Content-Type", "multipart/form-data"), ] self.setUpRoles() def test_custom_auth(self): self.assertTrue(isinstance(self.app.auth, ValidHMACAuth)) def test_bad_auth_class(self): self.app = Eve(settings=self.settings_file, auth=BadHMACAuth) self.test_client = self.app.test_client() r = self.test_client.get("/", headers=self.valid_auth) # will fail because check_auth() is not implemented in the custom class self.assert500(r.status_code) def test_rfc2617_response(self): r = self.test_client.get("/") self.assert401(r.status_code) def test_post_resource_hmac_auth(self): # Test that user restricted access works with HMAC auth. resource_def = self.app.config["DOMAIN"]["restricted"] resource_def["auth_field"] = "username" url = resource_def["url"] data = {"ref": "0123456789123456789012345"} r = self.app.test_client().post( url, data=json.dumps(data), headers=self.valid_auth, content_type="application/json", ) # Verify that we can retrieve the same document r, status = self.parse_response( self.app.test_client().get(url, headers=self.valid_auth) ) self.assert200(status) self.assertEqual(len(r["_items"]), 1) self.assertEqual(r["_items"][0]["ref"], data["ref"])
def setUp(self): """ Prepare the test fixture """ self.setupDB() super(TestMinimal, self).setUp() self.app = Eve(settings='settings.py', auth=run.Auth) self.test_client = self.app.test_client() self.domain = self.app.config['DOMAIN']
def get_app(config=None): """ App factory. :param dict config: configuration that can override config from `settings.py` :return: a new SuperdeskEve app instance """ if config is None: config = {} config.setdefault('SOURCES', {}) config['APP_ABSPATH'] = os.path.dirname(os.path.abspath(os.path.dirname(__file__))) for key in dir(settings): if key.isupper(): config.setdefault(key, getattr(settings, key)) media_storage = SuperdeskGridFSMediaStorage if config.get('AMAZON_CONTAINER_NAME'): from superdesk.storage.amazon.amazon_media_storage import AmazonMediaStorage media_storage = AmazonMediaStorage app = Eve( auth=BearerAuth, settings=config, data=SuperdeskDataLayer, media=media_storage, json_encoder=MongoJSONEncoder, validator=SuperdeskValidator ) superdesk.app = app _set_error_handlers(app) app.mail = Mail(app) if config.get('REDIS_URL'): app.redis = StrictRedis.from_url(config['REDIS_URL'], 0) for module_name in app.config['INSTALLED_APPS']: app_module = importlib.import_module(module_name) try: app_module.init_app(app) except AttributeError: pass for resource in config['DOMAIN']: app.register_resource(resource, config['DOMAIN'][resource]) for blueprint in superdesk.BLUEPRINTS: prefix = app.api_prefix or None app.register_blueprint(blueprint, url_prefix=prefix) app.sentry = sentry sentry.init_app(app) return app
def setUp(self): super(TestHMACAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidHMACAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'admin:secret'), self.content_type] self.valid_media_auth = [('Authorization', 'admin:secret'), ('Content-Type', 'multipart/form-data')] self.setUpRoles()
class TestTokenAuth(TestBasicAuth): def setUp(self): super(TestTokenAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidTokenAuth) self.test_client = self.app.test_client() self.valid_auth = [("Authorization", "Basic dGVzdF90b2tlbjo=")] def test_custom_auth(self): self.assertEqual(type(self.app.auth), ValidTokenAuth)
def test_put_resource_auth(self): # no global auth. self.app = Eve(settings=self.settings_file) # set auth at resource level instead. resource_def = self.app.config['DOMAIN'][self.url] resource_def['authentication'] = ValidBasicAuth resource_def['auth_field'] = 'username' # post r = self.app.test_client().post(self.url, data=self.data, headers=self.valid_auth, content_type='application/json') data, status = self.parse_response(r) # retrieve document metadata url = '%s/%s' % (self.url, data['_id']) response = self.app.test_client().get(url, headers=self.valid_auth) etag = response.headers['ETag'] new_ref = "9999999999999999999999999" changes = json.dumps({"ref": new_ref}) # put headers = [('If-Match', etag), self.valid_auth[0]] response, status = self.parse_response( self.app.test_client().put(url, data=json.dumps(changes), headers=headers, content_type='application/json')) self.assert200(status) etag = '"%s"' % response['_etag'] # document still accessible with same auth data, status = self.parse_response( self.app.test_client().get(url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(data['ref'], new_ref) # put on same item with different auth fails original_auth_val = resource_def['authentication'].request_auth_value resource_def['authentication'].request_auth_value = 'alt' alt_auth = ('Authorization', 'Basic YWx0OnNlY3JldA==') alt_changes = {"ref": "1111111111111111111111111"} headers = [('If-Match', etag), alt_auth] response, status = self.parse_response( self.app.test_client().put(url, data=json.dumps(alt_changes), headers=headers, content_type='application/json')) self.assert403(status) # document still accessible with original auth resource_def['authentication'].request_auth_value = original_auth_val data, status = self.parse_response( self.app.test_client().get(url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(data['ref'], new_ref)
def setUp(self): super(TestBasicAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidBasicAuth) self.test_client = self.app.test_client() self.valid_auth = [("Authorization", "Basic YWRtaW46c2VjcmV0")] self.invalid_auth = [("Authorization", "Basic IDontThinkSo")] for resource, schema in self.app.config["DOMAIN"].items(): schema["allowed_roles"] = ["admin"] schema["allowed_item_roles"] = ["admin"] self.app.set_defaults()
def setUp(self): super(TestHMACAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidHMACAuth) self.test_client = self.app.test_client() self.valid_auth = [("Authorization", "admin:secret"), self.content_type] self.valid_media_auth = [ ("Authorization", "admin:secret"), ("Content-Type", "multipart/form-data"), ] self.setUpRoles()
def setUp(self): # set up eve self.app = Eve(settings=settings) self.app.config['TESTING'] = True StatsD(self.app) self.test_client = self.app.test_client() # set up statsd mock self.server = StatsdMockServer() self.server.start()
def setUp(self): super(TestUserRestrictedAccess, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidBasicAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'Basic YWRtaW46c2VjcmV0')] self.invalid_auth = [('Authorization', 'Basic IDontThinkSo')] self.field_name = 'auth_username_field' self.data = {'item1': json.dumps({"ref": "0123456789123456789012345"})} for resource, schema in self.app.config['DOMAIN'].items(): schema[self.field_name] = 'username'
class TestTokenAuth(TestBasicAuth): def setUp(self): super(TestTokenAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidTokenAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'Basic dGVzdF90b2tlbjo='), self.content_type] def test_custom_auth(self): self.assertTrue(isinstance(self.app.auth, ValidTokenAuth))
def setUp(self): super(TestBasicAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidBasicAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'Basic YWRtaW46c2VjcmV0')] self.invalid_auth = [('Authorization', 'Basic IDontThinkSo')] for resource, schema in self.app.config['DOMAIN'].items(): schema['allowed_roles'] = ['admin'] schema['allowed_item_roles'] = ['admin'] self.app.set_defaults()
class TestBase(unittest.TestCase): def setUp(self): # set up eve self.app = Eve(settings=settings) self.app.config['TESTING'] = True StatsD(self.app) self.test_client = self.app.test_client() # set up statsd mock self.server = StatsdMockServer() self.server.start() def tearDown(self): # Hook self.server.stop() del self.server super(TestBase, self).tearDown() def test_counter(self): r = self.test_client.get('/foo') # let's check statsd mock self.assertEqual(r.status_code, 200) self.server.wait('foo.counter.get', 1) self.server.wait('foo.counter.all', 1) data = list(self.server.metrics['foo.counter.get']) self.assertEqual(len(data), 1) self.assertEqual(data[0]['value'], '1') self.assertEqual(data[0]['type'], 'counter') data = list(self.server.metrics['foo.counter.all']) self.assertEqual(len(data), 1) self.assertEqual(data[0]['value'], '1') self.assertEqual(data[0]['type'], 'counter') self.test_client.get('/foo') self.server.wait('foo.counter.get', 2) data = list(self.server.metrics['foo.counter.get']) self.assertEqual(len(data), 2) def test_timer(self): r = self.test_client.get('/foo') # let's check statsd mock self.assertEqual(r.status_code, 200) self.server.wait('foo.timing.get', 1) data = list(self.server.metrics['foo.timing.get']) self.assertEqual(len(data), 1) self.assertEqual(data[0]['type'], 'timer')
class TestHMACAuth(TestBasicAuth): def setUp(self): super(TestHMACAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidHMACAuth) self.test_client = self.app.test_client() self.valid_auth = [("Authorization", "admin:secret")] def test_custom_auth(self): self.assertEqual(type(self.app.auth), ValidHMACAuth) def test_bad_auth_class(self): self.app = Eve(settings=self.settings_file, auth=BadHMACAuth) self.test_client = self.app.test_client() r = self.test_client.get("/", headers=self.valid_auth) # will fail because check_auth() is not implemented in the custom class self.assert500(r.status_code) def test_rfc2617_response(self): r = self.test_client.get("/") self.assert401(r.status_code)
import os import subprocess import psutil import json from eve import Eve from eve.auth import BasicAuth from properties import retrieve_service_auth, retrieve_service_username, retrieve_service_password, \ retrieve_service_host, retrieve_service_port from flask_cors import CORS, cross_origin class MyBasicAuth(BasicAuth): def check_auth(self, username, password, allowed_roles, resource, method): return username == retrieve_service_username and password == retrieve_service_password if(retrieve_service_auth): app = Eve(auth = MyBasicAuth, settings="RetrieveSettings.py") else: app = Eve(settings="RetrieveSettings.py") CORS(app, support_credentials = True) if __name__ == '__main__': app.run(host = retrieve_service_host, port = retrieve_service_port)
class TestUserRestrictedAccess(TestBase): def setUp(self): super(TestUserRestrictedAccess, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidBasicAuth) # remove the datasource filter to make the whole collection available # to a GET request. resource = self.app.config['DOMAIN'][self.known_resource] del (resource['datasource']['filter']) self.app.set_defaults() self.app._add_url_rules() self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'Basic YWRtaW46c2VjcmV0')] self.invalid_auth = [('Authorization', 'Basic IDontThinkSo')] self.field_name = 'auth_username_field' self.data = {'item1': json.dumps({"ref": "0123456789123456789012345"})} for resource, settings in self.app.config['DOMAIN'].items(): settings[self.field_name] = 'username' def test_get(self): data, status = self.parse_response( self.test_client.get(self.known_resource_url, headers=self.valid_auth)) self.assert200(status) # no data has been saved by user 'admin' yet, so we get an empyy # resulset back. self.assertEqual(len(data['_items']), 0) def test_post(self): response, status = self.post() self.assert200(status) data, status = self.parse_response( self.test_client.get(self.known_resource_url, headers=self.valid_auth)) self.assert200(status) # len of 1 as there are is only 1 doc saved by user self.assertEqual(len(data['_items']), 1) def test_patch(self): changes = {"ref": "9999999999999999999999999"} data, status = self.post() url = '%s%s/' % (self.known_resource_url, data['item1']['_id']) response = self.test_client.get(url, headers=self.valid_auth) etag = response.headers['ETag'] headers = [('If-Match', etag), ('Content-Type', 'application/x-www-form-urlencoded'), ('Authorization', 'Basic YWRtaW46c2VjcmV0')] response, status = self.parse_response( self.test_client.patch(url, data={'item1': json.dumps(changes)}, headers=headers)) self.assert200(status) data, status = self.parse_response( self.test_client.get(url, headers=self.valid_auth)) self.assert200(status) def test_delete(self): data, status = self.post() url = '%s%s/' % (self.known_resource_url, data['item1']['_id']) response = self.test_client.get(url, headers=self.valid_auth) etag = response.headers['ETag'] headers = [('If-Match', etag), ('Authorization', 'Basic YWRtaW46c2VjcmV0')] response, status = self.parse_response( self.test_client.delete(url, headers=headers)) self.assert200(status) def post(self): headers = [('Content-Type', 'application/x-www-form-urlencoded'), ('Authorization', 'Basic YWRtaW46c2VjcmV0')] r = self.test_client.post(self.known_resource_url, data=self.data, headers=headers) return self.parse_response(r)
# auto fill _created_by and _modified_by user fields created_by_field = '_created_by' modified_by_field = '_modified_by' for resource in settings['DOMAIN']: settings['DOMAIN'][resource]['schema'][created_by_field] = { 'type': 'string' } settings['DOMAIN'][resource]['schema'][modified_by_field] = { 'type': 'string' } def before_insert(resource, documents): user = g.get('user', None) if user is not None: for document in documents: document[created_by_field] = user document[modified_by_field] = user def before_replace(resource, document): user = g.get('user', None) if user is not None: document[modified_by_field] = user # create eve app from eve import Eve app = Eve(settings=settings, auth=TokenAuth) app.on_insert += before_insert app.on_replace += before_replace
def test_bad_auth_class(self): self.app = Eve(settings=self.settings_file, auth=BadHMACAuth) self.test_client = self.app.test_client() r = self.test_client.get('/', headers=self.valid_auth) # will fail because check_auth() is not implemented in the custom class self.assert500(r.status_code)
from os import environ from flask import send_from_directory from eve import Eve from settings import API_NAME app = Eve(API_NAME) @app.route('/scripts/<path:filename>') def scripts(filename): return send_from_directory(app.root_path + '/dist/scripts/', filename) @app.route('/styles/<path:filename>') def styles(filename): return send_from_directory(app.root_path + '/dist/styles/', filename) @app.route('/images/<path:filename>') def images(filename): return send_from_directory(app.root_path + '/dist/images/', filename) @app.route('/views/<path:filename>') def views(filename): return send_from_directory(app.root_path + '/dist/views/', filename) @app.route('/fonts/<path:filename>')
return True elif username == 'admin' and password == 'admin': return True else: # use Eve's own db driver; no additional connections/resources are used accounts = app.data.driver.db['accounts'] account = accounts.find_one({'username': username}) # set 'auth_field' value to the account's ObjectId # (instead of _id, you might want to use ID_FIELD) if account and '_id' in account: self.set_request_auth_value(account['_id']) return account and bcrypt.hashpw(password.encode('utf-8'), account['salt']) == account['password'] def create_user(documents): for document in documents: document['salt'] = bcrypt.gensalt(4) password = document['password'].encode('utf-8') document['password'] = bcrypt.hashpw(password, document['salt']) app = Flask(__name__) app = Eve(auth=BCryptAuth, settings = '/home/jenkitay/mysite/deployed_settings.py') app.on_insert_accounts += create_user Bootstrap(app) app.register_blueprint(eve_docs, url_prefix='/docs') @app.route('/') def index(): # return 'Hello World' return app
from functools import wraps from eve import Eve from pymongo import MongoClient from flask import jsonify import json import datetime import dateutil.parser from bson.objectid import ObjectId client = MongoClient('localhost', 27017) db = client.benchmark template_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'templates') public_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'public') app = Eve(template_folder=template_dir, static_folder=public_dir) app.secret_key = "VPN@dmin2016+!" def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): #print session['is_logged_in'] if 'is_logged_in' in session: if session['is_logged_in'] != 'loggedin': return redirect('/login') else: session['is_logged_in'] = 'loggedout' return f(*args, **kwargs) return decorated_function
from eve import Eve from ext.user import before_save_user from ext.token import parse_token from eve.auth import TokenAuth from bson.objectid import ObjectId class Auth(TokenAuth): def check_auth(self, token, allowed_roles, resource, method): claim = parse_token(token) if claim: users = app.data.driver.db['user'] user = users.find_one({"_id":ObjectId(claim['uid'])}) return user app = Eve(auth=Auth) app.on_insert_user += before_save_user
from eve import Eve app = Eve(settings="settings.py") if __name__ == '__main__': app.run(host="0.0.0.0", port=80)
def create_app(): app = Eve(data=SQL, auth=TokenAuth, validator=ValidatorSQL) app.auth.app = app register_routes(app) return app
import copy from bson import objectid from eve import Eve from flask import request, current_app, abort app = Eve(settings="settings.py") mongo = app.data.driver def update_frames(frames, pins_knocked_down): """Add a new roll to a set of frames Args: frames (list(list)): A list of frames in the game. Cannot be more than 10. pins_knocked_down (number): The number of pins knocked down on this roll Returns: list: The updated frame """ # if no previous frames return new frame if not frames: return [[pins_knocked_down]] if len(frames) > 10: abort(400, "A game cannot have more than 10 frames.") if len(frames) == 10 and len(frames[-1]) > 2: abort(400, "Last frame cannot have more than three rolls.") if pins_knocked_down > 10:
from eve import Eve from eve_sqlalchemy import SQL from eve_sqlalchemy.validation import ValidatorSQL from many_to_many.domain import Base, Child, Parent app = Eve(validator=ValidatorSQL, data=SQL) db = app.data.driver Base.metadata.bind = db.engine db.Model = Base db.create_all() children = [Child() for _ in range(20)] parents = [Parent(children=children[:n]) for n in range(10)] db.session.add_all(parents) db.session.commit() # using reloader will destroy in-memory sqlite db app.run(debug=True, use_reloader=False)
import os from eve import Eve from flask_bootstrap import Bootstrap from eve_docs import eve_docs SETTINGS_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'settings.py') app = Eve(settings=SETTINGS_PATH) Bootstrap(app) app.register_blueprint(eve_docs, url_prefix='/docs') if __name__ == '__main__': app.run()
SETTINGS = { 'DEBUG': True, 'SQLALCHEMY_DATABASE_URI': 'sqlite://', 'SQLALCHEMY_TRACK_MODIFICATIONS': False, 'DOMAIN': DomainConfig({ 'people': ResourceConfig(People), 'tracks': ResourceConfig(Tracks), 'events': ResourceConfig(Events) }).render() } app = Eve(auth=None, settings=SETTINGS, validator=ValidatorSQL, data=SQL) # bind SQLAlchemy db = app.data.driver Base.metadata.bind = db.engine db.Model = Base db.create_all() # Insert some example data in the db if not db.session.query(People).count(): db.session.add_all([ People(firstname=u'George', lastname=u'Washington', gender=u'Male', phonenumber=u'123-123-1234', pace=u'480',
import redis from bson.objectid import ObjectId from eve.io.mongo import mongo from eve import Eve r = redis.StrictRedis(host='localhost', port=6379, db=0) app = Eve(settings='settings.py', redis=r) mongo = app.data.driver def after_fetching_document(response): list_id = response['_id'] f = {'list_id': ObjectId(list_id)} rr = response['items'] print(f'response items = {rr}') print(f'list = {list(mongo.db.items.find(f))}') # def before_returning_items(resource_name, response): # print('About to return items from "%s" ' % resource_name) # print('About to return items from "%s" ' % response) # return resource_name # def before_returning_item(resource_name, response): # print('About to return an item from "%s" ' % resource_name) # return resource_name def pre_document_get_callback(request, lookup):
}, ] def push_systemvthings_locally(request, payload): itms = json.loads(payload.get_data()).get('_items') for itm in itms: itm["id"] = itm["id"].replace("/", ":") with app.test_request_context(): post_internal('batchentitiesUpdatePOSTendpoint', itms) # i have to materialize redundantly here because the hook is not fired # when using the post_internal. And the call to db requires the context app.data.driver.db.entities.aggregate(latestentities_pipeline) app = Eve() app.on_fetched_item += remove_secret_fields app.on_fetched_resource += remove_secret_fields_in_list # we now want to trigger the aggegation that creates the "materialized view" named # latestentities, AFTER each time items are inserted, updated, replaced, deleted into the entities collection app.on_post_POST_entitiesPOSTDELETEendpoint += materialize_latestentities_via_aggregation app.on_post_POST_entitiesPOSTattrsendpoint += materialize_latestentities_via_aggregation # here we push into a local collection whatever we GET from the remote # system database vthings endpoint. So, whenever we get, we push them locally app.on_post_GET_systemvthingsendpoint += push_systemvthings_locally # we can use the following to customize connection to cluster system database app.config.update({"SYSMONGO_PORT": 30219})
# -*- coding: utf-8 -*- from eve import Eve from flask import request import json port = 8080 host = '127.0.0.1' app = Eve() @app.after_request def add_correct_headers(response): path = request.path if path == '/json': response.headers['Content-Type'] = 'application/json' elif path == '/plaintext': response.headers['Content-Type'] = 'text/plain' return response @app.route('/plaintext') def hello_world(): return 'Hello, World!' @app.route('/json') def jsonHello(): hello = {'message': 'Hello, World!'} return json.dumps(hello)
from eve import Eve app = Eve()
from eve import Eve app = Eve(settings="eve_settings.py") if __name__ == "__main__": app.run()
made explicitly public (by fiddling with some settings you can open one or more resources and/or methods to public access -see docs). Checkout Eve at https://github.com/nicolaiarocci/eve This snippet by Nicola Iarocci can be used freely for anything you like. Consider it public domain. """ from eve import Eve from eve.auth import TokenAuth from settings_security import SETTINGS class TokenAuth(TokenAuth): def check_auth(self, token, allowed_roles, resource, method): """For the purpose of this example the implementation is as simple as possible. A 'real' token should probably contain a hash of the username/password combo, which sould then validated against the account data stored on the DB. """ # use Eve's own db driver; no additional connections/resources are used accounts = app.data.driver.db['accounts'] return accounts.find_one({'token': token}) if __name__ == '__main__': app = Eve(auth=TokenAuth, settings=SETTINGS) app.run()
from eve import Eve from flask import send_from_directory from werkzeug.routing import BaseConverter app = Eve(__name__, static_folder = 'build') class RegexConverter(BaseConverter): def __init__(self, url_map, *items): super(RegexConverter, self).__init__(url_map) self.regex = items[0] app.url_map.converters['regex'] = RegexConverter @app.route('/') def send_index(): return send_from_directory('build', 'index.html') @app.route('/<regex("(?!api)[a-z0-9-_/.]*"):path>') def send_static(path): print(path) return send_from_directory('build', path) if __name__ == '__main__': app.run()
#!flask/bin/python from eve import Eve from flask.ext.bootstrap import Bootstrap if __name__ == '__main__': app = Eve() app.run(debug=True)
def setUp(self): super(TestTokenAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidTokenAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'Basic dGVzdF90b2tlbjo=')]
app.logger.info('We just answered to a PATCH request!') def log_every_put(resource, request, payload): # custom INFO-level message is sent to the log file app.logger.info('We just answered to a PUT request!') def log_every_delete(resource, request, payload): # custom INFO-level message is sent to the log file app.logger.info('We just answered to a DELETE request!') #app = Eve(auth=HMACAuth) app = Eve(__name__, auth=HMACAuth, template_folder='templates', validator=MyValidator) #app.on_insert_accounts += create_user #app.on_post_GET += log_every_get #app.on_post_POST += log_every_post #app.on_post_PATCH += log_every_patch #app.on_post_PUT += log_every_put #app.on_post_DELETE += log_every_delete @app.route('/index') def index(): return render_template('index.html') @app.route('/form')
def setUp(self): super(TestHMACAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidHMACAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'admin:secret')]
class TestUserRestrictedAccess(TestBase): def setUp(self): super(TestUserRestrictedAccess, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidBasicAuth) # using this endpoint since it is a copy of 'contacts' with # no filter on the datasource self.url = 'restricted' self.resource = self.app.config['DOMAIN'][self.url] self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'Basic YWRtaW46c2VjcmV0')] self.invalid_auth = [('Authorization', 'Basic IDontThinkSo')] self.field_name = 'auth_field' self.data = json.dumps({"ref": "0123456789123456789012345"}) for _, settings in self.app.config['DOMAIN'].items(): settings[self.field_name] = 'username' self.resource['public_methods'] = [] def test_get(self): data, status = self.parse_response( self.test_client.get(self.url, headers=self.valid_auth)) self.assert200(status) # no data has been saved by user 'admin' yet, # so assert we get an empty result set back. self.assertEqual(len(data['_items']), 0) # Add a user belonging to `admin` new_user = self.random_contacts(1)[0] new_user['username'] = '******' _db = self.connection[self.app.config['MONGO_DBNAME']] _db.contacts.insert(new_user) # Verify that we can retrieve it data2, status2 = self.parse_response( self.test_client.get(self.url, headers=self.valid_auth)) self.assert200(status2) self.assertEqual(len(data2['_items']), 1) def test_get_by_auth_field_criteria(self): """ If we attempt to retrieve an object by the same field that is in `auth_field`, then the request is /unauthorized/, and should fail and return 401. This test verifies that the `auth_field` does not overwrite a `client_filter` or url param. """ _, status = self.parse_response( self.test_client.get(self.user_username_url, headers=self.valid_auth)) self.assert401(status) def test_get_by_auth_field_id(self): """ To test handling of ObjectIds """ # set auth_field to `_id` self.domain['users'][self.field_name] = \ self.domain['users']['id_field'] _, status = self.parse_response( self.test_client.get(self.user_id_url, headers=self.valid_auth)) self.assert401(status) def test_filter_by_auth_field_id(self): """ To test handling of ObjectIds when using a `where` clause We need to make sure we *match* an object ID when it is the same """ _id = ObjectId('deadbeefdeadbeefdeadbeef') resource_def = self.app.config['DOMAIN']['users'] resource_def['authentication'].request_auth_value = _id # set auth_field to `_id` resource_def[self.field_name] = '_id' # Retrieving a /different user/ by id returns 401 user_url = '/users/' filter_by_id = 'where=_id==ObjectId("%s")' filter_query = filter_by_id % self.user_id _, status = self.parse_response( self.test_client.get('%s?%s' % (user_url, filter_query), headers=self.valid_auth)) self.assert401(status) # Create a user account belonging to admin new_user = self.random_contacts(1)[0] new_user['_id'] = _id new_user['username'] = '******' _db = self.connection[self.app.config['MONGO_DBNAME']] _db.contacts.insert(new_user) # Retrieving /the same/ user by id returns OK filter_query_2 = filter_by_id % 'deadbeefdeadbeefdeadbeef' data2, status2 = self.parse_response( self.test_client.get('%s?%s' % (user_url, filter_query_2), headers=self.valid_auth)) self.assert200(status2) self.assertEqual(len(data2['_items']), 1) def test_collection_get_public(self): """ Test that if GET is in `public_methods` the `auth_field` criteria is overruled """ self.resource['public_methods'].append('GET') data, status = self.parse_response(self.test_client.get( self.url)) # no auth self.assert200(status) # no data has been saved by user 'admin' yet, # but we should get all the other results back self.assertEqual(len(data['_items']), 25) def test_item_get_public(self): """ Test that if GET is in `public_item_methods` the `auth_field` criteria is overruled """ self.resource['public_item_methods'].append('GET') data, status = self.parse_response( self.test_client.get(self.item_id_url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(data['_id'], self.item_id) def test_post(self): _, status = self.post() self.assert201(status) data, status = self.parse_response( self.test_client.get(self.url, headers=self.valid_auth)) self.assert200(status) # len of 1 as there are is only 1 doc saved by user def test_unique_to_user_on_post(self): # make the field unique to user, not globally. self.resource['schema']['ref']['unique'] = False self.resource['schema']['ref']['unique_to_user'] = True # first post as 'admin' is a success. _, status = self.post() self.assert201(status) # second post as 'admin' fails since value is not unique to user. _, status = self.post() self.assert422(status) self.resource['authentication'].request_auth_value = 'alt' # first post as 'alt' succeeds as value is unique to this user. alt_auth = [('Authorization', 'Basic YWx0OnNlY3JldA==')] r = self.test_client.post(self.url, data=self.data, headers=alt_auth, content_type='application/json') self.assert201(r.status_code) # second post as 'alt' fails since value is not unique to user anymore. r = self.test_client.post(self.url, data=self.data, headers=alt_auth, content_type='application/json') # post succeeds since value is unique to 'alt' user self.assert422(r.status_code) def test_post_resource_auth(self): # Ticket #231. # Test that user restricted access works fine if there's no global # level auth, which is set at resource level instead. # no global auth. self.app = Eve(settings=self.settings_file) # set auth at resource level instead. resource_def = self.app.config['DOMAIN'][self.url] resource_def['authentication'] = ValidBasicAuth resource_def['auth_field'] = 'username' # post with valid auth - must store the document with the correct # auth_field. r = self.app.test_client().post(self.url, data=self.data, headers=self.valid_auth, content_type='application/json') _, status = self.parse_response(r) # Verify that we can retrieve the same document data, status = self.parse_response(self.app.test_client().get( self.url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(len(data['_items']), 1) self.assertEqual(data['_items'][0]['ref'], json.loads(self.data)['ref']) def test_post_bandwidth_saver_off_resource_auth(self): """ Test that when BANDWIDTH_SAVER is turned off the auth_field is not exposed in the response payload """ self.app.config['BANDWIDTH_SAVER'] = False r = self.app.test_client().post(self.url, data=self.data, headers=self.valid_auth, content_type='application/json') r, status = self.parse_response(r) self.assertTrue('username' not in r) def test_put(self): new_ref = "9999999999999999999999999" changes = json.dumps({"ref": new_ref}) # post document data, status = self.post() # retrieve document metadata url = '%s/%s' % (self.url, data['_id']) response = self.test_client.get(url, headers=self.valid_auth) etag = response.headers['ETag'] # perform put headers = [('If-Match', etag), self.valid_auth[0]] response, status = self.parse_response( self.test_client.put(url, data=json.dumps(changes), headers=headers, content_type='application/json')) self.assert200(status) # document still accessible with same auth data, status = self.parse_response( self.test_client.get(url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(data['ref'], new_ref) def test_put_resource_auth(self): # no global auth. self.app = Eve(settings=self.settings_file) # set auth at resource level instead. resource_def = self.app.config['DOMAIN'][self.url] resource_def['authentication'] = ValidBasicAuth resource_def['auth_field'] = 'username' # post r = self.app.test_client().post(self.url, data=self.data, headers=self.valid_auth, content_type='application/json') data, status = self.parse_response(r) # retrieve document metadata url = '%s/%s' % (self.url, data['_id']) response = self.app.test_client().get(url, headers=self.valid_auth) etag = response.headers['ETag'] new_ref = "9999999999999999999999999" changes = json.dumps({"ref": new_ref}) # put headers = [('If-Match', etag), self.valid_auth[0]] response, status = self.parse_response(self.app.test_client().put( url, data=json.dumps(changes), headers=headers, content_type='application/json')) self.assert200(status) # document still accessible with same auth data, status = self.parse_response(self.app.test_client().get( url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(data['ref'], new_ref) def test_put_bandwidth_saver_off_resource_auth(self): """ Test that when BANDWIDTH_SAVER is turned off the auth_field is not exposed in the response payload """ self.app.config['BANDWIDTH_SAVER'] = False new_ref = "9999999999999999999999999" changes = json.dumps({"ref": new_ref}) # post document data, status = self.post() url = '%s/%s' % (self.url, data['_id']) # perform put headers = [('If-Match', data['_etag']), self.valid_auth[0]] response, status = self.parse_response( self.test_client.put(url, data=json.dumps(changes), headers=headers, content_type='application/json')) self.assertTrue('username' not in response) def test_patch(self): new_ref = "9999999999999999999999999" changes = json.dumps({"ref": new_ref}) data, status = self.post() url = '%s/%s' % (self.url, data['_id']) response = self.test_client.get(url, headers=self.valid_auth) etag = response.headers['ETag'] headers = [('If-Match', etag), self.valid_auth[0]] response, status = self.parse_response( self.test_client.patch(url, data=json.dumps(changes), headers=headers, content_type='application/json')) self.assert200(status) data, status = self.parse_response( self.test_client.get(url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(data['ref'], new_ref) def test_delete(self): _db = self.connection[MONGO_DBNAME] # make sure that other documents in the collections are untouched. cursor = _db.contacts.find() docs_num = cursor.count() _, _ = self.post() # after the post we only get back 1 document as it's the only one we # inserted directly (others are filtered out). response, status = self.parse_response( self.test_client.get(self.url, headers=self.valid_auth)) self.assert200(status) self.assertEqual(len(response[self.app.config['ITEMS']]), 1) # delete the document we just inserted response, status = self.parse_response( self.test_client.delete(self.url, headers=self.valid_auth)) self.assert204(status) # we now get an empty items list (other documents in collection are # filtered by auth). response, status = self.parse_response( self.test_client.get(self.url, headers=self.valid_auth)) self.assert200(status) # if it's a dict, we only got 1 item back which is expected self.assertEqual(len(response[self.app.config['ITEMS']]), 0) # make sure no other document has been deleted. cursor = _db.contacts.find() self.assertEqual(cursor.count(), docs_num) def test_delete_item(self): _db = self.connection[MONGO_DBNAME] # make sure that other documents in the collections are untouched. cursor = _db.contacts.find() docs_num = cursor.count() data, _ = self.post() # get back the document with its new etag url = '%s/%s' % (self.url, data['_id']) response = self.test_client.get(url, headers=self.valid_auth) etag = response.headers['ETag'] headers = [('If-Match', etag), ('Authorization', 'Basic YWRtaW46c2VjcmV0')] # delete the document response, status = self.parse_response( self.test_client.delete(url, headers=headers)) self.assert204(status) # make sure no other document has been deleted. cursor = _db.contacts.find() self.assertEqual(cursor.count(), docs_num) def post(self): r = self.test_client.post(self.url, data=self.data, headers=self.valid_auth, content_type='application/json') return self.parse_response(r)
from eve import Eve app = Eve() if __name__ == '__main__': app.run()
from wtforms import TextField from wtforms import validators from settings import GOOGLE_API_KEY tmpl_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'templates') static_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'static') if 'PORT' in os.environ: port = int(os.environ.get('PORT')) host = '0.0.0.0' else: port = 5000 host = '127.0.0.1' app = Eve(template_folder=tmpl_dir, static_folder=static_dir) @app.route('/s', methods=['GET', 'POST']) def slash(): if request.method == 'GET': form = NumberAddressForm() return render_template('slash.html', form=form) elif request.method == 'POST': form = NumberAddressForm(request.form) if form.validate(): phone = ''.join(e for e in form.phone.data if e.isalnum()) headers = {'Content-Type': 'application/json'} phone_endpoint = 'http://%s:%s/%s/' % (host, port, "phones") response = requests.get(phone_endpoint + phone, headers=headers)
class TestBasicAuth(TestBase): def setUp(self): super(TestBasicAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidBasicAuth) self.test_client = self.app.test_client() self.content_type = ('Content-Type', 'application/json') self.valid_auth = [('Authorization', 'Basic YWRtaW46c2VjcmV0'), self.content_type] self.invalid_auth = [('Authorization', 'Basic IDontThinkSo'), self.content_type] self.setUpRoles() self.app.set_defaults() def setUpRoles(self): for _, schema in self.app.config['DOMAIN'].items(): schema['allowed_roles'] = ['admin'] schema['allowed_read_roles'] = ['reader'] schema['allowed_item_roles'] = ['admin'] schema['allowed_item_read_roles'] = ['reader'] schema['allowed_item_write_roles'] = ['editor'] def test_custom_auth(self): self.assertTrue(isinstance(self.app.auth, ValidBasicAuth)) def test_restricted_home_access(self): r = self.test_client.get('/') self.assert401(r.status_code) def test_restricted_resource_access(self): r = self.test_client.get(self.known_resource_url) self.assert401(r.status_code) r = self.test_client.post(self.known_resource_url) self.assert401(r.status_code) r = self.test_client.delete(self.known_resource_url) self.assert401(r.status_code) def test_restricted_item_access(self): r = self.test_client.get(self.item_id_url) self.assert401(r.status_code) r = self.test_client.patch(self.item_id_url) self.assert401(r.status_code) r = self.test_client.delete(self.item_id_url) self.assert401(r.status_code) def test_authorized_home_access(self): r = self.test_client.get('/', headers=self.valid_auth) self.assert200(r.status_code) def test_authorized_resource_access(self): r = self.test_client.get(self.known_resource_url, headers=self.valid_auth) self.assert200(r.status_code) r = self.test_client.post(self.known_resource_url, data=json.dumps({"k": "value"}), headers=self.valid_auth) self.assertValidationErrorStatus(r.status_code) r = self.test_client.delete(self.known_resource_url, headers=self.valid_auth) self.assert204(r.status_code) def test_authorized_item_access(self): r = self.test_client.get(self.item_id_url, headers=self.valid_auth) self.assert200(r.status_code) r = self.test_client.patch(self.item_id_url, data=json.dumps({"k": "value"}), headers=self.valid_auth) self.assert428(r.status_code) r = self.test_client.delete(self.item_id_url, headers=self.valid_auth) self.assert428(r.status_code) def test_authorized_schema_access(self): self.app.config['SCHEMA_ENDPOINT'] = 'schema' self.app._init_schema_endpoint() r = self.test_client.get('/schema/%s' % self.known_resource, headers=self.valid_auth) self.assert200(r.status_code) def test_unauthorized_home_access(self): r = self.test_client.get('/', headers=self.invalid_auth) self.assert401(r.status_code) def test_unauthorized_resource_access(self): r = self.test_client.get(self.known_resource_url, headers=self.invalid_auth) self.assert401(r.status_code) r = self.test_client.post(self.known_resource_url, headers=self.invalid_auth) self.assert401(r.status_code) r = self.test_client.delete(self.known_resource_url, headers=self.invalid_auth) self.assert401(r.status_code) def test_unauthorized_item_access(self): r = self.test_client.get(self.item_id_url, headers=self.invalid_auth) self.assert401(r.status_code) r = self.test_client.patch(self.item_id_url, headers=self.invalid_auth) self.assert401(r.status_code) r = self.test_client.delete(self.item_id_url, headers=self.invalid_auth) self.assert401(r.status_code) def test_unauthorized_schema_access(self): self.app.config['SCHEMA_ENDPOINT'] = 'schema' self.app._init_schema_endpoint() r = self.test_client.get('/schema/%s' % self.known_resource, headers=self.invalid_auth) self.assert401(r.status_code) def test_home_public_methods(self): self.app.config['PUBLIC_METHODS'] = ['GET'] r = self.test_client.get('/') self.assert200(r.status_code) self.test_restricted_resource_access() self.test_restricted_item_access() def test_public_methods_resource(self): self.app.config['PUBLIC_METHODS'] = ['GET'] domain = self.app.config['DOMAIN'] for resource, settings in domain.items(): del (settings['public_methods']) self.app.set_defaults() del (domain['peopleinvoices']) del (domain['peoplerequiredinvoices']) del (domain['peoplesearches']) del (domain['internal_transactions']) del (domain['child_products']) for resource in domain: url = self.app.config['URLS'][resource] r = self.test_client.get(url) self.assert200(r.status_code) r = self.test_client.post(url, data={'key1': 'value1'}) self.assert401or405(r.status_code) r = self.test_client.delete(url) self.assert401or405(r.status_code) self.test_restricted_item_access() def test_public_methods_but_locked_resource(self): self.app.config['PUBLIC_METHODS'] = ['GET'] domain = self.app.config['DOMAIN'] for _, settings in domain.items(): del (settings['public_methods']) self.app.set_defaults() domain[self.known_resource]['public_methods'] = [] r = self.test_client.get(self.known_resource_url) self.assert401(r.status_code) def test_public_methods_but_locked_item(self): self.app.config['PUBLIC_ITEM_METHODS'] = ['GET'] domain = self.app.config['DOMAIN'] for _, settings in domain.items(): del (settings['public_item_methods']) self.app.set_defaults() domain[self.known_resource]['public_item_methods'] = [] r = self.test_client.get(self.item_id_url) self.assert401(r.status_code) def test_public_methods_item(self): self.app.config['PUBLIC_ITEM_METHODS'] = ['GET'] for _, settings in self.app.config['DOMAIN'].items(): del (settings['public_item_methods']) self.app.set_defaults() # we're happy with testing just one client endpoint, but for sake of # completeness we shold probably test item endpoints for every resource r = self.test_client.get(self.item_id_url) self.assert200(r.status_code) r = self.test_client.patch(self.item_id_url) self.assert401(r.status_code) r = self.test_client.delete(self.item_id_url) self.assert401(r.status_code) def test_bad_auth_class(self): self.app = Eve(settings=self.settings_file, auth=BadBasicAuth) self.test_client = self.app.test_client() r = self.test_client.get('/', headers=self.valid_auth) # will fail because check_auth() is not implemented in the custom class self.assert500(r.status_code) def test_instanced_auth(self): # tests that the 'auth' argument can also be a class instance. See # #248. # current self.app instance has an instanced auth class already, and it # is consistent with the super class running the test (Token, HMAC or # Basic), so we are just going to use it (self.app.auth) on a new Eve # instance. auth = self.app.auth self.app = Eve(settings=self.settings_file, auth=auth) self.test_client = self.app.test_client() r = self.test_client.get('/', headers=self.valid_auth) self.assert200(r.status_code) def test_rfc2617_response(self): r = self.test_client.get('/') self.assert401(r.status_code) self.assertTrue(('WWW-Authenticate', 'Basic realm="%s"' % eve.__package__) in r.headers.to_wsgi_list()) def test_allowed_roles_does_not_change(self): self.test_client.get(self.known_resource_url) resource = self.app.config['DOMAIN'][self.known_resource] self.assertEqual(resource['allowed_roles'], ['admin']) def test_allowed_item_roles_does_not_change(self): self.test_client.get(self.item_id_url) resource = self.app.config['DOMAIN'][self.known_resource] self.assertEqual(resource['allowed_item_roles'], ['admin']) def test_ALLOWED_ROLES_does_not_change(self): self.app.config['ALLOWED_ROLES'] = ['admin'] self.app.config['ALLOWED_READ_ROLES'] = ['reader'] self.test_client.get('/') self.assertEqual(self.app.config['ALLOWED_ROLES'], ['admin'])
class TestBasicAuth(TestBase): def setUp(self): super(TestBasicAuth, self).setUp() self.app = Eve(settings=self.settings_file, auth=ValidBasicAuth) self.test_client = self.app.test_client() self.valid_auth = [('Authorization', 'Basic YWRtaW46c2VjcmV0')] self.invalid_auth = [('Authorization', 'Basic IDontThinkSo')] for resource, schema in self.app.config['DOMAIN'].items(): schema['allowed_roles'] = ['admin'] schema['allowed_item_roles'] = ['admin'] self.app.set_defaults() def test_custom_auth(self): self.assertEqual(type(self.app.auth), ValidBasicAuth) def test_restricted_home_access(self): r = self.test_client.get('/') self.assert401(r.status_code) def test_restricted_resource_access(self): r = self.test_client.get(self.known_resource_url) self.assert401(r.status_code) r = self.test_client.post(self.known_resource_url) self.assert401(r.status_code) r = self.test_client.delete(self.known_resource_url) self.assert401(r.status_code) def test_restricted_item_access(self): r = self.test_client.get(self.item_id_url) self.assert401(r.status_code) r = self.test_client.patch(self.item_id_url) self.assert401(r.status_code) r = self.test_client.delete(self.item_id_url) self.assert401(r.status_code) def test_authorized_home_access(self): r = self.test_client.get('/', headers=self.valid_auth) self.assert200(r.status_code) def test_authorized_resource_access(self): r = self.test_client.get(self.known_resource_url, headers=self.valid_auth) self.assert200(r.status_code) r = self.test_client.post(self.known_resource_url, data={"item1": json.dumps({"k": "value"})}, headers=self.valid_auth) self.assert200(r.status_code) r = self.test_client.delete(self.known_resource_url, headers=self.valid_auth) self.assert200(r.status_code) def test_authorized_item_access(self): r = self.test_client.get(self.item_id_url, headers=self.valid_auth) self.assert200(r.status_code) r = self.test_client.patch(self.item_id_url, data={'key1': 'value'}, headers=self.valid_auth) self.assert403(r.status_code) r = self.test_client.delete(self.item_id_url, headers=self.valid_auth) self.assert403(r.status_code) def test_unauthorized_home_access(self): r = self.test_client.get('/', headers=self.invalid_auth) self.assert401(r.status_code) def test_unauthorized_resource_access(self): r = self.test_client.get(self.known_resource_url, headers=self.invalid_auth) self.assert401(r.status_code) r = self.test_client.post(self.known_resource_url, headers=self.invalid_auth) self.assert401(r.status_code) r = self.test_client.delete(self.known_resource_url, headers=self.invalid_auth) self.assert401(r.status_code) def test_unauthorized_item_access(self): r = self.test_client.get(self.item_id_url, headers=self.invalid_auth) self.assert401(r.status_code) r = self.test_client.patch(self.item_id_url, headers=self.invalid_auth) self.assert401(r.status_code) r = self.test_client.delete(self.item_id_url, headers=self.invalid_auth) self.assert401(r.status_code) def test_home_public_methods(self): self.app.config['PUBLIC_METHODS'] = ['GET'] r = self.test_client.get('/') self.assert200(r.status_code) self.test_restricted_resource_access() self.test_restricted_item_access() def test_public_methods_resource(self): self.app.config['PUBLIC_METHODS'] = ['GET'] domain = self.app.config['DOMAIN'] for resource, settings in domain.items(): del (settings['public_methods']) self.app.set_defaults() for resource in domain: url = '/%s/' % self.app.config['URLS'][resource] r = self.test_client.get(url) self.assert200(r.status_code) r = self.test_client.post(url, data={'key1': 'value1'}) self.assert401or405(r.status_code) r = self.test_client.delete(url) self.assert401or405(r.status_code) self.test_restricted_item_access() def test_public_methods_but_locked_resource(self): self.app.config['PUBLIC_METHODS'] = ['GET'] domain = self.app.config['DOMAIN'] for resource, settings in domain.items(): del (settings['public_methods']) self.app.set_defaults() domain[self.known_resource]['public_methods'] = [] r = self.test_client.get(self.known_resource_url) self.assert401(r.status_code) def test_public_methods_but_locked_item(self): self.app.config['PUBLIC_ITEM_METHODS'] = ['GET'] domain = self.app.config['DOMAIN'] for resource, settings in domain.items(): del (settings['public_item_methods']) self.app.set_defaults() domain[self.known_resource]['public_item_methods'] = [] r = self.test_client.get(self.item_id_url) self.assert401(r.status_code) def test_public_methods_item(self): self.app.config['PUBLIC_ITEM_METHODS'] = ['GET'] for resource, settings in self.app.config['DOMAIN'].items(): del (settings['public_item_methods']) self.app.set_defaults() # we're happy with testing just one client endpoint, but for sake of # completeness we shold probably test item endpoints for every resource r = self.test_client.get(self.item_id_url) self.assert200(r.status_code) r = self.test_client.patch(self.item_id_url) self.assert401(r.status_code) r = self.test_client.delete(self.item_id_url) self.assert401(r.status_code) def test_bad_auth_class(self): self.app = Eve(settings=self.settings_file, auth=BadBasicAuth) self.test_client = self.app.test_client() r = self.test_client.get('/', headers=self.valid_auth) # will fail because check_auth() is not implemented in the custom class self.assert500(r.status_code) def test_rfc2617_response(self): r = self.test_client.get('/') self.assert401(r.status_code) self.assertTrue(('WWW-Authenticate', 'Basic realm:"%s"' % eve.__package__) in r.headers.to_list())