def test_list_is_denied_if_not_allowed_to_create(self):
self.app.get('/buckets/beer/collections',
headers=get_user_headers('jean:paul'),
status=403)
self.app.get('/buckets/beer/collections/barley/records',
headers=get_user_headers('mahmud:hatim'),
status=403)
def setUp(self):
self.alice_headers = get_user_headers("alice")
self.bob_headers = get_user_headers("bob")
self.julia_headers = get_user_headers("julia")
self.alice_principal = (
"basicauth:d5b0026601f1b251974e09548d44155e16" "812e3c64ff7ae053fe3542e2ca1570"
)
self.bob_principal = (
"basicauth:c031ced27503f788b102ca54269a062ec737" "94bb075154c74a0d4311e74ca8b6"
)
self.julia_principal = (
"basicauth:d8bab8d9fe0510fcaf9b5ad5942c027fc" "2fdf80b6dc59cc3c48d12a2fcb18f1c"
)
bucket = {"permissions": {"read": [self.alice_principal]}}
collection = {"permissions": {"read": [self.julia_principal]}}
record = {"permissions": {"write": [self.bob_principal, self.alice_principal]}}
self.app.put("/buckets/author-only", headers=self.headers)
self.app.put_json("/buckets/test", bucket, headers=self.headers)
self.app.put_json(
"/buckets/test/groups/admins", {"data": {"members": []}}, headers=self.headers
)
self.app.put_json(
"/buckets/test/collections/alice-julia", collection, headers=self.headers
)
self.app.put_json("/buckets/test/collections/author-only", headers=self.headers)
self.app.post_json(
"/buckets/test/collections/alice-julia/records", record, headers=self.headers
)
self.app.post_json(
"/buckets/test/collections/alice-julia/records",
{"permissions": {"read": ["system.Authenticated"]}},
headers=self.headers,
)
def test_adding_a_task_for_bob_doesnt_add_it_for_alice(self):
record = {**MINIMALIST_RECORD}
resp = self.app.post_json(
self.collection_url + "/records", record, headers=get_user_headers("bob")
)
record_id = "{}/records/{}".format(self.collection_url, resp.json["data"]["id"])
resp = self.app.get(record_id, headers=get_user_headers("alice"), status=404)
def test_parent_metadata_cannot_be_read_if_not_allowed_to_create_child(self):
self.app.get("/buckets/beer", headers=get_user_headers("jean:paul"), status=403)
self.app.get(
"/buckets/beer/collections/barley",
headers=get_user_headers("mahmud:hatim"),
status=403,
)
def test_adding_a_task_for_bob_doesnt_add_it_for_alice(self):
record = {**MINIMALIST_RECORD}
resp = self.app.post_json(self.collection_url + '/records',
record, headers=get_user_headers('bob'))
record_id = '{}/records/{}'.format(self.collection_url, resp.json['data']['id'])
resp = self.app.get(record_id, headers=get_user_headers('alice'),
status=404)
def test_authentication_with_new_password_is_accepted_after_change(self):
self.app.put_json(
"/accounts/alice",
{"data": {"password": "******"}},
headers=get_user_headers("alice", "123456"),
status=200,
)
self.app.get("/accounts/alice", headers=get_user_headers("alice", "bouh"))
def test_fallsback_on_basicauth(self):
self.app.post_json("/accounts", {"data": {"id": "me", "password": "******"}})
resp = self.app.get("/", headers=get_user_headers("me", "wrong"))
assert "basicauth" in resp.json["user"]["id"]
resp = self.app.get("/", headers=get_user_headers("me", "bleh"))
assert "account" in resp.json["user"]["id"]
def test_fallsback_on_basicauth(self):
self.app.post_json('/accounts', {'data': {'id': 'me', 'password': '******'}})
resp = self.app.get('/', headers=get_user_headers('me', 'wrong'))
assert 'basicauth' in resp.json['user']['id']
resp = self.app.get('/', headers=get_user_headers('me', 'bleh'))
assert 'account' in resp.json['user']['id']
def setUpClass(cls):
super().setUpClass()
cls.alice_headers = {**cls.headers, **get_user_headers('alice')}
cls.bob_headers = {**cls.headers, **get_user_headers('bob')}
cls.alice_principal = ('basicauth:d5b0026601f1b251974e09548d44155e16'
'812e3c64ff7ae053fe3542e2ca1570')
cls.bob_principal = ('basicauth:c031ced27503f788b102ca54269a062ec737'
'94bb075154c74a0d4311e74ca8b6')
def test_authentication_does_not_call_bcrypt_twice(self):
self.app.post_json("/accounts", {"data": {"id": "me", "password": "******"}}, status=201)
with mock.patch("kinto.plugins.accounts.authentication.bcrypt") as mocked_bcrypt:
resp = self.app.get("/", headers=get_user_headers("me", "bouh"))
assert resp.json["user"]["id"] == "account:me"
resp = self.app.get("/", headers=get_user_headers("me", "bouh"))
assert resp.json["user"]["id"] == "account:me"
assert mocked_bcrypt.checkpw.call_count == 1
def __init__(self, *args, **kwargs):
super(PermissionsTest, self).__init__(*args, **kwargs)
self.alice_headers = self.headers.copy()
self.alice_headers.update(**get_user_headers('alice'))
self.bob_headers = self.headers.copy()
self.bob_headers.update(**get_user_headers('bob'))
self.alice_principal = ('basicauth:d5b0026601f1b251974e09548d44155e16'
'812e3c64ff7ae053fe3542e2ca1570')
self.bob_principal = ('basicauth:c031ced27503f788b102ca54269a062ec737'
'94bb075154c74a0d4311e74ca8b6')
def test_authentication_does_not_call_bcrypt_twice(self):
self.app.post_json('/accounts', {'data': {'id': 'me', 'password': '******'}},
status=201)
with mock.patch('kinto.plugins.accounts.authentication.bcrypt') as mocked_bcrypt:
resp = self.app.get('/', headers=get_user_headers('me', 'bouh'))
assert resp.json['user']['id'] == 'account:me'
resp = self.app.get('/', headers=get_user_headers('me', 'bouh'))
assert resp.json['user']['id'] == 'account:me'
mocked_bcrypt.checkpw.assert_called_once()
def test_authentication_checks_bcrypt_again_if_password_changes(self):
self.app.post_json('/accounts', {'data': {'id': 'me', 'password': '******'}},
status=201)
with mock.patch('kinto.plugins.accounts.authentication.bcrypt') as mocked_bcrypt:
resp = self.app.get('/', headers=get_user_headers('me', 'bouh'))
assert resp.json['user']['id'] == 'account:me'
self.app.patch_json('/accounts/me', {'data': {'password': '******'}},
status=200, headers=get_user_headers('me', 'bouh'))
resp = self.app.get('/', headers=get_user_headers('me', 'blah'))
assert resp.json['user']['id'] == 'account:me'
assert mocked_bcrypt.checkpw.call_count == 2
def test_cannot_create_other_account_if_authenticated(self):
self.app.post_json('/accounts', {'data': {'id': 'me', 'password': '******'}},
status=201)
resp = self.app.post_json('/accounts', {'data': {'id': 'you', 'password': '******'}},
headers=get_user_headers('me', 'bouh'),
status=400)
assert 'do not match' in resp.json['message']
def test_user_created_by_admin_with_post_can_see_her_record(self):
self.app.post_json('/accounts',
{'data': {'id': 'alice', 'password': '******'}},
headers=self.admin_headers)
resp = self.app.get('/accounts/alice', headers=get_user_headers('alice', 'bouh'))
assert resp.json['permissions'] == {'write': ['account:alice']}
def test_object_get_403(self):
headers = {**self.headers, **testing.get_user_headers("aaa")}
response = self.app.get("/buckets/b1", headers=headers, status=403)
response = self.cast_bravado_response(response)
op = self.resources["Buckets"].get_bucket
schema = self.spec.deref(op.op_spec["responses"]["403"])
validate_response(schema, op, response)
def setUp(self):
super().setUp()
del self.events[:]
bucket = {**MINIMALIST_BUCKET}
self.alice_headers = {**self.headers, **get_user_headers("alice")}
resp = self.app.get("/", headers=self.alice_headers)
alice_principal = resp.json["user"]["id"]
bucket["permissions"] = {"write": [alice_principal]}
# Create shared bucket.
self.app.put_json("/buckets/beers", bucket, headers=self.headers)
self.app.put_json(
"/buckets/beers/collections/barley", MINIMALIST_COLLECTION, headers=self.headers
)
# Records for alice and bob.
self.app.post_json(
self.collection_url, MINIMALIST_RECORD, headers=self.headers, status=201
)
self.app.post_json(
self.collection_url, MINIMALIST_RECORD, headers=self.alice_headers, status=201
)
def setUp(self):
super().setUp()
self.admin_headers = get_user_headers('admin')
self.admin_principal = self.app.get('/', headers=self.admin_headers).json['user']['id']
self.app.put_json('/buckets/beers',
{'permissions': {'write': ['/buckets/beers/groups/admins']}},
headers=self.headers)
self.app.put_json('/buckets/beers/groups/admins',
{'data': {'members': [self.admin_principal]}},
headers=self.headers)
self.app.put_json('/buckets/beers/collections/barley',
MINIMALIST_COLLECTION,
headers=self.headers)
self.app.put_json('/buckets/sodas',
MINIMALIST_BUCKET,
headers=self.headers)
self.app.put_json('/buckets/beers/groups/admins',
{'data': {'members': [self.admin_principal]}},
headers=self.headers)
self.app.put_json('/buckets/sodas/collections/sprite',
{'permissions': {'read': ['/buckets/beers/groups/admins']}},
headers=self.headers)
def test_cannot_patch_unknown_account(self):
self.app.patch_json(
"/accounts/bob",
{"data": {"password": "******"}},
headers=get_user_headers("alice", "123456"),
status=403,
)
def test_user_created_by_admin_with_post_can_see_her_record(self):
self.app.post_json(
"/accounts", {"data": {"id": "alice", "password": "******"}}, headers=self.admin_headers
)
resp = self.app.get("/accounts/alice", headers=get_user_headers("alice", "bouh"))
assert resp.json["permissions"] == {"write": ["account:alice"]}
def test_metadata_can_be_changed(self):
resp = self.app.patch_json(
"/accounts/alice",
{"data": {"age": "captain"}},
headers=get_user_headers("alice", "123456"),
)
assert resp.json["data"]["age"] == "captain"
def setUp(self):
super().setUp()
self.admin_headers = get_user_headers("admin")
self.admin_principal = self.app.get("/", headers=self.admin_headers).json["user"]["id"]
self.app.put_json(
"/buckets/beers",
{"permissions": {"write": ["/buckets/beers/groups/admins"]}},
headers=self.headers,
)
self.app.put_json(
"/buckets/beers/groups/admins",
{"data": {"members": [self.admin_principal]}},
headers=self.headers,
)
self.app.put_json(
"/buckets/beers/collections/barley", MINIMALIST_COLLECTION, headers=self.headers
)
self.app.put_json("/buckets/sodas", MINIMALIST_BUCKET, headers=self.headers)
self.app.put_json(
"/buckets/beers/groups/admins",
{"data": {"members": [self.admin_principal]}},
headers=self.headers,
)
self.app.put_json(
"/buckets/sodas/collections/sprite",
{"permissions": {"read": ["/buckets/beers/groups/admins"]}},
headers=self.headers,
)
def test_read_permission_can_be_given_to_anybody_via_settings(self):
with mock.patch.dict(self.app.app.registry.settings,
[('history_read_principals', 'system.Everyone')]):
resp = self.app.get('/buckets/test/history',
headers=get_user_headers('tartan:pion'))
entries = resp.json['data']
assert len(entries) == 6 # everything.
def setUp(self):
super(FlushViewTest, self).setUp()
self.events = []
bucket = MINIMALIST_BUCKET.copy()
self.alice_headers = self.headers.copy()
self.alice_headers.update(**get_user_headers('alice'))
resp = self.app.get('/', headers=self.alice_headers)
alice_principal = resp.json['user']['id']
bucket['permissions'] = {'write': [alice_principal]}
# Create shared bucket.
self.app.put_json('/buckets/beers', bucket,
headers=self.headers)
self.app.put_json('/buckets/beers/collections/barley',
MINIMALIST_COLLECTION,
headers=self.headers)
# Records for alice and bob.
self.app.post_json(self.collection_url,
MINIMALIST_RECORD,
headers=self.headers,
status=201)
self.app.post_json(self.collection_url,
MINIMALIST_RECORD,
headers=self.alice_headers,
status=201)
def test_creation_is_forbidden_is_no_write_on_bucket_nor_collection(self):
headers = self.headers.copy()
headers.update(**get_user_headers('jean-louis'))
self.app.post_json('/buckets/beer/collections/barley/records',
MINIMALIST_RECORD,
headers=headers,
status=403)
def test_read_permission_can_be_given_to_anybody_via_settings(self):
with mock.patch.dict(
self.app.app.registry.settings, [("history_read_principals", "system.Everyone")]
):
resp = self.app.get("/buckets/test/history", headers=get_user_headers("tartan:pion"))
entries = resp.json["data"]
assert len(entries) == 6 # everything.
def test_password_can_be_changed(self):
self.app.put_json(
"/accounts/alice",
{"data": {"password": "******"}},
headers=get_user_headers("alice", "123456"),
status=200,
)
def test_lidt_delete_403(self):
headers = {**self.headers, **testing.get_user_headers("aaa")}
response = self.app.delete("/buckets/b1/collections", headers=headers, status=403)
response = self.cast_bravado_response(response)
op = self.resources["Collections"].delete_collections
schema = self.spec.deref(op.op_spec["responses"]["403"])
validate_response(schema, op, response)
def test_creation_is_forbidden_is_no_write_on_bucket_nor_collection(self):
headers = {**self.headers, **get_user_headers("jean-louis")}
self.app.post_json(
"/buckets/beer/collections/barley/records",
MINIMALIST_RECORD,
headers=headers,
status=403,
)
def test_object_get_403(self):
headers = {**self.headers, **testing.get_user_headers('aaa')}
response = self.app.get('/buckets/b1',
headers=headers, status=403)
response = self.cast_bravado_response(response)
op = self.resources['Buckets'].get_bucket
schema = self.spec.deref(op.op_spec['responses']['403'])
validate_response(schema, op, response)
def test_collection_write_taken_into_account(self):
resp = self.app.get("/permissions", headers=get_user_headers("any"))
collections = [e for e in resp.json["data"] if e["resource_name"] == "collection"]
self.assertEqual(collections[0]["id"], "barley")
self.assertIn("write", collections[0]["permissions"])
def test_admin_can_delete_all_accounts(self):
self.app.delete_json("/accounts", headers=self.admin_headers)
self.app.get("/accounts/bob",
headers=get_user_headers("bob", "987654"),
status=401)
def setUp(self):
self.app.put_json("/accounts/bob", {"data": {
"password": "******"
}},
status=201)
self.bob_headers = get_user_headers("bob", "123456")
class SettingsPermissionsTest(PermissionsViewTest):
admin_headers = get_user_headers("admin")
admin_principal = (
"basicauth:bb7fe7b98e759578ef0de85b546dd57d21fe1e399390ad8dafc9886043a00e5c"
) # NOQA
@classmethod
def get_app_settings(cls, extras=None):
settings = super().get_app_settings(extras)
settings["bucket_write_principals"] = "system.Authenticated"
settings["group_create_principals"] = cls.admin_principal
settings["collection_write_principals"] = "system.Authenticated"
settings["record_create_principals"] = "/buckets/beers/groups/admins"
return settings
def setUp(self):
super().setUp()
self.app.put_json("/buckets/beers", MINIMALIST_BUCKET, headers=self.headers)
self.app.put_json(
"/buckets/beers/groups/admins",
{"data": {"members": [self.admin_principal]}},
headers=self.headers,
)
self.app.put_json(
"/buckets/beers/collections/barley", MINIMALIST_COLLECTION, headers=self.headers
)
def test_bucket_write_taken_into_account(self):
resp = self.app.get("/permissions", headers=get_user_headers("any"))
buckets = [e for e in resp.json["data"] if e["resource_name"] == "bucket"]
self.assertEqual(buckets[0]["id"], "beers")
self.assertIn("write", buckets[0]["permissions"])
def test_collection_create_taken_into_account(self):
resp = self.app.get("/permissions", headers=self.admin_headers)
buckets = [e for e in resp.json["data"] if e["resource_name"] == "bucket"]
self.assertEqual(buckets[0]["id"], "beers")
self.assertIn("group:create", buckets[0]["permissions"])
def test_collection_write_taken_into_account(self):
resp = self.app.get("/permissions", headers=get_user_headers("any"))
collections = [e for e in resp.json["data"] if e["resource_name"] == "collection"]
self.assertEqual(collections[0]["id"], "barley")
self.assertIn("write", collections[0]["permissions"])
def test_record_create_taken_into_account(self):
resp = self.app.get("/permissions", headers=self.admin_headers)
collections = [e for e in resp.json["data"] if e["resource_name"] == "collection"]
self.assertEqual(collections[0]["id"], "barley")
self.assertIn("record:create", collections[0]["permissions"])
def test_settings_permissions_are_merged_with_perms_backend(self):
self.app.patch_json(
"/buckets/beers",
{"permissions": {"collection:create": [self.admin_principal]}},
headers=self.headers,
)
self.app.patch_json(
"/buckets/beers/collections/barley",
{"permissions": {"read": [self.admin_principal]}},
headers=self.headers,
)
resp = self.app.get("/permissions", headers=self.admin_headers)
buckets = [e for e in resp.json["data"] if e["resource_name"] == "bucket"]
self.assertEqual(buckets[0]["id"], "beers")
self.assertIn("group:create", buckets[0]["permissions"])
self.assertIn("collection:create", buckets[0]["permissions"])
collections = [e for e in resp.json["data"] if e["resource_name"] == "collection"]
self.assertEqual(collections[0]["id"], "barley")
self.assertIn("record:create", collections[0]["permissions"])
self.assertIn("read", collections[0]["permissions"])
class SettingsPermissionsTest(PermissionsViewTest):
admin_headers = get_user_headers('admin')
admin_principal = 'basicauth:bb7fe7b98e759578ef0de85b546dd57d21fe1e399390ad8dafc9886043a00e5c' # NOQA
def __init__(self, *args, **kwargs):
super(SettingsPermissionsTest, self).__init__(*args, **kwargs)
def get_app_settings(self, extras=None):
settings = super(SettingsPermissionsTest,
self).get_app_settings(extras)
settings['bucket_write_principals'] = 'system.Authenticated'
settings['group_create_principals'] = self.admin_principal
settings['collection_write_principals'] = 'system.Authenticated'
settings['record_create_principals'] = '/buckets/beers/groups/admins'
return settings
def setUp(self):
super(SettingsPermissionsTest, self).setUp()
self.app.put_json('/buckets/beers',
MINIMALIST_BUCKET,
headers=self.headers)
self.app.put_json('/buckets/beers/groups/admins',
{'data': {
'members': [self.admin_principal]
}},
headers=self.headers)
self.app.put_json('/buckets/beers/collections/barley',
MINIMALIST_COLLECTION,
headers=self.headers)
def test_bucket_write_taken_into_account(self):
resp = self.app.get('/permissions', headers=get_user_headers("any"))
buckets = [
e for e in resp.json['data'] if e['resource_name'] == 'bucket'
]
self.assertEqual(buckets[0]['id'], 'beers')
self.assertIn('write', buckets[0]['permissions'])
def test_collection_create_taken_into_account(self):
resp = self.app.get('/permissions', headers=self.admin_headers)
buckets = [
e for e in resp.json['data'] if e['resource_name'] == 'bucket'
]
self.assertEqual(buckets[0]['id'], 'beers')
self.assertIn('group:create', buckets[0]['permissions'])
def test_collection_write_taken_into_account(self):
resp = self.app.get('/permissions', headers=get_user_headers("any"))
collections = [
e for e in resp.json['data'] if e['resource_name'] == 'collection'
]
self.assertEqual(collections[0]['id'], 'barley')
self.assertIn('write', collections[0]['permissions'])
def test_record_create_taken_into_account(self):
resp = self.app.get('/permissions', headers=self.admin_headers)
collections = [
e for e in resp.json['data'] if e['resource_name'] == 'collection'
]
self.assertEqual(collections[0]['id'], 'barley')
self.assertIn('record:create', collections[0]['permissions'])
def test_account_record_can_be_obtained_if_authenticated(self):
self.app.get('/accounts/alice', headers=get_user_headers('alice', '123456'))
def test_account_record_can_be_obtained_if_authenticated(self):
self.app.get("/accounts/alice",
headers=get_user_headers("alice", "123456"))
def test_authentication_is_denied_after_delete(self):
self.app.delete('/accounts/alice', headers=get_user_headers('alice', '123456'))
self.app.get('/accounts/alice', headers=get_user_headers('alice', '123456'),
status=401)
def test_accounts_list_contains_only_one_record(self):
resp = self.app.get('/accounts', headers=get_user_headers('alice', '123456'))
assert len(resp.json['data']) == 1
def test_account_can_be_deleted(self):
self.app.delete('/accounts/alice', headers=get_user_headers('alice', '123456'))
def test_metadata_can_be_changed(self):
resp = self.app.patch_json('/accounts/alice', {'data': {'age': 'captain'}},
headers=get_user_headers('alice', '123456'))
assert resp.json['data']['age'] == 'captain'
def test_cannot_patch_someone_else_account(self):
self.app.put_json('/accounts/bob', {'data': {'password': '******'}}, status=201)
self.app.patch_json('/accounts/bob', {'data': {'password': '******'}},
headers=get_user_headers('alice', '123456'),
status=403)
def test_bucket_write_taken_into_account(self):
resp = self.app.get("/permissions", headers=get_user_headers("any"))
buckets = [e for e in resp.json["data"] if e["resource_name"] == "bucket"]
self.assertEqual(buckets[0]["id"], "beers")
self.assertIn("write", buckets[0]["permissions"])
def test_cannot_read_if_not_allowed(self):
headers = {**self.headers, **get_user_headers("jean-louis")}
self.app.get("/buckets/beer/groups/moderators",
headers=headers,
status=403)
def test_cannot_obtain_someone_else_account(self):
self.app.get("/accounts/bob",
headers=get_user_headers("alice", "123456"),
status=403)
def setUpClass(cls):
super().setUpClass()
cls.alice_headers = {**cls.headers, **get_user_headers("alice")}
cls.alice_principal = (
"basicauth:d5b0026601f1b251974e09548d44155e16812e3c64ff7ae053fe3542e2ca1570"
)
def test_accounts_list_contains_only_one_record(self):
resp = self.app.get("/accounts",
headers=get_user_headers("alice", "123456"))
assert len(resp.json["data"]) == 1
def setUp(self):
self.everyone_headers = get_user_headers("")
def test_authentication_is_denied_after_delete(self):
self.app.delete("/accounts/alice",
headers=get_user_headers("alice", "123456"))
self.app.get("/accounts/alice",
headers=get_user_headers("alice", "123456"),
status=401)
def test_authentication_with_new_password_is_accepted_after_change(self):
self.app.put_json('/accounts/alice', {'data': {'password': '******'}},
headers=get_user_headers('alice', '123456'),
status=200)
self.app.get('/accounts/alice', headers=get_user_headers('alice', 'bouh'))
def test_account_can_be_deleted(self):
self.app.delete("/accounts/alice",
headers=get_user_headers("alice", "123456"))
def test_cannot_obtain_unknown_account(self):
self.app.get("/accounts/jeanine",
headers=get_user_headers("alice", "123456"),
status=403)
def setUpClass(cls):
super().setUpClass()
cls.headers.update(testing.get_user_headers("mat"))
def test_default_bucket_can_be_created_with_simple_put(self):
self.app.put(self.bucket_url,
headers=get_user_headers("bob"),
status=201)
def setUpClass(cls):
super().setUpClass()
cls.headers.update(get_user_headers('mat'))
cls.indexer = cls.app.app.registry.indexer
def test_username_and_account_id_must_match(self):
resp = self.app.patch_json('/accounts/alice', {'data': {'id': 'bob', 'password': '******'}},
headers=get_user_headers('alice', '123456'),
status=400)
assert 'does not match' in resp.json['message']
def test_cannot_obtain_someone_else_account(self):
self.app.get('/accounts/bob', headers=get_user_headers('alice', '123456'),
status=403)
def test_publicly_readable_record_allows_any_authenticated(self):
resp = self.app.get("/buckets/test/history", headers=get_user_headers("jack:"))
entries = resp.json["data"]
assert len(entries) == 1
assert "system.Authenticated" in entries[0]["target"]["permissions"]["read"]
assert entries[0]["resource_name"] == "record"
def test_cannot_patch_unknown_account(self):
self.app.patch_json('/accounts/bob', {'data': {'password': '******'}},
headers=get_user_headers('alice', '123456'),
status=403)
def __init__(self, *args, **kwargs):
super(BaseWebTest, self).__init__(*args, **kwargs)
self.headers.update(get_user_headers('mat'))
