Ejemplo n.º 1
0
def test_blacklist():
    grant_query()
    _load_test_data()
    
    dev1 = models.Developer.query(models.Developer.consumer_key == "valid_key1").get()
    
    grant_component(dev1, "blacklist")
    
    consumer1 = oauth.Consumer(key=dev1.consumer_key, secret=dev1.consumer_secret)
    
    # Check a user who has not been blacklisted
    url = create_GET_url({"email":"*****@*****.**", "components": "blacklist"}, 
                         "/api/v1/query/report", consumer1)
    response = testapp.get(url)
    
    eq_(response.status_int, 200)
    
    blacklist_data = response.json["blacklist"]
    
    eq_(blacklist_data["blacklisting_count"], 0)
    eq_(len(blacklist_data["blacklistings"]), 0)
    
    # Check a user who HAS been blacklisted
    # This test also tests our correlation algorithm by querying on a piece of
    # PII that is NOT directly associated with the blacklisting - it's
    # affiliated with the user through another marketplace.
    url = create_GET_url({"email":"*****@*****.**", "components": "blacklist"}, 
                         "/api/v1/query/report", consumer1)
    response = testapp.get(url)
    
    eq_(response.status_int, 200)
    
    blacklist_data = response.json["blacklist"]
    
    eq_(blacklist_data["blacklisting_count"], 1)
    eq_(len(blacklist_data["blacklistings"]), 1)
    eq_(blacklist_data["blacklistings"][0]["date_banned"], "2009-09-25")
    eq_(blacklist_data["blacklistings"][0]["reason_banned"], None)
    eq_(blacklist_data["blacklistings"][0]["marketplace_type"], "ride sharing")
    

    
    
    
    
    
    
    
    
    
    
    
    
    
    
Ejemplo n.º 2
0
def test_permissions():
    dev1 = models.Developer.query(models.Developer.consumer_key == "valid_key1").get()
    consumer1 = oauth.Consumer(key=dev1.consumer_key, secret=dev1.consumer_secret)
    
    # Make a call with no api level permissions, confirm that we get a 403
    url = create_GET_url({"email":"*****@*****.**","components":"blacklist"}, 
                         "/api/v1/query/report", consumer1)
    response = testapp.get(url, status=403) 
    
    eq_(response.status_int, 403)    
    eq_(response.body, "Insufficent permissions to access this resource")

    grant_query()
    
    # Make a call with api level permissions, but no component permissions, 
    # confirm that we still get a 403
    response = testapp.get(url, status=403) 
    eq_(response.status_int, 403)
    eq_(response.body, "Insufficent permissions to access components: blacklist")
    
    grant_component(dev1, "blacklist")
    
    # Make a request with both api and component level permissions, confirm
    # that everything is a-ok
    response = testapp.get(url)
    eq_(response.status_int, 200)      
Ejemplo n.º 3
0
def test_permissions():
    dev1 = models.Developer.query(
        models.Developer.consumer_key == "valid_key1").get()
    consumer1 = oauth.Consumer(key=dev1.consumer_key,
                               secret=dev1.consumer_secret)

    # Make a call with no api level permissions, confirm that we get a 403
    url = create_GET_url({
        "email": "*****@*****.**",
        "components": "blacklist"
    }, "/api/v1/query/report", consumer1)
    response = testapp.get(url, status=403)

    eq_(response.status_int, 403)
    eq_(response.body, "Insufficent permissions to access this resource")

    grant_query()

    # Make a call with api level permissions, but no component permissions,
    # confirm that we still get a 403
    response = testapp.get(url, status=403)
    eq_(response.status_int, 403)
    eq_(response.body,
        "Insufficent permissions to access components: blacklist")

    grant_component(dev1, "blacklist")

    # Make a request with both api and component level permissions, confirm
    # that everything is a-ok
    response = testapp.get(url)
    eq_(response.status_int, 200)
Ejemplo n.º 4
0
def test_blacklist():
    grant_query()
    _load_test_data()

    dev1 = models.Developer.query(
        models.Developer.consumer_key == "valid_key1").get()

    grant_component(dev1, "blacklist")

    consumer1 = oauth.Consumer(key=dev1.consumer_key,
                               secret=dev1.consumer_secret)

    # Check a user who has not been blacklisted
    url = create_GET_url({
        "email": "*****@*****.**",
        "components": "blacklist"
    }, "/api/v1/query/report", consumer1)
    response = testapp.get(url)

    eq_(response.status_int, 200)

    blacklist_data = response.json["blacklist"]

    eq_(blacklist_data["blacklisting_count"], 0)
    eq_(len(blacklist_data["blacklistings"]), 0)

    # Check a user who HAS been blacklisted
    # This test also tests our correlation algorithm by querying on a piece of
    # PII that is NOT directly associated with the blacklisting - it's
    # affiliated with the user through another marketplace.
    url = create_GET_url({
        "email": "*****@*****.**",
        "components": "blacklist"
    }, "/api/v1/query/report", consumer1)
    response = testapp.get(url)

    eq_(response.status_int, 200)

    blacklist_data = response.json["blacklist"]

    eq_(blacklist_data["blacklisting_count"], 1)
    eq_(len(blacklist_data["blacklistings"]), 1)
    eq_(blacklist_data["blacklistings"][0]["date_banned"], "2009-09-25")
    eq_(blacklist_data["blacklistings"][0]["reason_banned"], None)
    eq_(blacklist_data["blacklistings"][0]["marketplace_type"], "ride sharing")
Ejemplo n.º 5
0
def test_sandboxing():
    """
    Tests the ability for orgs to use the sandbox API.
    """
    grant_submit()
    grant_query()
    
    test_data = {"user_id": "1",
                 "ssn": "123121234",
                 "facebook_id": "132452356",
                 "name": "Rob Boyle",
                 "email": "*****@*****.**",
                 "date_joined": "1983-04-15",
                 "date_banned": "1983-10-30",
                 "reason_banned": "Too awesome.",
                 "review_count": 235,
                 "transaction_count": 942,
                 "positive_review_percentage": 74.23 }
    
    # Setup developer 1
    dev1 = models.Developer.query(models.Developer.consumer_key == "valid_key1").get()
    consumer1 = oauth.Consumer(key=dev1.consumer_key, secret=dev1.consumer_secret)
    grant_component(dev1, "blacklist")
    
    # Setup developer 2
    dev2 = models.Developer.query(models.Developer.consumer_key == "valid_key2").get()    
    consumer2 = oauth.Consumer(key=dev2.consumer_key, secret=dev2.consumer_secret)
    grant_component(dev2, "blacklist")    
    
    # Submit a user to the dev1 sandbox
    req = create_request(consumer1, "http://localhost/sandbox/v1/submit/user", "POST", urlencode(test_data))        
    response = testapp.post("/sandbox/v1/submit/user", req.to_postdata())    
    assert response.status_int == 200
    assert response.json["user_id"] == u"1"
    assert response.json["is_new"]

    assert models.IntakeUser.query(models.IntakeUser.api_type=="api").count() == 0
    assert models.IntakeUser.query(models.IntakeUser.org==dev1.org, models.IntakeUser.api_type=="sandbox").count() == 1
    intake_user = models.IntakeUser.query(models.IntakeUser.api_type=="sandbox", models.IntakeUser.org==dev1.org).get()
    
    check_intakeuser(intake_user, test_data, dev1.key, dev1.org)
    
    # Query for the user using the sandbox blacklist query method
    url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"}, 
                         "/sandbox/v1/query/report", consumer1)
    response = testapp.get(url)    
    
    blacklist_data = response.json["blacklist"]
    
    eq_(blacklist_data["blacklisting_count"], 1)
    eq_(len(blacklist_data["blacklistings"]), 1)
    eq_(blacklist_data["blacklistings"][0]["date_banned"], "1983-10-30")
    eq_(blacklist_data["blacklistings"][0]["reason_banned"], "Too awesome.")
    eq_(blacklist_data["blacklistings"][0]["marketplace_type"], "testing")
    
    # Query for the user using the production API, make sure they don't show up
    url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"}, 
                         "/api/v1/query/report", consumer1)
    response = testapp.get(url)    
    blacklist_data = response.json["blacklist"]
    
    eq_(len(blacklist_data["blacklistings"]), 0)
    eq_(blacklist_data["blacklisting_count"], 0)
    
    # Submit a user to the dev2 sandbox
    test_data2 = {}
    test_data2.update(test_data)
    test_data2["email"] = "*****@*****.**"
    
    req = create_request(consumer2, "http://localhost/sandbox/v1/submit/user", "POST", urlencode(test_data2))
    
    response = testapp.post("/sandbox/v1/submit/user", req.to_postdata())    
    assert response.status_int == 200
    assert response.json["user_id"] == u"1"
    assert response.json["is_new"]
    
    assert models.IntakeUser.query(models.IntakeUser.api_type=="api").count() == 0
    assert models.IntakeUser.query(models.IntakeUser.org==dev2.org, models.IntakeUser.api_type=="sandbox").count() == 1
    intake_user = models.IntakeUser.query(models.IntakeUser.api_type=="sandbox", models.IntakeUser.org==dev2.org).get()
    
    check_intakeuser(intake_user, test_data2, dev2.key, dev2.org)
    
    # Query for the user using the sandbox query method and the dev that created it
    url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"}, 
                         "/sandbox/v1/query/report", consumer2)
    response = testapp.get(url)    
    
    blacklist_data = response.json["blacklist"]
    
    eq_(blacklist_data["blacklisting_count"], 1)
    eq_(len(blacklist_data["blacklistings"]), 1)
    eq_(blacklist_data["blacklistings"][0]["date_banned"], "1983-10-30")
    eq_(blacklist_data["blacklistings"][0]["reason_banned"], "Too awesome.")
    eq_(blacklist_data["blacklistings"][0]["marketplace_type"], "testing")
        
    # Query for the user using the production API, make sure they don't show up
    url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"}, 
                         "/api/v1/query/report", consumer2)
    response = testapp.get(url)    
    
    blacklist_data = response.json["blacklist"]
    
    eq_(len(blacklist_data["blacklistings"]), 0)
    eq_(blacklist_data["blacklisting_count"], 0)
    
    # Query for the user using the sandbox API, but the other developer, make 
    # sure developer 2's data doesn't show up.
    url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"}, 
                         "/sandbox/v1/query/report", consumer1)
    response = testapp.get(url)    
    
    blacklist_data = response.json["blacklist"]
    
    eq_(len(blacklist_data["blacklistings"]), 0)
    eq_(blacklist_data["blacklisting_count"], 0)