def tearDown(self):
try:
req = DELETE("localhost", globalConfig.uiPort, "/auth")
req.authorize(self.session)
response, content = req()
self.assertEqual(204, response.status)
finally:
super().tearDown()
def test1_exploit_invalid_session(self):
req = DELETE(config.ui_host, config.ui_port, "/auth")
req.authorize("\xc0\x8d\xc0\x8a\xc0\x8d\xc0\x8a{\"attack\": \"payload\"}")
response, content = req.perform()
self.assertEqual(401, response.status)
result = json.loads(content)
self.assertEqual("error", result["status"])
self.assertEqual(401, result["code"])
def test4_fail_on_delete_read_only_firmware(self):
req = DELETE(
config.ui_host, config.ui_port, "/gateways/" + config.gateway_id +
"/devices/0xa335d00019f5234e/properties/firmware")
req.authorize(self.session)
response, content = req()
self.assertEqual(405, response.status)
result = json.loads(content)
self.assertEqual("Method Not Allowed", result["status"])
def tearDown(self): req = DELETE(config.ui_host, config.ui_port, "/gateways/" + config.gateway_id) req.authorize(self.session) response, content = req() self.assertEqual(204, response.status) req = DELETE(config.ui_host, config.ui_port, "/auth") req.authorize(self.session) response, content = req() self.assertEqual(204, response.status)
def test3_unpair_non_existing(self):
req = DELETE(
config.ui_host, config.ui_port,
"/gateways/" + config.gateway_id + "/devices/0xf101201230234023")
req.authorize(self.session)
response, content = req()
self.assertEqual(403, response.status)
result = json.loads(content)
self.assertEqual("error", result["status"])
self.assertEqual("not enough permission to access the resource",
result["message"])
def unassignGateway(self, gwId, resultLink):
# unassign the gateway
req = DELETE("localhost", globalConfig.uiPort, "/gateways/" + gwId)
req.authorize(self.session)
response, content = req()
self.assertEqual(204, response.status)
# test the gateway is inaccessible
req = GET("localhost", globalConfig.uiPort, resultLink)
req.authorize(self.session)
response, content = req()
self.assertEqual(403, response.status)
result = json.loads(content)
self.assertEqual(403, result["code"])
self.assertEqual("not enough permission to access the resource", result["message"])
def test4_unpair_inactive(self):
req = DELETE(
config.ui_host, config.ui_port,
"/gateways/" + config.gateway_id + "/devices/0xa371959aad24618e")
req.authorize(self.session)
response, content = req()
self.assertEqual(202, response.status)
data = json.loads(content)
self.assertEqual("success", data["status"])
device_uri = response.getheader("Location")
for i in range(10):
req = GET(config.ui_host, config.ui_port, device_uri)
req.authorize(self.session)
response, content = req()
self.assertEqual(200, response.status)
result = json.loads(content)
self.assertEqual("success", result["status"])
if result["data"]["state"] == "inactive":
break
time.sleep(1)
req = GET(config.ui_host, config.ui_port, device_uri)
req.authorize(self.session)
response, content = req()
self.assertEqual(200, response.status)
result = json.loads(content)
self.assertEqual("success", result["status"])
self.assertEqual("inactive", result["data"]["state"])
def logout(session): req = DELETE(config.ui_host, config.ui_port, "/auth") req.authorize(session) return req()
def tearDown(self): req = DELETE(config.ui_host, config.ui_port, "/auth") req.authorize(self.session) response, _ = req() self.assertEqual(204, response.status)
def unpairDevice(self, gwId, deviceId):
req = DELETE("localhost", globalConfig.uiPort, "/gateways/" + str(gwId) + "/devices/" + str(deviceId))
req.authorize(self.session)
response, content = req()
self.assertEqual(202, response.status)
