def test_security_over_inexistent_endpoints(oauth_requests, secure_api_spec_dir):
app1 = App(__name__, 5001, secure_api_spec_dir, swagger_ui=False,
debug=True, auth_all_paths=True)
app1.add_api('swagger.yaml')
assert app1.port == 5001
app_client = app1.app.test_client()
headers = {"Authorization": "Bearer 300"}
get_inexistent_endpoint = app_client.get('/v1.0/does-not-exist-invalid-token',
headers=headers) # type: flask.Response
assert get_inexistent_endpoint.status_code == 401
assert get_inexistent_endpoint.content_type == 'application/problem+json'
headers = {"Authorization": "Bearer 100"}
get_inexistent_endpoint = app_client.get('/v1.0/does-not-exist-valid-token',
headers=headers) # type: flask.Response
assert get_inexistent_endpoint.status_code == 404
assert get_inexistent_endpoint.content_type == 'application/problem+json'
get_inexistent_endpoint = app_client.get('/v1.0/does-not-exist-no-token') # type: flask.Response
assert get_inexistent_endpoint.status_code == 401
swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui.status_code == 401
headers = {"Authorization": "Bearer 100"}
post_greeting = app_client.post('/v1.0/greeting/rcaricio', data={}, headers=headers) # type: flask.Response
assert post_greeting.status_code == 200
post_greeting = app_client.post('/v1.0/greeting/rcaricio', data={}) # type: flask.Response
assert post_greeting.status_code == 401
def test_security(oauth_requests):
app1 = App(__name__, 5001, SPEC_FOLDER, debug=True)
app1.add_api('api.yaml')
assert app1.port == 5001
app_client = app1.app.test_client()
get_bye_no_auth = app_client.get('/v1.0/byesecure/jsantos') # type: flask.Response
assert get_bye_no_auth.status_code == 401
assert get_bye_no_auth.content_type == 'application/problem+json'
get_bye_no_auth_reponse = json.loads(get_bye_no_auth.data.decode()) # type: dict
assert get_bye_no_auth_reponse['title'] == 'Unauthorized'
assert get_bye_no_auth_reponse['detail'] == "No authorization token provided"
headers = {"Authorization": "Bearer 100"}
get_bye_good_auth = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_good_auth.status_code == 200
assert get_bye_good_auth.data == b'Goodbye jsantos (Secure: test-user)'
app_client = app1.app.test_client()
headers = {"Authorization": "Bearer 200"}
get_bye_wrong_scope = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_wrong_scope.status_code == 403
assert get_bye_wrong_scope.content_type == 'application/problem+json'
get_bye_wrong_scope_reponse = json.loads(get_bye_wrong_scope.data.decode()) # type: dict
assert get_bye_wrong_scope_reponse['title'] == 'Forbidden'
assert get_bye_wrong_scope_reponse['detail'] == "Provided token doesn't have the required scope"
app_client = app1.app.test_client()
headers = {"Authorization": "Bearer 300"}
get_bye_bad_token = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_bad_token.status_code == 401
assert get_bye_bad_token.content_type == 'application/problem+json'
get_bye_bad_token_reponse = json.loads(get_bye_bad_token.data.decode()) # type: dict
assert get_bye_bad_token_reponse['title'] == 'Unauthorized'
assert get_bye_bad_token_reponse['detail'] == "Provided oauth token is not valid"
def test_security(oauth_requests):
app1 = App(__name__, 5001, SPEC_FOLDER, debug=True)
app1.add_api('api.yaml')
assert app1.port == 5001
app_client = app1.app.test_client()
get_bye_no_auth = app_client.get('/v1.0/byesecure/jsantos') # type: flask.Response
assert get_bye_no_auth.status_code == 401
assert get_bye_no_auth.content_type == 'application/problem+json'
get_bye_no_auth_reponse = json.loads(get_bye_no_auth.data.decode()) # type: dict
assert get_bye_no_auth_reponse['title'] == 'Unauthorized'
assert get_bye_no_auth_reponse['detail'] == "No authorization token provided"
headers = {"Authorization": "Bearer 100"}
get_bye_good_auth = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_good_auth.status_code == 200
assert get_bye_good_auth.data == b'Goodbye jsantos (Secure)'
app_client = app1.app.test_client()
headers = {"Authorization": "Bearer 200"}
get_bye_wrong_scope = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_wrong_scope.status_code == 403
assert get_bye_wrong_scope.content_type == 'application/problem+json'
get_bye_wrong_scope_reponse = json.loads(get_bye_wrong_scope.data.decode()) # type: dict
assert get_bye_wrong_scope_reponse['title'] == 'Forbidden'
assert get_bye_wrong_scope_reponse['detail'] == "Provided token doesn't have the required scope"
app_client = app1.app.test_client()
headers = {"Authorization": "Bearer 300"}
get_bye_bad_token = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_bad_token.status_code == 401
assert get_bye_bad_token.content_type == 'application/problem+json'
get_bye_bad_token_reponse = json.loads(get_bye_bad_token.data.decode()) # type: dict
assert get_bye_bad_token_reponse['title'] == 'Unauthorized'
assert get_bye_bad_token_reponse['detail'] == "Provided oauth token is not valid"
def test_swagger_json_api(simple_api_spec_dir):
""" Verify the swagger.json file is returned for default setting passed to api. """
app = App(__name__, 5001, simple_api_spec_dir, debug=True)
app.add_api('swagger.yaml')
app_client = app.app.test_client()
swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response
assert swagger_json.status_code == 200
def test_swagger_json_api(simple_api_spec_dir):
""" Verify the swagger.json file is returned for default setting passed to api. """
app = App(__name__, 5001, simple_api_spec_dir, debug=True)
app.add_api('swagger.yaml')
app_client = app.app.test_client()
swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response
assert swagger_json.status_code == 200
def test_no_swagger_json_api(simple_api_spec_dir):
""" Verify the swagger.json file is not returned when set to False when adding api. """
app = App(__name__, 5001, simple_api_spec_dir, debug=True)
app.add_api('swagger.yaml', swagger_json=False)
app_client = app.app.test_client()
swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response
assert swagger_json.status_code == 404
def build_app_from_fixture(api_spec_folder, **kwargs):
debug = True
if 'debug' in kwargs:
debug = kwargs['debug']
del(kwargs['debug'])
app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=debug)
app.add_api('swagger.yaml', **kwargs)
return app
def test_no_swagger_json_api(simple_api_spec_dir):
""" Verify the swagger.json file is not returned when set to False when adding api. """
app = App(__name__, 5001, simple_api_spec_dir, debug=True)
app.add_api('swagger.yaml', swagger_json=False)
app_client = app.app.test_client()
swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response
assert swagger_json.status_code == 404
def build_app_from_fixture(api_spec_folder, **kwargs):
debug = True
if 'debug' in kwargs:
debug = kwargs['debug']
del (kwargs['debug'])
app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=debug)
app.add_api('swagger.yaml', **kwargs)
return app
def test_app_with_relative_path(simple_api_spec_dir):
# Create the app with a realative path and run the test_app testcase below.
app = App(__name__, 5001, '..' / simple_api_spec_dir.relative_to(TEST_FOLDER),
debug=True)
app.add_api('swagger.yaml')
app_client = app.app.test_client()
get_bye = app_client.get('/v1.0/bye/jsantos') # type: flask.Response
assert get_bye.status_code == 200
assert get_bye.data == b'Goodbye jsantos'
def test_app_with_relative_path(simple_api_spec_dir):
# Create the app with a realative path and run the test_app testcase below.
app = App(__name__,
5001,
'..' / simple_api_spec_dir.relative_to(TEST_FOLDER),
debug=True)
app.add_api('swagger.yaml')
app_client = app.app.test_client()
get_bye = app_client.get('/v1.0/bye/jsantos') # type: flask.Response
assert get_bye.status_code == 200
assert get_bye.data == b'Goodbye jsantos'
def test_no_swagger():
app = App(__name__, 5001, SPEC_FOLDER, swagger_ui=False, debug=True)
app.add_api('api.yaml')
app_client = app.app.test_client()
swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui.status_code == 404
app2 = App(__name__, 5001, SPEC_FOLDER, debug=True)
app2.add_api('api.yaml', swagger_ui=False)
app2_client = app2.app.test_client()
swagger_ui2 = app2_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui2.status_code == 404
def test_security_over_inexistent_endpoints(oauth_requests,
secure_api_spec_dir):
app1 = App(__name__,
5001,
secure_api_spec_dir,
swagger_ui=False,
debug=True,
auth_all_paths=True)
app1.add_api('swagger.yaml')
assert app1.port == 5001
app_client = app1.app.test_client()
headers = {"Authorization": "Bearer 300"}
get_inexistent_endpoint = app_client.get(
'/v1.0/does-not-exist-invalid-token',
headers=headers) # type: flask.Response
assert get_inexistent_endpoint.status_code == 401
assert get_inexistent_endpoint.content_type == 'application/problem+json'
headers = {"Authorization": "Bearer 100"}
get_inexistent_endpoint = app_client.get(
'/v1.0/does-not-exist-valid-token',
headers=headers) # type: flask.Response
assert get_inexistent_endpoint.status_code == 404
assert get_inexistent_endpoint.content_type == 'application/problem+json'
get_inexistent_endpoint = app_client.get(
'/v1.0/does-not-exist-no-token') # type: flask.Response
assert get_inexistent_endpoint.status_code == 401
swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui.status_code == 401
headers = {"Authorization": "Bearer 100"}
post_greeting = app_client.post('/v1.0/greeting/rcaricio',
data={},
headers=headers) # type: flask.Response
assert post_greeting.status_code == 200
post_greeting = app_client.post('/v1.0/greeting/rcaricio',
data={}) # type: flask.Response
assert post_greeting.status_code == 401
def test_dict_as_yaml_path(simple_api_spec_dir):
swagger_yaml_path = simple_api_spec_dir / 'swagger.yaml'
with swagger_yaml_path.open(mode='rb') as swagger_yaml:
contents = swagger_yaml.read()
try:
swagger_template = contents.decode()
except UnicodeDecodeError:
swagger_template = contents.decode('utf-8', 'replace')
swagger_string = jinja2.Template(swagger_template).render({})
specification = yaml.safe_load(swagger_string) # type: dict
app = App(__name__, 5001, simple_api_spec_dir, debug=True)
app.add_api(specification)
app_client = app.app.test_client()
swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response
assert swagger_json.status_code == 200
def test_dict_as_yaml_path(simple_api_spec_dir):
swagger_yaml_path = simple_api_spec_dir / 'swagger.yaml'
with swagger_yaml_path.open(mode='rb') as swagger_yaml:
contents = swagger_yaml.read()
try:
swagger_template = contents.decode()
except UnicodeDecodeError:
swagger_template = contents.decode('utf-8', 'replace')
swagger_string = jinja2.Template(swagger_template).render({})
specification = yaml.safe_load(swagger_string) # type: dict
app = App(__name__, 5001, simple_api_spec_dir, debug=True)
app.add_api(specification)
app_client = app.app.test_client()
swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response
assert swagger_json.status_code == 200
def test_security(oauth_requests):
app1 = App(__name__, 5001, SPEC_FOLDER, debug=True)
app1.add_api('api.yaml')
assert app1.port == 5001
app_client = app1.app.test_client()
get_bye_no_auth = app_client.get('/v1.0/byesecure/jsantos') # type: flask.Response
assert get_bye_no_auth.status_code == 401
headers = {"Authorization": "Bearer 100"}
get_bye_good_auth = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_good_auth.status_code == 200
assert get_bye_good_auth.data == b'Goodbye jsantos (Secure)'
app_client = app1.app.test_client()
headers = {"Authorization": "Bearer 200"}
get_bye_wrong_scope = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_wrong_scope.status_code == 401
app_client = app1.app.test_client()
headers = {"Authorization": "Bearer 300"}
get_bye_bad_token = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response
assert get_bye_bad_token.status_code == 401
def test_no_swagger_ui(simple_api_spec_dir):
app = App(__name__,
5001,
simple_api_spec_dir,
swagger_ui=False,
debug=True)
app.add_api('swagger.yaml')
app_client = app.app.test_client()
swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui.status_code == 404
app2 = App(__name__, 5001, simple_api_spec_dir, debug=True)
app2.add_api('swagger.yaml', swagger_ui=False)
app2_client = app2.app.test_client()
swagger_ui2 = app2_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui2.status_code == 404
def test_no_swagger():
app = App(__name__, 5001, SPEC_FOLDER, swagger_ui=False, debug=True)
app.add_api('api.yaml')
app_client = app.app.test_client()
swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui.status_code == 404
app2 = App(__name__, 5001, SPEC_FOLDER, debug=True)
app2.add_api('api.yaml', swagger_ui=False)
app2_client = app2.app.test_client()
swagger_ui2 = app2_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui2.status_code == 404
def test_no_swagger(simple_api_spec_dir):
app = App(__name__, 5001, simple_api_spec_dir, swagger_ui=False, debug=True)
app.add_api('swagger.yaml')
app_client = app.app.test_client()
swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui.status_code == 404
app2 = App(__name__, 5001, simple_api_spec_dir, debug=True)
app2.add_api('swagger.yaml', swagger_ui=False)
app2_client = app2.app.test_client()
swagger_ui2 = app2_client.get('/v1.0/ui/') # type: flask.Response
assert swagger_ui2.status_code == 404
def app():
app = App(__name__, 5001, SPEC_FOLDER, debug=True)
app.add_api('api.yaml')
return app
def problem_app(problem_api_spec_dir):
app = App(__name__, 5001, problem_api_spec_dir, debug=True)
app.add_api('swagger.yaml', validate_responses=True)
def test_add_api_with_function_resolver_function_is_wrapped(simple_api_spec_dir):
app = App(__name__, specification_dir=simple_api_spec_dir)
api = app.add_api('swagger.yaml', resolver=lambda oid: (lambda foo: 'bar'))
assert api.resolver.resolve_function_from_operation_id('faux')('bah') == 'bar'
def simple_app(simple_api_spec_dir):
app = App(__name__, 5001, simple_api_spec_dir, debug=True)
app.add_api('swagger.yaml', validate_responses=True)
return app
def build_app_from_fixture(api_spec_folder):
app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=True)
app.add_api('swagger.yaml', validate_responses=True)
return app
def app():
app = App(__name__, 5001, SPEC_FOLDER, debug=True)
app.add_api('api.yaml', validate_responses=True)
return app
def test_app_with_relative_path():
# Create the app with a realative path and run the test_app testcase below.
app = App(__name__, 5001, SPEC_FOLDER.relative_to(TEST_FOLDER),
debug=True)
app.add_api('api.yaml')
test_app(app)
def build_app_from_fixture(api_spec_folder):
app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=True)
app.add_api('swagger.yaml', validate_responses=True)
return app
def test_add_api_with_function_resolver_function_is_wrapped():
app = App(__name__, specification_dir=SPEC_FOLDER)
api = app.add_api('api.yaml', resolver=lambda oid: (lambda foo: 'bar'))
assert api.resolver.resolve_function_from_operation_id('faux')('bah') == 'bar'
def test_add_api_with_function_resolver_function_is_wrapped():
app = App(__name__, specification_dir=SPEC_FOLDER)
api = app.add_api("api.yaml", resolver=lambda oid: (lambda foo: "bar"))
assert api.resolver.resolve_function_from_operation_id("faux")("bah") == "bar"
def test_add_api_with_function_resolver_function_is_wrapped():
app = App(__name__, specification_dir=SPEC_FOLDER)
api = app.add_api('api.yaml', resolver=lambda oid: (lambda foo: 'bar'))
assert api.resolver.resolve_function_from_operation_id('faux')(
'bah') == 'bar'
def test_app_with_relative_path():
# Create the app with a realative path and run the test_app testcase below.
app = App(__name__, 5001, SPEC_FOLDER.relative_to(TEST_FOLDER), debug=True)
app.add_api('api.yaml')
test_app(app)
def app():
app = App(__name__, 5001, SPEC_FOLDER, debug=True)
app.add_api('api.yaml', validate_responses=True)
return app
def simple_app(simple_api_spec_dir):
app = App(__name__, 5001, simple_api_spec_dir, debug=True)
app.add_api('swagger.yaml', validate_responses=True)
return app
def problem_app(problem_api_spec_dir):
app = App(__name__, 5001, problem_api_spec_dir, debug=True)
app.add_api('swagger.yaml', validate_responses=True)
def build_app_from_fixture(api_spec_folder, **kwargs):
app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=True)
app.add_api('swagger.yaml', **kwargs)
return app
def test_add_api_with_function_resolver_function_is_wrapped(
simple_api_spec_dir):
app = App(__name__, specification_dir=simple_api_spec_dir)
api = app.add_api('swagger.yaml', resolver=lambda oid: (lambda foo: 'bar'))
assert api.resolver.resolve_function_from_operation_id('faux')(
'bah') == 'bar'
