def setUp(self): if os.path.exists(self.db_path): os.unlink(self.db_path) self.app = course_activity_planner.setup('test') self.client = self.app.test_client() self.token = course_activity_planner._create_token(111) # Ignore ics url in request and link to local ics file course_activity_planner._dl_and_save_ics_file = \ MagicMock(return_value=self.local_short_cal_path)
def test_unauthorized_access(self): course_activity_planner._generate_planning_uuid = \ MagicMock(return_value='uuid') res = self.client.post( '/api/planning', data=dict( mbz_file=(io.BytesIO(b'this is a test'), 'test.mbz'), ics_url=self.cal_url), headers=[('Authorization', "Bearer %s" % self.token)]) # Simulate another client with other user id unauthorized_token = course_activity_planner._create_token(1111) res = self.client.put( '/api/planning/uuid', data=json.dumps({'planning': 'some text'}), headers=[('Content-Type', 'application/json'), ('Authorization', "Bearer %s" % unauthorized_token)]) self.assertEqual(403, res._status_code)
def setUp(self): if os.path.exists(self.db_path): os.unlink(self.db_path) self.app = course_activity_planner.setup('test') self.client = self.app.test_client() self.token = course_activity_planner._create_token(111)