async def test_invalid_ds_indieauth_cookie(bad_cookie):
datasette = Datasette([], memory=True)
app = datasette.app()
state = datasette.sign({"a": "auth-url"}, "datasette-indieauth-state")
if isinstance(bad_cookie, dict):
ds_indieauth = datasette.sign(bad_cookie, "datasette-indieauth-cookie")
else:
ds_indieauth = bad_cookie
async with httpx.AsyncClient(app=app) as client:
response = await client.get(
"http://localhost/-/indieauth/done",
params={
"state": state,
"code": "123",
},
cookies={"ds_indieauth": ds_indieauth},
allow_redirects=False,
)
assert '<p class="message-error">Invalid ds_indieauth cookie' in response.text
async def test_import_table_multiple_databases(tmpdir):
db_path1 = str(tmpdir / "test.db")
db_path2 = str(tmpdir / "test2.db")
datasette = Datasette([db_path1, db_path2])
cookies = {"ds_actor": datasette.sign({"a": {"id": "root"}}, "actor")}
async with httpx.AsyncClient(app=datasette.app()) as client:
response = await client.get("http://localhost/-/import-table",
cookies=cookies)
assert response.status_code == 200
assert "<option>test</option>" in response.text
assert "<option>test2</option>" in response.text
response2 = await client.get(
"http://localhost/-/import-table?database=test2", cookies=cookies)
assert response2.status_code == 200
assert '<option selected="selected">test2</option>' in response2.text
async def test_dashboard_list_permissions(datasette_db, datasette_metadata,
metadata, authenticated,
expected_status):
datasette = Datasette([str(datasette_db)],
metadata={
**datasette_metadata,
**metadata
})
cookies = {}
if authenticated:
cookies["ds_actor"] = datasette.sign({"a": {"id": "user"}}, "actor")
response = await datasette.client.get("/-/dashboards", cookies=cookies)
assert response.status_code == expected_status
async def test_permissions(tmpdir):
path = str(tmpdir / "test.db")
ds = Datasette([path])
app = ds.app()
async with httpx.AsyncClient(app=app) as client:
response = await client.get("http://localhost/-/import-table")
assert 403 == response.status_code
# Now try with a root actor
async with httpx.AsyncClient(app=app) as client2:
response2 = await client2.get(
"http://localhost/-/import-table",
cookies={"ds_actor": ds.sign({"a": {
"id": "root"
}}, "actor")},
allow_redirects=False,
)
assert 403 != response2.status_code
async def test_dashboard_view_permissions(datasette_db, datasette_metadata,
metadata, authenticated,
expected_status):
datasette = Datasette([str(datasette_db)],
metadata={
**datasette_metadata,
**metadata
})
cookies = {}
if authenticated:
cookies["ds_actor"] = datasette.sign({"a": {"id": "user"}}, "actor")
slug = list(
datasette_metadata["plugins"]["datasette-dashboards"].keys())[0]
response = await datasette.client.get(f"/-/dashboards/{slug}",
cookies=cookies)
assert response.status_code == expected_status
async def test_restrict_access():
datasette = Datasette(
[],
memory=True,
metadata={
"plugins": {
"datasette-indieauth": {
"restrict_access": "https://simonwillison.net/"
}
}
},
)
app = datasette.app()
paths = ("/-/actor.json", "/", "/:memory:", "/-/metadata")
async with httpx.AsyncClient(app=app) as client:
# All pages should 403 and show login form
for path in paths:
response = await client.get("http://localhost{}".format(path))
assert response.status_code == 403
assert '<form action="/-/indieauth" method="post">' in response.text
assert "simonwillison.net" not in response.text
# Now try with a signed ds_actor cookie - everything should 200
cookies = {
"ds_actor":
datasette.sign(
{
"a": {
"me": "https://simonwillison.net/",
"display": "simonwillison.net",
}
},
"actor",
)
}
for path in paths:
response2 = await client.get(
"http://localhost{}".format(path),
cookies=cookies,
)
assert response2.status_code == 200
assert "simonwillison.net" in response2.text
async def test_import_table(tmpdir, httpx_mock):
db_path = str(tmpdir / "test.db")
httpx_mock.add_response(
url="http://example/some/table.json?_shape=objects&_size=max",
json={
"table": "mytable",
"rows": [{
"foo": "bar"
}],
"primary_keys": [],
"filtered_table_rows_count": 1,
"next_url": None,
},
headers={"content-type": "application/json"},
)
datasette = Datasette([db_path])
cookies = {"ds_actor": datasette.sign({"a": {"id": "root"}}, "actor")}
async with httpx.AsyncClient(app=datasette.app()) as client:
response = await client.get("http://localhost/-/import-table",
cookies=cookies)
assert 200 == response.status_code
csrftoken = response.cookies["ds_csrftoken"]
cookies["ds_csrftoken"] = csrftoken
response = await client.post(
"http://localhost/-/import-table",
data={
"url": "http://example/some/table",
"csrftoken": csrftoken,
},
allow_redirects=False,
cookies=cookies,
)
assert response.status_code == 302
assert response.headers[
"location"] == "/test/mytable?_import_expected_rows=1"
