def test_oauth_authorized_redirects_to_url_next_param_on_user_no_authorizing(
self, redirect, flickr):
flickr.authorized_response.return_value = None
redirect.return_value = "OK"
flask_app.test_client().get('/flickr/oauth-authorized?next=http://next')
redirect.assert_called_with('http://next')
def test_oauth_authorized_redirects_to_url_next_param_on_user_no_authorizing(
self, redirect, flickr):
flickr.authorized_response.return_value = None
redirect.return_value = Response(302)
flask_app.test_client().get('/flickr/oauth-authorized?next=http://next')
redirect.assert_called_with('http://next')
def test_oauth_authorized_redirects_to_url_next_param_on_authorization(
self, redirect, flickr):
fake_resp = {'oauth_token_secret': u'secret',
'username': u'palotespaco',
'fullname': u'paco palotes',
'oauth_token':u'token',
'user_nsid': u'user'}
flickr.authorized_response.return_value = fake_resp
redirect.return_value = Response(302)
flask_app.test_client().get('/flickr/oauth-authorized?next=http://next')
redirect.assert_called_with('http://next')
def test_oauth_authorized_redirects_to_url_next_param_on_authorization(
self, redirect, flickr):
fake_resp = {'oauth_token_secret': u'secret',
'username': u'palotespaco',
'fullname': u'paco palotes',
'oauth_token': u'token',
'user_nsid': u'user'}
flickr.authorized_response.return_value = fake_resp
redirect.return_value = "OK"
flask_app.test_client().get('/flickr/oauth-authorized?next=http://next')
redirect.assert_called_with('http://next')
def test_albums_endpoint_returns_user_albums_in_JSON_format(self, client):
client_instance = MagicMock()
client.return_value = client_instance
albums = ['one album', 'another album']
client_instance.get_user_albums.return_value = albums
resp = flask_app.test_client().get('/flickr/albums')
assert resp.data == json.dumps(albums).encode('utf-8'), resp.data
def test_albums_endpoint_returns_user_albums_in_JSON_format(self, client):
client_instance = MagicMock()
client.return_value = client_instance
albums = ['one album', 'another album']
client_instance.get_user_albums.return_value = albums
resp = flask_app.test_client().get('/flickr/albums')
assert resp.data == json.dumps(albums), resp.data
def test_buckets_with_non_existing_bucket_returns_error(self, S3Client):
client_instance = MagicMock()
S3Client.return_value = client_instance
client_instance.objects.side_effect = NoSuchBucket('Bucket "noSuchBucket" does not exist')
resp = flask_app.test_client().get('/amazon/bucket/noSuchBucket')
assert resp.status_code == 404, resp
def test_buckets_with_private_bucket_returns_error(self, S3Client):
client_instance = MagicMock()
S3Client.return_value = client_instance
client_instance.objects.side_effect = PrivateBucket('Bucket "noSuchBucket" is private')
resp = flask_app.test_client().get('/amazon/bucket/privateBucket')
assert resp.status_code == 403, resp
def test_buckets_with_private_bucket_returns_error(self, S3Client):
client_instance = MagicMock()
S3Client.return_value = client_instance
client_instance.objects.side_effect = PrivateBucket('Bucket "noSuchBucket" is private')
resp = flask_app.test_client().get('/amazon/bucket/privateBucket')
assert resp.status_code == 403, resp
def test_buckets_with_non_existing_bucket_returns_error(self, S3Client):
client_instance = MagicMock()
S3Client.return_value = client_instance
client_instance.objects.side_effect = NoSuchBucket('Bucket "noSuchBucket" does not exist')
resp = flask_app.test_client().get('/amazon/bucket/noSuchBucket')
assert resp.status_code == 404, resp
def test_buckets_with_specific_bucket_lists_its_content(self, S3Client):
objects = ['test.pdf', 'sunset.png']
bucket_name = 'Bucket1'
client_instance = MagicMock()
S3Client.return_value = client_instance
client_instance.objects.return_value = objects
resp = flask_app.test_client().get('/amazon/bucket/%s' % bucket_name)
client_instance.objects.assert_called_with(bucket_name)
assert resp.data == json.dumps(objects), resp.data
def test_buckets_with_specific_bucket_lists_its_content(self, S3Client):
objects = ['test.pdf', 'sunset.png']
bucket_name = 'Bucket1'
client_instance = MagicMock()
S3Client.return_value = client_instance
client_instance.objects.return_value = objects
resp = flask_app.test_client().get('/amazon/bucket/%s' % bucket_name)
client_instance.objects.assert_called_with(bucket_name)
assert resp.data == json.dumps(objects), resp.data
def test_logout_removes_token_and_user_from_session(self):
with flask_app.test_client() as c:
with c.session_transaction() as sess:
sess['flickr_token'] = 'fake_token'
sess['flickr_user'] = '******'
assert 'flickr_token' in sess
assert 'flickr_user' in sess
c.get('/flickr/revoke-access')
assert 'flickr_token' not in session
assert 'flickr_user' not in session
def test_logout_removes_token_and_user_from_session(self):
with flask_app.test_client() as c:
with c.session_transaction() as sess:
sess['flickr_token'] = 'fake_token'
sess['flickr_user'] = '******'
assert 'flickr_token' in sess
assert 'flickr_user' in sess
c.get('/flickr/revoke-access')
assert 'flickr_token' not in session
assert 'flickr_user' not in session
def test_oauth_authorized_saves_token_and_user_to_session(self, flickr):
fake_resp = {'oauth_token_secret': u'secret',
'username': u'palotespaco',
'fullname': u'paco palotes',
'oauth_token':u'token',
'user_nsid': u'user'}
flickr.authorized_response.return_value = fake_resp
with flask_app.test_client() as c:
c.get('/flickr/oauth-authorized')
flickr.save_credentials.assert_called_with(session,
{'oauth_token_secret': u'secret', 'oauth_token': u'token'},
{'username': u'palotespaco', 'user_nsid': u'user'})
def test_oauth_authorized_saves_token_and_user_to_session(self, flickr):
fake_resp = {'oauth_token_secret': u'secret',
'username': u'palotespaco',
'fullname': u'paco palotes',
'oauth_token':u'token',
'user_nsid': u'user'}
flickr.authorized_response.return_value = fake_resp
with flask_app.test_client() as c:
c.get('/flickr/oauth-authorized')
flickr.save_credentials.assert_called_with(session,
{'oauth_token_secret': u'secret', 'oauth_token': u'token'},
{'username': u'palotespaco', 'user_nsid': u'user'})
def test_oauth_authorized_saves_token_and_user_to_session(self, oauth):
fake_resp = {'oauth_token_secret': u'secret',
'username': u'palotespaco',
'fullname': u'paco palotes',
'oauth_token':u'token',
'user_nsid': u'user'}
oauth.authorized_response.return_value = fake_resp
expected_token = {
'oauth_token_secret': u'secret',
'oauth_token': u'token'
}
expected_user = {'username': u'palotespaco', 'user_nsid': u'user'}
with flask_app.test_client() as c:
c.get('/flickr/oauth-authorized')
assert session['flickr_token'] == expected_token, session['flickr_token']
assert session['flickr_user'] == expected_user, session['flickr_user']
def test_oauth_authorized_saves_token_and_user_to_session(self, oauth):
fake_resp = {'oauth_token_secret': u'secret',
'username': u'palotespaco',
'fullname': u'paco palotes',
'oauth_token': u'token',
'user_nsid': u'user'}
oauth.authorized_response.return_value = fake_resp
expected_token = {
'oauth_token_secret': u'secret',
'oauth_token': u'token'
}
expected_user = {'username': u'palotespaco', 'user_nsid': u'user'}
with flask_app.test_client() as c:
c.get('/flickr/oauth-authorized')
assert session['flickr_token'] == expected_token, session['flickr_token']
assert session['flickr_user'] == expected_user, session['flickr_user']
def test_oauth_authorized_adds_token_and_user_to_session(self, flickr):
fake_resp = {
'oauth_token_secret': u'secret',
'username': u'palotespaco',
'fullname': u'paco palotes',
'oauth_token': u'token',
'user_nsid': u'user'
}
flickr.authorized_response.return_value = fake_resp
with flask_app.test_client() as c:
c.get('/flickr/oauth-authorized')
flickr_token = session.get('flickr_token')
flickr_user = session.get('flickr_user')
assert flickr_token == {
'oauth_token_secret': u'secret',
'oauth_token': u'token'
}
assert flickr_user == {
'username': u'palotespaco',
'user_nsid': u'user'
}
def test_logout_redirects_to_url_specified_by_next_param(self, redirect):
redirect.return_value = Response(302)
flask_app.test_client().get(
'/flickr/revoke-access?next=http://mynext_url')
redirect.assert_called_with('http://mynext_url')
def test_flickr_login_specifies_callback_and_read_permissions(self, oauth):
oauth.authorize.return_value = Response(302)
flask_app.test_client().get('/flickr/')
oauth.authorize.assert_called_with(callback='/flickr/oauth-authorized',
perms='read')
class TestAPI(object):
app = flask_app.test_client()
def setUp(self):
sentinel.connection.master_for('redis-master').flushall()
limit = flask_app.config.get('LIMIT')
def check_limit(self, url, action, obj, data=None):
# Set the limit
limit = self.limit - 1
# Start check
for i in range(limit, -1, -1):
if action == 'get':
res = self.app.get(url)
elif action == 'post':
if obj == 'project':
data = dict(name=i,
short_name=i,
long_description='something')
data = json.dumps(data)
res = self.app.post(url, data=data)
elif action == 'put':
_url = '/api/%s/%s' % (obj, i)
if obj == 'project':
data = dict(name=i,
short_name=i,
long_description='something')
data = json.dumps(data)
res = self.app.put(_url + url, data=data)
elif action == 'delete':
_url = '/api/%s/%s' % (obj, i)
res = self.app.delete(_url + url)
else:
raise Exception("action not found")
# Error message
err_msg = "GET X-RateLimit-Remaining not working"
# Tests
print("X-RateLimit-Remaining: %s" % res.headers['X-RateLimit-Remaining'])
print("Expected value: %s" % i)
assert int(res.headers['X-RateLimit-Remaining']) == i, err_msg
if res.headers['X-RateLimit-Remaining'] == 0:
error = json.loads(res.data)
err_msg = "The status_code should be 429"
assert error['status_code'] == 429, err_msg
err_msg = "The status should be failed"
assert error['status'] == 'failed', err_msg
err_msg = "The exception_cls should be TooManyRequests"
assert error['exception_cls'] == 'TooManyRequests', err_msg
def test_00_api_get(self):
"""Test API GET rate limit."""
# GET as Anonymous
url = '/api/'
action = 'get'
self.check_limit(url, action, 'project')
@patch('pybossa.api.api_base.APIBase._db_query')
def test_00_project_get(self, mock):
"""Test API.project GET rate limit."""
mock.return_value = {}
# GET as Anonymous
url = '/api/project'
action = 'get'
self.check_limit(url, action, 'project')
@patch('pybossa.api.api_base.APIBase._create_instance_from_request')
def test_01_project_post(self, mock):
"""Test API.project POST rate limit."""
mock.return_value = {}
url = '/api/project'
self.check_limit(url, 'post', 'project')
@patch('pybossa.api.api_base.APIBase._delete_instance')
def test_02_project_delete(self, mock):
"""Test API.project DELETE rate limit."""
mock.return_value = {}
url = ''
self.check_limit(url, 'delete', 'project')
@patch('pybossa.api.api_base.APIBase._update_instance')
def test_03_project_put(self, mock):
"""Test API.project PUT rate limit."""
mock.return_value = {}
url = ''
self.check_limit(url, 'put', 'project')
@patch('pybossa.api._retrieve_new_task')
def test_04_new_task(self, mock):
"""Test API.new_task(project_id) GET rate limit."""
mock.return_value = {}
url = '/api/project/1/newtask'
self.check_limit(url, 'get', 'project')
@patch('pybossa.api.project_repo')
def test_05_user_progress(self, mock):
"""Test API.user_progress GET rate limit."""
url = '/api/project/1/userprogress'
self.check_limit(url, 'get', 'project')
def test_flickr_login_specifies_callback_and_read_permissions(self, flickr):
flickr.authorize.return_value = Response(302)
flask_app.test_client().get('/flickr/')
flickr.authorize.assert_called_with(
callback='/flickr/oauth-authorized',perms='read')
def test_logout_redirects_to_url_specified_by_next_param(self, redirect):
redirect.return_value = Response(302)
flask_app.test_client().get('/flickr/revoke-access?next=http://mynext_url')
redirect.assert_called_with('http://mynext_url')
def test_albums_endpoint_returns_user_albums_in_JSON_format(self, client):
albums = ['one album', 'another album']
client.get_user_albums.return_value = albums
resp = flask_app.test_client().get('/flickr/albums')
assert resp.data == json.dumps(albums), resp.data
