Example #1
0
def test_unit_contacts(client, admin_token):
    # Test db error
    # Test empty query
    headers = {'Authorization': "Bearer " + admin_token}

    dynamodb.delete('test')

    # No table - error
    f1 = client.get('/rest/unit/test/contacts', headers=headers)
    assert (f1.status_code == 500)
    jf1 = json.loads(f1.data)
    assert (jf1.get("error") == "DatabaseError")
    assert (
        jf1.get("detail") == "Cannot do operations on a non-existent table")

    dynamodb.create('test')
    #dynamodb.wait_until_active('test') # TODO

    u1 = client.put('/rest/unit/test', data={"capcode": "23"}, headers=headers)
    assert (u1.status_code == 201)

    # No contacts - empty list
    ge = client.get('/rest/unit/test/contacts', headers=headers)
    assert (ge.status_code == 200)
    jge = json.loads(ge.data)
    assert (type(jge) is list)
    assert (len(jge) == 0)

    # Create fifty contacts
    for i in range(50):
        cr = client.put('/rest/contact/' + gen_phone(),
                        data={
                            "unit": "test",
                            "member_id": gen_memberid()
                        },
                        headers=headers)
        assert (cr.status_code == 201)

    # Fetch all contacts
    ga = client.get('/rest/unit/test/contacts', headers=headers)
    assert (ga.status_code == 200)
    jga = json.loads(ga.data)
    assert (type(jga) is list)
    assert (len(jga) == 50)

    # Non existant unit
    go = client.get('/rest/unit/other/contacts', headers=headers)
    assert (go.status_code == 404)
Example #2
0
def test_pagelog_table(client, admin_token):
    headers = {'Authorization': "Bearer " + admin_token}
    dynamodb.delete('test')

    # No table - error
    f1 = client.get('/rest/unit/test/pagelog', headers=headers)
    assert (f1.status_code == 500)
    jf1 = json.loads(f1.data)
    assert (jf1.get("error") == "DatabaseError")
    assert (
        jf1.get("detail") == "Cannot do operations on a non-existent table")

    dynamodb.create_unit('test')
    u0 = client.put('/rest/unit/test', data={"capcode": "23"}, headers=headers)
    assert (u0.status_code == 201)

    # Now we should fail on our DB
    f4 = client.get('/rest/unit/test/pagelog', headers=headers)
    assert (f4.status_code == 500)
    jf4 = json.loads(f4.data)
    assert (jf4.get("error") == "DatabaseError")
    assert (
        jf4.get("detail") == "Cannot do operations on a non-existent table")

    dynamodb.create('test')
    #dynamodb.wait_until_active('test') # TODO

    # Create some dummy units
    units = ["test1", "test2", "test3"]
    for u in units:
        capcode = random.randint(1, 1000)
        ur = client.put('/rest/unit/' + u,
                        data={"capcode": capcode},
                        headers=headers)
        assert (ur.status_code == 201)

    phone_numbers = [gen_phone() for x in range(10)]

    # Create a pile of pagelog entries
    for i in range(500):
        unit = random.choice(units)
        phone_number = random.choice(phone_numbers)
        body = fake.text(max_nb_chars=200, ext_word_list=None)
        data = {"phone_number": phone_number, "unit": unit, "body": body}
        now = decimal.Decimal(time.time())

        dynamodb.add_pagelog('test', unit, now, phone_number, body)

    # Fetch the pagelogs back
    unit_data = []
    for u in units:
        gu = client.get('/rest/unit/' + u + '/pagelog', headers=headers)
        assert (gu.status_code == 200)
        unit_data.append(json.loads(gu.data))

    assert (len(unit_data) == 3)
    assert (len(unit_data[0]) + len(unit_data[1]) + len(unit_data[2]) == 500)

    for ud in unit_data:
        # Each list should have roughly 166 entries
        assert (len(ud) > 100)
        assert (len(ud) < 220)

    entry = unit_data[0][0]
    assert (entry.get("phone_number") is not None)
    assert (entry.get("unit") is not None)
    assert (entry.get("timestamp") is not None)
    assert (entry.get("body") is not None)

    go = client.get('/rest/unit/other/pagelog', headers=headers)
    assert go.status_code == 404
Example #3
0
def test_contact_table(client, admin_token):
    headers = {'Authorization': "Bearer " + admin_token}
    dynamodb.delete('test')

    # No table - error
    f1 = client.get('/rest/contact/61412123666', headers=headers)
    assert (f1.status_code == 500)
    jf1 = json.loads(f1.data)
    assert (jf1.get("error") == "DatabaseError")
    assert (
        jf1.get("detail") == "Cannot do operations on a non-existent table")

    dynamodb.create('test')
    # dynamodb.wait_until_active('test') # TODO

    u1 = client.put('/rest/unit/test', data={"capcode": "23"}, headers=headers)
    assert (u1.status_code == 201)

    data = {"member_id": 9998, "unit": "test"}
    p1 = client.put('/rest/contact/61412123123', data=data, headers=headers)
    assert (p1.status_code == 201)
    j1 = json.loads(p1.data)
    assert (len(j1) == 3)
    assert (j1.get("member_id") == data.get("member_id"))
    assert (j1.get("unit") == data.get("unit"))
    assert (j1.get("phone_number") == '61412123123')

    g1 = client.get('/rest/contact/61412123123', headers=headers)
    assert (g1.status_code == 200)
    j1 = json.loads(g1.data)
    assert (len(j1) == 3)
    assert (j1.get("member_id") == data.get("member_id"))
    assert (j1.get("unit") == data.get("unit"))
    assert (j1.get("phone_number") == '61412123123')

    # Request non-existant entry
    g2 = client.get('/rest/contact/61412123666', headers=headers)
    assert (g2.status_code == 404)

    # Insert an entry without a unit
    data = {"member_id": 1123, "unit": "badtest"}
    p2 = client.put('/rest/contact/61412123112', data=data, headers=headers)
    assert (p2.status_code == 422)
    j2 = json.loads(p2.data)
    assert (j2.get("error") == "ValidationError")
    assert (len(j2.get("detail")) == 1)
    assert (len(j2.get("detail").get('unit')) == 1)
    assert (j2.get("detail").get('unit')[0] == "Invalid value.")

    # Update an existing entry, inserted in p1
    data = {"member_id": 1113, "unit": "test"}
    p3 = client.put('/rest/contact/61412123123', data=data, headers=headers)
    assert (p3.status_code == 200)
    j3 = json.loads(p3.data)
    assert (len(j3) == 3)
    assert (j3.get("member_id") == data.get("member_id"))
    assert (j3.get("unit") == data.get("unit"))
    assert (j3.get("phone_number") == '61412123123')

    # Update, change to invalid unit
    data = {"member_id": 1114, "unit": "badtest"}
    p4 = client.put('/rest/contact/61412123123', data=data, headers=headers)
    assert (p4.status_code == 422)
    j4 = json.loads(p4.data)
    assert (j4.get("error") == "ValidationError")
    assert (len(j4.get("detail")) == 1)
    assert (len(j4.get("detail").get('unit')) == 1)
    assert (j4.get("detail").get('unit')[0] == "Invalid value.")

    g5 = client.get('/rest/contact/61412123123', headers=headers)
    j5 = json.loads(g5.data)
    assert (len(j5) == 3)
    assert (j5.get("member_id") == 1113)
    assert (j5.get("unit") == "test")
    assert (j5.get("phone_number") == '61412123123')
Example #4
0
def clear_db():
    dynamodb.delete('test')
    dynamodb.create('test')
Example #5
0
def test_get_token(client, b64_token_secret, mocker):
    dynamodb.delete('test')
    dynamodb.create('test')
    dynamodb.add_role('test', 'ARole', ['read'])
    dynamodb.add_role('test', 'BRole', ['read', 'dance'])
    dynamodb.add_role('test', 'Doggone', ['dog'])

    lookup = mocker.patch('web.authenticate.lookup_member')

    missing_token_resp = {
        "error": {
            "code": "InvalidAuthenticationToken",
            "message": "Bearer access token is empty.",
            "innerError": {
                "request-id": "80554f33-d7c0-4a94-bebf-3b3f1ee6d2d4",
                "date": "2017-10-29T08:25:08"
            }
        }
    }

    bad_token_resp = {
        "error": {
            "code": "InvalidAuthenticationToken",
            "message":
            "CompactToken parsing failed with error code: -2147184105",
            "innerError": {
                "request-id": "e541876a-8621-4ea4-844d-15dfbf547626",
                "date": "2017-10-29T09:21:23"
            }
        }
    }

    altered_token_resp = {
        "error": {
            "code": "InvalidAuthenticationToken",
            "message": "Access token validation failure.",
            "innerError": {
                "request-id": "4b4e162d-cb56-4937-995b-2032c8823e1a",
                "date": "2017-10-29T09:50:39"
            }
        }
    }

    userdata_resp = {
        "businessPhones": ["61212341234"],
        "displayName": "Two Names",
        "givenName": "Two",
        "surname": "Names",
        "jobTitle": "Volunteer",
        "mail": "*****@*****.**",
        "mobilePhone": "6144123123",
        "officeLocation": "Test",  # unit
        "preferredLanguage": "English",
        "userPrincipalName": "*****@*****.**",
        "id": "1234-5678-1234-5678"
    }

    lookup.return_value = {
        'member_id': 123,
        'name': "Test User",
        'unit': 'Test',
        'roles': '{"Role":"True"}',
    }

    # Good retrieve
    responses.add(responses.GET,
                  'https://graph.microsoft.com/v1.0/me',
                  json=userdata_resp,
                  status=200)
    access_bearer = "doesn't matter"
    headers = {'Authorization': "Bearer " + access_bearer}
    url_rsp = client.get('/authenticate', headers=headers)
    assert url_rsp.status_code == 200
    js = json.loads(url_rsp.data)
    assert len(js) == 1
    assert len(js.get('resource_token')) > 200
    jjwt = jwt.decode(js.get('resource_token'), verify=False)
    assert jjwt.get('exp') is not None

    # Missing authentication token
    responses.replace(responses.GET,
                      'https://graph.microsoft.com/v1.0/me',
                      json=missing_token_resp,
                      status=200)
    url_rsp = client.get('/authenticate')
    assert url_rsp.status_code == 403
    assert url_rsp.data == b'This service is for vicses members only.'

    # Bad format header
    responses.replace(responses.GET,
                      'https://graph.microsoft.com/v1.0/me',
                      json=bad_token_resp,
                      status=200)
    url_rsp = client.get('/authenticate',
                         headers={'Authorization': 'Bearer XXX'})
    assert url_rsp.status_code == 403
    assert url_rsp.data == b'This service is for vicses members only.'

    # Altered token
    responses.replace(responses.GET,
                      'https://graph.microsoft.com/v1.0/me',
                      json=altered_token_resp,
                      status=200)
    url_rsp = client.get('/authenticate',
                         headers={'Authorization': 'Bearer XXX'})
    assert url_rsp.status_code == 403
    assert url_rsp.data == b'This service is for vicses members only.'

    # member not found
    lookup.return_value = None
    responses.replace(responses.GET,
                      'https://graph.microsoft.com/v1.0/me',
                      json=userdata_resp,
                      status=200)
    headers = {'Authorization': "Bearer " + access_bearer}
    url_rsp = client.get('/authenticate', headers=headers)
    assert url_rsp.status_code == 403
    assert url_rsp.data == b'You must be authorized to use this service.'

    # ensure roles etc. are reflected in token
    lookup.return_value = {
        'member_id': 123,
        'name': "Test User",
        'unit': 'Test',
        'roles': '["ARole", "BRole", "Doggone"]',
    }
    url_rsp = client.get('/authenticate', headers=headers)
    assert url_rsp.status_code == 200
    js = json.loads(url_rsp.data)
    assert len(js) == 1
    assert len(js.get('resource_token')) > 200
    token_secret = base64.b64decode(b64_token_secret)
    jjwt = jwt.decode(js.get('resource_token'),
                      token_secret,
                      algorithms=['HS256'],
                      issuer='sms-page')
    assert len(jjwt) == 7

    assert jjwt.get('exp') is not None
    assert jjwt.get('member_id') == '123'
    assert jjwt.get('name') == 'Test User'
    assert jjwt.get('unit') == 'Test'
    assert jjwt.get('iss') == 'sms-page'
    assert set(jjwt.get('roles')) == set(["ARole", "BRole", "Doggone"])
    assert set(jjwt.get('permissions')) == set(["read", "dance", "dog"])