class BaseTestCase(TestCase):
def setUp(self):
super(BaseTestCase, self).setUp()
# Alice is a normal user for tests. Alice has team access enabled.
self.alice = User(username="******", email="*****@*****.**")
self.alice.set_password("password")
self.alice.save()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.team_access_allowed = True
self.profile.save()
# Bob is on Alice's team and should have access to her stuff
self.bob = User(username="******", email="*****@*****.**")
self.bob.set_password("password")
self.bob.save()
self.bobs_profile = Profile(user=self.bob)
self.bobs_profile.current_team = self.profile
self.bobs_profile.save()
m = Member(team=self.profile, user=self.bob)
m.save()
# Charlie should have no access to Alice's stuff
self.charlie = User(username="******", email="*****@*****.**")
self.charlie.set_password("password")
self.charlie.save()
charlies_profile = Profile(user=self.charlie)
charlies_profile.save()
def setUp(self):
super(BaseTestCase, self).setUp()
# Alice is a normal user for tests. Alice has team access enabled.
self.alice = User(username="******", email="*****@*****.**")
self.alice.set_password("password")
self.alice.save()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.sms_limit = 50
self.profile.save()
# Bob is on Alice's team and should have access to her stuff
self.bob = User(username="******", email="*****@*****.**")
self.bob.set_password("password")
self.bob.save()
self.bobs_profile = Profile(user=self.bob)
self.bobs_profile.current_team = self.profile
self.bobs_profile.save()
Member.objects.create(team=self.profile, user=self.bob)
# Charlie should have no access to Alice's stuff
self.charlie = User(username="******", email="*****@*****.**")
self.charlie.set_password("password")
self.charlie.save()
Profile.objects.create(user=self.charlie)
class CreateCheckTestCase(BaseTestCase):
def setUp(self):
super(CreateCheckTestCase, self).setUp()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.save()
def post(self, url, data):
return self.client.post(url, json.dumps(data),
content_type="application/json")
def test_it_works(self):
r = self.post("/api/v1/checks/", {
"api_key": "abc",
"name": "Foo",
"tags": "bar,baz",
"timeout": 3600,
"grace": 60
})
self.assertEqual(r.status_code, 201)
self.assertTrue("ping_url" in r.json())
self.assertEqual(Check.objects.count(), 1)
check = Check.objects.get()
self.assertEqual(check.name, "Foo")
self.assertEqual(check.tags, "bar,baz")
self.assertEqual(check.timeout.total_seconds(), 3600)
self.assertEqual(check.grace.total_seconds(), 60)
def test_it_handles_missing_request_body(self):
r = self.client.post("/api/v1/checks/",
content_type="application/json")
self.assertEqual(r.status_code, 400)
self.assertEqual(r.json()["error"], "wrong api_key")
def test_it_rejects_wrong_api_key(self):
r = self.post("/api/v1/checks/", {"api_key": "wrong"})
self.assertEqual(r.json()["error"], "wrong api_key")
def test_it_handles_invalid_json(self):
r = self.client.post("/api/v1/checks/", "this is not json",
content_type="application/json")
self.assertEqual(r.json()["error"], "could not parse request body")
def test_it_reject_small_timeout(self):
r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": 0})
self.assertEqual(r.json()["error"], "timeout is too small")
def test_it_rejects_large_timeout(self):
r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": 604801})
self.assertEqual(r.json()["error"], "timeout is too large")
def test_it_rejects_non_number_timeout(self):
r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": "oops"})
self.assertEqual(r.json()["error"], "timeout is not a number")
def test_it_rejects_non_string_name(self):
r = self.post("/api/v1/checks/", {"api_key": "abc", "name": False})
self.assertEqual(r.json()["error"], "name is not a string")
def setUp(self):
super(BaseTestCase, self).setUp()
# Alice is a normal user for tests. Alice has team access enabled.
self.alice = User(username="******", email="*****@*****.**")
self.alice.set_password("password")
self.alice.save()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.sms_limit = 50
self.profile.save()
# Bob is on Alice's team and should have access to her stuff
self.bob = User(username="******", email="*****@*****.**")
self.bob.set_password("password")
self.bob.save()
self.bobs_profile = Profile(user=self.bob)
self.bobs_profile.current_team = self.profile
self.bobs_profile.save()
Member.objects.create(team=self.profile, user=self.bob)
# Charlie should have no access to Alice's stuff
self.charlie = User(username="******", email="*****@*****.**")
self.charlie.set_password("password")
self.charlie.save()
Profile.objects.create(user=self.charlie)
class BaseTestCase(TestCase):
def setUp(self):
super(BaseTestCase, self).setUp()
# Alice is a normal user for tests. Alice has team access enabled.
self.alice = User(username="******", email="*****@*****.**")
self.alice.set_password("password")
self.alice.save()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.team_access_allowed = True
self.profile.save()
# Bob is on Alice's team and should have access to her stuff
self.bob = User(username="******", email="*****@*****.**")
self.bob.set_password("password")
self.bob.save()
self.bobs_profile = Profile(user=self.bob)
self.bobs_profile.current_team = self.profile
self.bobs_profile.save()
m = Member(team=self.profile, user=self.bob)
m.save()
# Charlie should have no access to Alice's stuff
self.charlie = User(username="******", email="*****@*****.**")
self.charlie.set_password("password")
self.charlie.save()
charlies_profile = Profile(user=self.charlie)
charlies_profile.save()
class CheckTokenTestCase(BaseTestCase):
def setUp(self):
super(CheckTokenTestCase, self).setUp()
self.profile = Profile(user=self.alice)
self.profile.token = make_password("secret-token")
self.profile.save()
def test_it_redirects(self):
r = self.client.get("/accounts/check_token/alice/secret-token/")
self.assertRedirects(r, "/checks/")
# After login, token should be blank
self.profile.refresh_from_db()
self.assertEqual(self.profile.token, "")
def test_it_redirects_already_logged_in(self):
# Login
self.client.login(username="******", password="******")
# Login again, when already authenticated
r = self.client.get("/accounts/check_token/alice/secret-token/")
self.assertRedirects(r, "/checks/")
def test_it_redirects_bad_login(self):
# Login with a bad token
url = "/accounts/check_token/alice/invalid-token/"
r = self.client.get(url, follow=True)
self.assertRedirects(r, "/accounts/login/")
self.assertContains(r, "incorrect or expired")
class CheckTokenTestCase(TestCase):
def setUp(self):
super(CheckTokenTestCase, self).setUp()
self.alice = User(username="******", email="*****@*****.**")
self.alice.set_password("password")
self.alice.save()
self.profile = Profile(user=self.alice)
self.profile.token = make_password("secret-token")
self.profile.save()
def test_it_redirects(self):
r = self.client.get("/accounts/check_token/alice/secret-token/")
self.assertRedirects(r, "/checks/")
# After login, token should be blank
self.profile.refresh_from_db()
self.assertEqual(self.profile.token, "")
def test_it_redirects_already_logged_in(self):
# Login
self.client.login(username="******", password="******")
# Login again, when already authenticated
r = self.client.get("/accounts/check_token/alice/secret-token/")
self.assertRedirects(r, "/checks/")
def test_it_redirects_bad_login(self):
# Login with a bad token
url = "/accounts/check_token/alice/invalid-token/"
r = self.client.get(url, follow=True)
self.assertRedirects(r, "/accounts/login/")
self.assertContains(r, "incorrect or expired")
def _make_user(email):
username = str(uuid.uuid4())[:30]
user = User(username=username, email=email)
user.set_unusable_password()
user.save()
profile = Profile(user=user)
profile.save()
channel = Channel()
channel.user = user
channel.kind = "email"
channel.value = email
channel.email_verified = True
channel.save()
return user
def _make_user(email):
username = str(uuid.uuid4())[:30]
user = User(username=username, email=email)
user.set_unusable_password()
user.save()
profile = Profile(user=user)
profile.save()
channel = Channel()
channel.user = user
channel.kind = "email"
channel.value = email
channel.email_verified = True
channel.save()
return user
def __call__(self, request):
if request.user.is_authenticated:
teams_q = Profile.objects.filter(member__user_id=request.user.id)
teams_q = teams_q.select_related("user")
request.teams = list(teams_q)
try:
profile = request.user.profile
except Profile.DoesNotExist:
profile = Profile(user=request.user)
profile.save()
if profile.current_team:
request.team = profile.current_team
else:
request.team = profile
return self.get_response(request)
def setUp(self):
super(CheckTokenTestCase, self).setUp()
self.alice = User(username="******", email="*****@*****.**")
self.alice.set_password("password")
self.alice.save()
self.profile = Profile(user=self.alice)
self.profile.token = make_password("secret-token")
self.profile.save()
def setUp(self):
super(ListChecksTestCase, self).setUp()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.save()
self.checks = [
Check(user=self.alice, name="Alice 1", timeout=td(seconds=3600), grace=td(seconds=900)),
Check(user=self.alice, name="Alice 2", timeout=td(seconds=86400), grace=td(seconds=3600)),
]
for check in self.checks:
check.save()
class ListChecksTestCase(BaseTestCase):
def setUp(self):
super(ListChecksTestCase, self).setUp()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.save()
self.checks = [
Check(user=self.alice, name="Alice 1", timeout=td(seconds=3600), grace=td(seconds=900)),
Check(user=self.alice, name="Alice 2", timeout=td(seconds=86400), grace=td(seconds=3600)),
]
for check in self.checks:
check.save()
def get(self, url, data):
return self.client.generic('GET', url, json.dumps(data), 'application/json')
def test_it_works(self):
r = self.get("/api/v1/checks/", { "api_key": "abc" })
self.assertEqual(r.status_code, 200)
self.assertTrue("checks" in r.json())
self.assertEqual(len(r.json()["checks"]), 2)
checks = { check["name"]: check for check in r.json()["checks"] }
self.assertEqual(checks["Alice 1"]["timeout"], 3600)
self.assertEqual(checks["Alice 1"]["grace"], 900)
self.assertEqual(checks["Alice 1"]["url"], self.checks[0].url())
self.assertEqual(checks["Alice 2"]["timeout"], 86400)
self.assertEqual(checks["Alice 2"]["grace"], 3600)
self.assertEqual(checks["Alice 2"]["url"], self.checks[1].url())
def test_it_shows_only_users_checks(self):
bob = User(username="******", email="*****@*****.**")
bob.save()
bob_check = Check(user=bob, name="Bob 1")
r = self.get("/api/v1/checks/", { "api_key": "abc" })
self.assertEqual(len(r.json()["checks"]), 2)
checks = { check["name"]: check for check in r.json()["checks"] }
self.assertNotIn("Bob 1", checks)
class BaseTestCase(TestCase):
def setUp(self):
super().setUp()
self.csrf_client = Client(enforce_csrf_checks=True)
# Alice is a normal user for tests. Alice has team access enabled.
self.alice = User(username="******", email="*****@*****.**")
self.alice.set_password("password")
self.alice.save()
self.project = Project(owner=self.alice, api_key="X" * 32)
self.project.name = "Alices Project"
self.project.badge_key = self.alice.username
self.project.ping_key = "p" * 22
self.project.save()
self.profile = Profile(user=self.alice)
self.profile.sms_limit = 50
self.profile.save()
# Bob is on Alice's team and should have access to her stuff
self.bob = User(username="******", email="*****@*****.**")
self.bob.set_password("password")
self.bob.save()
self.bobs_project = Project(owner=self.bob)
self.bobs_project.badge_key = self.bob.username
self.bobs_project.save()
self.bobs_profile = Profile(user=self.bob)
self.bobs_profile.save()
self.bobs_membership = Member.objects.create(user=self.bob,
project=self.project,
role=Member.Role.REGULAR)
# Charlie should have no access to Alice's stuff
self.charlie = User(username="******", email="*****@*****.**")
self.charlie.set_password("password")
self.charlie.save()
self.charlies_project = Project(owner=self.charlie)
self.charlies_project.badge_key = self.charlie.username
self.charlies_project.save()
self.charlies_profile = Profile(user=self.charlie)
self.charlies_profile.save()
self.channels_url = "/projects/%s/integrations/" % self.project.code
def set_sudo_flag(self):
session = self.client.session
session["sudo"] = TimestampSigner().sign("active")
session.save()
class BaseTestCase(TestCase):
def setUp(self):
super(BaseTestCase, self).setUp()
# Alice is a normal user for tests. Alice has team access enabled.
self.alice = User(username="******", email="*****@*****.**")
self.alice.set_password("password")
self.alice.save()
self.project = Project(owner=self.alice, api_key="X" * 32)
self.project.name = "Alice's Project"
self.project.badge_key = self.alice.username
self.project.save()
self.profile = Profile(user=self.alice)
self.profile.sms_limit = 50
self.profile.current_project = self.project
self.profile.save()
# Bob is on Alice's team and should have access to her stuff
self.bob = User(username="******", email="*****@*****.**")
self.bob.set_password("password")
self.bob.save()
self.bobs_project = Project(owner=self.bob)
self.bobs_project.badge_key = self.bob.username
self.bobs_project.save()
self.bobs_profile = Profile(user=self.bob)
self.bobs_profile.current_project = self.project
self.bobs_profile.save()
Member.objects.create(user=self.bob, project=self.project)
# Charlie should have no access to Alice's stuff
self.charlie = User(username="******", email="*****@*****.**")
self.charlie.set_password("password")
self.charlie.save()
self.charlies_project = Project(owner=self.charlie)
self.charlies_project.badge_key = self.charlie.username
self.charlies_project.save()
self.charlies_profile = Profile(user=self.charlie)
self.charlies_profile.current_project = self.charlies_project
self.charlies_profile.save()
self.channels_url = "/projects/%s/integrations/" % self.project.code
def setUp(self):
super(CheckTokenTestCase, self).setUp()
self.profile = Profile(user=self.alice)
self.profile.token = make_password("secret-token")
self.profile.save()
class CreateCheckTestCase(BaseTestCase):
def setUp(self):
super(CreateCheckTestCase, self).setUp()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.save()
def post(self, url, data):
return self.client.post(url, json.dumps(data),
content_type="application/json")
def test_it_works(self):
r = self.post("/api/v1/checks/", {
"api_key": "abc",
"name": "Foo",
"tags": "bar,baz",
"timeout": 3600,
"grace": 60
})
self.assertEqual(r.status_code, 201)
self.assertTrue("ping_url" in r.json())
self.assertEqual(Check.objects.count(), 1)
check = Check.objects.get()
self.assertEqual(check.name, "Foo")
self.assertEqual(check.tags, "bar,baz")
self.assertEqual(check.timeout.total_seconds(), 3600)
self.assertEqual(check.grace.total_seconds(), 60)
def test_it_assigns_channels(self):
channel = Channel(user=self.alice)
channel.save()
r = self.post("/api/v1/checks/", {
"api_key": "abc",
"channels": "*"
})
self.assertEqual(r.status_code, 201)
check = Check.objects.get()
self.assertEqual(check.channel_set.get(), channel)
def test_it_handles_missing_request_body(self):
r = self.client.post("/api/v1/checks/",
content_type="application/json")
self.assertEqual(r.status_code, 400)
self.assertEqual(r.json()["error"], "wrong api_key")
def test_it_rejects_wrong_api_key(self):
r = self.post("/api/v1/checks/", {"api_key": "wrong"})
self.assertEqual(r.json()["error"], "wrong api_key")
def test_it_handles_invalid_json(self):
r = self.client.post("/api/v1/checks/", "this is not json",
content_type="application/json")
self.assertEqual(r.json()["error"], "could not parse request body")
def test_it_rejects_small_timeout(self):
r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": 0})
self.assertEqual(r.json()["error"], "timeout is too small")
def test_it_rejects_large_timeout(self):
r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": 604801})
self.assertEqual(r.json()["error"], "timeout is too large")
def test_it_rejects_non_number_timeout(self):
r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": "oops"})
self.assertEqual(r.json()["error"], "timeout is not a number")
def test_it_rejects_non_string_name(self):
r = self.post("/api/v1/checks/", {"api_key": "abc", "name": False})
self.assertEqual(r.json()["error"], "name is not a string")
def setUp(self):
super(CreateCheckTestCase, self).setUp()
self.profile = Profile(user=self.alice, api_key="abc")
self.profile.save()
def setUp(self):
super(CheckTokenTestCase, self).setUp()
self.profile = Profile(user=self.alice)
self.profile.token = make_password("secret-token")
self.profile.save()
def test_it_creates_and_revokes(self):
self.profile = Profile(user=self.bob, api_key="token12345")
self.assertEqual(len(self.profile.api_key), 10)
self.profile = Profile(user=self.bob, api_key="")
self.assertEqual(len(self.profile.api_key), 0)
