def test_parent_and_bound_data_are_preserved(self): request = DummyRequest() request.invoke_subrequest.side_effect = (httpexceptions.HTTPTemporaryRedirect, None) subrequest = DummyRequest() subrequest.parent = mock.sentinel.parent subrequest.bound_data = mock.sentinel.bound_data _, redirected = follow_subrequest(request, subrequest) self.assertEqual(subrequest.parent, redirected.parent) self.assertEqual(subrequest.bound_data, redirected.bound_data)
def _build_request(self): request = DummyRequest() request.bound_data = {} request.registry.cache = self.backend settings = DEFAULT_SETTINGS.copy() settings['fxa-oauth.cache_ttl_seconds'] = '0.01' settings['fxa-oauth.required_scope'] = 'mandatory profile' request.registry.settings = settings resources, scope_routing = parse_clients(settings) request.registry._fxa_oauth_config = resources request.registry._fxa_oauth_scope_routing = scope_routing request.headers['Authorization'] = 'Bearer foo' return request
def test_http_put_unexisting_record_resolves_in_a_create_permission(self): with mock.patch("kinto.core.utils.current_service") as current_service: # Patch current service. resource = mock.MagicMock() resource.record_id = 1 resource.model.get_record.side_effect = storage_exceptions.RecordNotFoundError current_service().resource.return_value = resource current_service().collection_path = "/buckets/{bucket_id}" # Do the actual call. request = DummyRequest(method="put") request.upath_info = "/buckets/abc/collections/1" request.matchdict = {"bucket_id": "abc"} context = RouteFactory(request) self.assertEqual(context.required_permission, "create")
def test_permits_takes_route_factory_allowed_principals_into_account_for_object_creation( self): request = DummyRequest() context = RouteFactory(request) context._check_permission.return_value = False context.resource_name = "book" context.required_permission = "book:create" context._settings = {"book_create_principals": "fxa:user"} self.assertTrue(context.check_permission(["fxa:user"], None))
def test_ping_logs_error_if_unavailable(self): request = DummyRequest() self.client_error_patcher.start() ping = heartbeat(self.storage) with mock.patch('kinto.core.storage.logger.exception') as exc_handler: self.assertFalse(ping(request)) self.assertTrue(exc_handler.called)
def test_fetch_shared_records_sets_shared_ids_from_results(self): request = DummyRequest() context = RouteFactory(request) request.registry.permission.get_accessible_objects.return_value = { "/obj/1": ["read", "write"], "/obj/3": ["obj:create"], } context.fetch_shared_records("read", ["userid"], None) self.assertEqual(sorted(context.shared_ids), ["1", "3"])
def test_route_factory_adds_allowed_principals_from_settings(self): with mock.patch('kinto.core.utils.current_service') as current_service: # Patch current service. resource = mock.MagicMock() current_service().resource.return_value = resource current_service().collection_path = '/buckets' # Do the actual call. request = DummyRequest(method='post') request.current_resource_name = 'bucket' request.upath_info = '/buckets' request.matchdict = {} request.registry = mock.Mock() request.registry.settings = { 'bucket_create_principals': 'fxa:user' } context = RouteFactory(request) self.assertEquals(context.allowed_principals, ['fxa:user'])
def test_send_alert_code_can_be_specified(self): request = DummyRequest() request.registry.settings['project_docs'] = 'docs_url' send_alert(request, 'Message', code='hard-eol') self.verify_alert_header(request, { 'code': 'hard-eol', 'message': 'Message', 'url': 'docs_url' })
def test_fetch_shared_records_sets_shared_ids_from_results(self): request = DummyRequest() context = RouteFactory(request) request.registry.permission.get_accessible_objects.return_value = { '/obj/1': ['read', 'write'], '/obj/3': ['obj:create'] } context.fetch_shared_records('read', ['userid'], None) self.assertEqual(sorted(context.shared_ids), ['1', '3'])
def test_send_alert_code_can_be_specified(self): request = DummyRequest() request.registry.settings["project_docs"] = "docs_url" send_alert(request, "Message", code="hard-eol") self.verify_alert_header(request, { "code": "hard-eol", "message": "Message", "url": "docs_url" })
def test_send_alert_default_to_project_url(self): request = DummyRequest() request.registry.settings["project_docs"] = "docs_url" send_alert(request, "Message") self.verify_alert_header(request, { "code": "soft-eol", "message": "Message", "url": "docs_url" })
def test_send_alert_default_to_project_url(self): request = DummyRequest() request.registry.settings['project_docs'] = 'docs_url' send_alert(request, 'Message') self.verify_alert_header(request, { 'code': 'soft-eol', 'message': 'Message', 'url': 'docs_url' })
def _build_request(self): request = DummyRequest() request.bound_data = {} request.registry.cache = self.backend settings = DEFAULT_SETTINGS.copy() settings['fxa-oauth.oauth_uri'] = 'https://oauth.accounts.firefox.com/v1' settings['fxa-oauth.cache_ttl_seconds'] = '0.01' settings['fxa-oauth.clients.notes.client_id'] = 'c73e46074a948932' settings['fxa-oauth.clients.notes.required_scope'] = ( 'profile https://identity.mozilla.org/apps/notes') settings['fxa-oauth.clients.lockbox.client_id'] = '299062f8b3838932' settings['fxa-oauth.clients.lockbox.required_scope'] = ( 'profile https://identity.mozilla.org/apps/lockbox') request.registry.settings = settings resources, scope_routing = parse_clients(settings) request.registry._fxa_oauth_config = resources request.registry._fxa_oauth_scope_routing = scope_routing request.headers['Authorization'] = 'Bearer foo' return request
def test_http_put_sets_current_object_attribute(self): with mock.patch("kinto.core.utils.current_service") as current_service: # Patch current service. resource = mock.MagicMock() resource.object_id = 1 resource.model.get_object.return_value = mock.sentinel.object current_service().resource.return_value = resource # Do the actual call. request = DummyRequest(method="put") context = RouteFactory(request) self.assertEqual(context.current_object, mock.sentinel.object)
def test_http_put_sets_current_record_attribute(self): with mock.patch('kinto.core.utils.current_service') as current_service: # Patch current service. resource = mock.MagicMock() resource.record_id = 1 resource.model.get_record.return_value = mock.sentinel.record current_service().resource.return_value = resource # Do the actual call. request = DummyRequest(method='put') context = RouteFactory(request) self.assertEquals(context.current_record, mock.sentinel.record)
def assert_request_resolves_to(self, method, permission, uri=None, record_not_found=False): if uri is None: uri = self.record_uri with mock.patch("kinto.core.utils.current_service") as current_service: # Patch current service. resource = mock.MagicMock() resource.record_id = 1 if record_not_found: resource.model.get_record.side_effect = storage_exceptions.RecordNotFoundError else: resource.model.get_record.return_value = 1 current_service().resource.return_value = resource # Do the actual call. request = DummyRequest(method=method) request.upath_info = uri context = RouteFactory(request) self.assertEqual(context.required_permission, permission)
def assert_request_resolves_to(self, method, permission, uri=None, object_not_found=False): if uri is None: uri = self.object_uri with mock.patch("kinto.core.utils.current_service") as current_service: # Patch current service. resource = mock.MagicMock() resource.object_id = 1 if object_not_found: resource.model.get_object.side_effect = storage_exceptions.ObjectNotFoundError else: resource.model.get_object.return_value = 1 current_service().resource.return_value = resource # Do the actual call. request = DummyRequest(method=method) request.upath_info = uri context = RouteFactory(request) self.assertEqual(context.required_permission, permission)
def test_kcl_ignores_missing_new(match_buckets_a_resource): client = mock.Mock() listener = KintoChangesListener(client, 'broadcaster', [], [], match_buckets_a_resource) single_record = [ {'old': changes_record('a', 'c')}, ] request = DummyRequest() event = events.ResourceChanged(PAYLOAD, single_record, request) listener(event) assert not client.send_version.called
def test_kcl_drops_events_with_no_matching_records(match_buckets_a_resource): client = mock.Mock() listener = KintoChangesListener(client, 'broadcaster', [], [], match_buckets_a_resource) single_record = [ {'new': changes_record('b', 'c')}, ] request = DummyRequest() event = events.ResourceChanged(PAYLOAD, single_record, request) listener(event) assert not client.send_version.called
def test_kcl_posts_on_matching_records(match_buckets_a_resource): client = mock.Mock() listener = KintoChangesListener(client, 'broadcaster', [], [], match_buckets_a_resource) single_record = [ {'new': changes_record('a', 'c')}, ] request = DummyRequest() event = events.ResourceChanged(PAYLOAD, single_record, request) listener(event) client.send_version.assert_called_with('broadcaster', 'monitor_changes', '"123"')
def _build_request(self): request = DummyRequest() request.bound_data = {} request.registry.cache = self.backend settings = DEFAULT_SETTINGS.copy() settings[ 'fxa-oauth.oauth_uri'] = 'https://oauth.accounts.firefox.com/v1' settings['fxa-oauth.cache_ttl_seconds'] = '0.01' settings['fxa-oauth.clients.notes.client_id'] = 'c73e46074a948932' settings['fxa-oauth.clients.notes.required_scope'] = ( 'profile https://identity.mozilla.org/apps/notes') settings['fxa-oauth.clients.lockbox.client_id'] = '299062f8b3838932' settings['fxa-oauth.clients.lockbox.required_scope'] = ( 'profile https://identity.mozilla.org/apps/lockbox') request.registry.settings = settings resources, scope_routing = parse_clients(settings) request.registry._fxa_oauth_config = resources request.registry._fxa_oauth_scope_routing = scope_routing request.headers['Authorization'] = 'Bearer foo' return request
def test_kcl_can_fail_to_match_in_collections(match_collection_z1_resource): client = mock.Mock() listener = KintoChangesListener(client, 'broadcaster', [], [], match_collection_z1_resource) one_record = [ {'new': changes_record('z', 'z2')}, ] request = DummyRequest() event = events.ResourceChanged(PAYLOAD, one_record, request) listener(event) assert not client.send_version.called
def test_user_validation_listener(self): request = DummyRequest() old_inactive = {"id": "alice", "password": "******", "validated": False} old_active = {"id": "alice", "password": "******", "validated": True} new_inactive = {"id": "alice", "password": "******", "validated": False} new_active = {"id": "alice", "password": "******", "validated": True} with mock.patch("kinto.plugins.accounts.mails.Emailer.send_mail" ) as mocked_send_mail: # No email sent if account validation is not enabled. event = ResourceChanged( {"action": ACTIONS.UPDATE.value}, [{ "old": old_inactive, "new": new_inactive }], request, ) on_account_activated(event) mocked_send_mail.assert_not_called() # No email sent if the old account was already active. request.registry.settings["account_validation"] = True event = ResourceChanged({"action": ACTIONS.UPDATE.value}, [{ "old": old_active, "new": new_active }], request) request.registry.cache.get = mock.MagicMock(return_value=None) on_account_activated(event) mocked_send_mail.assert_not_called() # No email sent if the new account is still inactive. event = ResourceChanged( {"action": ACTIONS.UPDATE.value}, [{ "old": old_inactive, "new": new_inactive }], request, ) request.registry.cache.get = mock.MagicMock(return_value=None) on_account_activated(event) mocked_send_mail.assert_not_called() # Email sent if there is an activation key in the cache. event = ResourceChanged( {"action": ACTIONS.UPDATE.value}, [{ "old": old_inactive, "new": new_active }], request, ) on_account_activated(event) mocked_send_mail.assert_called_once()
def test_kcl_can_match_in_collections(match_collection_z1_resource): client = mock.Mock() listener = KintoChangesListener(client, 'broadcaster', [], [], match_collection_z1_resource) one_record = [ {'new': changes_record('z', 'z1')}, ] request = DummyRequest() request.route_path.return_value = "/buckets/z/collections/z1" event = events.ResourceChanged(PAYLOAD, one_record, request) listener(event) client.send_version.assert_called_with('broadcaster', 'monitor_changes', '"123"')
def setUp(self): mocked = mock.patch("kinto.plugins.openid.requests.get") self.mocked_get = mocked.start() self.addCleanup(mocked.stop) self.policy = OpenIDConnectPolicy(issuer="https://idp", client_id="abc") self.request = DummyRequest() self.request.registry.cache.get.return_value = None mocked = mock.patch.object(self.policy, "_verify_token") self.verify = mocked.start() self.addCleanup(mocked.stop) self.verify.return_value = {"sub": "userid"}
def test_fetch_shared_objects_uses_pattern_if_on_plural_endpoint(self): request = DummyRequest() request.route_path.return_value = "/v1/buckets/%2A" service = mock.MagicMock() service.type = "plural" with mock.patch("kinto.core.authorization.utils.current_service") as m: m.return_value = service context = RouteFactory(request) self.assertTrue(context.on_plural_endpoint) context.fetch_shared_objects("read", ["userid"], None) request.registry.permission.get_accessible_objects.assert_called_with( ["userid"], [("/buckets/*", "read")], with_children=False)
def test_fetch_shared_records_uses_pattern_if_on_collection(self): request = DummyRequest() request.route_path.return_value = '/v1/buckets/%2A' service = mock.MagicMock() service.type = 'collection' with mock.patch('kinto.core.authorization.utils.current_service') as m: m.return_value = service context = RouteFactory(request) self.assertTrue(context.on_collection) context.fetch_shared_records('read', ['userid'], None) request.registry.permission.get_accessible_objects.assert_called_with( ['userid'], [('/buckets/*', 'read')], with_children=False)
def setUp(self): mocked = mock.patch('kinto.plugins.openid.requests.get') self.mocked_get = mocked.start() self.addCleanup(mocked.stop) self.policy = OpenIDConnectPolicy(issuer='https://idp', client_id='abc') self.request = DummyRequest() self.request.registry.cache.get.return_value = None mocked = mock.patch.object(self.policy, '_verify_token') self.verify = mocked.start() self.addCleanup(mocked.stop) self.verify.return_value = {'sub': 'userid'}
def test_kcl_ignores_writes_not_on_records(match_buckets_a_resource): client = mock.Mock() listener = KintoChangesListener(client, 'broadcaster', [], [], match_buckets_a_resource) payload = { **PAYLOAD, 'resource_name': 'collection', } single_record = [ {'new': changes_record('a', 'c')} ] request = DummyRequest() event = events.ResourceChanged(payload, single_record, request) listener(event) assert not client.send_version.called
def test_kinto_changes_ignores_not_monitor_changes(match_buckets_a_resource): client = mock.Mock() listener = KintoChangesListener(client, 'broadcaster', [], [], match_buckets_a_resource) payload = { **PAYLOAD, 'bucket_id': 'food', 'collection_id': 'french', } single_record = [ {'new': {'id': 'abcd'}} ] request = DummyRequest() event = events.ResourceChanged(payload, single_record, request) listener(event) assert not client.send_version.called
def test_fetch_shared_records_uses_get_bound_permission_callback(self): request = DummyRequest() service = mock.MagicMock() request.route_path.return_value = '/v1/buckets/%2A' service.type = 'collection' with mock.patch('kinto.core.authorization.utils.current_service') as m: m.return_value = service context = RouteFactory(request) self.assertTrue(context.on_collection) # Define a callback where write means read: def get_bound_perms(obj_id, perm): return [(obj_id, 'write'), (obj_id, 'read')] context.fetch_shared_records('read', ['userid'], get_bound_perms) request.registry.permission.get_accessible_objects.assert_called_with( ['userid'], [('/buckets/*', 'write'), ('/buckets/*', 'read')])
def test_user_creation_listener(self): request = DummyRequest() impacted_object = {"new": {"id": "alice", "password": "******"}} with mock.patch("kinto.plugins.accounts.mails.Emailer.send_mail") as mocked_send_mail: # No email sent if account validation is not enabled. event = ResourceChanged({"action": ACTIONS.UPDATE.value}, [impacted_object], request) on_account_created(event) mocked_send_mail.assert_not_called() # No email sent if there's no activation key in the cache. request.registry.settings["account_validation"] = True event = ResourceChanged({"action": ACTIONS.UPDATE.value}, [impacted_object], request) request.registry.cache.get = mock.MagicMock(return_value=None) on_account_created(event) mocked_send_mail.assert_not_called() # Email sent if there is an activation key in the cache. request.registry.cache.get = mock.MagicMock(return_value="some activation key") on_account_created(event) mocked_send_mail.assert_called_once()
def test_excluding_resources(kinto_changes_settings): client = mock.Mock() listener = KintoChangesListener(client, 'broadcaster', [], []) listener.included_resources = [ ('bucket', {'id': 'a'}), ('collection', {'bucket_id': 'b', 'id': 'd'}), ('collection', {'bucket_id': 'z', 'id': 'z1'}), ] listener.excluded_resources = [ ('bucket', {'id': 'b'}), ('collection', {'bucket_id': 'a', 'id': 'c'}), ('collection', {'bucket_id': 'z', 'id': 'z2'}), ] request = DummyRequest() client.reset_mock() event = events.ResourceChanged(PAYLOAD, [{'new': changes_record('a', 'c')}], request) listener(event) assert not client.send_version.called client.reset_mock() event = events.ResourceChanged(PAYLOAD, [{'new': changes_record('b', 'x')}], request) listener(event) assert not client.send_version.called client.reset_mock() event = events.ResourceChanged(PAYLOAD, [{'new': changes_record('a', 'd')}], request) listener(event) assert client.send_version.called client.reset_mock() event = events.ResourceChanged(PAYLOAD, [{'new': changes_record('z', 'z1')}], request) listener(event) assert client.send_version.called client.reset_mock() event = events.ResourceChanged(PAYLOAD, [{'new': changes_record('a', 'z2')}], request) listener(event) assert client.send_version.called client.reset_mock() event = events.ResourceChanged(PAYLOAD, [{'new': changes_record('x', 'z1')}], request) listener(event) assert not client.send_version.called
def test_fetch_shared_objects_uses_get_bound_permission_callback(self): request = DummyRequest() service = mock.MagicMock() request.route_path.return_value = "/v1/buckets/%2A" service.type = "plural" with mock.patch("kinto.core.authorization.utils.current_service") as m: m.return_value = service context = RouteFactory(request) self.assertTrue(context.on_plural_endpoint) # Define a callback where write means read: def get_bound_perms(obj_id, perm): return [(obj_id, "write"), (obj_id, "read")] context.fetch_shared_objects("read", ["userid"], get_bound_perms) request.registry.permission.get_accessible_objects.assert_called_with( ["userid"], [("/buckets/*", "write"), ("/buckets/*", "read")], with_children=False)
def setUp(self): super(BaseTestPermission, self).setUp() self.permission = self.backend.load_from_config(self._get_config()) self.permission.initialize_schema() self.request = DummyRequest() self.client_error_patcher = []
def get_request(self, resource_name=''): request = DummyRequest(method='GET') request.current_resource_name = resource_name request.registry.cache = self.cache request.registry.storage = self.storage return request
def test_removes_unprefixed_from_principals(self): request = DummyRequest() request.effective_principals = ["foo", "system.Authenticated"] request.prefixed_userid = "basic:foo" self.assertEqual(prefixed_principals(request), ["basic:foo", "system.Authenticated"])
def test_removes_unprefixed_from_principals(self): request = DummyRequest() request.effective_principals = ['foo', 'system.Authenticated'] request.prefixed_userid = 'basic:foo' self.assertEqual(prefixed_principals(request), ['basic:foo', 'system.Authenticated'])
def test_works_if_userid_is_not_in_principals(self): request = DummyRequest() request.effective_principals = ['basic:foo', 'system.Authenticated'] request.prefixed_userid = 'basic:foo' self.assertEqual(prefixed_principals(request), ['basic:foo', 'system.Authenticated'])