Example #1
0
    def test_change_restricted_context_to_susbcribed_maintain_write_veto(self):
        """
            Create a write restricted context, admin subscribes the user to context, but he cannot write.
            Admin also adds a persistent "don't write" veto to this user.
            Change the context to write subscribed, and user still can't write.
        """
        from .mockers import create_context
        from .mockers import subscribe_context
        from .mockers import user_status_context

        url_hash = sha1(create_context["url"]).hexdigest()
        username = "******"
        self.create_user(username)
        self.create_context(
            create_context,
            permissions=dict(read="subscribed", write="restricted", subscribe="restricted", invite="restricted"),
        )
        self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)

        permission = "write"
        res = self.testapp.delete(
            "/contexts/%s/permissions/%s/%s?permanent=1" % (url_hash, username, permission),
            "",
            oauth2Header(test_manager),
            status=201,
        )

        data = json.dumps({"permissions": {"write": "subscribed"}})
        res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200)
        self.assertEqual(res.json["permissions"]["read"], "subscribed")
        self.assertEqual(res.json["permissions"]["write"], "subscribed")
        res = self.create_activity(username, user_status_context, expect=403)
Example #2
0
    def test_get_message_file_as_non_participant(self):
        """
            Given i'm nota regular user
            And i'm not a conversation participant
            When i try to view a file attachment
            Then i get a Forbidden Exception
        """
        from max.tests.mockers import message
        from max.tests.mockers import message_with_file
        sender = 'messi'
        recipient = 'xavi'
        recipient2 = 'shakira'

        self.create_user(sender)
        self.create_user(recipient)
        self.create_user(recipient2)

        res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
        cid = res.json['contexts'][0]['id']

        thefile = open(os.path.join(self.conf_dir, "map.pdf"), "rb")
        files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]

        res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
        cid = str(res.json['contexts'][0]['id'])
        message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_file)), oauth2Header(sender), upload_files=files, status=201).json['id']
        self.testapp.get('/messages/%s/file/download' % (message_id), headers=oauth2Header(recipient2), status=403)
Example #3
0
    def test_post_message_with_image_to_an_already_existing_conversation(self):
        from .mockers import message, message_with_image
        sender = 'messi'
        recipient = 'xavi'
        self.create_user(sender)
        self.create_user(recipient)

        thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb")
        files = [('file', 'avatar.png', thefile.read(), 'image/png')]

        res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
        cid = str(res.json['contexts'][0]['id'])
        self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_image)), oauth2Header(sender), upload_files=files, status=201)

        res = self.testapp.get('/conversations/%s/messages' % cid, "", oauth2Header(sender), status=200)
        result = json.loads(res.text)

        self.assertEqual(len(result), 2)
        self.assertEqual(result[0].get("contexts", None)[0].get("id", None), cid)
        self.assertEqual(result[0].get("contexts", None)[0].get("objectType", None), "conversation")
        self.assertEqual(result[0].get("objectType", None), "message")
        self.assertEqual(result[1]['object'].get('fullURL'), u'/messages/{}/image/full'.format(result[1]['id']))
        self.assertEqual(result[1]['object'].get('thumbURL'), u'/messages/{}/image/thumb'.format(result[1]['id']))

        full_url = result[1]['object'].get('fullURL')
        res = self.testapp.get(full_url, '', oauth2Header(sender), status=200)
Example #4
0
    def test_unfavorite_activity_get_other_favorites(self):
        """
           Given a plain user
           and a regular context
           When i post an activity in a context
           And varius users favorite it
           And someone unfavorite it
           Then someone who unfavorite this activity
           and the rest of favorites remains
        """
        from .mockers import user_status_context
        from .mockers import subscribe_context, create_context
        username = '******'
        username_not_me = 'xavi'
        self.create_user(username)
        self.create_user(username_not_me)
        self.create_context(create_context)
        self.admin_subscribe_user_to_context(username, subscribe_context)
        self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
        res = self.create_activity(username, user_status_context)
        activity_id = res.json['id']
        res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
        res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username), status=201)
        res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200)

        self.assertEqual(res.json['object']['favorites'][0]['username'], username)
        self.assertEqual(res.json['object']['favorited'], False)
        self.assertEqual(res.json['object']['favoritesCount'], 1)
Example #5
0
    def test_unflag_flagged_activity_subscribed_no_flag_permission(self):
        """
            Given i'm a regular user
            And i'm subscribed to the activity context
            And i don't have the flag permission on the context
            When I try to unflag a flagged activity
            Then I get a Forbidden Exception
        """
        from max.tests.mockers import user_status_context
        from max.tests.mockers import subscribe_context, create_context
        from hashlib import sha1

        username = "******"
        username_not_me = "penny"
        self.create_user(username)
        self.create_user(username_not_me)
        self.create_context(create_context)
        chash = sha1(create_context["url"]).hexdigest()
        self.admin_subscribe_user_to_context(username, subscribe_context)
        self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
        self.grant_permission(chash, username, "flag")

        res = self.create_activity(username, user_status_context)
        activity_id = res.json["id"]
        res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201)
        res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username_not_me), status=403)
Example #6
0
    def test_get_message_image_as_participant(self):
        """
            Given i'm a regular user
            And i'm a conversation participant
            When i try to view a message image attachment
            Then i succeed
        """
        from max.tests.mockers import message
        from max.tests.mockers import message_with_image
        sender = 'messi'
        recipient = 'xavi'

        self.create_user(sender)
        self.create_user(recipient)

        res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
        cid = res.json['contexts'][0]['id']

        thefile = open(os.path.join(self.conf_dir, "avatar.png"), "rb")
        files = [('file', 'avatar.png', thefile.read(), 'image/png')]

        res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
        cid = str(res.json['contexts'][0]['id'])
        message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_image)), oauth2Header(sender), upload_files=files, status=201).json['id']
        self.testapp.get('/messages/%s/image' % (message_id), headers=oauth2Header(recipient), status=200)
Example #7
0
    def test_change_public_context_to_restricted_preserve_granted_write_permission(self):
        """
            Create a public context, user subscribes to context.
            Extra grant write permission to the user
            Change the context to write=restricted, and user still have the write permission
        """
        from .mockers import create_context
        from .mockers import subscribe_context
        from .mockers import user_status_context

        url_hash = sha1(create_context["url"]).hexdigest()
        username = "******"
        self.create_user(username)
        self.create_context(
            create_context,
            permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
        )
        self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
        permission = "write"
        res = self.testapp.put(
            "/contexts/%s/permissions/%s/%s?permanent=1" % (url_hash, username, permission),
            "",
            oauth2Header(test_manager),
            status=201,
        )
        data = json.dumps({"permissions": {"write": "restricted"}})
        res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200)
        self.assertEqual(res.json["permissions"]["read"], "subscribed")
        self.assertEqual(res.json["permissions"]["write"], "restricted")
        res = self.create_activity(username, user_status_context, expect=201)
Example #8
0
    def test_delete_device_token(self):
        username = '******'
        token = {'platform': 'ios', 'token': '12345678901234567890123456789012'}

        self.create_user(username)
        self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201)
        self.testapp.delete('/tokens/%s' % (token['token']), "", oauth2Header(username), status=204)
Example #9
0
    def test_maintenance_subscriptions(self):
        from .mockers import create_context
        from .mockers import subscribe_context, user_status_context
        from hashlib import sha1

        username = '******'
        self.create_user(username)
        self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
        chash = sha1(create_context['url']).hexdigest()
        self.admin_subscribe_user_to_context(username, subscribe_context)
        self.create_activity(username, user_status_context)

        # Hard modify context directly on mongo to simulate changed permissions, displayName and tags
        contexts = self.exec_mongo_query('contexts', 'find', {'hash': chash})
        context = contexts[0]
        context['permissions']['write'] = 'restricted'
        context['displayName'] = 'Changed Name'
        context['tags'].append('new tag')
        self.exec_mongo_query('contexts', 'update', {'_id': context['_id']}, context)
        self.testapp.post('/admin/maintenance/subscriptions', "", oauth2Header(test_manager), status=200)

        # Check user subscription is updated
        res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(username), status=200)
        self.assertEqual(res.json['subscribedTo'][0]['displayName'], 'Changed Name')
        self.assertListEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'new tag'])
        self.assertListEqual(res.json['subscribedTo'][0]['permissions'], ['read'])

        # Check user activity is updated
        res = self.testapp.get('/people/{}/timeline'.format(username), "", oauth2Header(username), status=200)
        self.assertEqual(res.json[0]['contexts'][0]['displayName'], 'Changed Name')
        self.assertListEqual(res.json[0]['contexts'][0]['tags'], ['Assignatura', 'new tag'])
Example #10
0
    def test_get_pushtokens_for_given_conversations(self):
        """ doctest .. http:get:: /conversations/{id}/tokens """
        from .mockers import message
        sender = 'messi'
        recipient = 'xavi'
        self.create_user(sender)
        self.create_user(recipient)

        platform = 'ios'
        token_sender = '12345678901234567890123456789012'
        token_recipient = '12345678901234567890123456789013'
        self.testapp.post('/people/%s/device/%s/%s' % (sender, platform, token_sender), "", oauth2Header(sender), status=201)
        self.testapp.post('/people/%s/device/%s/%s' % (recipient, platform, token_recipient), "", oauth2Header(recipient), status=201)

        res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
        conversation_id = res.json['contexts'][0]['id']

        res = self.testapp.get('/conversations/%s/tokens' % (conversation_id), '', oauth2Header(test_manager), status=200)
        self.assertEqual(res.json[0]['platform'], u'ios')
        self.assertEqual(res.json[0]['token'], u'12345678901234567890123456789013')
        self.assertEqual(res.json[0]['username'], u'xavi')

        self.assertEqual(res.json[1]['platform'], u'ios')
        self.assertEqual(res.json[1]['token'], u'12345678901234567890123456789012')
        self.assertEqual(res.json[1]['username'], u'messi')
        self.assertEqual(len(res.json), 2)
Example #11
0
 def test_security_remove_user_from_role_check_security_reloaded(self):
     test_manager2 = 'messi'
     self.create_user(test_manager2)
     self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=201)
     self.testapp.get('/activities', "", oauth2Header(test_manager2), status=200)
     self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=204)
     self.testapp.get('/activities', "", oauth2Header(test_manager2), status=403)
Example #12
0
 def test_remove_context_tag(self):
     from hashlib import sha1
     from .mockers import create_context
     self.create_context(create_context)
     url_hash = sha1(create_context['url']).hexdigest()
     self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
     self.testapp.delete('/contexts/%s/tags/%s' % (url_hash, 'Assignatura'), "", oauth2Header(test_manager), status=204)
Example #13
0
    def test_rename_context_url(self):
        from .mockers import create_context
        from .mockers import subscribe_context, user_status_context
        from hashlib import sha1

        username = '******'
        self.create_user(username)
        self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
        self.admin_subscribe_user_to_context(username, subscribe_context)
        activity = self.create_activity(username, user_status_context)

        url_hash = sha1(create_context['url']).hexdigest()
        res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"url": "http://new.url"}), oauth2Header(test_manager), status=200)

        # Test context is updated
        new_url_hash = sha1('http://new.url').hexdigest()
        res = self.testapp.get('/contexts/%s' % new_url_hash, "", oauth2Header(test_manager), status=200)
        self.assertEqual(res.json['url'], 'http://new.url')
        self.assertEqual(res.json['hash'], new_url_hash)

        # Test user subscription is updated
        res = self.testapp.get('/people/%s' % username, "", oauth2Header(test_manager), status=200)
        self.assertEqual(res.json['subscribedTo'][0]['url'], 'http://new.url')
        self.assertEqual(res.json['subscribedTo'][0]['hash'], new_url_hash)

        # Test user original subscription activity is updated
        subscription_activity = self.exec_mongo_query('activity', 'find', {'object.hash': new_url_hash, 'object.url': "http://new.url", 'actor.username': username})
        self.assertNotEqual(subscription_activity, [])
        self.assertEqual(subscription_activity[0]['object']['hash'], new_url_hash)
        self.assertEqual(subscription_activity[0]['object']['url'], 'http://new.url')

        # Test user activity is updated
        res = self.testapp.get('/activities/%s' % activity.json['id'], "", oauth2Header(test_manager), status=200)
        self.assertEqual(res.json['contexts'][0]['url'], 'http://new.url')
        self.assertEqual(res.json['contexts'][0]['hash'], new_url_hash)
Example #14
0
    def test_like_activity_by_various(self):
        """
           Given a plain user
           and a regular context
           When i post an activity in a context
           Then someone else can like this activity
           and i also can like it
        """
        from .mockers import user_status_context
        from .mockers import subscribe_context, create_context
        username = '******'
        username_not_me = 'xavi'
        self.create_user(username)
        self.create_user(username_not_me)
        self.create_context(create_context)
        self.admin_subscribe_user_to_context(username, subscribe_context)
        self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
        res = self.create_activity(username, user_status_context)
        activity_id = res.json['id']
        res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
        res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username), status=201)

        self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me)
        self.assertEqual(res.json['object']['likes'][1]['username'], username)
        self.assertEqual(res.json['object']['liked'], True)
        self.assertEqual(res.json['object']['likesCount'], 2)
Example #15
0
    def test_unfavorite_activity(self):
        """
           Given a plain user
           and a regular context
           When i post an activity in a context
           Then someone else can remove previously favorite mark from this activity
        """
        from .mockers import user_status_context
        from .mockers import subscribe_context, create_context
        username = '******'
        username_not_me = 'xavi'
        self.create_user(username)
        self.create_user(username_not_me)
        self.create_context(create_context)
        self.admin_subscribe_user_to_context(username, subscribe_context)
        self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
        res = self.create_activity(username, user_status_context)
        activity_id = res.json['id']
        res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
        res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200)
        activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)

        self.assertEqual(res.json['object']['favorites'], [])
        self.assertEqual(res.json['object']['favorited'], False)
        self.assertEqual(res.json['object']['favoritesCount'], 0)

        self.assertEqual(activity.json['favorites'], [])
        self.assertEqual(activity.json['favorited'], False)
        self.assertEqual(activity.json['favoritesCount'], 0)
Example #16
0
    def test_favorite_already_favorited_activity(self):
        """
           Given a plain user
           and a regular context
           When i post an activity in a context
           And someone favorites this activity
           Then this someone else can't favorite twice this activity
        """
        from .mockers import user_status_context
        from .mockers import subscribe_context, create_context
        username = '******'
        username_not_me = 'xavi'
        self.create_user(username)
        self.create_user(username_not_me)
        self.create_context(create_context)
        self.admin_subscribe_user_to_context(username, subscribe_context)
        self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
        res = self.create_activity(username, user_status_context)
        activity_id = res.json['id']
        res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
        res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=200)

        self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me)
        self.assertEqual(res.json['object']['favorited'], True)
        self.assertEqual(res.json['object']['favoritesCount'], 1)
Example #17
0
    def test_user_activities_stats_without_activity(self):
        username = '******'
        self.create_user(username)

        res = self.testapp.get('/people/%s/activities' % username, '', oauth2Header(username), status=200)
        self.assertEqual(len(res.json), 0)
        res = self.testapp.head('/people/%s/activities' % username, oauth2Header(username), status=200)
        self.assertEqual(res.headers.get('X-totalItems'), '0')
Example #18
0
 def test_create_context_that_already_exists(self):
     """ doctest .. http:get:: /contexts/{hash} """
     from hashlib import sha1
     from .mockers import create_context
     url_hash = sha1(create_context['url']).hexdigest()
     self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
     res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=200)
     self.assertEqual(res.json.get('hash', None), url_hash)
Example #19
0
 def test_deleted_context_is_really_deleted(self):
     from hashlib import sha1
     from .mockers import create_context
     url_hash = sha1(create_context['url']).hexdigest()
     self.create_context(create_context)
     self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
     res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=404)
     result = json.loads(res.text)
     self.assertEqual(result.get('error', None), 'ObjectNotFound')
Example #20
0
 def test_access_to_security_settings(self):
     """
         Given i'm a Manager user
         When i try to interact with security endpoints
         Then i suceed
     """
     self.testapp.get('/admin/security', headers=oauth2Header(test_manager), status=200)
     self.testapp.get('/admin/security/users', headers=oauth2Header(test_manager), status=200)
     self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200)
     self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200)
     self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=204)
Example #21
0
    def test_user_activities_stats(self):
        from .mockers import user_status
        username = '******'
        self.create_user(username)

        for i in range(11):
            self.create_activity(username, user_status, note=str(i))
        res = self.testapp.get('/people/%s/activities' % username, '', oauth2Header(username), status=200)
        self.assertEqual(len(res.json), 10)
        res = self.testapp.head('/people/%s/activities' % username, oauth2Header(username), status=200)
        self.assertEqual(res.headers.get('X-totalItems'), '11')
Example #22
0
    def test_global_comments_stats(self):
        from .mockers import user_status, user_comment
        username = '******'
        self.create_user(username)

        for i in range(11):
            res = self.create_activity(username, user_status, note=str(i))
            self.testapp.post('/activities/%s/comments' % res.json['id'], json.dumps(user_comment), oauth2Header(username), status=201)
        res = self.testapp.get('/activities', '', oauth2Header(test_manager), status=200)
        self.assertEqual(len(res.json), 10)
        res = self.testapp.head('/activities/comments', oauth2Header(test_manager), status=200)
        self.assertEqual(res.headers.get('X-totalItems'), '11')
Example #23
0
    def test_delete_only_deleted_specified_context(self):
        from hashlib import sha1
        from .mockers import create_context, create_contextA
        self.create_context(create_context)
        self.create_context(create_contextA)

        url_hash = sha1(create_context['url']).hexdigest()
        url_hashA = sha1(create_contextA['url']).hexdigest()
        self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
        res = self.testapp.get('/contexts/%s' % url_hashA, "", oauth2Header(test_manager), status=200)
        result = json.loads(res.text)
        self.assertEqual(result.get('hash', None), url_hashA)
Example #24
0
 def test_update_context_tags_updates_existing_subscription_tags(self):
     from hashlib import sha1
     from .mockers import create_context, subscribe_context, user_status_context
     username = '******'
     self.create_user(username)
     self.create_context(create_context)
     url_hash = sha1(create_context['url']).hexdigest()
     self.admin_subscribe_user_to_context(username, subscribe_context)
     self.create_activity(username, user_status_context)
     self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
     res = self.testapp.get('/people/%s' % username, "", oauth2Header(username), status=200)
     self.assertEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'prova'])
Example #25
0
    def test_get_all_users_with_regex(self):
        username = "******"
        self.create_user(username)
        query = {"username": "******"}
        res = self.testapp.get("/people", query, oauth2Header(username), status=200)
        result = json.loads(res.text)
        self.assertEqual(result[0].get("username", ""), username)

        query = {"username": "******"}
        res = self.testapp.get("/people", query, oauth2Header(username), status=200)
        result = json.loads(res.text)
        self.assertEqual(result[0].get("username", ""), username)
Example #26
0
    def test_maintenance_users(self):
        username = '******'
        self.create_user(username)

        # Hard modify user directly on mongo to simulate wrong owner and check is wrong
        self.exec_mongo_query('users', 'update', {'username': username}, {'$set': {'_owner': 'test_manager'}})
        res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200)
        self.assertEqual(res.json['owner'], 'test_manager')

        self.testapp.post('/admin/maintenance/users', "", oauth2Header(test_manager), status=200)
        res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200)
        self.assertEqual(res.json['owner'], username)
Example #27
0
 def test_create_activity_check_not_duplicate_activity(self):
     """
         Given a admin user
         When I post an activity in the name of someone else
         And I try to post the same content twice in less than a minute
         Then the activity is posted only once
     """
     from .mockers import user_status as activity
     username = '******'
     self.create_user(username)
     self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=201)
     self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=200)
Example #28
0
    def test_forbidden_access_to_security_settings(self):
        """
            Given i'm a regular user
            When i try to interact with security endpoints
            Then i get a Forbidden Exception
        """
        username = '******'

        self.testapp.get('/admin/security', headers=oauth2Header(username), status=403)
        self.testapp.get('/admin/security/users', headers=oauth2Header(username), status=403)
        self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
        self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
        self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
Example #29
0
    def test_delete_token(self):
        """
            Given i'm a regular user
            When i try to add delete a device token
            I succeed
        """
        from max.tests.mockers import token

        username = '******'
        self.create_user(username)

        self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
        self.testapp.delete('/tokens/{}'.format(token['token']), '', headers=oauth2Header(username), status=204)
Example #30
0
 def test_search_with_invalid_parameters(self):
     """
         Given a plain user
         When I do a search with invalid parameters
         Then I get a Bad Request Error
     """
     username = '******'
     self.create_user(username)
     fake_id = '519200000000000000000000'
     self.testapp.get('/people?limit=a', '', oauth2Header(username), status=400)
     self.testapp.get('/people?after=0', '', oauth2Header(username), status=400)
     self.testapp.get('/people?before=0', '', oauth2Header(username), status=400)
     self.testapp.get('/people?before={0}&after={0}'.format(fake_id), '', oauth2Header(username), status=400)