def setUp(self):
self.services_factory = mock()
self.portal = mock()
self.provider = mock()
self.resource = LoginResource(self.services_factory, self.portal)
self.web = DummySite(self.resource)
self.request = DummyRequest([''])
username = '******'
self.request.addArg('username', username)
password = '******'
self.username = username
self.password = password
self.request.addArg('password', password)
self.request.method = 'POST'
leap_session = mock(LeapSession)
user_auth = mock()
user_auth.uuid = 'some_user_uuid'
leap_session.user_auth = user_auth
config = mock()
config.leap_home = 'some_folder'
leap_session.config = config
leap_session.fresh_account = False
self.leap_session = leap_session
self.user_auth = user_auth
class TestLoginStatus(unittest.TestCase):
def setUp(self):
self.services_factory = mock()
self.resource = LoginStatusResource(self.services_factory)
self.web = DummySite(self.resource)
self.request = DummyRequest(['/status'])
def test_login_status_completed_when_single_user(self):
self.services_factory.mode = mock()
self.services_factory.mode.is_single_user = True
d = self.web.get(self.request)
def assert_login_completed(_):
self.assertIn('completed', self.request.written[0])
d.addCallback(assert_login_completed)
return d
@patch('pixelated.resources.session.PixelatedSession.check_login_status')
def test_login_status_when_multi_user_returns_check_login_status(self, mock_login_status):
self.services_factory.mode = mock()
self.services_factory.mode.is_single_user = False
mock_login_status.return_value = 'started'
d = self.web.get(self.request)
def assert_login_completed(_):
self.assertIn('started', self.request.written[0])
d.addCallback(assert_login_completed)
return d
class TestKeysResource(unittest.TestCase):
def setUp(self):
self.keymanager = mock()
self.web = DummySite(KeysResource(self.keymanager))
def test_returns_404_if_key_not_found(self):
request = DummyRequest(['/keys'])
request.addArg('search', '*****@*****.**')
when(self.keymanager).get_key_from_cache(
'*****@*****.**', OpenPGPKey).thenRaise(KeyNotFound())
d = self.web.get(request)
def assert_404(_):
self.assertEquals(404, request.code)
d.addCallback(assert_404)
return d
def test_returns_the_key_as_json_if_found(self):
request = DummyRequest(['/keys'])
request.addArg('search', 'some@key')
when(self.keymanager).get_key_from_cache('some@key',
OpenPGPKey).thenReturn(
OpenPGPKey('some@key'))
d = self.web.get(request)
def assert_response(_):
self.assertEquals(
'"{\\"tags\\": [\\"keymanager-key\\"], \\"fingerprint\\": null, '
'\\"private\\": null, \\"expiry_date\\": null, \\"address\\": '
'\\"some@key\\", \\"last_audited_at\\": null, \\"key_data\\": null, '
'\\"length\\": null, \\"key_id\\": null, \\"validation\\": null, '
'\\"type\\": \\"<class \'leap.keymanager.openpgp.OpenPGPKey\'>\\", '
'\\"first_seen_at\\": null}"', request.written[0])
d.addCallback(assert_response)
return d
def test_returns_unauthorized_if_key_is_private(self):
request = DummyRequest(['/keys'])
request.addArg('search', 'some@key')
when(self.keymanager).get_key_from_cache('some@key',
OpenPGPKey).thenReturn(
OpenPGPKey('some@key',
private=True))
d = self.web.get(request)
def assert_response(_):
self.assertEquals(401, request.code)
d.addCallback(assert_response)
return d
def setUp(self):
self.keymanager = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.keymanager = self.keymanager
self.services_factory._services_by_user = {
'someuserid': self.keymanager
}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.web = DummySite(KeysResource(self.services_factory))
class TestLoginResource(unittest.TestCase):
def setUp(self):
self.services_factory = mock()
self.portal = mock()
self.resource = LoginResource(self.services_factory, self.portal)
self.web = DummySite(self.resource)
def test_children_resources_are_unauthorized_when_not_logged_in(self):
request = DummyRequest(['/some_child_resource'])
d = self.web.get(request)
def assert_unauthorized_resources(_):
self.assertEqual(401, request.responseCode)
self.assertEqual("Unauthorized!", request.written[0])
d.addCallback(assert_unauthorized_resources)
return d
@patch('pixelated.resources.session.PixelatedSession.is_logged_in')
def test_there_are_no_grand_children_resources_when_logged_in(self, mock_is_logged_in):
request = DummyRequest(['/login/grand_children'])
mock_is_logged_in.return_value = True
d = self.web.get(request)
def assert_resources_not_found(_):
self.assertEqual(404, request.responseCode)
self.assertIn("No Such Resource", request.written[0])
d.addCallback(assert_resources_not_found)
return d
def test_get(self):
request = DummyRequest([''])
d = self.web.get(request)
def assert_form_rendered(_):
self.assertEqual(200, request.responseCode)
form_action = 'action="/login"'
form_method = 'method="post"'
input_username = '******'
input_password = '******'
input_submit = 'name="login"'
written_response = ''.join(request.written)
self.assertIn(form_action, written_response)
self.assertIn(form_method, written_response)
self.assertIn(input_password, written_response)
self.assertIn(input_submit, written_response)
self.assertIn(input_username, written_response)
d.addCallback(assert_form_rendered)
return d
class TestUsersResource(unittest.TestCase):
def setUp(self):
self.services_factory = mock()
self.resource = UsersResource(self.services_factory)
self.web = DummySite(self.resource)
def test_numbers_of_users_online(self):
number_of_users_online = 6
self.services_factory.online_sessions = lambda: number_of_users_online
self.resource.is_admin = lambda _: True
request = DummyRequest([''])
d = self.web.get(request)
def assert_users_count(_):
self.assertEqual(200, request.code)
self.assertEqual('{"count": %d}' % number_of_users_online, request.written[0])
d.addCallback(assert_users_count)
return d
def test_numbers_of_users_online_is_only_available_only_for_admin(self):
self.resource.is_admin = lambda _: False
request = DummyRequest([''])
d = self.web.get(request)
def assert_is_forbidden(_):
self.assertEqual(401, request.responseCode)
self.assertEqual('Unauthorized!', request.written[0])
d.addCallback(assert_is_forbidden)
return d
def test_is_admin_is_queried_from_leap_auth(self):
leap_session = mock()
auth = mock()
auth.uuid = 'some_id1'
leap_session.user_auth = auth
leap_session.config = mock()
services = Services(leap_session)
service_factory = ServicesFactory(mock())
service_factory.add_session('some_id1', services)
when(auth).is_admin().thenReturn(True)
request = mock()
resource = UsersResource(service_factory)
when(resource)._get_user_id_from_request(request).thenReturn('some_id1')
self.assertTrue(resource.is_admin(request))
verify(auth).is_admin()
class TestUsersResource(unittest.TestCase):
def setUp(self):
self.services_factory = mock()
self.resource = UsersResource(self.services_factory)
self.web = DummySite(self.resource)
def test_numbers_of_users_online(self):
number_of_users_online = 6
self.services_factory.online_sessions = lambda: number_of_users_online
self.resource.is_admin = lambda _: True
request = DummyRequest([''])
d = self.web.get(request)
def assert_users_count(_):
self.assertEqual(200, request.code)
self.assertEqual('{"count": %d}' % number_of_users_online, request.written[0])
d.addCallback(assert_users_count)
return d
def test_numbers_of_users_online_is_only_available_only_for_admin(self):
self.resource.is_admin = lambda _: False
request = DummyRequest([''])
d = self.web.get(request)
def assert_is_forbidden(_):
self.assertEqual(401, request.responseCode)
self.assertEqual('Unauthorized!', request.written[0])
d.addCallback(assert_is_forbidden)
return d
def test_is_admin_is_queried_from_leap_auth(self):
leap_session = mock()
auth = mock()
auth.uuid = 'some_id1'
leap_session.user_auth = auth
leap_session.config = mock()
services = Services(leap_session)
service_factory = ServicesFactory(mock())
service_factory.add_session('some_id1', services)
when(auth).is_admin().thenReturn(True)
request = mock()
resource = UsersResource(service_factory)
when(resource)._get_user_id_from_request(request).thenReturn('some_id1')
self.assertTrue(resource.is_admin(request))
verify(auth).is_admin()
class TestUserSettingsResource(unittest.TestCase):
def setUp(self):
self.services = mock()
self.mail_service = mock()
self.mail_service.account_email = MAIL_ADDRESS
self.keymanager = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services.mail_service = self.mail_service
self.services.keymanager = self.keymanager
self.services_factory._services_by_user = {
'someuserid': self.keymanager
}
self.resource = UserSettingsResource(self.services_factory)
when(self.services_factory).services(any()).thenReturn(self.services)
self.web = DummySite(self.resource)
def test_fingerprint_given(self):
key = OpenPGPKey(MAIL_ADDRESS)
key.fingerprint = FINGERPRINT
request = DummyRequest(['/user-settings'])
when(self.keymanager).fetch_key(MAIL_ADDRESS).thenReturn(
defer.succeed(key))
d = self.web.get(request)
def assert_response(_):
response = json.loads(request.written[0])
self.assertEqual(FINGERPRINT, response['fingerprint'])
self.assertEqual(MAIL_ADDRESS, response['account_email'])
d.addCallback(assert_response)
return d
def test_fingerprint_missing(self):
key = OpenPGPKey(MAIL_ADDRESS)
key.fingerprint = FINGERPRINT
request = DummyRequest(['/user-settings'])
when(self.keymanager).fetch_key(MAIL_ADDRESS).thenReturn(
defer.fail(Failure))
d = self.web.get(request)
def assert_response(_):
response = json.loads(request.written[0])
self.assertEqual(FINGERPRINT_NOT_FOUND, response['fingerprint'])
self.assertEqual(MAIL_ADDRESS, response['account_email'])
d.addCallback(assert_response)
return d
class TestLogoutResource(unittest.TestCase):
def setUp(self):
self.services_factory = MagicMock()
self.resource = LogoutResource(self.services_factory)
self.services_factory.log_out_user.return_value = defer.succeed(None)
self.web = DummySite(self.resource)
@patch('twisted.web.util.redirectTo')
def test_logout(self, mock_redirect):
request = DummyRequest(['/logout'])
request.method = 'POST'
session = self.resource.get_session(request)
session.expire = MagicMock()
mock_redirect.return_value = 'some redirect response'
d = self.web.get(request)
def expire_session_and_redirect(_):
session = self.resource.get_session(request)
self.services_factory.destroy_session.assert_called_once_with(
session.user_uuid)
session.expire.assert_called_once_with()
mock_redirect.assert_called_once_with('/login', request)
d.addCallback(expire_session_and_redirect)
return d
def test_get_is_not_supported_for_logout(self):
request = DummyRequest(['/logout'])
request.method = 'GET'
self.assertRaises(UnsupportedMethod, self.web.get, request)
def test_errback_is_called(self):
request = DummyRequest(['/logout'])
request.method = 'POST'
session = self.resource.get_session(request)
exception = Exception('')
session.expire = MagicMock(side_effect=exception)
d = self.web.get(request)
def assert_500_when_exception_is_thrown(_):
self.assertEqual(500, request.responseCode)
self.assertEqual('Something went wrong!', request.written[0])
d.addCallback(assert_500_when_exception_is_thrown)
return d
def setUp(self):
self.mail_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.mail_service = self.mail_service
self.services_factory._services_by_user = {
'someuserid': self.mail_service
}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.mails_resource = AttachmentsResource(self.services_factory)
self.mails_resource.isLeaf = True
self.web = DummySite(self.mails_resource)
class TestKeysResource(unittest.TestCase):
def setUp(self):
self.keymanager = mock()
self.web = DummySite(KeysResource(self.keymanager))
def test_returns_404_if_key_not_found(self):
request = DummyRequest(['/keys'])
request.addArg('search', '*****@*****.**')
when(self.keymanager).get_key_from_cache('*****@*****.**', OpenPGPKey).thenRaise(KeyNotFound())
d = self.web.get(request)
def assert_404(_):
self.assertEquals(404, request.code)
d.addCallback(assert_404)
return d
def test_returns_the_key_as_json_if_found(self):
request = DummyRequest(['/keys'])
request.addArg('search', 'some@key')
when(self.keymanager).get_key_from_cache('some@key', OpenPGPKey).thenReturn(OpenPGPKey('some@key'))
d = self.web.get(request)
def assert_response(_):
self.assertEquals('"{\\"tags\\": [\\"keymanager-key\\"], \\"fingerprint\\": null, '
'\\"private\\": null, \\"expiry_date\\": null, \\"address\\": '
'\\"some@key\\", \\"last_audited_at\\": null, \\"key_data\\": null, '
'\\"length\\": null, \\"key_id\\": null, \\"validation\\": null, '
'\\"type\\": \\"<class \'leap.keymanager.openpgp.OpenPGPKey\'>\\", '
'\\"first_seen_at\\": null}"', request.written[0])
d.addCallback(assert_response)
return d
def test_returns_unauthorized_if_key_is_private(self):
request = DummyRequest(['/keys'])
request.addArg('search', 'some@key')
when(self.keymanager).get_key_from_cache('some@key', OpenPGPKey).thenReturn(OpenPGPKey('some@key', private=True))
d = self.web.get(request)
def assert_response(_):
self.assertEquals(401, request.code)
d.addCallback(assert_response)
return d
class TestLogoutResource(unittest.TestCase):
def setUp(self):
self.services_factory = MagicMock()
self.resource = LogoutResource(self.services_factory)
self.services_factory.log_out_user.return_value = defer.succeed(None)
self.web = DummySite(self.resource)
@patch('twisted.web.util.redirectTo')
def test_logout(self, mock_redirect):
request = DummyRequest(['/logout'])
request.method = 'POST'
session = self.resource.get_session(request)
session.expire = MagicMock()
mock_redirect.return_value = 'some redirect response'
d = self.web.get(request)
def expire_session_and_redirect(_):
session = self.resource.get_session(request)
self.services_factory.destroy_session.assert_called_once_with(session.user_uuid)
session.expire.assert_called_once_with()
mock_redirect.assert_called_once_with('/login', request)
d.addCallback(expire_session_and_redirect)
return d
def test_get_is_not_supported_for_logout(self):
request = DummyRequest(['/logout'])
request.method = 'GET'
self.assertRaises(UnsupportedMethod, self.web.get, request)
def test_errback_is_called(self):
request = DummyRequest(['/logout'])
request.method = 'POST'
session = self.resource.get_session(request)
exception = Exception('')
session.expire = MagicMock(side_effect=exception)
d = self.web.get(request)
def assert_500_when_exception_is_thrown(_):
self.assertEqual(500, request.responseCode)
self.assertEqual('Something went wrong!', request.written[0])
d.addCallback(assert_500_when_exception_is_thrown)
return d
def setUp(self):
self.services = mock()
self.mail_service = mock()
self.mail_service.account_email = MAIL_ADDRESS
self.keymanager = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services.mail_service = self.mail_service
self.services.keymanager = self.keymanager
self.services_factory._services_by_user = {
'someuserid': self.keymanager
}
self.resource = UserSettingsResource(self.services_factory)
when(self.services_factory).services(any()).thenReturn(self.services)
self.web = DummySite(self.resource)
def setUp(self):
self.mail_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.mail_service = self.mail_service
self.services_factory._services_by_user = {'someuserid': self.mail_service}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.mail_service.account_email = self.MAIL_ADDRESS
root_resource = RootResource(self.services_factory)
root_resource._html_template = "<html><head><title>$account_email</title></head></html>"
root_resource._mode = root_resource
self.web = DummySite(root_resource)
self.root_resource = root_resource
class TestSandBoxResource(unittest.TestCase):
def setUp(self):
static_folder = os.path.dirname(os.path.abspath(__file__))
self.resource = SandboxResource(static_folder)
self.resource.isLeaf = True
self.web = DummySite(self.resource)
@defer.inlineCallbacks
def test_render_GET_should_set_sandbox_csp_header(self):
request = DummyRequest(['/sandbox'])
request.method = 'GET'
request.isSecure = lambda: True
request.redirect = lambda _: 'irrelevant'
expected_csp_headers = "sandbox allow-popups allow-scripts;" \
"default-src 'self';" \
"style-src *;" \
"script-src *;" \
"font-src *;" \
"img-src *;" \
"object-src 'none';" \
"connect-src 'none';"
yield self.web.get(request)
self.assertEquals(
expected_csp_headers,
request.outgoingHeaders.get('X-Content-Security-Policy'.lower()))
self.assertEquals(
expected_csp_headers,
request.outgoingHeaders.get('Content-Security-Policy'.lower()))
self.assertEquals(expected_csp_headers,
request.outgoingHeaders.get('X-Webkit-CSP'.lower()))
def test_render_PUT_should_store_draft_with_attachments(self, mock_register):
request = DummyRequest([])
request.method = 'PUT'
request.content = mock()
when(request.content).read().thenReturn('{"attachments": [{"ident": "some fake attachment id"}]}')
when(self.mail_service).attachment('some fake attachment id').thenReturn(defer.succeed({'content': mock()}))
mails_resource = MailsResource(self.services_factory)
web = DummySite(mails_resource)
d = web.get(request)
def assert_response(_):
verify(self.mail_service).attachment('some fake attachment id')
d.addCallback(assert_response)
return d
class TestLogoutResource(unittest.TestCase):
def setUp(self):
self.services_factory = MagicMock()
self.resource = LogoutResource(self.services_factory)
self.services_factory.log_out_user.return_value = defer.succeed(None)
self.web = DummySite(self.resource)
@patch('twisted.web.util.redirectTo')
def test_logout(self, mock_redirect):
request = DummyRequest(['/logout'])
request.method = 'POST'
session = self.resource.get_session(request)
session.expire = MagicMock()
mock_redirect.return_value = 'some redirect response'
d = self.web.get(request)
def expire_session_and_redirect(_):
session = self.resource.get_session(request)
self.services_factory.log_out_user.assert_called_once_with(
session.user_uuid)
session.expire.assert_called_once_with()
mock_redirect.assert_called_once_with('/login', request)
d.addCallback(expire_session_and_redirect)
return d
def test_get_is_not_supported_for_logout(self):
request = DummyRequest(['/logout'])
request.method = 'GET'
self.assertRaises(UnsupportedMethod, self.web.get, request)
class TestTagsResource(unittest.TestCase):
def setUp(self):
self.services_factory = MagicMock()
self.resource = TagsResource(self.services_factory)
def test_errback_is_called(self):
exception = Exception('')
mock_search_engine = MagicMock()
mock_search_engine.tags = MagicMock(side_effect=exception)
mock_service = MagicMock()
mock_service.search_engine = mock_search_engine
self.services_factory.services.return_value = mock_service
self.web = DummySite(self.resource)
request = DummyRequest(['/tags'])
request.method = 'GET'
d = self.web.get(request)
def assert_500_when_exception_is_thrown(_):
self.assertEqual(500, request.responseCode)
self.assertEqual('Something went wrong!', request.written[0])
d.addCallback(assert_500_when_exception_is_thrown)
return d
class TestSandBoxResource(unittest.TestCase):
def setUp(self):
static_folder = os.path.dirname(os.path.abspath(__file__))
self.resource = SandboxResource(static_folder)
self.resource.isLeaf = True
self.web = DummySite(self.resource)
@defer.inlineCallbacks
def test_render_GET_should_set_sandbox_csp_header(self):
request = DummyRequest(['/sandbox'])
request.method = 'GET'
request.isSecure = lambda: True
request.redirect = lambda _: 'irrelevant'
expected_csp_headers = "sandbox allow-popups allow-scripts;" \
"default-src 'self';" \
"style-src *;" \
"script-src *;" \
"font-src *;" \
"img-src *;" \
"object-src 'none';" \
"connect-src 'none';"
yield self.web.get(request)
self.assertEquals(expected_csp_headers, request.responseHeaders.getRawHeaders('X-Content-Security-Policy'.lower())[0])
self.assertEquals(expected_csp_headers, request.responseHeaders.getRawHeaders('Content-Security-Policy'.lower())[0])
self.assertEquals(expected_csp_headers, request.responseHeaders.getRawHeaders('X-Webkit-CSP'.lower())[0])
def setUp(self):
self.services_factory = MagicMock()
self.authenticator = MagicMock()
self.leap_provider = MagicMock()
self.leap_provider.server_name = 'test.com'
self.resource = BackupAccountResource(self.services_factory, self.authenticator, self.leap_provider)
self.web = DummySite(self.resource)
class TestRootResource(unittest.TestCase):
MAIL_ADDRESS = '*****@*****.**'
def setUp(self):
self.mail_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.mail_service = self.mail_service
self.services_factory._services_by_user = {'someuserid': self.mail_service}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.mail_service.account_email = self.MAIL_ADDRESS
root_resource = RootResource(self.services_factory)
root_resource._html_template = "<html><head><title>$account_email</title></head></html>"
root_resource._mode = root_resource
self.web = DummySite(root_resource)
def test_render_GET_should_template_account_email(self):
request = DummyRequest([''])
d = self.web.get(request)
def assert_response(_):
expected = "<title>{0}</title>".format(self.MAIL_ADDRESS)
matches = re.findall(expected, request.written[0])
self.assertEquals(len(matches), 1)
d.addCallback(assert_response)
return d
def setUp(self):
self.services_factory = mock()
self.portal = mock()
self.provider = mock()
self.resource = LoginResource(self.services_factory, self.portal)
self.web = DummySite(self.resource)
self.request = DummyRequest([''])
username = '******'
self.request.addArg('username', username)
password = '******'
self.username = username
self.password = password
self.request.addArg('password', password)
self.request.method = 'POST'
leap_session = mock(LeapSession)
user_auth = mock()
user_auth.uuid = 'some_user_uuid'
leap_session.user_auth = user_auth
config = mock()
config.leap_home = 'some_folder'
leap_session.config = config
leap_session.fresh_account = False
self.leap_session = leap_session
self.user_auth = user_auth
class TestLogoutResource(unittest.TestCase):
def setUp(self):
self.services_factory = MagicMock()
self.resource = LogoutResource(self.services_factory)
self.services_factory.log_out_user.return_value = defer.succeed(None)
self.web = DummySite(self.resource)
@patch('twisted.web.util.redirectTo')
def test_logout(self, mock_redirect):
request = DummyRequest(['/logout'])
request.method = 'POST'
session = self.resource.get_session(request)
session.expire = MagicMock()
mock_redirect.return_value = 'some redirect response'
d = self.web.get(request)
def expire_session_and_redirect(_):
session = self.resource.get_session(request)
self.services_factory.log_out_user.assert_called_once_with(session.user_uuid)
session.expire.assert_called_once_with()
mock_redirect.assert_called_once_with('/login', request)
d.addCallback(expire_session_and_redirect)
return d
def test_get_is_not_supported_for_logout(self):
request = DummyRequest(['/logout'])
request.method = 'GET'
self.assertRaises(UnsupportedMethod, self.web.get, request)
class TestFeedbackResource(unittest.TestCase):
def setUp(self):
self.feedback_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.feedback_service = self.feedback_service
self.services_factory._services_by_user = {'someuserid': self.feedback_service}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.web = DummySite(FeedbackResource(self.services_factory))
def test_sends_feedback_to_leap_web(self):
request = DummyRequest(['/feedback'])
request.method = 'POST'
content = mock()
when(content).read().thenReturn(json.dumps({'feedback': 'Pixelated is awesome!'}))
request.content = content
d = self.web.get(request)
def assert_posted_feedback_to_leap_web(_):
verify(self.feedback_service).open_ticket('Pixelated is awesome!')
d.addCallback(assert_posted_feedback_to_leap_web)
return d
class TestUserSettingsResource(unittest.TestCase):
def setUp(self):
self.services = mock()
self.mail_service = mock()
self.mail_service.account_email = MAIL_ADDRESS
self.keymanager = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services.mail_service = self.mail_service
self.services.keymanager = self.keymanager
self.services_factory._services_by_user = {'someuserid': self.keymanager}
self.resource = UserSettingsResource(self.services_factory)
when(self.services_factory).services(any()).thenReturn(self.services)
self.web = DummySite(self.resource)
def test_fingerprint_given(self):
key = OpenPGPKey(MAIL_ADDRESS)
key.fingerprint = FINGERPRINT
request = DummyRequest(['/user-settings'])
when(self.keymanager).fetch_key(MAIL_ADDRESS).thenReturn(defer.succeed(key))
d = self.web.get(request)
def assert_response(_):
response = json.loads(request.written[0])
self.assertEqual(FINGERPRINT, response['fingerprint'])
self.assertEqual(MAIL_ADDRESS, response['account_email'])
d.addCallback(assert_response)
return d
def test_fingerprint_missing(self):
key = OpenPGPKey(MAIL_ADDRESS)
key.fingerprint = FINGERPRINT
request = DummyRequest(['/user-settings'])
when(self.keymanager).fetch_key(MAIL_ADDRESS).thenReturn(defer.fail(Failure))
d = self.web.get(request)
def assert_response(_):
response = json.loads(request.written[0])
self.assertEqual(FINGERPRINT_NOT_FOUND, response['fingerprint'])
self.assertEqual(MAIL_ADDRESS, response['account_email'])
d.addCallback(assert_response)
return d
def test_render_PUT_should_store_draft_with_attachments(self, mock_register):
request = DummyRequest(['/mails'])
request.method = 'PUT'
content = mock()
when(content).read().thenReturn('{"attachments": [{"ident": "some fake attachment id"}]}')
when(self.mail_service).attachment('some fake attachment id').thenReturn(defer.Deferred())
request.content = content
mails_resource = MailsResource(self.services_factory)
mails_resource.isLeaf = True
web = DummySite(mails_resource)
d = web.get(request)
def assert_response(_):
verify(self.mail_service).attachment('some fake attachment id')
d.addCallback(assert_response)
return d
def setUp(self):
self.keymanager = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.keymanager = self.keymanager
self.services_factory._services_by_user = {'someuserid': self.keymanager}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.web = DummySite(KeysResource(self.services_factory))
def setUp(self):
self.feedback_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.feedback_service = self.feedback_service
self.services_factory._services_by_user = {'someuserid': self.feedback_service}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.web = DummySite(FeedbackResource(self.services_factory))
def test_render_GET_should_unicode_mails_search_query(self, mock_register):
request = DummyRequest([])
non_unicode_search_term = 'coração'
request.addArg('q', non_unicode_search_term)
request.addArg('w', 25)
request.addArg('p', 1)
unicodified_search_term = u'coração'
when(self.mail_service).mails(unicodified_search_term, 25, 1).thenReturn(defer.succeed(([], 0)))
mails_resource = MailsResource(self.services_factory)
web = DummySite(mails_resource)
d = web.get(request)
def assert_response(_):
verify(self.mail_service).mails(unicodified_search_term, 25, 1)
d.addCallback(assert_response)
return d
def test_render_GET_should_unicode_mails_search_query(self, mock_register):
request = DummyRequest(['/mails'])
non_unicode_search_term = 'coração'
request.addArg('q', non_unicode_search_term)
request.addArg('w', 25)
request.addArg('p', 1)
unicodified_search_term = u'coração'
when(self.mail_service).mails(unicodified_search_term, 25, 1).thenReturn(defer.Deferred())
mails_resource = MailsResource(self.services_factory)
mails_resource.isLeaf = True
web = DummySite(mails_resource)
d = web.get(request)
def assert_response(_):
verify(self.mail_service).mails(unicodified_search_term, 25, 1)
d.addCallback(assert_response)
return d
def setUp(self):
self.mail_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.mail_service = self.mail_service
self.services_factory._services_by_user = {'someuserid': self.mail_service}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.mails_resource = AttachmentsResource(self.services_factory)
self.mails_resource.isLeaf = True
self.web = DummySite(self.mails_resource)
def test_render_POST_should_send_email_with_attachments(self, mock_register):
request = DummyRequest([])
request.method = 'POST'
request.content = mock()
when(request.content).read().thenReturn('{"attachments": [{"ident": "some fake attachment id"}]}')
when(self.mail_service).attachment('some fake attachment id').thenReturn(defer.succeed({"content": "some content"}))
as_dictable = mock()
when(as_dictable).as_dict().thenReturn({})
when(self.mail_service).send_mail({"attachments": [{"ident": "some fake attachment id", "raw": "some content"}]})\
.thenReturn(defer.succeed(as_dictable))
mails_resource = MailsResource(self.services_factory)
web = DummySite(mails_resource)
d = web.get(request)
def assert_response(_):
verify(self.mail_service).attachment('some fake attachment id')
verify(self.mail_service).send_mail({"attachments": [{"ident": "some fake attachment id", "raw": "some content"}]})
d.addCallback(assert_response)
return d
def setUp(self):
self.services = mock()
self.mail_service = mock()
self.mail_service.account_email = MAIL_ADDRESS
self.keymanager = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services.mail_service = self.mail_service
self.services.keymanager = self.keymanager
self.services_factory._services_by_user = {'someuserid': self.keymanager}
self.resource = UserSettingsResource(self.services_factory)
when(self.services_factory).services(any()).thenReturn(self.services)
self.web = DummySite(self.resource)
def setUp(self):
self.mail_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.mail_service = self.mail_service
self.services_factory._services_by_user = {'someuserid': self.mail_service}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.mail_service.account_email = self.MAIL_ADDRESS
root_resource = RootResource(self.services_factory)
root_resource._html_template = "<html><head><title>$account_email</title></head></html>"
root_resource._mode = root_resource
self.web = DummySite(root_resource)
def test_render_POST_should_send_email_with_attachments(self, mock_register):
request = DummyRequest(['/mails'])
request.method = 'POST'
content = mock()
when(content).read().thenReturn('{"attachments": [{"ident": "some fake attachment id"}]}')
when(self.mail_service).attachment('some fake attachment id').thenReturn(defer.succeed({"content": "some content"}))
as_dictable = mock()
when(as_dictable).as_dict().thenReturn({})
when(self.mail_service).send_mail({"attachments": [{"ident": "some fake attachment id", "raw": "some content"}]})\
.thenReturn(defer.succeed(as_dictable))
request.content = content
mails_resource = MailsResource(self.services_factory)
mails_resource.isLeaf = True
web = DummySite(mails_resource)
d = web.get(request)
def assert_response(_):
verify(self.mail_service).attachment('some fake attachment id')
verify(self.mail_service).send_mail({"attachments": [{"ident": "some fake attachment id", "raw": "some content"}]})
d.addCallback(assert_response)
return d
def setUp(self):
self.services_factory = mock()
self.provider = mock()
self.resource = LoginResource(self.services_factory, self.provider)
self.web = DummySite(self.resource)
self.request = DummyRequest([''])
username = '******'
self.request.addArg('username', username)
password = '******'
self.username = username
self.password = password
self.request.addArg('password', password)
self.request.method = 'POST'
user_auth = mock()
user_auth.uuid = 'some_user_uuid'
self.user_auth = user_auth
class TestFeedbackResource(unittest.TestCase):
def setUp(self):
self.feedback_service = mock()
self.web = DummySite(FeedbackResource(self.feedback_service))
def test_sends_feedback_to_leap_web(self):
request = DummyRequest(['/feedback'])
request.method = 'POST'
content = mock()
when(content).read().thenReturn(json.dumps({'feedback': 'Pixelated is awesome!'}))
request.content = content
d = self.web.get(request)
def assert_posted_feedback_to_leap_web(_):
verify(self.feedback_service).open_ticket('Pixelated is awesome!')
d.addCallback(assert_posted_feedback_to_leap_web)
return d
class TestFeedbackResource(unittest.TestCase):
def setUp(self):
self.feedback_service = mock()
self.web = DummySite(FeedbackResource(self.feedback_service))
def test_sends_feedback_to_leap_web(self):
request = DummyRequest(['/feedback'])
request.method = 'POST'
content = mock()
when(content).read().thenReturn(
json.dumps({'feedback': 'Pixelated is awesome!'}))
request.content = content
d = self.web.get(request)
def assert_posted_feedback_to_leap_web(_):
verify(self.feedback_service).open_ticket('Pixelated is awesome!')
d.addCallback(assert_posted_feedback_to_leap_web)
return d
class TestLogoutResource(unittest.TestCase):
def setUp(self):
self.services_factory = mock()
self.resource = LogoutResource(self.services_factory)
self.web = DummySite(self.resource)
@patch('twisted.web.util.redirectTo')
def test_logout(self, mock_redirect):
request = DummyRequest(['/logout'])
mock_redirect.return_value = 'haha'
d = self.web.get(request)
def expire_session_and_redirect(_):
session = self.resource.get_session(request)
self.assertFalse(session.is_logged_in())
mock_redirect.assert_called_once_with('/login', request)
d.addCallback(expire_session_and_redirect)
return d
class TestRootResource(unittest.TestCase):
MAIL_ADDRESS = '*****@*****.**'
def setUp(self):
root_resource = RootResource()
root_resource._mode = root_resource
root_resource.account_email = self.MAIL_ADDRESS
root_resource._html_template = "<html><head><title>$account_email</title></head></html>"
self.web = DummySite(root_resource)
def test_render_GET_should_template_account_email(self):
request = DummyRequest([''])
d = self.web.get(request)
def assert_response(_):
expected = "<title>{0}</title>".format(self.MAIL_ADDRESS)
matches = re.findall(expected, request.written[0])
self.assertEquals(len(matches), 1)
d.addCallback(assert_response)
return d
class TestArchiveResource(unittest.TestCase):
def setUp(self):
self.mail_service = mock()
self.web = DummySite(MailsArchiveResource(self.mail_service))
def test_render_POST_should_archive_mails(self):
request = DummyRequest(['/mails/archive'])
request.method = 'POST'
content = mock()
when(content).read().thenReturn(json.dumps({'idents': ['1', '2']}))
when(self.mail_service).archive_mail('1').thenReturn(defer.Deferred())
when(self.mail_service).archive_mail('2').thenReturn(defer.Deferred())
request.content = content
d = self.web.get(request)
def assert_response(_):
verify(self.mail_service).archive_mail('1')
verify(self.mail_service).archive_mail('2')
d.addCallback(assert_response)
return d
class TestArchiveResource(unittest.TestCase):
def setUp(self):
self.mail_service = mock()
self.web = DummySite(MailsArchiveResource(self.mail_service))
def test_render_POST_should_archive_mails(self):
request = DummyRequest(["/mails/archive"])
request.method = "POST"
content = mock()
when(content).read().thenReturn(json.dumps({"idents": ["1", "2"]}))
when(self.mail_service).archive_mail("1").thenReturn(defer.Deferred())
when(self.mail_service).archive_mail("2").thenReturn(defer.Deferred())
request.content = content
d = self.web.get(request)
def assert_response(_):
verify(self.mail_service).archive_mail("1")
verify(self.mail_service).archive_mail("2")
d.addCallback(assert_response)
return d
class TestArchiveResource(unittest.TestCase):
def setUp(self):
self.mail_service = mock()
self.web = DummySite(MailsArchiveResource(self.mail_service))
def test_render_POST_should_archive_mails(self):
request = DummyRequest(['/mails/archive'])
request.method = 'POST'
idents = ['1', '2']
content = mock()
when(content).read().thenReturn(json.dumps({'idents': ['1', '2']}))
when(self.mail_service).archive_mail('1').thenReturn(defer.succeed(None))
when(self.mail_service).archive_mail('2').thenReturn(defer.succeed(None))
request.content = content
d = self.web.get(request)
def assert_response(_):
verify(self.mail_service).archive_mail('1')
verify(self.mail_service).archive_mail('2')
d.addCallback(assert_response)
return d
class AttachmentsResourceTest(unittest.TestCase):
def setUp(self):
self.mail_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.mail_service = self.mail_service
self.services_factory._services_by_user = {
'someuserid': self.mail_service
}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.mails_resource = AttachmentsResource(self.services_factory)
self.mails_resource.isLeaf = True
self.web = DummySite(self.mails_resource)
@patch('cgi.FieldStorage')
def test_post_new_attachment(self, mock_fields):
request = DummyRequest(['/attachment'])
request.method = 'POST'
request.content = 'mocked'
attachment_id = 'B5B4ED80AC3B894523D72E375DACAA2FC6606C18EDF680FE95903086C8B5E14A'
_file = MagicMock()
_file.value = 'some mocked value'
_file.type = 'some mocked type'
_file.filename = 'filename.txt'
mock_fields.return_value = {'attachment': _file}
when(self.mail_service).save_attachment(
'some mocked value',
'some mocked type').thenReturn(defer.succeed(attachment_id))
d = self.web.get(request)
def assert_response(_):
self.assertEqual(201, request.code)
self.assertEqual('/attachment/%s' % attachment_id,
request.headers['Location'])
response_json = {
'ident': attachment_id,
'content-type': 'some mocked type',
'name': 'filename.txt',
'size': 17,
'encoding': 'base64'
}
self.assertEqual(response_json, json.loads(request.written[0]))
verify(self.mail_service).save_attachment('some mocked value',
'some mocked type')
d.addCallback(assert_response)
return d
@patch('cgi.FieldStorage')
def test_post_attachment_fails(self, mock_fields):
request = DummyRequest(['/attachment'])
request.method = 'POST'
request.content = 'mocked'
_file = MagicMock()
_file.value = 'some mocked value'
_file.type = 'some mocked type'
mock_fields.return_value = {'attachment': _file}
when(self.mail_service).save_attachment('some mocked value',
'some mocked type').thenReturn(
defer.fail(Exception))
d = self.web.get(request)
def assert_response(_):
self.assertEqual(500, request.code)
self.assertFalse('Location' in request.headers)
self.assertIn("message", json.loads(request.written[0]))
verify(self.mail_service).save_attachment('some mocked value',
'some mocked type')
d.addCallback(assert_response)
return d
def setUp(self):
self.services_factory = mock()
self.resource = UsersResource(self.services_factory)
self.web = DummySite(self.resource)
def setUp(self):
static_folder = os.path.dirname(os.path.abspath(__file__))
self.resource = SandboxResource(static_folder)
self.resource.isLeaf = True
self.web = DummySite(self.resource)
def setUp(self):
self.services_factory = mock()
self.portal = mock()
self.resource = LoginResource(self.services_factory, self.portal)
self.web = DummySite(self.resource)
def setUp(self):
self.keymanager = mock()
self.web = DummySite(KeysResource(self.keymanager))
def setUp(self):
self.services_factory = mock()
self.portal = mock()
self.resource = LoginResource(self.services_factory, self.portal)
self.web = DummySite(self.resource)
def setUp(self):
self.mail_service = mock()
self.web = DummySite(MailsArchiveResource(self.mail_service))
class TestRootResource(unittest.TestCase):
MAIL_ADDRESS = '*****@*****.**'
def setUp(self):
self.mail_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.mail_service = self.mail_service
self.services_factory._services_by_user = {
'someuserid': self.mail_service
}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.mail_service.account_email = self.MAIL_ADDRESS
root_resource = RootResource(self.services_factory)
root_resource._html_template = "<html><head><title>$account_email</title></head></html>"
root_resource._mode = root_resource
self.web = DummySite(root_resource)
self.root_resource = root_resource
def test_render_GET_should_template_account_email(self):
request = DummyRequest([''])
request.addCookie = lambda key, value: 'stubbed'
d = self.web.get(request)
def assert_response(_):
expected = "<title>{0}</title>".format(self.MAIL_ADDRESS)
matches = re.findall(expected, request.written[0])
self.assertEquals(len(matches), 1)
d.addCallback(assert_response)
return d
def _test_should_renew_xsrf_cookie(self):
request = DummyRequest([''])
request.addCookie = MagicMock()
generated_csrf_token = 'csrf_token'
mock_sha = MagicMock()
mock_sha.hexdigest = MagicMock(return_value=generated_csrf_token)
with patch('hashlib.sha256', return_value=mock_sha):
d = self.web.get(request)
def assert_csrf_cookie(_):
request.addCookie.assert_called_once_with('XSRF-TOKEN',
generated_csrf_token)
d.addCallback(assert_csrf_cookie)
return d
def test_should_renew_xsrf_cookie_on_startup_mode(self):
self.root_resource._mode = MODE_STARTUP
self._test_should_renew_xsrf_cookie()
def test_should_renew_xsrf_cookie_on_running_mode(self):
self.root_resource._mode = MODE_RUNNING
self._test_should_renew_xsrf_cookie()
def test_should_unavailable_child_resource_during_startup(self):
self.root_resource._mode = MODE_STARTUP
request = DummyRequest(['/child'])
request.getCookie = MagicMock(return_value='irrelevant -- stubbed')
d = self.web.get(request)
def assert_unavailable(_):
self.assertEqual(503, request.responseCode)
self.assertEqual("Service Unavailable", request.written[0])
d.addCallback(assert_unavailable)
return d
def _mock_ajax_csrf(self, request, csrf_token):
request.requestHeaders.setRawHeaders('x-requested-with',
['XMLHttpRequest'])
request.requestHeaders.setRawHeaders('x-xsrf-token', [csrf_token])
def test_should_unauthorize_child_resource_ajax_requests_when_csrf_mismatch(
self):
request = DummyRequest(['/child'])
self._mock_ajax_csrf(request, 'stubbed csrf token')
request.getCookie = MagicMock(return_value='mismatched csrf token')
d = self.web.get(request)
def assert_unauthorized(_):
self.assertEqual(401, request.responseCode)
self.assertEqual("Unauthorized!", request.written[0])
d.addCallback(assert_unauthorized)
return d
def test_should_authorize_child_resource_non_ajax_GET_requests(self):
request = DummyRequest(['features'])
request.getCookie = MagicMock(return_value='irrelevant -- stubbed')
self.root_resource._child_resources.add('features', FeaturesResource())
self.root_resource._mode = MODE_RUNNING
d = self.web.get(request)
def assert_unauthorized(_):
self.assertEqual(200, request.code)
d.addCallback(assert_unauthorized)
return d
def test_should_unauthorize_child_resource_non_ajax_POST_requests_when_csrf_input_mismatch(
self):
request = DummyRequest(['mails'])
request.method = 'POST'
request.addArg('csrftoken', 'some csrf token')
mock_content = MagicMock()
mock_content.read = MagicMock(return_value={})
request.content = mock_content
request.getCookie = MagicMock(return_value='mismatched csrf token')
d = self.web.get(request)
def assert_unauthorized(_):
self.assertEqual(401, request.responseCode)
self.assertEqual("Unauthorized!", request.written[0])
d.addCallback(assert_unauthorized)
return d
class TestLoginResource(unittest.TestCase):
def setUp(self):
self.services_factory = mock()
self.portal = mock()
self.resource = LoginResource(self.services_factory, self.portal)
self.web = DummySite(self.resource)
def test_children_resources_are_unauthorized_when_not_logged_in(self):
request = DummyRequest(['/some_child_resource'])
d = self.web.get(request)
def assert_unauthorized_resources(_):
self.assertEqual(401, request.responseCode)
self.assertEqual("Unauthorized!", request.written[0])
d.addCallback(assert_unauthorized_resources)
return d
@patch('pixelated.resources.session.PixelatedSession.is_logged_in')
def test_there_are_no_grand_children_resources_when_logged_in(
self, mock_is_logged_in):
request = DummyRequest(['/login/grand_children'])
mock_is_logged_in.return_value = True
when(self.services_factory).is_logged_in(ANY()).thenReturn(True)
d = self.web.get(request)
def assert_resources_not_found(_):
self.assertEqual(404, request.responseCode)
self.assertIn("No Such Resource", request.written[0])
d.addCallback(assert_resources_not_found)
return d
def test_get(self):
request = DummyRequest([''])
d = self.web.get(request)
def assert_form_rendered(_):
self.assertEqual(200, request.responseCode)
form_action = 'action="/login"'
form_method = 'method="post"'
input_username = '******'
input_password = '******'
input_submit = 'name="login"'
default_disclaimer = 'Some disclaimer'
written_response = ''.join(request.written)
self.assertIn(form_action, written_response)
self.assertIn(form_method, written_response)
self.assertIn(input_password, written_response)
self.assertIn(input_submit, written_response)
self.assertIn(input_username, written_response)
self.assertIn(default_disclaimer, written_response)
d.addCallback(assert_form_rendered)
return d
def _write(self, filename, content):
with open(filename, 'w') as disclaimer_file:
disclaimer_file.write(content)
def test_override_login_disclaimer_message(self):
request = DummyRequest([''])
banner_file_name = 'banner.txt'
banner_disclaimer_content = '<p>some custom disclaimer</p>'
self._write(banner_file_name, banner_disclaimer_content)
self.resource._disclaimer_banner = 'service/_trial_temp/' + banner_file_name
d = self.web.get(request)
def assert_custom_disclaimer_rendered(_):
self.assertEqual(200, request.responseCode)
written_response = ''.join(request.written)
self.assertIn(banner_disclaimer_content, written_response)
def tear_down(_):
os.remove(banner_file_name)
d.addCallback(assert_custom_disclaimer_rendered)
d.addCallback(tear_down)
return d
def test_non_xml_compliant_banner_will_send_default_invalid_format_banner(
self):
request = DummyRequest([''])
banner_file_name = 'banner.txt'
xml_invalid_banner = '<p>some unclosed paragraph'
self._write(banner_file_name, xml_invalid_banner)
self.resource._disclaimer_banner = 'service/_trial_temp/' + banner_file_name
d = self.web.get(request)
def assert_default_invalid_banner_disclaimer_rendered(_):
self.assertEqual(200, request.responseCode)
written_response = ''.join(request.written)
self.assertIn(
"Invalid XML template format for service/_trial_temp/banner.txt.",
written_response)
def tear_down(_):
os.remove(banner_file_name)
d.addCallback(assert_default_invalid_banner_disclaimer_rendered)
d.addCallback(tear_down)
return d
def test_wrong_banner_file_location_will_send_default_invalid_format_banner(
self):
request = DummyRequest([''])
non_existing_banner_file = 'banner.txt'
self.resource._disclaimer_banner = non_existing_banner_file
d = self.web.get(request)
def assert_default_invalid_banner_disclaimer_rendered(_):
self.assertEqual(200, request.responseCode)
written_response = ''.join(request.written)
self.assertIn(
"Disclaimer banner file banner.txt could not be read or does not exit.",
written_response)
d.addCallback(assert_default_invalid_banner_disclaimer_rendered)
return d
class TestKeysResource(unittest.TestCase):
def setUp(self):
self.keymanager = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.keymanager = self.keymanager
self.services_factory._services_by_user = {
'someuserid': self.keymanager
}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.web = DummySite(KeysResource(self.services_factory))
def test_returns_404_if_key_not_found(self):
request = DummyRequest(['/keys'])
request.addArg('search', '*****@*****.**')
when(self.keymanager).fetch_key('*****@*****.**').thenReturn(
defer.fail(KeyNotFound()))
d = self.web.get(request)
def assert_404(_):
self.assertEquals(404, request.code)
d.addCallback(assert_404)
return d
def test_returns_the_key_as_json_if_found(self):
request = DummyRequest(['/keys'])
request.addArg('search', 'some@key')
when(self.keymanager).fetch_key('some@key').thenReturn(
defer.succeed(OpenPGPKey('some@key')))
d = self.web.get(request)
expected = {
u'address': u'some@key',
u'encr_used': False,
u'fingerprint': u'',
u'last_audited_at': 0,
u'private': False,
u'sign_used': False,
u'tags': [u'keymanager-active'],
u'type': u'OpenPGPKey-active',
u'validation': u'Weak_Chain',
u'version': 1,
}
def assert_response(_):
actual = json.loads(ast.literal_eval(request.written[0]))
self.assertEquals(expected, actual)
d.addCallback(assert_response)
return d
def test_returns_unauthorized_if_key_is_private(self):
request = DummyRequest(['/keys'])
request.addArg('search', 'some@key')
when(self.keymanager).fetch_key('some@key').thenReturn(
defer.succeed(OpenPGPKey('some@key', private=True)))
d = self.web.get(request)
def assert_response(_):
self.assertEquals(401, request.code)
d.addCallback(assert_response)
return d
class TestLoginPOST(unittest.TestCase):
def setUp(self):
self.services_factory = mock()
self.portal = mock()
self.provider = mock()
self.resource = LoginResource(self.services_factory, self.portal)
self.web = DummySite(self.resource)
self.request = DummyRequest([''])
username = '******'
self.request.addArg('username', username)
password = '******'
self.username = username
self.password = password
self.request.addArg('password', password)
self.request.method = 'POST'
leap_session = mock(LeapSession)
user_auth = mock()
user_auth.uuid = 'some_user_uuid'
leap_session.user_auth = user_auth
config = mock()
config.leap_home = 'some_folder'
leap_session.config = config
leap_session.fresh_account = False
self.leap_session = leap_session
self.user_auth = user_auth
def mock_user_has_services_setup(self):
when(self.services_factory).is_logged_in('some_user_uuid').thenReturn(
True)
def test_login_responds_interstitial_and_add_corresponding_session_to_services_factory(
self):
irrelevant = None
when(self.portal).login(ANY(), None, IResource).thenReturn(
(irrelevant, self.leap_session, irrelevant))
when(self.services_factory).create_services_from(
self.leap_session).thenAnswer(self.mock_user_has_services_setup)
d = self.web.get(self.request)
def assert_login_setup_service_for_user(_):
verify(self.portal).login(ANY(), None, IResource)
verify(self.services_factory).create_services_from(
self.leap_session)
interstitial_js_in_template = '<script src="startup-assets/Interstitial.js"></script>'
self.assertIn(interstitial_js_in_template, self.request.written[0])
self.assertTrue(self.resource.is_logged_in(self.request))
d.addCallback(assert_login_setup_service_for_user)
return d
def test_login_does_not_reload_services_if_already_loaded(self):
irrelevant = None
when(self.portal).login(ANY(), None, IResource).thenReturn(
(irrelevant, self.leap_session, irrelevant))
when(self.services_factory).is_logged_in('some_user_uuid').thenReturn(
True)
d = self.web.get(self.request)
def assert_login_setup_service_for_user(_):
verify(self.portal).login(ANY(), None, IResource)
verify(self.services_factory).is_logged_in('some_user_uuid')
verifyNoMoreInteractions(self.services_factory)
interstitial_js_in_template = '<script src="startup-assets/Interstitial.js"></script>'
self.assertIn(interstitial_js_in_template, self.request.written[0])
self.assertTrue(self.resource.is_logged_in(self.request))
d.addCallback(assert_login_setup_service_for_user)
return d
def test_should_return_form_back_with_error_message_when_login_fails(self):
when(self.portal).login(ANY(), None, IResource).thenRaise(Exception())
d = self.web.get(self.request)
def assert_login_setup_service_for_user(_):
verify(self.portal).login(ANY(), None, IResource)
self.assertEqual(401, self.request.responseCode)
written_response = ''.join(self.request.written)
self.assertIn('Invalid credentials', written_response)
self.assertFalse(self.resource.is_logged_in(self.request))
d.addCallback(assert_login_setup_service_for_user)
return d
@patch('pixelated.bitmask_libraries.session.LeapSessionFactory.create')
@patch('leap.auth.SRPAuth.authenticate')
@patch('pixelated.config.services.Services.setup')
def test_leap_session_is_not_created_when_leap_auth_fails(
self, mock_service_setup, mock_leap_srp_auth,
mock_leap_session_create):
mock_leap_srp_auth.side_effect = SRPAuthenticationError()
d = self.web.get(self.request)
def assert_login_setup_service_for_user(_):
verify(self.portal).login(ANY(), None, IResource)
self.assertFalse(mock_leap_session_create.called)
self.assertFalse(mock_service_setup.called)
self.assertEqual(401, self.request.responseCode)
self.assertFalse(self.resource.is_logged_in(self.request))
d.addCallback(assert_login_setup_service_for_user)
return d
@patch('twisted.web.util.redirectTo')
@patch('pixelated.resources.session.PixelatedSession.is_logged_in')
def test_should_not_process_login_if_already_logged_in(
self, mock_logged_in, mock_redirect):
mock_logged_in.return_value = True
when(self.services_factory).is_logged_in(ANY()).thenReturn(True)
mock_redirect.return_value = "mocked redirection"
when(self.portal).login(ANY(), None, IResource).thenRaise(Exception())
d = self.web.get(self.request)
def assert_login_setup_service_for_user(_):
verifyZeroInteractions(self.portal)
mock_redirect.assert_called_once_with('/', self.request)
d.addCallback(assert_login_setup_service_for_user)
return d
class TestKeysResource(unittest.TestCase):
def setUp(self):
self.keymanager = mock()
self.web = DummySite(KeysResource(self.keymanager))
def test_returns_404_if_key_not_found(self):
request = DummyRequest(['/keys'])
request.addArg('search', '*****@*****.**')
when(self.keymanager).fetch_key('*****@*****.**').thenReturn(
defer.fail(KeyNotFound()))
d = self.web.get(request)
def assert_404(_):
self.assertEquals(404, request.code)
d.addCallback(assert_404)
return d
def test_returns_the_key_as_json_if_found(self):
request = DummyRequest(['/keys'])
request.addArg('search', 'some@key')
when(self.keymanager).fetch_key('some@key').thenReturn(
defer.succeed(OpenPGPKey('some@key')))
d = self.web.get(request)
expected = {
"tags": ["keymanager-key"],
"fingerprint": '',
"private": False,
'sign_used': False,
'refreshed_at': 0,
"expiry_date": 0,
"address": 'some@key',
'encr_used': False,
'last_audited_at': 0,
'key_data': '',
'length': 0,
'key_id': '',
'validation': 'Weak_Chain',
'type': 'OpenPGPKey',
}
def assert_response(_):
actual = json.loads(ast.literal_eval(request.written[0]))
self.assertEquals(expected, actual)
d.addCallback(assert_response)
return d
def test_returns_unauthorized_if_key_is_private(self):
request = DummyRequest(['/keys'])
request.addArg('search', 'some@key')
when(self.keymanager).fetch_key('some@key').thenReturn(
defer.succeed(OpenPGPKey('some@key', private=True)))
d = self.web.get(request)
def assert_response(_):
self.assertEquals(401, request.code)
d.addCallback(assert_response)
return d
class TestLoginResource(unittest.TestCase):
def setUp(self):
self.services_factory = mock()
self.portal = mock()
self.resource = LoginResource(self.services_factory, self.portal)
self.web = DummySite(self.resource)
def test_children_resources_are_unauthorized_when_not_logged_in(self):
request = DummyRequest(['/some_child_resource'])
d = self.web.get(request)
def assert_unauthorized_resources(_):
self.assertEqual(401, request.responseCode)
self.assertEqual("Unauthorized!", request.written[0])
d.addCallback(assert_unauthorized_resources)
return d
@patch('pixelated.resources.session.PixelatedSession.is_logged_in')
def test_there_are_no_grand_children_resources_when_logged_in(self, mock_is_logged_in):
request = DummyRequest(['/login/grand_children'])
mock_is_logged_in.return_value = True
when(self.services_factory).is_logged_in(ANY()).thenReturn(True)
d = self.web.get(request)
def assert_resources_not_found(_):
self.assertEqual(404, request.responseCode)
self.assertIn("No Such Resource", request.written[0])
d.addCallback(assert_resources_not_found)
return d
def test_get(self):
request = DummyRequest([''])
d = self.web.get(request)
def assert_form_rendered(_):
self.assertEqual(200, request.responseCode)
form_action = 'action="/login"'
form_method = 'method="post"'
input_username = '******'
input_password = '******'
input_submit = 'name="login"'
default_disclaimer = 'Some disclaimer'
written_response = ''.join(request.written)
self.assertIn(form_action, written_response)
self.assertIn(form_method, written_response)
self.assertIn(input_password, written_response)
self.assertIn(input_submit, written_response)
self.assertIn(input_username, written_response)
self.assertIn(default_disclaimer, written_response)
d.addCallback(assert_form_rendered)
return d
def _write(self, filename, content):
with open(filename, 'w') as disclaimer_file:
disclaimer_file.write(content)
def test_override_login_disclaimer_message(self):
request = DummyRequest([''])
banner_file_name = 'banner.txt'
banner_disclaimer_content = '<p>some custom disclaimer</p>'
self._write(banner_file_name, banner_disclaimer_content)
self.resource._disclaimer_banner = 'service/_trial_temp/' + banner_file_name
d = self.web.get(request)
def assert_custom_disclaimer_rendered(_):
self.assertEqual(200, request.responseCode)
written_response = ''.join(request.written)
self.assertIn(banner_disclaimer_content, written_response)
def tear_down(_):
os.remove(banner_file_name)
d.addCallback(assert_custom_disclaimer_rendered)
d.addCallback(tear_down)
return d
def setUp(self):
self.services_factory = MagicMock()
self.resource = LogoutResource(self.services_factory)
self.services_factory.log_out_user.return_value = defer.succeed(None)
self.web = DummySite(self.resource)
class TestRootResource(unittest.TestCase):
MAIL_ADDRESS = '*****@*****.**'
def setUp(self):
self.mail_service = mock()
self.services_factory = mock()
self.services_factory.mode = UserAgentMode(is_single_user=True)
self.services = mock()
self.services.mail_service = self.mail_service
self.services_factory._services_by_user = {'someuserid': self.mail_service}
when(self.services_factory).services(ANY()).thenReturn(self.services)
self.mail_service.account_email = self.MAIL_ADDRESS
root_resource = RootResource(self.services_factory)
root_resource._html_template = "<html><head><title>$account_email</title></head></html>"
root_resource._mode = root_resource
self.web = DummySite(root_resource)
self.root_resource = root_resource
def test_render_GET_should_template_account_email(self):
request = DummyRequest([''])
request.addCookie = lambda key, value: 'stubbed'
d = self.web.get(request)
def assert_response(_):
expected = "<title>{0}</title>".format(self.MAIL_ADDRESS)
matches = re.findall(expected, request.written[0])
self.assertEquals(len(matches), 1)
d.addCallback(assert_response)
return d
def _test_should_renew_xsrf_cookie(self):
request = DummyRequest([''])
request.addCookie = MagicMock()
generated_csrf_token = 'csrf_token'
mock_sha = MagicMock()
mock_sha.hexdigest = MagicMock(return_value=generated_csrf_token)
with patch('hashlib.sha256', return_value=mock_sha):
d = self.web.get(request)
def assert_csrf_cookie(_):
request.addCookie.assert_called_once_with('XSRF-TOKEN', generated_csrf_token)
d.addCallback(assert_csrf_cookie)
return d
def test_should_renew_xsrf_cookie_on_startup_mode(self):
self.root_resource._mode = MODE_STARTUP
self._test_should_renew_xsrf_cookie()
def test_should_renew_xsrf_cookie_on_running_mode(self):
self.root_resource._mode = MODE_RUNNING
self._test_should_renew_xsrf_cookie()
def test_should_unavailable_child_resource_during_startup(self):
self.root_resource._mode = MODE_STARTUP
request = DummyRequest(['/child'])
request.getCookie = MagicMock(return_value='irrelevant -- stubbed')
d = self.web.get(request)
def assert_unavailable(_):
self.assertEqual(503, request.responseCode)
self.assertEqual("Service Unavailable", request.written[0])
d.addCallback(assert_unavailable)
return d
def _mock_ajax_csrf(self, request, csrf_token):
request.requestHeaders.setRawHeaders('x-requested-with', ['XMLHttpRequest'])
request.requestHeaders.setRawHeaders('x-xsrf-token', [csrf_token])
def test_should_unauthorize_child_resource_ajax_requests_when_csrf_mismatch(self):
request = DummyRequest(['/child'])
request.method = 'POST'
self._mock_ajax_csrf(request, 'stubbed csrf token')
request.getCookie = MagicMock(return_value='mismatched csrf token')
d = self.web.get(request)
def assert_unauthorized(_):
self.assertEqual(401, request.responseCode)
self.assertEqual("Unauthorized!", request.written[0])
d.addCallback(assert_unauthorized)
return d
def test_should_404_non_existing_resource_with_valid_csrf(self):
request = DummyRequest(['/non-existing-child'])
request.method = 'POST'
self._mock_ajax_csrf(request, 'stubbed csrf token')
request.getCookie = MagicMock(return_value='stubbed csrf token')
d = self.web.get(request)
def assert_not_found(_):
self.assertEqual(404, request.responseCode)
self.assertIn("No Such Resource", request.written[0])
d.addCallback(assert_not_found)
return d
def test_should_authorize_child_resource_non_ajax_GET_requests(self):
request = DummyRequest(['features'])
request.getCookie = MagicMock(return_value='irrelevant -- stubbed')
self.root_resource._child_resources.add('features', FeaturesResource())
self.root_resource._mode = MODE_RUNNING
d = self.web.get(request)
def assert_unauthorized(_):
self.assertEqual(200, request.code)
d.addCallback(assert_unauthorized)
return d
def test_should_unauthorize_child_resource_non_ajax_POST_requests_when_csrf_input_mismatch(self):
request = DummyRequest(['mails'])
request.method = 'POST'
request.addArg('csrftoken', 'some csrf token')
mock_content = MagicMock()
mock_content.read = MagicMock(return_value={})
request.content = mock_content
request.getCookie = MagicMock(return_value='mismatched csrf token')
d = self.web.get(request)
def assert_unauthorized(_):
self.assertEqual(401, request.responseCode)
self.assertEqual("Unauthorized!", request.written[0])
d.addCallback(assert_unauthorized)
return d
def setUp(self):
self.feedback_service = mock()
self.web = DummySite(FeedbackResource(self.feedback_service))
