def test_logout(self): self.app = FakeApp(application) response = self.app.post_json('/api/_login', self.user_data) self.assertEqual(200, response.status_int) response = self.app.get('/api/resource/') self.assertEqual(200, response.status_int) response = self.app.get('/api/_logout') self.assertEqual(200, response.status_int) self.app = FakeApp(application) response = self.app.get('/api/resource/', expect_errors=True) self.assertEqual(401, response.status_int)
def test_middleware_accepts_json(dbsession, account): app = FakeApp(server.make_app()) params = { 'account_id': account.id, 'amount': 400, 'user_id': 1001, 'nonce': 'fake-valid-nonce' } resp = app.post_json('/', params, expect_errors=True) assert resp.status_code == 201
def test_logged_user(self): self.app = FakeApp(application) response = self.app.post_json('/api/_login', self.user_data) self.assertEqual(200, response.status_int) response = self.app.post_json('/api/_ping', self.user_data) self.assertEqual(200, response.status_int) time.sleep(6) response = self.app.post_json('/api/_ping', self.user_data, expect_errors=True) self.assertEqual(401, response.status_int)
def test_login(self): self.app = FakeApp(application) response = self.app.post_json('/api/_login', self.user_data) self.assertEqual(200, response.status_int) self.app = FakeApp(application) response = self.app.post_json('/api/_login', { "username": "******", "password": '******' }, expect_errors=True) self.assertEqual(403, response.status_int) self.app = FakeApp(application) response = self.app.get('/api/resource/', expect_errors=True) self.assertEqual(401, response.status_int) self.app = FakeApp(application) response = self.app.post_json('/api/_login', self.user_data) self.assertEqual(200, response.status_int) response = self.app.get('/api/resource/') self.assertEqual(200, response.status_int)
def test_actions_under_authentication(self): response = self.app.get('/api/user/under_authentication', expect_errors=True) self.assertEqual(403, response.status_int) self.app = FakeApp(application) response = self.app.post_json('/api/_login', { "username": "******", "password": '******' }) self.assertEqual(200, response.status_int) response = self.app.get('/api/user/under_authentication', expect_errors=True) self.assertEqual(200, response.status_int)
def test_action_without_model(self): self.app = FakeApp(application) response = self.app.post('/api/any/123/activate', expect_errors=True) self.assertEqual(404, response.status_int)
def test_shields(self): @register class MyAuth(Authentication): expiration_time = 5 @classmethod def salt_key(cls): return 'ray_salt_key' @classmethod def authenticate(cls, login_data): if login_data['password'] == '123': return {'username': '******'} @endpoint('/person', authentication=MyAuth) class PersonModel(ModelInterface): def __init__(self, *a, **k): self.login = None super(PersonModel, self).__init__(*a, **k) @classmethod def columns(cls): return ['id'] class PersonShield(Shield): __model__ = PersonModel def get(self, user_data, person_id, parameters): return user_data['username'] == 'felipe' def put(self, user_data, person_id, parameters): assert person_id == '1' assert parameters == {'any': '*****@*****.**'} return True global global_person_id response = self.app.post_json('/api/_login', { "username": "******", 'password': '******' }) self.assertEqual(200, response.status_int) response = self.app.get('/api/person/') self.assertEqual(200, response.status_int) self.app = FakeApp(application) response = self.app.post_json('/api/_login', { "username": "******", 'password': '******' }) self.assertEqual(200, response.status_int) global global_parameters self.app.put_json('/api/person/1/', {'any': '*****@*****.**'}) self.assertEqual(200, response.status_int) self.app = FakeApp(application) response = self.app.get('/api/person', expect_errors=True) self.assertEquals(401, response.status_int) self.app = FakeApp(application) response = self.app.post('/api/person/', expect_errors=True) self.assertIsNot(401, response.status_int) self.app = FakeApp(application) response = self.app.put('/api/person/', expect_errors=True) self.assertIsNot(404, response.status_int) self.app = FakeApp(application) response = self.app.delete('/api/person/', expect_errors=True) self.assertIsNot(404, response.status_int)
def test_responds_400_with_empty_body(): app = FakeApp(server.make_app()) resp = app.post('/', expect_errors=True, content_type='application/json') assert resp.status_code == 400
def test_middleware_rejects_non_json(): app = FakeApp(server.make_app()) resp = app.post('/', expect_errors=True) assert resp.status_code == 415
def setUp(self): self.app = FakeApp(application)