def test_bad_secret(self):
""" The DB API should return a 401 unauthorised if I submit a request
as an agent but with a bad or empty password.
"""
app = TestApp(get_app(test_ini))
#With no password
app.authorization = ('Basic', ('agent', ''))
app.get("/users/testuser/credit", status=401)
#And with a bad one
app.authorization = ('Basic', ('agent', 'badpass'))
app.get("/users/testuser/credit", status=401)
def test_view_wabstic_proporz(election_day_app):
id_, token = add_data_source(
Client(election_day_app),
upload_type='proporz',
fill=True
)
client = Client(election_day_app)
client.authorization = ('Basic', ('', token))
params = [
(name, Upload('{}.csv'.format(name), 'a'.encode('utf-8')))
for name in (
'wp_wahl',
'wpstatic_gemeinden',
'wp_gemeinden',
'wp_listen',
'wp_listengde',
'wpstatic_kandidaten',
'wp_kandidaten',
'wp_kandidatengde',
)
]
with patch(
'onegov.election_day.views.upload.wabsti_exporter'
'.import_election_wabstic_proporz'
) as import_:
result = client.post('/upload-wabsti-proporz', params=params)
assert import_.called
assert '1' in import_.call_args[0]
assert '2' in import_.call_args[0]
assert result.json['status'] == 'success'
def test_view_rest_parties(election_day_app):
token = UploadTokenCollection(election_day_app.session()).create()
token = str(token.token)
transaction.commit()
client = Client(election_day_app)
client.authorization = ('Basic', ('', token))
create_election(election_day_app, 'proporz')
params = (
('id', 'election'),
('type', 'parties'),
('results', Upload('results.csv', 'a'.encode('utf-8'))),
)
with patch(
'onegov.election_day.views.upload.rest.import_party_results',
return_value=[]
) as import_:
result = client.post('/upload', params=params)
assert result.json['status'] == 'success'
assert import_.called
assert isinstance(import_.call_args[0][0], Election)
assert isinstance(import_.call_args[0][1], BytesIO)
assert import_.call_args[0][2] == 'application/octet-stream'
def test_auth(monkeypatch):
monkeypatch.setenv("WSGI_AUTH_CREDENTIALS", "foo:bar")
application = wsgi_basic_auth.BasicAuth(wsgi_app)
app = TestApp(application)
app.get("/", status=401)
app.authorization = ("Basic", ("foo", "bar"))
app.get("/", status=200)
def test_states_empty(self):
#Get a valid log-in
app = TestApp(get_app(test_ini))
settings = get_appsettings(test_ini)
app.authorization = ('Basic', ('agent', settings['agent.secret']))
r = app.get('/states')
self.assertEqual(r.json, { s : 0 for s in server.get_state_list() })
def test_view_rest_authenticate(election_day_app):
client = Client(election_day_app)
client.post('/upload', status=401)
client.authorization = ('Basic', ('', 'password'))
client.post('/upload', status=401)
collection = UploadTokenCollection(election_day_app.session())
token = str(collection.create().token)
transaction.commit()
client.post('/upload', status=401)
client.authorization = ('Basic', ('', token))
client.post('/upload', status=400)
for token in collection.query():
collection.delete(token)
transaction.commit()
client.post('/upload', status=401)
def test_view_rest_validation(election_day_app):
token = UploadTokenCollection(election_day_app.session()).create()
token = str(token.token)
transaction.commit()
client = Client(election_day_app)
client.authorization = ('Basic', ('', token))
# No parameters
result = client.post('/upload', status=400).json
assert result['status'] == 'error'
assert result['errors'] == {
'id': [{'message': 'This field is required.'}],
'results': [{'message': 'This field is required.'}],
'type': [{'message': 'This field is required.'}],
}
# Invalid type
result = client.post('/upload', status=400, params=(('type', 'xyz'),)).json
assert result['errors']['type'] == [{'message': 'Not a valid choice'}]
# No vote
params = (
('id', 'vote-id'),
('type', 'vote'),
('results', Upload('results.csv', 'a'.encode('utf-8'))),
)
result = client.post('/upload', status=400, params=params).json
assert result['errors']['id'] == [{'message': 'Invalid id'}]
# No election
params = (
('id', 'election-id'),
('type', 'election'),
('results', Upload('results.csv', 'a'.encode('utf-8'))),
)
result = client.post('/upload', status=400, params=params).json
assert result['errors']['id'] == [{'message': 'Invalid id'}]
# Wrong election type
create_election(election_day_app, 'majorz')
params = (
('id', 'election'),
('type', 'parties'),
('results', Upload('results.csv', 'a'.encode('utf-8'))),
)
result = client.post('/upload', status=400, params=params).json
assert result['errors']['id'] == [{
'message': 'Use an election based on proportional representation'
}]
def test_view_wabstic_authenticate(election_day_app):
client = Client(election_day_app)
urls = ('vote', 'majorz', 'proporz')
def post(url):
return client.post('/upload-wabsti-{}'.format(url), expect_errors=True)
assert all((post(url).status_code == 403 for url in urls))
client.authorization = ('Basic', ('', 'password'))
assert all((post(url).status_code == 403 for url in urls))
id_, token = add_data_source(Client(election_day_app))
assert all((post(url).status_code == 403 for url in urls))
client.authorization = ('Basic', ('', token))
assert all((post(url).status_code == 200 for url in urls))
regenerate_token(Client(election_day_app), id_)
assert all((post(url).status_code == 403 for url in urls))
def test_env_secretfile(self):
""" I should be able to supply the secret in the environment and it should
override the config file.
"""
#Don't do this, it stays set and breaks other tests
#os.environ['agent_secretfile'] = secret_file
#Do this...
with patch.dict('os.environ', {'agent_secretfile': secret_file}):
app = TestApp(get_app(test_ini))
# We know what's in the secret_file; see the first test above
app.authorization = ('Basic', ('agent', 'testsharedsecret'))
r = app.get("/users/testuser/credit")
self.assertEqual(r.json['credit_balance'], 200)
def test_secret_in_file(self):
""" Likewise I should be able to set a secretfile in the config file
and the secret should be read from there.
"""
#self test 2 above confirms that this sets the agent.secretfile correctly
with patch('builtins.open',
filter_open(TestAgentAPI._ini_filter, pattern=r'test\.ini$', verbose=False)):
appconf = get_app(test_ini)
app = TestApp(appconf)
# We know what's in the secret_file; see the first test above
app.authorization = ('Basic', ('agent', 'testsharedsecret'))
r = app.get("/users/testuser/credit")
self.assertEqual(r.json['credit_balance'], 200)
def test_view_wabstic_vote(election_day_app):
id_, token = add_data_source(Client(election_day_app), fill=True)
client = Client(election_day_app)
client.authorization = ('Basic', ('', token))
params = [
(name, Upload('{}.csv'.format(name), 'a'.encode('utf-8')))
for name in ('sg_geschaefte', 'sg_gemeinden')
]
with patch(
'onegov.election_day.views.upload.wabsti_exporter.import_vote_wabstic'
) as import_:
result = client.post('/upload-wabsti-vote', params=params)
assert import_.called
assert '1' in import_.call_args[0]
assert '2' in import_.call_args[0]
assert result.json['status'] == 'success'
def _get_test_app(self):
# This is tested in the test below, and also convenient for other tests where
# we just want a working agent log-in.
app = TestApp(get_app(test_ini))
#Re-read the .ini to find out the secret.
settings = get_appsettings(test_ini)
#This should not be the same as what's in secret-file.txt.
#Actually, I already tested this above, no matter.
# self.assertNotEqual(settings['agent.secret'], 'testsharedsecret')
app.authorization = ('Basic', ('agent', settings['agent.secret']))
#And we need this, or else the second call will fail with
# KeyError: 'No such user'. Really we should either suppress HAP returning
# a login token to agents or else allow it to validate the token successfully.
app.cookiejar.set_policy(DefaultCookiePolicy(allowed_domains=[]))
return app
def connected_admin_app(app):
"""A Webtest app with connected admin user."""
test_app = TestApp(app)
user = User(username='******',
email='*****@*****.**',
password=sha256_crypt.hash("123456"),
admin=1)
_db.session.add(user)
_db.session.commit()
access_token = create_access_token(identity=user.as_dict())
refresh_token = create_refresh_token(identity=user.as_dict())
test_app.authorization = ('Bearer', access_token)
login_user(user)
user.authenticated = True
yield test_app
def test__get_user_config_endpoint_new_user(
self, user_api_factory: UserApiFactory, web_testapp: TestApp):
uapi = user_api_factory.get()
profile = Profile.USER
test_user = uapi.create_user(
email="*****@*****.**",
password="******",
name="bob",
profile=profile,
timezone="Europe/Paris",
lang="fr",
do_save=True,
do_notify=False,
)
transaction.commit()
user_id = test_user.user_id
web_testapp.authorization = ("Basic", ("*****@*****.**", "password"))
res = web_testapp.get(
"/api/users/{user_id}/config".format(user_id=user_id), status=200)
assert json.loads(res.body, encoding="utf-8")["parameters"] == {}
def connected_app(app):
"""A Webtest app with connected user."""
test_app = TestApp(app)
user = User(username='******',
color='blue',
mode='light',
email='*****@*****.**',
password=sha256_crypt.hash("123456"),
firstname="User",
lastname="Name",
language="en-US")
_db.session.add(user)
_db.session.commit()
access_token = create_access_token(identity=to_dict(user))
refresh_token = create_refresh_token(identity=to_dict(user))
test_app.authorization = ('Bearer', access_token)
yield test_app
def test_view_rest_translations(election_day_app):
token = UploadTokenCollection(election_day_app.session()).create()
token = str(token.token)
transaction.commit()
client = Client(election_day_app)
client.authorization = ('Basic', ('', token))
params = (
('id', 'vote-id'),
('type', 'vote'),
('results', Upload('results.csv', 'a'.encode('utf-8'))),
)
# Default
result = client.post('/upload', status=400).json
assert result['errors']['id'][0]['message'] == 'This field is required.'
result = client.post('/upload', status=400, params=params).json
assert result['errors']['id'][0]['message'] == 'Invalid id'
# Invalid header
headers = [('Accept-Language', 'xxx')]
result = client.post('/upload', status=400, headers=headers).json
assert result['errors']['id'][0]['message'] == 'This field is required.'
result = client.post('/upload', status=400, headers=headers, params=params)
result = result.json
assert result['errors']['id'][0]['message'] == 'Invalid id'
# German
headers = [('Accept-Language', 'de_CH')]
result = client.post('/upload', status=400, headers=headers).json
assert result['errors']['id'][0]['message'] == 'Dieses Feld wird benötigt.'
result = client.post('/upload', status=400, headers=headers, params=params)
result = result.json
assert result['errors']['id'][0]['message'] == 'Ungültige ID'
def test_view_wabstic_translations(election_day_app):
id_, token = add_data_source(Client(election_day_app), fill=True)
client = Client(election_day_app)
client.authorization = ('Basic', ('', token))
params = (
('sg_geschaefte', Upload('sg_geschaefte.txt', 'a'.encode('utf-8'))),
('sg_gemeinden', Upload('sg_gemeinden.txt', 'a'.encode('utf-8'))),
)
# Default
result = client.post('/upload-wabsti-vote')
assert result.json['errors']['sg_gemeinden'] == ['This field is required.']
result = client.post('/upload-wabsti-majorz')
assert result.json['errors']['data_source'] == [
'The data source is not configured properly'
]
result = client.post('/upload-wabsti-vote', params=params)
assert result.json['errors']['item'][0]['message'] == (
'Not a valid xls/xlsx file.'
)
# Invalid header
headers = [('Accept-Language', 'xxx')]
result = client.post('/upload-wabsti-vote', headers=headers)
assert result.json['errors']['sg_gemeinden'] == ['This field is required.']
result = client.post('/upload-wabsti-majorz', headers=headers)
assert result.json['errors']['data_source'] == [
'The data source is not configured properly'
]
result = client.post('/upload-wabsti-vote', headers=headers, params=params)
assert result.json['errors']['item'][0]['message'] == (
'Not a valid xls/xlsx file.'
)
# German
headers = [('Accept-Language', 'de_CH')]
result = client.post('/upload-wabsti-vote', headers=headers)
assert result.json['errors']['sg_gemeinden'] == [
'Dieses Feld wird benötigt.'
]
result = client.post('/upload-wabsti-majorz', headers=headers)
assert result.json['errors']['data_source'] == [
'Die Datenquellekonfiguration ist ungültig'
]
result = client.post('/upload-wabsti-vote', headers=headers, params=params)
assert result.json['errors']['item'][0]['message'] == (
'Keine gültige XLS/XLSX Datei.'
)
# Italian
headers = [('Accept-Language', 'it_CH')]
result = client.post('/upload-wabsti-vote', headers=headers)
assert result.json['errors']['sg_gemeinden'] == [
'Questo campo è obbligatorio.'
]
result = client.post('/upload-wabsti-majorz', headers=headers)
assert result.json['errors']['data_source'] == [
'L\'origine dati non è configurata correttamente'
]
result = client.post('/upload-wabsti-vote', headers=headers, params=params)
assert result.json['errors']['item'][0]['message'] == (
'Nessun file XLS/XLSX valido.'
)
def test__subscribe_workspace__ok__200__resubscribe_to_rejected_subscription(
self,
user_api_factory: UserApiFactory,
workspace_api_factory: WorkspaceApiFactory,
web_testapp: TestApp,
subscription_lib_factory: SubscriptionLibFactory,
admin_user: User,
event_helper: EventHelper,
):
on_request_workspace = workspace_api_factory.get().create_workspace(
"on_request",
access_type=WorkspaceAccessType.ON_REQUEST,
save_now=True)
uapi = user_api_factory.get()
profile = Profile.USER
test_user = uapi.create_user(
email="*****@*****.**",
password="******",
name="bob",
profile=profile,
timezone="Europe/Paris",
lang="fr",
do_save=True,
do_notify=False,
)
subscription = subscription_lib_factory.get(
test_user).submit_subscription(workspace=on_request_workspace)
subscription_lib_factory.get().reject_subscription(subscription)
transaction.commit()
web_testapp.authorization = ("Basic", ("*****@*****.**", "password"))
res = web_testapp.get("/api/users/{}/workspace_subscriptions".format(
test_user.user_id),
status=200)
assert len(res.json_body) == 1
subscription = res.json_body[0]
assert subscription[
"state"] == WorkspaceSubscriptionState.REJECTED.value
assert subscription["workspace"][
"workspace_id"] == on_request_workspace.workspace_id
assert subscription["author"]["user_id"] == test_user.user_id
assert subscription["created_date"]
assert subscription["evaluation_date"]
assert subscription["evaluator"]["user_id"] == admin_user.user_id
# resubscribe rejected subscription
params = {"workspace_id": on_request_workspace.workspace_id}
res = web_testapp.put_json(
"/api/users/{}/workspace_subscriptions".format(test_user.user_id),
status=200,
params=params,
)
subscription = res.json_body
assert subscription[
"state"] == WorkspaceSubscriptionState.PENDING.value
assert subscription["workspace"][
"workspace_id"] == on_request_workspace.workspace_id
assert subscription["author"]["user_id"] == test_user.user_id
assert subscription["created_date"]
assert subscription["evaluation_date"] is None
assert subscription["evaluator"] is None
last_event = event_helper.last_event
assert last_event.event_type == "workspace_subscription.modified"
author = web_testapp.get("/api/users/{}".format(test_user.user_id),
status=200).json_body
assert last_event.author == author
web_testapp.authorization = ("Basic", ("*****@*****.**",
"*****@*****.**"))
workspace = web_testapp.get("/api/workspaces/{}".format(
on_request_workspace.workspace_id),
status=200).json_body
assert last_event.workspace == workspace
assert last_event.subscription["state"] == subscription["state"]
assert last_event.subscription["workspace"] == subscription[
"workspace"]
assert last_event.subscription["author"] == subscription["author"]
assert last_event.subscription["evaluator"] == subscription[
"evaluator"]
# after resubscribe
res = web_testapp.get("/api/users/{}/workspace_subscriptions".format(
test_user.user_id),
status=200)
assert len(res.json_body) == 1
subscription = res.json_body[0]
assert subscription[
"state"] == WorkspaceSubscriptionState.PENDING.value
assert subscription["workspace"][
"workspace_id"] == on_request_workspace.workspace_id
assert subscription["author"]["user_id"] == test_user.user_id
assert subscription["created_date"]
assert subscription["evaluation_date"] is None
assert subscription["evaluator"] is None
last_event = event_helper.last_event
assert last_event.event_type == "workspace_subscription.modified"
author = web_testapp.get("/api/users/{}".format(test_user.user_id),
status=200).json_body
assert last_event.author == author
web_testapp.authorization = ("Basic", ("*****@*****.**",
"*****@*****.**"))
workspace = web_testapp.get("/api/workspaces/{}".format(
on_request_workspace.workspace_id),
status=200).json_body
assert last_event.workspace == workspace
assert last_event.subscription["state"] == subscription["state"]
assert last_event.subscription["workspace"] == subscription[
"workspace"]
assert last_event.subscription["author"] == subscription["author"]
assert last_event.subscription["evaluator"] == subscription[
"evaluator"]
def test__get_user_subscription__ok__200__nominal_case(
self,
user_api_factory: UserApiFactory,
workspace_api_factory: WorkspaceApiFactory,
web_testapp: TestApp,
subscription_lib_factory: SubscriptionLibFactory,
admin_user: User,
):
workspace_api_factory.get().create_workspace(
"open", access_type=WorkspaceAccessType.OPEN, save_now=True)
on_request_workspace = workspace_api_factory.get().create_workspace(
"on_request",
access_type=WorkspaceAccessType.ON_REQUEST,
save_now=True)
on_request_workspace_2 = workspace_api_factory.get().create_workspace(
"on_request_2",
access_type=WorkspaceAccessType.ON_REQUEST,
save_now=True)
workspace_api_factory.get().create_workspace(
"confidential",
access_type=WorkspaceAccessType.CONFIDENTIAL,
save_now=True)
uapi = user_api_factory.get()
profile = Profile.USER
test_user = uapi.create_user(
email="*****@*****.**",
password="******",
name="bob",
profile=profile,
timezone="Europe/Paris",
lang="fr",
do_save=True,
do_notify=False,
)
subscription_lib_factory.get(test_user).submit_subscription(
workspace=on_request_workspace)
subscription = subscription_lib_factory.get(
test_user).submit_subscription(workspace=on_request_workspace_2)
subscription_lib_factory.get().reject_subscription(subscription)
transaction.commit()
web_testapp.authorization = ("Basic", ("*****@*****.**", "password"))
res = web_testapp.get("/api/users/{}/workspace_subscriptions".format(
test_user.user_id),
status=200)
assert len(res.json_body) == 2
first_subscription = res.json_body[0]
assert first_subscription[
"state"] == WorkspaceSubscriptionState.PENDING.value
assert first_subscription["workspace"][
"workspace_id"] == on_request_workspace.workspace_id
assert first_subscription["author"]["user_id"] == test_user.user_id
assert first_subscription["created_date"]
assert first_subscription["evaluation_date"] is None
assert first_subscription["evaluator"] is None
second_subscription = res.json_body[1]
assert second_subscription[
"state"] == WorkspaceSubscriptionState.REJECTED.value
assert (second_subscription["workspace"]["workspace_id"] ==
on_request_workspace_2.workspace_id)
assert second_subscription["author"]["user_id"] == test_user.user_id
assert second_subscription["created_date"]
assert second_subscription["evaluation_date"]
assert second_subscription["evaluator"][
"user_id"] == admin_user.user_id
web_testapp.authorization = ("Basic", ("*****@*****.**",
"*****@*****.**"))
res2 = web_testapp.get("/api/users/{}/workspace_subscriptions".format(
test_user.user_id),
status=200)
assert res.json_body == res2.json_body
def authorized_app():
app = WebTestApp(main({}, **test_app_configuration))
admin = UserModel.get(id='admin')
app.authorization = ('Basic', (admin.id, admin.api_key))
return app
def test_api__try_login_enpoint__ok_200__with_username_basic_auth(
self, web_testapp: TestApp,
) -> None:
web_testapp.authorization = ("Basic", ("TheAdmin", "*****@*****.**"))
res = web_testapp.get("/api/auth/whoami", status=200)
assert res.json_body["public_name"] == "Global manager"
