def test_random_is_not_authenticated(self):
# check that doesn't exists some random tokens
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token=utils.random_hash())[0])
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token=utils.random_hash())[0])
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token=utils.random_hash())[0])
# check that doesn't exists simplest tokens
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token='1')[0])
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token='11')[0])
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token='111')[0])
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token='asd')[0])
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token='qwe')[0])
self.assertFalse(
perm_controller.is_authenticated(session=self.session,
token='qwerty')[0])
def get_test_env():
return {
'user': {
'name': 'test_user1_{}'.format(utils.random_hash(7)),
},
'token': {
'code': 'test_token1_{}'.format(utils.random_hash(7))
},
'user2': {
'name': 'test_user2_{}'.format(utils.random_hash(7)),
},
'token2': {
'code': 'test_token2_{}'.format(utils.random_hash(7))
},
'user3': {
'name': 'test_user3_{}'.format(utils.random_hash(7)),
},
'token3': {
'code': 'test_token3_{}'.format(utils.random_hash(7))
},
'group': {
'name': 'test_group_{}'.format(utils.random_hash(7)),
},
'file': {
'uri': 'test/test_file_{}.ext'.format(utils.random_hash(7)),
},
'file_content': 'some text for test file'
}
class TestFileController(StandartNifflerControllerTest):
controller = file_controller
uri = '{}/{}'.format(random_hash(), random_hash())
def get_register_kwobj(self, session):
return {
'uri': self.uri,
'owner_id': self.get_test_user().id,
'groups': [self.get_test_group()]
}
def get_remove_kwobj(self, session):
return {'uri': self.uri}
def test_remove_not_existing(self):
self.base_test_remove_ctl(self.session)
def test_adding_and_removing(self):
self.base_test_adding_and_removing_ctl(self.session)
class TestUserController(StandartNifflerControllerTest):
controller = user_controller
name = '{}'.format(random_hash())
def get_register_kwobj(self, session):
return {'name': self.name, 'groups': [self.get_test_group()]}
def get_remove_kwobj(self, session):
return {'name': self.name}
def test_remove_not_existing(self):
self.base_test_remove_ctl(self.session)
def test_adding_and_removing(self):
self.base_test_adding_and_removing_ctl(self.session)
class TestTokenController(StandartNifflerControllerTest):
controller = token_controller
code = '{}'.format(random_hash())
def get_register_kwobj(self, session):
return {'code': self.code, 'user_id': self.get_test_user().id}
def get_remove_kwobj(self, session):
return {'code': self.code}
def test_remove_not_existing(self):
self.base_test_remove_ctl(self.session)
def test_adding_and_removing(self):
self.base_test_adding_and_removing_ctl(self.session)
def test_nginx_private_user_case(self):
file_name = 'test_{}'.format(utils.random_hash())
uri = '/{}'.format(file_name)
url = TestNginx.get_real_url(uri)
headers = {'Authorization': self.test_token.code}
headers2 = {'Authorization': self.test_token2.code}
headers3 = {'Authorization': self.test_token3.code}
data = b'some text'
data2 = b'some text2'
# getting not existing file
self.assert_url(url=url,
headers=headers,
method='GET',
res_http_code=403) # Forbidden
# putting file
self.assert_url(url=url,
headers=headers,
method='PUT',
data=data,
res_http_code=201) # Created
# getting existing file + check body
result = self.assert_url(url=url,
headers=headers,
method='GET',
res_http_code=200) # OK
self.assertEqual(result.read(), data)
# others users
self.assert_url(url=url,
headers=headers2,
method='GET',
res_http_code=403) # Forbidden
self.assert_url(url=url,
headers=headers3,
method='GET',
res_http_code=403) # Forbidden
# patch - add access to group
self.assert_url(url=url + '?group=' + self.test_group.name,
headers=headers,
method='PATCH',
res_http_code=200) # OK
# others users
self.assert_url(url=url,
headers=headers2,
method='GET',
res_http_code=200) # OK
self.assert_url(url=url,
headers=headers3,
method='GET',
res_http_code=403) # Forbidden
# re-putting file
self.assert_url(url=url,
headers=headers,
method='PUT',
data=data2,
res_http_code=204) # No Content
# getting new file + check that body has been changed
result = self.assert_url(url=url,
headers=headers,
method='GET',
res_http_code=200) # OK
self.assertEqual(result.read(), data2)
# delete existing file
self.assert_url(url=url,
headers=headers,
method='DELETE',
res_http_code=204) # No Content
# delete not existing file
self.assert_url(url=url,
headers=headers,
method='DELETE',
res_http_code=403) # Forbidden
def test_authenticate_GET_PUT_DELETE_others(self):
uri = utils.random_hash()
token = self.test_token.code
token2 = self.test_token2.code
token3 = self.test_token3.code
token4 = utils.random_hash()
self.check_authenticate(code=403,
uri=uri,
token=token,
method='DELETE')
self.check_authenticate(code=403, uri=uri, token=token, method='GET')
self.check_authenticate(code=403, uri=uri, token=token, method='PATCH')
self.check_authenticate(code=200, uri=uri, token=token, method='PUT')
self.check_authenticate(code=200, uri=uri, token=token, method='PATCH')
self.check_authenticate(code=200, uri=uri, token=token, method='GET')
self.check_authenticate(code=403, uri=uri, token=token, method='MOVE')
self.check_authenticate(code=403, uri=uri, token=token, method='POST')
self.check_authenticate(code=200,
uri=uri,
token=token,
method='DELETE')
self.check_authenticate(code=403,
uri=uri,
token=token,
method='DELETE')
self.check_authenticate(code=403,
uri=uri,
token=token2,
method='DELETE')
self.check_authenticate(code=403, uri=uri, token=token2, method='GET')
self.check_authenticate(code=403,
uri=uri,
token=token2,
method='PATCH')
self.check_authenticate(code=200, uri=uri, token=token2, method='PUT')
self.check_authenticate(code=200,
uri=uri,
token=token2,
method='PATCH')
self.check_authenticate(code=200, uri=uri, token=token2, method='GET')
self.check_authenticate(code=403, uri=uri, token=token2, method='MOVE')
self.check_authenticate(code=403, uri=uri, token=token2, method='POST')
self.check_authenticate(code=200,
uri=uri,
token=token2,
method='DELETE')
self.check_authenticate(code=403,
uri=uri,
token=token2,
method='DELETE')
self.check_authenticate(code=403,
uri=uri,
token=token3,
method='DELETE')
self.check_authenticate(code=403, uri=uri, token=token3, method='GET')
self.check_authenticate(code=403,
uri=uri,
token=token3,
method='PATCH')
self.check_authenticate(code=200, uri=uri, token=token3, method='PUT')
self.check_authenticate(code=200,
uri=uri,
token=token3,
method='PATCH')
self.check_authenticate(code=200, uri=uri, token=token3, method='GET')
self.check_authenticate(code=403, uri=uri, token=token3, method='MOVE')
self.check_authenticate(code=403, uri=uri, token=token3, method='POST')
self.check_authenticate(code=200,
uri=uri,
token=token3,
method='DELETE')
self.check_authenticate(code=403,
uri=uri,
token=token3,
method='DELETE')
self.check_authenticate(code=401,
uri=uri,
token=token4,
method='DELETE')
self.check_authenticate(code=401, uri=uri, token=token4, method='GET')
self.check_authenticate(code=401,
uri=uri,
token=token4,
method='PATCH')
self.check_authenticate(code=401, uri=uri, token=token4, method='PUT')
self.check_authenticate(code=401, uri=uri, token=token4, method='MOVE')
self.check_authenticate(code=401, uri=uri, token=token4, method='POST')