def test_random_is_not_authenticated(self): # check that doesn't exists some random tokens self.assertFalse( perm_controller.is_authenticated(session=self.session, token=utils.random_hash())[0]) self.assertFalse( perm_controller.is_authenticated(session=self.session, token=utils.random_hash())[0]) self.assertFalse( perm_controller.is_authenticated(session=self.session, token=utils.random_hash())[0]) # check that doesn't exists simplest tokens self.assertFalse( perm_controller.is_authenticated(session=self.session, token='1')[0]) self.assertFalse( perm_controller.is_authenticated(session=self.session, token='11')[0]) self.assertFalse( perm_controller.is_authenticated(session=self.session, token='111')[0]) self.assertFalse( perm_controller.is_authenticated(session=self.session, token='asd')[0]) self.assertFalse( perm_controller.is_authenticated(session=self.session, token='qwe')[0]) self.assertFalse( perm_controller.is_authenticated(session=self.session, token='qwerty')[0])
def get_test_env(): return { 'user': { 'name': 'test_user1_{}'.format(utils.random_hash(7)), }, 'token': { 'code': 'test_token1_{}'.format(utils.random_hash(7)) }, 'user2': { 'name': 'test_user2_{}'.format(utils.random_hash(7)), }, 'token2': { 'code': 'test_token2_{}'.format(utils.random_hash(7)) }, 'user3': { 'name': 'test_user3_{}'.format(utils.random_hash(7)), }, 'token3': { 'code': 'test_token3_{}'.format(utils.random_hash(7)) }, 'group': { 'name': 'test_group_{}'.format(utils.random_hash(7)), }, 'file': { 'uri': 'test/test_file_{}.ext'.format(utils.random_hash(7)), }, 'file_content': 'some text for test file' }
class TestFileController(StandartNifflerControllerTest): controller = file_controller uri = '{}/{}'.format(random_hash(), random_hash()) def get_register_kwobj(self, session): return { 'uri': self.uri, 'owner_id': self.get_test_user().id, 'groups': [self.get_test_group()] } def get_remove_kwobj(self, session): return {'uri': self.uri} def test_remove_not_existing(self): self.base_test_remove_ctl(self.session) def test_adding_and_removing(self): self.base_test_adding_and_removing_ctl(self.session)
class TestUserController(StandartNifflerControllerTest): controller = user_controller name = '{}'.format(random_hash()) def get_register_kwobj(self, session): return {'name': self.name, 'groups': [self.get_test_group()]} def get_remove_kwobj(self, session): return {'name': self.name} def test_remove_not_existing(self): self.base_test_remove_ctl(self.session) def test_adding_and_removing(self): self.base_test_adding_and_removing_ctl(self.session)
class TestTokenController(StandartNifflerControllerTest): controller = token_controller code = '{}'.format(random_hash()) def get_register_kwobj(self, session): return {'code': self.code, 'user_id': self.get_test_user().id} def get_remove_kwobj(self, session): return {'code': self.code} def test_remove_not_existing(self): self.base_test_remove_ctl(self.session) def test_adding_and_removing(self): self.base_test_adding_and_removing_ctl(self.session)
def test_nginx_private_user_case(self): file_name = 'test_{}'.format(utils.random_hash()) uri = '/{}'.format(file_name) url = TestNginx.get_real_url(uri) headers = {'Authorization': self.test_token.code} headers2 = {'Authorization': self.test_token2.code} headers3 = {'Authorization': self.test_token3.code} data = b'some text' data2 = b'some text2' # getting not existing file self.assert_url(url=url, headers=headers, method='GET', res_http_code=403) # Forbidden # putting file self.assert_url(url=url, headers=headers, method='PUT', data=data, res_http_code=201) # Created # getting existing file + check body result = self.assert_url(url=url, headers=headers, method='GET', res_http_code=200) # OK self.assertEqual(result.read(), data) # others users self.assert_url(url=url, headers=headers2, method='GET', res_http_code=403) # Forbidden self.assert_url(url=url, headers=headers3, method='GET', res_http_code=403) # Forbidden # patch - add access to group self.assert_url(url=url + '?group=' + self.test_group.name, headers=headers, method='PATCH', res_http_code=200) # OK # others users self.assert_url(url=url, headers=headers2, method='GET', res_http_code=200) # OK self.assert_url(url=url, headers=headers3, method='GET', res_http_code=403) # Forbidden # re-putting file self.assert_url(url=url, headers=headers, method='PUT', data=data2, res_http_code=204) # No Content # getting new file + check that body has been changed result = self.assert_url(url=url, headers=headers, method='GET', res_http_code=200) # OK self.assertEqual(result.read(), data2) # delete existing file self.assert_url(url=url, headers=headers, method='DELETE', res_http_code=204) # No Content # delete not existing file self.assert_url(url=url, headers=headers, method='DELETE', res_http_code=403) # Forbidden
def test_authenticate_GET_PUT_DELETE_others(self): uri = utils.random_hash() token = self.test_token.code token2 = self.test_token2.code token3 = self.test_token3.code token4 = utils.random_hash() self.check_authenticate(code=403, uri=uri, token=token, method='DELETE') self.check_authenticate(code=403, uri=uri, token=token, method='GET') self.check_authenticate(code=403, uri=uri, token=token, method='PATCH') self.check_authenticate(code=200, uri=uri, token=token, method='PUT') self.check_authenticate(code=200, uri=uri, token=token, method='PATCH') self.check_authenticate(code=200, uri=uri, token=token, method='GET') self.check_authenticate(code=403, uri=uri, token=token, method='MOVE') self.check_authenticate(code=403, uri=uri, token=token, method='POST') self.check_authenticate(code=200, uri=uri, token=token, method='DELETE') self.check_authenticate(code=403, uri=uri, token=token, method='DELETE') self.check_authenticate(code=403, uri=uri, token=token2, method='DELETE') self.check_authenticate(code=403, uri=uri, token=token2, method='GET') self.check_authenticate(code=403, uri=uri, token=token2, method='PATCH') self.check_authenticate(code=200, uri=uri, token=token2, method='PUT') self.check_authenticate(code=200, uri=uri, token=token2, method='PATCH') self.check_authenticate(code=200, uri=uri, token=token2, method='GET') self.check_authenticate(code=403, uri=uri, token=token2, method='MOVE') self.check_authenticate(code=403, uri=uri, token=token2, method='POST') self.check_authenticate(code=200, uri=uri, token=token2, method='DELETE') self.check_authenticate(code=403, uri=uri, token=token2, method='DELETE') self.check_authenticate(code=403, uri=uri, token=token3, method='DELETE') self.check_authenticate(code=403, uri=uri, token=token3, method='GET') self.check_authenticate(code=403, uri=uri, token=token3, method='PATCH') self.check_authenticate(code=200, uri=uri, token=token3, method='PUT') self.check_authenticate(code=200, uri=uri, token=token3, method='PATCH') self.check_authenticate(code=200, uri=uri, token=token3, method='GET') self.check_authenticate(code=403, uri=uri, token=token3, method='MOVE') self.check_authenticate(code=403, uri=uri, token=token3, method='POST') self.check_authenticate(code=200, uri=uri, token=token3, method='DELETE') self.check_authenticate(code=403, uri=uri, token=token3, method='DELETE') self.check_authenticate(code=401, uri=uri, token=token4, method='DELETE') self.check_authenticate(code=401, uri=uri, token=token4, method='GET') self.check_authenticate(code=401, uri=uri, token=token4, method='PATCH') self.check_authenticate(code=401, uri=uri, token=token4, method='PUT') self.check_authenticate(code=401, uri=uri, token=token4, method='MOVE') self.check_authenticate(code=401, uri=uri, token=token4, method='POST')