def test_success(self):
self.factory.create_application_dashboard(application_id=self.application.id, dashboard_id=self.dashboard.id)
timestamp = int(time.time())
params = {
"secret_key": self.application.secret_key,
"timestamp": str(timestamp),
"max_age": "3600",
"p_countries": "['us', 'ke', 'en']",
"p_type": "游戏",
"p_time": "['2021年01月01日', '2022年12月31日']",
}
s = encode_params(params)
url = "?".join([self.embed_url, s])
signature = get_embed_signature(self.application.secret_token, self.basic_url+url, timestamp)
path = "{}&signature={}".format(url, signature)
res = self.make_request(
"get",
path,
user=False,
is_json=False,
)
self.assertEqual(res.status_code, 200)
self.assertIn("frame-ancestors *", res.headers["Content-Security-Policy"])
self.assertNotIn("X-Frame-Options", res.headers)
def test_success(self):
timestamp = int(time.time())
params = {
"secret_key": self.application.secret_key,
"timestamp": str(timestamp),
}
s = encode_params(params)
url = "?".join([self.basic_embed_url, s])
signature = get_embed_signature(self.application.secret_token, url,
timestamp)
path = "{}&signature={}".format(url, signature)
with self.app.test_client() as c:
rv = c.get(path)
self.assertIsNotNone(api_key_load_user_from_request(request))
def test_expired_timestamp(self):
application = self.factory.create_application(name="test_expired_timestamp")
self.factory.create_application_dashboard(application_id=application.id, dashboard_id=self.dashboard.id)
timestamp = int(time.time())
timestamp = timestamp - 10 - 1
params = {
"secret_key": application.secret_key,
"timestamp": str(timestamp),
}
s = encode_params(params)
url = "?".join([self.embed_url, s])
signature = get_embed_signature(application.secret_token, self.basic_url+url, timestamp)
path = "{}&signature={}".format(url, signature)
res = self.make_request(
"get",
path,
is_json=False,
)
self.assertEqual(res.status_code, 401)
timestamp = int(time.time())
timestamp = timestamp + 10 + 1
params = {
"secret_key": application.secret_key,
"timestamp": str(timestamp),
}
s = encode_params(params)
url = "?".join([self.embed_url, s])
signature = get_embed_signature(application.secret_token, self.basic_url+url, timestamp)
path = "{}&signature={}".format(url, signature)
res = self.make_request(
"get",
path,
is_json=False,
)
self.assertEqual(res.status_code, 401)
def test_no_secret_key_and_signature(self):
timestamp = int(time.time())
params = {
"timestamp": str(timestamp),
}
s = encode_params(params)
url = "?".join([self.basic_embed_url, s])
with self.app.test_client() as c:
rv = c.get(url)
try:
user = api_key_load_user_from_request(request)
except Unauthorized as e:
self.assertEqual(type(e), Unauthorized)
else:
self.assertTrue(False)
def test_not_add_dashboard_to_application(self):
timestamp = int(time.time())
params = {
"secret_key": self.application.secret_key,
"timestamp": str(timestamp),
}
s = encode_params(params)
url = "?".join([self.embed_url, s])
signature = get_embed_signature(self.application.secret_token, self.basic_url+url, timestamp)
path = "{}&signature={}".format(url, signature)
print(path)
res = self.make_request(
"get",
path,
user=False,
is_json=False,
)
self.assertEqual(res.status_code, 403)
def test_no_signature(self):
application = self.factory.create_application(name="test_no_signature")
self.factory.create_application_dashboard(application_id=application.id, dashboard_id=self.dashboard.id)
timestamp = int(time.time())
params = {
"secret_key": application.secret_key,
"timestamp": str(timestamp),
}
s = encode_params(params)
url = "?".join([self.embed_url, s])
res = self.make_request(
"get",
url,
is_json=False,
)
self.assertEqual(res.status_code, 401)
def test_application_wrong_api_serect(self):
timestamp = int(time.time())
params = {
"secret_key": self.application.secret_key,
"timestamp": str(timestamp),
}
s = encode_params(params)
url = "?".join([self.basic_embed_url, s])
signature = get_embed_signature("wrong-application-api-serect", url,
timestamp)
path = "{}&signature={}".format(url, signature)
with self.app.test_client() as c:
rv = c.get(path)
try:
user = api_key_load_user_from_request(request)
except Unauthorized as e:
self.assertEqual(type(e), Unauthorized)
else:
self.assertTrue(False)
def test_application_deactive(self):
application = self.factory.create_application(
name='test_application_deactive', active=False)
timestamp = int(time.time())
params = {
"secret_key": application.secret_key,
"timestamp": str(timestamp),
}
s = encode_params(params)
url = "?".join([self.basic_embed_url, s])
signature = get_embed_signature(application.secret_token, url,
timestamp)
path = "{}&signature={}".format(url, signature)
with self.app.test_client() as c:
rv = c.get(path)
try:
user = api_key_load_user_from_request(request)
except Unauthorized as e:
self.assertEqual(type(e), Unauthorized)
else:
self.assertIsNone(user)