def setup_basic_get_test(self, user, with_local_site, local_site_name):
app = self.create_oauth_application(user,
with_local_site=with_local_site)
return (get_oauth_app_item_url(app.pk, local_site_name),
oauth_app_item_mimetype,
app)
def test_put_re_enable_security_disabled(self):
"""Testing the PUT <URL> API with enabled=1 for an application disabled
due to security
"""
self.user = self._login_user(admin=True)
doc = User.objects.get(username='******')
local_site = LocalSite.objects.get(pk=1)
app = self.create_oauth_application(user=doc, local_site=local_site)
original_secret = app.client_secret
local_site.users.remove(doc)
app = Application.objects.get(pk=app.pk)
self.assertTrue(app.is_disabled_for_security)
self.assertEqual(app.user, self.user)
self.assertEqual(app.original_user, doc)
rsp = self.api_put(get_oauth_app_item_url(app.pk, local_site.name),
{'enabled': '1'},
expected_status=400)
app = Application.objects.get(pk=app.pk)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertIn('__all__', rsp['fields'])
self.assertEqual(rsp['fields']['__all__'][0],
ApplicationChangeForm.DISABLED_FOR_SECURITY_ERROR)
self.assertEqual(app.original_user, doc)
self.assertEqual(app.client_secret, original_secret)
def test_put_re_enable_security_disabled(self):
"""Testing the PUT <URL> API with enabled=1 for an application disabled
due to security
"""
self.user = self._login_user(admin=True)
doc = User.objects.get(username='******')
local_site = LocalSite.objects.get(pk=1)
app = self.create_oauth_application(user=doc, local_site=local_site)
original_secret = app.client_secret
local_site.users.remove(doc)
app = Application.objects.get(pk=app.pk)
self.assertTrue(app.is_disabled_for_security)
self.assertEqual(app.user, self.user)
self.assertEqual(app.original_user, doc)
rsp = self.api_put(get_oauth_app_item_url(app.pk, local_site.name),
{'enabled': '1'},
expected_status=400)
app = Application.objects.get(pk=app.pk)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertIn('__all__', rsp['fields'])
self.assertEqual(rsp['fields']['__all__'][0],
ApplicationChangeForm.DISABLED_FOR_SECURITY_ERROR)
self.assertEqual(app.original_user, doc)
self.assertEqual(app.client_secret, original_secret)
def setup_basic_get_test(self, user, with_local_site, local_site_name):
app = self.create_oauth_application(user,
with_local_site=with_local_site)
return (get_oauth_app_item_url(app.pk, local_site_name),
oauth_app_item_mimetype,
app)
def test_get_without_local_site(self):
"""Testing the GET <URL> API for an app related to a LocalSite"""
local_site = LocalSite.objects.get(pk=1)
local_site.users.add(self.user)
app = self.create_oauth_application(
self.user, local_site=LocalSite.objects.get(pk=1))
rsp = self.api_get(get_oauth_app_item_url(app.pk), expected_status=404)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
def test_get_without_owner_as_superuser(self):
"""Testing the GET <URL> API without owner as superuser"""
self.user = self._login_user(admin=True)
app = self.create_oauth_application(User.objects.get(username='******'))
rsp = self.api_get(get_oauth_app_item_url(app.pk),
expected_mimetype=oauth_app_item_mimetype)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.assertIn('oauth_app', rsp)
self.compare_item(rsp['oauth_app'], app)
def test_get_without_owner_as_superuser(self):
"""Testing the GET <URL> API without owner as superuser"""
self.user = self._login_user(admin=True)
app = self.create_oauth_application(User.objects.get(username='******'))
rsp = self.api_get(get_oauth_app_item_url(app.pk),
expected_mimetype=oauth_app_item_mimetype)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.assertIn('oauth_app', rsp)
self.compare_item(rsp['oauth_app'], app)
def test_get_with_invalid_local_site(self):
"""Testing the GET <URL> API with an app related to a LocalSite not
using the LocalSite's API
"""
local_site = LocalSite.objects.get(pk=1)
local_site.users.add(self.user)
app = self.create_oauth_application(self.user)
rsp = self.api_get(get_oauth_app_item_url(app.pk, local_site.name),
expected_status=404)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
def test_put_regenerate_secret_key(self):
"""Testing the PUT <URL> API with regenerate_client_secret=1"""
app = self.create_oauth_application(user=self.user)
original_secret = app.client_secret
rsp = self.api_put(get_oauth_app_item_url(app.pk),
{'regenerate_client_secret': 1},
expected_mimetype=oauth_app_item_mimetype)
app = Application.objects.get(pk=app.pk)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.compare_item(rsp['oauth_app'], app)
self.assertNotEqual(app.client_secret, original_secret)
def test_put_regenerate_secret_key(self):
"""Testing the PUT <URL> API with regenerate_client_secret=1"""
app = self.create_oauth_application(user=self.user)
original_secret = app.client_secret
rsp = self.api_put(get_oauth_app_item_url(app.pk),
{'regenerate_client_secret': 1},
expected_mimetype=oauth_app_item_mimetype)
app = Application.objects.get(pk=app.pk)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.compare_item(rsp['oauth_app'], app)
self.assertNotEqual(app.client_secret, original_secret)
def test_get_without_owner_as_local_site_admin(self):
"""Testing the GET <URL> API without owner on a LocalSite as a
LocalSite admin
"""
local_site = LocalSite.objects.get(pk=1)
local_site.users.add(self.user)
app = self.create_oauth_application(self.user, local_site=local_site)
self.user = self._login_user(admin=True, local_site=True)
rsp = self.api_get(get_oauth_app_item_url(app.pk, local_site.name),
expected_mimetype=oauth_app_item_mimetype)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.assertIn('oauth_app', rsp)
self.compare_item(rsp['oauth_app'], app)
def setup_basic_put_test(self, user, with_local_site, local_site_name,
put_valid_data):
app = self.create_oauth_application(user,
with_local_site=with_local_site)
if put_valid_data:
request_data = {
'extra_data.fake_key': '',
}
else:
request_data = {
'user': '******',
}
return (get_oauth_app_item_url(app.pk, local_site_name),
oauth_app_item_mimetype, request_data, app, [])
def test_get_without_owner_as_local_site_admin(self):
"""Testing the GET <URL> API without owner on a LocalSite as a
LocalSite admin
"""
local_site = LocalSite.objects.get(pk=1)
local_site.users.add(self.user)
app = self.create_oauth_application(self.user, local_site=local_site)
self.user = self._login_user(admin=True, local_site=True)
rsp = self.api_get(get_oauth_app_item_url(app.pk, local_site.name),
expected_mimetype=oauth_app_item_mimetype)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.assertIn('oauth_app', rsp)
self.compare_item(rsp['oauth_app'], app)
def setup_basic_put_test(self, user, with_local_site, local_site_name,
put_valid_data):
app = self.create_oauth_application(user,
with_local_site=with_local_site)
if put_valid_data:
request_data = {
'extra_data.fake_key': '',
}
else:
request_data = {
'user': '******',
}
return (get_oauth_app_item_url(app.pk, local_site_name),
oauth_app_item_mimetype,
request_data,
app,
[])
def test_put_regenerate_secret_key_enable(self):
"""Testing the PUT <URL> API with regenerate_secret_key=1 and enabled=1
"""
self.user = self._login_user(admin=True)
doc = User.objects.get(username='******')
local_site = LocalSite.objects.get(pk=1)
app = self.create_oauth_application(user=doc, local_site=local_site)
original_secret = app.client_secret
local_site.users.remove(doc)
app = Application.objects.get(pk=app.pk)
self.assertTrue(app.is_disabled_for_security)
self.assertEqual(app.user, self.user)
self.assertEqual(app.original_user, doc)
rsp = self.api_put(
get_oauth_app_item_url(app.pk, local_site.name),
{
'enabled': '1',
'regenerate_client_secret': '1',
},
expected_mimetype=oauth_app_item_mimetype)
app = Application.objects.get(pk=app.pk)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
item_rsp = rsp['oauth_app']
self.compare_item(item_rsp, app)
self.assertNotEqual(item_rsp['client_secret'], original_secret)
self.assertFalse(app.is_disabled_for_security)
self.assertIsNone(app.original_user)
self.assertTrue(app.enabled)
self.assertNotEqual(app.client_secret, original_secret)
def test_put_regenerate_secret_key_enable(self):
"""Testing the PUT <URL> API with regenerate_secret_key=1 and enabled=1
"""
self.user = self._login_user(admin=True)
doc = User.objects.get(username='******')
local_site = LocalSite.objects.get(pk=1)
app = self.create_oauth_application(user=doc, local_site=local_site)
original_secret = app.client_secret
local_site.users.remove(doc)
app = Application.objects.get(pk=app.pk)
self.assertTrue(app.is_disabled_for_security)
self.assertEqual(app.user, self.user)
self.assertEqual(app.original_user, doc)
rsp = self.api_put(
get_oauth_app_item_url(app.pk, local_site.name),
{
'enabled': '1',
'regenerate_client_secret': '1',
},
expected_mimetype=oauth_app_item_mimetype)
app = Application.objects.get(pk=app.pk)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
item_rsp = rsp['oauth_app']
self.compare_item(item_rsp, app)
self.assertNotEqual(item_rsp['client_secret'], original_secret)
self.assertFalse(app.is_disabled_for_security)
self.assertIsNone(app.original_user)
self.assertTrue(app.enabled)
self.assertNotEqual(app.client_secret, original_secret)
def setup_basic_delete_test(self, user, with_local_site, local_site_name):
app = self.create_oauth_application(user=user,
with_local_site=with_local_site)
return (get_oauth_app_item_url(app.pk, local_site_name),
[app.pk])
def test_get_without_owner(self):
"""Testing the GET <URL> API without owner"""
app = self.create_oauth_application(User.objects.get(username='******'))
self.api_get(get_oauth_app_item_url(app.pk),
expected_status=404)
def test_get_without_owner(self):
"""Testing the GET <URL> API without owner"""
app = self.create_oauth_application(User.objects.get(username='******'))
self.api_get(get_oauth_app_item_url(app.pk),
expected_status=404)
def setup_basic_delete_test(self, user, with_local_site, local_site_name):
app = self.create_oauth_application(user=user,
with_local_site=with_local_site)
return (get_oauth_app_item_url(app.pk, local_site_name),
[app.pk])
