def test_can_authenticate_existent_user(self): self.db.query(User).delete() user = UserFactory(email='*****@*****.**') with patch.object(AuthenticateHandler, 'authenticate_on_google') as auth_mock: result = gen.Future() result.set_result({ 'email': '*****@*****.**', 'fullname': 'Test', 'id': '12345' }) auth_mock.return_value = result try: response = yield self.anonymous_fetch('/authenticate', method='POST', body=dumps({ 'provider': 'GooglePlus', 'access_token': 'VALID-TOKEN', })) except HTTPError, e: response = e.response expect(response.code).to_equal(200) expect(loads(response.body)['first_login']).to_be_false() expect(loads(response.body)['authenticated']).to_be_true() expect(user).not_to_be_null()
def test_can_set_cookie_on_authentication(self): self.db.query(User).delete() user = UserFactory(email='*****@*****.**', fullname='Test', id='1') user.first_login = True with patch.object(AuthenticateHandler, 'authenticate') as auth_mock: result = gen.Future() result.set_result(user) auth_mock.return_value = result try: response = yield self.anonymous_fetch('/authenticate', method='POST', body=dumps({ 'provider': 'GooglePlus', 'access_token': 'VALID-TOKEN', })) except HTTPError, e: response = e.response expect(response.code).to_equal(200) expect(loads(response.body)['first_login']).to_be_true() expect(loads(response.body)['authenticated']).to_be_true() expect('HOLMES_AUTH_TOKEN' in response.headers.get( 'Set-Cookie')).to_equal(True)
def test_can_save_prefs_as_superuser(self): self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=True) domain = DomainFactory.create(name='globo.com') key = KeyFactory.create(name='some.random') DomainsViolationsPrefsFactory.create(domain=domain, key=key, value=100) loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain( self.db, domain.name) expect(loaded_prefs).to_length(1) expect(loaded_prefs[0]).to_be_like({ 'value': 100, 'key': 'some.random' }) yield self.authenticated_fetch('/domains/%s/violations-prefs/' % domain.name, user_email=user.email, method='POST', body=dumps([ { 'key': 'some.random', 'value': 10 }, ])) loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain( self.db, domain.name) expect(loaded_prefs).to_length(1) expect(loaded_prefs[0]).to_be_like({'value': 10, 'key': 'some.random'})
def test_cant_save_prefs_as_normal_user(self): self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=False) domain = DomainFactory.create(name='globo.com') key = KeyFactory.create(name='some.random') DomainsViolationsPrefsFactory.create(domain=domain, key=key, value=100) loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain( self.db, domain.name) expect(loaded_prefs).to_length(1) expect(loaded_prefs[0]).to_be_like({ 'value': 100, 'key': 'some.random' }) try: yield self.authenticated_fetch('/domains/%s/violations-prefs/' % domain.name, user_email=user.email, method='POST', body=dumps([ { 'key': 'some.random', 'value': 10 }, ])) except HTTPError, e: expect(e).not_to_be_null() expect(e.code).to_equal(401) expect(e.response.reason).to_be_like('Unauthorized')
def test_can_verify_authenticated_request_as_superuser(self): self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=True) response = yield self.authenticated_fetch('/authenticate', user_email=user.email) expect(response.code).to_equal(200) response_body = loads(response.body) expect(response_body['authenticated']).to_be_true() expect(response_body['isSuperUser']).to_be_true()
def test_cant_save_limiters_as_normal_user(self): self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=False) try: yield self.authenticated_fetch('/limiters', user_email=user.email, method='POST', body=dumps({ 'url': 'http://globo.com/', 'maxValue': 10 })) except HTTPError, e: expect(e).not_to_be_null() expect(e.code).to_equal(401) expect(e.response.reason).to_be_like('Unauthorized')
def test_cant_delete_nonexistent_limiter_as_superuser(self): self.db.query(Limiter).delete() self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=True) try: yield self.authenticated_fetch('/limiters/1', user_email=user.email, method='DELETE') except HTTPError, e: expected = {'reason': 'Not Found', 'description': 'Not Found'} expect(e).not_to_be_null() expect(e.code).to_equal(404) expect(e.response.reason).to_equal('Not Found') expect(loads(e.response.body)).to_equal(expected)
def test_cant_save_limiters_with_empty_values_as_superuser(self): self.db.query(Limiter).delete() self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=True) try: yield self.authenticated_fetch('/limiters', user_email=user.email, method='POST', body='{}') except HTTPError, e: expect(e).not_to_be_null() expect(e.code).to_equal(400) expect(e.response.body).to_equal( '{"reason":"Not url or value","description":"Not url or value"}' )
def test_cant_delete_limiter_as_normal_user(self): self.db.query(Limiter).delete() limiter = LimiterFactory.create() self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=False) loaded_limiter = Limiter.by_id(limiter.id, self.db) expect(loaded_limiter).not_to_be_null() try: yield self.authenticated_fetch('/limiters/%d' % limiter.id, user_email=user.email, method='DELETE') except HTTPError, e: expect(e).not_to_be_null() expect(e.code).to_equal(401) expect(e.response.reason).to_be_like('Unauthorized')
def test_can_save_limiters_as_superuser(self): self.db.query(Limiter).delete() self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=True) response = yield self.authenticated_fetch('/limiters', user_email=user.email, method='POST', body=dumps({ 'url': 'http://globo.com/', 'maxValue': 10 })) expect(response).not_to_be_null() expect(response.code).to_equal(200) loaded_limiter = Limiter.by_url('http://globo.com/', self.db) expect(loaded_limiter).not_to_be_null()
def test_cant_delete_limiter_with_empty_values_as_superuser(self): self.db.query(Limiter).delete() self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=True) try: yield self.authenticated_fetch('/limiters', user_email=user.email, method='DELETE') except HTTPError, e: expected = { 'reason': 'Invalid data', 'description': 'Invalid data' } expect(e).not_to_be_null() expect(e.code).to_equal(400) expect(e.response.reason).to_equal('Bad Request') expect(loads(e.response.body)).to_equal(expected)
def test_can_delete_limiter_as_superuser(self): self.db.query(Limiter).delete() limiter = LimiterFactory.create() self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=True) loaded_limiter = Limiter.by_id(limiter.id, self.db) expect(loaded_limiter).not_to_be_null() response = yield self.authenticated_fetch('/limiters/%d' % limiter.id, user_email=user.email, method='DELETE') expect(response.code).to_equal(204) expect(response.body).to_length(0) loaded_limiter = Limiter.by_id(limiter.id, self.db) expect(loaded_limiter).to_be_null()
def test_can_save_prefs_as_normal_user(self): self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=False) try: yield self.authenticated_fetch( '/domains/blah.com/violations-prefs/', method='POST', user_email=user.email, body=dumps([ { 'key': 'some.random', 'value': 10 }, ])) except HTTPError, e: expect(e).not_to_be_null() expect(e.code).to_equal(401) expect(e.response.reason).to_be_like('Unauthorized') expect(e.response.body).to_be_like('Unauthorized')
def test_can_save_prefs_for_invalid_domain_as_superuser(self): self.db.query(User).delete() user = UserFactory(email='*****@*****.**', is_superuser=True) try: yield self.authenticated_fetch( '/domains/blah.com/violations-prefs/', method='POST', user_email=user.email, body=dumps([ { 'key': 'some.random', 'value': 10 }, ])) except HTTPError, e: expect(e).not_to_be_null() expect(e.code).to_equal(404) expect(e.response.reason).to_equal('Domain blah.com not found')