def test_get_token_and_send_request(client, version, https):
base_url = '%s://localhost' % ('https' if https else 'http')
# Get valid token
response = client.post(
AUTH_PATH,
data={'username': USERNAME, 'password': PASSWORD},
base_url=base_url
)
assert response.status_code == 200
data = json.loads(response.get_data(as_text=True))
token = data.get('token')
assert token
headers = prepare_headers(version, https)
headers[HTTP_AUTHORIZATION] = 'Bearer %s' % token
# Get correct response for invalid body
response = client.post(
INBOX['address'],
data='invalid-body',
headers=headers,
base_url=base_url
)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == ST_BAD_MESSAGE
request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
headers = prepare_headers(version, https)
headers[HTTP_AUTHORIZATION] = 'Bearer %s' % token
# Get correct response for valid request
response = client.post(
DISCOVERY['address'],
data=request.to_xml(),
headers=headers,
base_url=base_url
)
assert response.status_code == 200
assert is_headers_valid(response.headers, version=version, https=https)
message = as_tm(version).get_message_from_xml(response.data)
assert isinstance(message, as_tm(version).DiscoveryResponse)
from opentaxii import context
assert not hasattr(context, 'account')
def test_collection_access_private_poll(client, version, https):
# POLL_CLOSED collection allowed read access
url, headers = prepare_url_headers(version, https, 'johnny', 'johnny')
request = prepare_poll_request(
'collection-1', version, bindings=[CB_STIX_XML_111])
response = client.post(
POLL_CLOSED['address'],
data=request.to_xml(),
headers=headers,
base_url=url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.message_type == 'Poll_Response'
# POLL_CLOSED collection disallowed read access
url, headers = prepare_url_headers(version, https, 'billy', 'billy')
request = prepare_poll_request(
'collection-2', version, bindings=[CB_STIX_XML_111])
response = client.post(
POLL_CLOSED['address'],
data=request.to_xml(),
headers=headers,
base_url=url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == 'NOT_FOUND'
# POLL_CLOSED collection admin access
url, headers = prepare_url_headers(version, https, 'wally', 'wally')
request = prepare_poll_request(
'collection-2', version, bindings=[CB_STIX_XML_111])
response = client.post(
POLL_CLOSED['address'],
data=request.to_xml(),
headers=headers,
base_url=url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.message_type == 'Poll_Response'
def test_request_with_basic_auth(client, version, https):
base_url = '%s://localhost' % ('https' if https else 'http')
basic_auth_header = 'Basic {}'.format(
basic_auth_token(USERNAME, PASSWORD).decode('utf-8'))
headers = prepare_headers(version, https)
headers[HTTP_AUTHORIZATION] = basic_auth_header
# Get correct response for invalid body
response = client.post(
INBOX['address'],
data='invalid-body',
headers=headers,
base_url=base_url
)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == ST_BAD_MESSAGE
request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
headers = prepare_headers(version, https)
headers[HTTP_AUTHORIZATION] = basic_auth_header
# Get correct response for valid request
response = client.post(
DISCOVERY['address'],
data=request.to_xml(),
headers=headers,
base_url=base_url
)
assert response.status_code == 200
assert is_headers_valid(response.headers, version=version, https=https)
message = as_tm(version).get_message_from_xml(response.data)
assert isinstance(message, as_tm(version).DiscoveryResponse)
from opentaxii import context
assert not hasattr(context, 'account')
def test_unauthorized_request(app, client, version, https):
base_url = '%s://localhost' % ('https' if https else 'http')
response = client.post(
INBOX_OPEN['address'],
data='invalid-body',
headers=prepare_headers(version, https),
base_url=base_url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == ST_UNAUTHORIZED
from opentaxii import context
assert not hasattr(context, 'account')
def test_status_message_response(client, version, https):
base_url = '%s://localhost' % ('https' if https else 'http')
response = client.post(
INBOX['address'],
data = 'invalid-body',
headers = prepare_headers(version, https),
base_url = base_url
)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == ST_BAD_MESSAGE
def test_unauthorized_request(client, version, https):
base_url = '%s://localhost' % ('https' if https else 'http')
response = client.post(INBOX['address'],
data='invalid-body',
headers=prepare_headers(version, https),
base_url=base_url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == ST_UNAUTHORIZED
from opentaxii import context
assert not hasattr(context, 'account')
def test_invalid_basic_auth_request(client, version, https):
base_url = '%s://localhost' % ('https' if https else 'http')
headers = prepare_headers(version, https)
headers[HTTP_AUTHORIZATION] = 'Basic somevalue'
request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
response = client.post(DISCOVERY['address'],
data=request.to_xml(),
headers=headers,
base_url=base_url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == ST_UNAUTHORIZED
def test_successful_response(client, version, https):
request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
base_url = '%s://localhost' % ('https' if https else 'http')
response = client.post(
DISCOVERY['address'],
data = request.to_xml(),
headers = prepare_headers(version=version, https=https),
base_url = base_url
)
assert response.status_code == 200
assert is_headers_valid(response.headers, version=version, https=https)
message = as_tm(version).get_message_from_xml(response.data)
assert isinstance(message, as_tm(version).DiscoveryResponse)
assert len(message.service_instances) == INSTANCES_CONFIGURED
def test_invalid_basic_auth_request(client, version, https):
base_url = '%s://localhost' % ('https' if https else 'http')
headers = prepare_headers(version, https)
headers[HTTP_AUTHORIZATION] = 'Basic somevalue'
request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
response = client.post(
DISCOVERY['address'],
data=request.to_xml(),
headers=headers,
base_url=base_url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == ST_UNAUTHORIZED
def test_post_parse_verification(client, version, https):
headers = prepare_headers(version, https)
headers[HTTP_X_TAXII_SERVICES] = 'invalid-services-spec'
request = as_tm(version).DiscoveryRequest(message_id=MESSAGE_ID)
base_url = '%s://localhost' % ('https' if https else 'http')
response = client.post(
DISCOVERY['address'],
data = request.to_xml(),
headers = headers,
base_url = base_url
)
assert response.status_code == 200
assert is_headers_valid(response.headers, version=version, https=https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.status_type == ST_FAILURE
assert message.in_response_to == MESSAGE_ID
def test_collection_access_private_inbox(client, version, https):
# INBOX read-only collection access
url, headers = prepare_url_headers(version, https, 'johnny', 'johnny')
request = prepare_inbox_message(
version,
dest_collection='collection-1',
blocks=[make_inbox_content(version)])
response = client.post(
INBOX_CLOSED['address'],
data=request.to_xml(),
headers=headers,
base_url=url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.message_type == 'Status_Message'
if version == 11:
assert message.status_type == 'UNAUTHORIZED'
assert (
message.message ==
'User can not write to collection collection-1')
else:
# Because in TAXII 1.0 destination collection can not be specified
# so it impossible to verify access
assert message.status_type == 'SUCCESS'
# INBOX modify collection access
request = prepare_inbox_message(
version,
dest_collection='collection-2',
blocks=[make_inbox_content(version)])
response = client.post(
INBOX_CLOSED['address'],
data=request.to_xml(),
headers=headers,
base_url=url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.message_type == 'Status_Message'
assert message.status_type == 'SUCCESS'
# INBOX modify collection access
url, headers = prepare_url_headers(version, https, 'wally', 'wally')
request = prepare_inbox_message(
version,
dest_collection='collection-2',
blocks=[make_inbox_content(version)])
response = client.post(
INBOX_CLOSED['address'],
data=request.to_xml(),
headers=headers,
base_url=url)
assert response.status_code == 200
assert is_headers_valid(response.headers, version, https)
message = as_tm(version).get_message_from_xml(response.data)
assert message.message_type == 'Status_Message'
assert message.status_type == 'SUCCESS'