def test_security_over_inexistent_endpoints(oauth_requests, secure_api_spec_dir): app1 = App(__name__, 5001, secure_api_spec_dir, swagger_ui=False, debug=True, auth_all_paths=True) app1.add_api('swagger.yaml') assert app1.port == 5001 app_client = app1.app.test_client() headers = {"Authorization": "Bearer 300"} get_inexistent_endpoint = app_client.get('/v1.0/does-not-exist-invalid-token', headers=headers) # type: flask.Response assert get_inexistent_endpoint.status_code == 401 assert get_inexistent_endpoint.content_type == 'application/problem+json' headers = {"Authorization": "Bearer 100"} get_inexistent_endpoint = app_client.get('/v1.0/does-not-exist-valid-token', headers=headers) # type: flask.Response assert get_inexistent_endpoint.status_code == 404 assert get_inexistent_endpoint.content_type == 'application/problem+json' get_inexistent_endpoint = app_client.get('/v1.0/does-not-exist-no-token') # type: flask.Response assert get_inexistent_endpoint.status_code == 401 swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response assert swagger_ui.status_code == 401 headers = {"Authorization": "Bearer 100"} post_greeting = app_client.post('/v1.0/greeting/rcaricio', data={}, headers=headers) # type: flask.Response assert post_greeting.status_code == 200 post_greeting = app_client.post('/v1.0/greeting/rcaricio', data={}) # type: flask.Response assert post_greeting.status_code == 401
def test_security(oauth_requests): app1 = App(__name__, 5001, SPEC_FOLDER, debug=True) app1.add_api('api.yaml') assert app1.port == 5001 app_client = app1.app.test_client() get_bye_no_auth = app_client.get('/v1.0/byesecure/jsantos') # type: flask.Response assert get_bye_no_auth.status_code == 401 assert get_bye_no_auth.content_type == 'application/problem+json' get_bye_no_auth_reponse = json.loads(get_bye_no_auth.data.decode()) # type: dict assert get_bye_no_auth_reponse['title'] == 'Unauthorized' assert get_bye_no_auth_reponse['detail'] == "No authorization token provided" headers = {"Authorization": "Bearer 100"} get_bye_good_auth = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_good_auth.status_code == 200 assert get_bye_good_auth.data == b'Goodbye jsantos (Secure: test-user)' app_client = app1.app.test_client() headers = {"Authorization": "Bearer 200"} get_bye_wrong_scope = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_wrong_scope.status_code == 403 assert get_bye_wrong_scope.content_type == 'application/problem+json' get_bye_wrong_scope_reponse = json.loads(get_bye_wrong_scope.data.decode()) # type: dict assert get_bye_wrong_scope_reponse['title'] == 'Forbidden' assert get_bye_wrong_scope_reponse['detail'] == "Provided token doesn't have the required scope" app_client = app1.app.test_client() headers = {"Authorization": "Bearer 300"} get_bye_bad_token = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_bad_token.status_code == 401 assert get_bye_bad_token.content_type == 'application/problem+json' get_bye_bad_token_reponse = json.loads(get_bye_bad_token.data.decode()) # type: dict assert get_bye_bad_token_reponse['title'] == 'Unauthorized' assert get_bye_bad_token_reponse['detail'] == "Provided oauth token is not valid"
def test_security(oauth_requests): app1 = App(__name__, 5001, SPEC_FOLDER, debug=True) app1.add_api('api.yaml') assert app1.port == 5001 app_client = app1.app.test_client() get_bye_no_auth = app_client.get('/v1.0/byesecure/jsantos') # type: flask.Response assert get_bye_no_auth.status_code == 401 assert get_bye_no_auth.content_type == 'application/problem+json' get_bye_no_auth_reponse = json.loads(get_bye_no_auth.data.decode()) # type: dict assert get_bye_no_auth_reponse['title'] == 'Unauthorized' assert get_bye_no_auth_reponse['detail'] == "No authorization token provided" headers = {"Authorization": "Bearer 100"} get_bye_good_auth = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_good_auth.status_code == 200 assert get_bye_good_auth.data == b'Goodbye jsantos (Secure)' app_client = app1.app.test_client() headers = {"Authorization": "Bearer 200"} get_bye_wrong_scope = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_wrong_scope.status_code == 403 assert get_bye_wrong_scope.content_type == 'application/problem+json' get_bye_wrong_scope_reponse = json.loads(get_bye_wrong_scope.data.decode()) # type: dict assert get_bye_wrong_scope_reponse['title'] == 'Forbidden' assert get_bye_wrong_scope_reponse['detail'] == "Provided token doesn't have the required scope" app_client = app1.app.test_client() headers = {"Authorization": "Bearer 300"} get_bye_bad_token = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_bad_token.status_code == 401 assert get_bye_bad_token.content_type == 'application/problem+json' get_bye_bad_token_reponse = json.loads(get_bye_bad_token.data.decode()) # type: dict assert get_bye_bad_token_reponse['title'] == 'Unauthorized' assert get_bye_bad_token_reponse['detail'] == "Provided oauth token is not valid"
def test_swagger_json_api(simple_api_spec_dir): """ Verify the swagger.json file is returned for default setting passed to api. """ app = App(__name__, 5001, simple_api_spec_dir, debug=True) app.add_api('swagger.yaml') app_client = app.app.test_client() swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response assert swagger_json.status_code == 200
def test_no_swagger_json_api(simple_api_spec_dir): """ Verify the swagger.json file is not returned when set to False when adding api. """ app = App(__name__, 5001, simple_api_spec_dir, debug=True) app.add_api('swagger.yaml', swagger_json=False) app_client = app.app.test_client() swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response assert swagger_json.status_code == 404
def build_app_from_fixture(api_spec_folder, **kwargs): debug = True if 'debug' in kwargs: debug = kwargs['debug'] del(kwargs['debug']) app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=debug) app.add_api('swagger.yaml', **kwargs) return app
def build_app_from_fixture(api_spec_folder, **kwargs): debug = True if 'debug' in kwargs: debug = kwargs['debug'] del (kwargs['debug']) app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=debug) app.add_api('swagger.yaml', **kwargs) return app
def test_app_with_relative_path(simple_api_spec_dir): # Create the app with a realative path and run the test_app testcase below. app = App(__name__, 5001, '..' / simple_api_spec_dir.relative_to(TEST_FOLDER), debug=True) app.add_api('swagger.yaml') app_client = app.app.test_client() get_bye = app_client.get('/v1.0/bye/jsantos') # type: flask.Response assert get_bye.status_code == 200 assert get_bye.data == b'Goodbye jsantos'
def test_no_swagger(): app = App(__name__, 5001, SPEC_FOLDER, swagger_ui=False, debug=True) app.add_api('api.yaml') app_client = app.app.test_client() swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response assert swagger_ui.status_code == 404 app2 = App(__name__, 5001, SPEC_FOLDER, debug=True) app2.add_api('api.yaml', swagger_ui=False) app2_client = app2.app.test_client() swagger_ui2 = app2_client.get('/v1.0/ui/') # type: flask.Response assert swagger_ui2.status_code == 404
def test_security_over_inexistent_endpoints(oauth_requests, secure_api_spec_dir): app1 = App(__name__, 5001, secure_api_spec_dir, swagger_ui=False, debug=True, auth_all_paths=True) app1.add_api('swagger.yaml') assert app1.port == 5001 app_client = app1.app.test_client() headers = {"Authorization": "Bearer 300"} get_inexistent_endpoint = app_client.get( '/v1.0/does-not-exist-invalid-token', headers=headers) # type: flask.Response assert get_inexistent_endpoint.status_code == 401 assert get_inexistent_endpoint.content_type == 'application/problem+json' headers = {"Authorization": "Bearer 100"} get_inexistent_endpoint = app_client.get( '/v1.0/does-not-exist-valid-token', headers=headers) # type: flask.Response assert get_inexistent_endpoint.status_code == 404 assert get_inexistent_endpoint.content_type == 'application/problem+json' get_inexistent_endpoint = app_client.get( '/v1.0/does-not-exist-no-token') # type: flask.Response assert get_inexistent_endpoint.status_code == 401 swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response assert swagger_ui.status_code == 401 headers = {"Authorization": "Bearer 100"} post_greeting = app_client.post('/v1.0/greeting/rcaricio', data={}, headers=headers) # type: flask.Response assert post_greeting.status_code == 200 post_greeting = app_client.post('/v1.0/greeting/rcaricio', data={}) # type: flask.Response assert post_greeting.status_code == 401
def test_dict_as_yaml_path(simple_api_spec_dir): swagger_yaml_path = simple_api_spec_dir / 'swagger.yaml' with swagger_yaml_path.open(mode='rb') as swagger_yaml: contents = swagger_yaml.read() try: swagger_template = contents.decode() except UnicodeDecodeError: swagger_template = contents.decode('utf-8', 'replace') swagger_string = jinja2.Template(swagger_template).render({}) specification = yaml.safe_load(swagger_string) # type: dict app = App(__name__, 5001, simple_api_spec_dir, debug=True) app.add_api(specification) app_client = app.app.test_client() swagger_json = app_client.get('/v1.0/swagger.json') # type: flask.Response assert swagger_json.status_code == 200
def test_security(oauth_requests): app1 = App(__name__, 5001, SPEC_FOLDER, debug=True) app1.add_api('api.yaml') assert app1.port == 5001 app_client = app1.app.test_client() get_bye_no_auth = app_client.get('/v1.0/byesecure/jsantos') # type: flask.Response assert get_bye_no_auth.status_code == 401 headers = {"Authorization": "Bearer 100"} get_bye_good_auth = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_good_auth.status_code == 200 assert get_bye_good_auth.data == b'Goodbye jsantos (Secure)' app_client = app1.app.test_client() headers = {"Authorization": "Bearer 200"} get_bye_wrong_scope = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_wrong_scope.status_code == 401 app_client = app1.app.test_client() headers = {"Authorization": "Bearer 300"} get_bye_bad_token = app_client.get('/v1.0/byesecure/jsantos', headers=headers) # type: flask.Response assert get_bye_bad_token.status_code == 401
def test_no_swagger_ui(simple_api_spec_dir): app = App(__name__, 5001, simple_api_spec_dir, swagger_ui=False, debug=True) app.add_api('swagger.yaml') app_client = app.app.test_client() swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response assert swagger_ui.status_code == 404 app2 = App(__name__, 5001, simple_api_spec_dir, debug=True) app2.add_api('swagger.yaml', swagger_ui=False) app2_client = app2.app.test_client() swagger_ui2 = app2_client.get('/v1.0/ui/') # type: flask.Response assert swagger_ui2.status_code == 404
def test_no_swagger(simple_api_spec_dir): app = App(__name__, 5001, simple_api_spec_dir, swagger_ui=False, debug=True) app.add_api('swagger.yaml') app_client = app.app.test_client() swagger_ui = app_client.get('/v1.0/ui/') # type: flask.Response assert swagger_ui.status_code == 404 app2 = App(__name__, 5001, simple_api_spec_dir, debug=True) app2.add_api('swagger.yaml', swagger_ui=False) app2_client = app2.app.test_client() swagger_ui2 = app2_client.get('/v1.0/ui/') # type: flask.Response assert swagger_ui2.status_code == 404
def app(): app = App(__name__, 5001, SPEC_FOLDER, debug=True) app.add_api('api.yaml') return app
def problem_app(problem_api_spec_dir): app = App(__name__, 5001, problem_api_spec_dir, debug=True) app.add_api('swagger.yaml', validate_responses=True)
def test_add_api_with_function_resolver_function_is_wrapped(simple_api_spec_dir): app = App(__name__, specification_dir=simple_api_spec_dir) api = app.add_api('swagger.yaml', resolver=lambda oid: (lambda foo: 'bar')) assert api.resolver.resolve_function_from_operation_id('faux')('bah') == 'bar'
def simple_app(simple_api_spec_dir): app = App(__name__, 5001, simple_api_spec_dir, debug=True) app.add_api('swagger.yaml', validate_responses=True) return app
def build_app_from_fixture(api_spec_folder): app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=True) app.add_api('swagger.yaml', validate_responses=True) return app
def app(): app = App(__name__, 5001, SPEC_FOLDER, debug=True) app.add_api('api.yaml', validate_responses=True) return app
def test_app_with_relative_path(): # Create the app with a realative path and run the test_app testcase below. app = App(__name__, 5001, SPEC_FOLDER.relative_to(TEST_FOLDER), debug=True) app.add_api('api.yaml') test_app(app)
def test_add_api_with_function_resolver_function_is_wrapped(): app = App(__name__, specification_dir=SPEC_FOLDER) api = app.add_api('api.yaml', resolver=lambda oid: (lambda foo: 'bar')) assert api.resolver.resolve_function_from_operation_id('faux')('bah') == 'bar'
def test_add_api_with_function_resolver_function_is_wrapped(): app = App(__name__, specification_dir=SPEC_FOLDER) api = app.add_api("api.yaml", resolver=lambda oid: (lambda foo: "bar")) assert api.resolver.resolve_function_from_operation_id("faux")("bah") == "bar"
def test_add_api_with_function_resolver_function_is_wrapped(): app = App(__name__, specification_dir=SPEC_FOLDER) api = app.add_api('api.yaml', resolver=lambda oid: (lambda foo: 'bar')) assert api.resolver.resolve_function_from_operation_id('faux')( 'bah') == 'bar'
def build_app_from_fixture(api_spec_folder, **kwargs): app = App(__name__, 5001, FIXTURES_FOLDER / api_spec_folder, debug=True) app.add_api('swagger.yaml', **kwargs) return app
def test_add_api_with_function_resolver_function_is_wrapped( simple_api_spec_dir): app = App(__name__, specification_dir=simple_api_spec_dir) api = app.add_api('swagger.yaml', resolver=lambda oid: (lambda foo: 'bar')) assert api.resolver.resolve_function_from_operation_id('faux')( 'bah') == 'bar'