def setUp(self):
if os.path.exists(self.db_path):
os.unlink(self.db_path)
self.app = course_activity_planner.setup('test')
self.client = self.app.test_client()
self.token = course_activity_planner._create_token(111)
# Ignore ics url in request and link to local ics file
course_activity_planner._dl_and_save_ics_file = \
MagicMock(return_value=self.local_short_cal_path)
def test_unauthorized_access(self):
course_activity_planner._generate_planning_uuid = \
MagicMock(return_value='uuid')
res = self.client.post(
'/api/planning',
data=dict(
mbz_file=(io.BytesIO(b'this is a test'), 'test.mbz'),
ics_url=self.cal_url),
headers=[('Authorization', "Bearer %s" % self.token)])
# Simulate another client with other user id
unauthorized_token = course_activity_planner._create_token(1111)
res = self.client.put(
'/api/planning/uuid',
data=json.dumps({'planning': 'some text'}),
headers=[('Content-Type', 'application/json'),
('Authorization', "Bearer %s" % unauthorized_token)])
self.assertEqual(403, res._status_code)
def setUp(self):
if os.path.exists(self.db_path):
os.unlink(self.db_path)
self.app = course_activity_planner.setup('test')
self.client = self.app.test_client()
self.token = course_activity_planner._create_token(111)
