class TestFormList(TestBase): def setUp(self): super(TestFormList, self).setUp() self.profile = UserProfile.objects.create(user=self.user, require_auth=True) self.profile.save() self.digest_client = DigestClient() def test_returns_200_for_owner(self): self.digest_client.set_authorization('bob', 'bob') response = self.digest_client.get( reverse(formList, kwargs={'username': '******'})) self.assertEqual(response.status_code, 200) def test_returns_401_for_anon(self): response = self.anon.get(reverse(formList, kwargs={'username': '******'})) self.assertEqual(response.status_code, 401) def test_returns_200_for_authenticated_non_owner(self): credentials = ( 'alice', 'alice', ) self._create_user(*credentials) self.digest_client.set_authorization(*credentials) response = self.digest_client.get( reverse(formList, kwargs={'username': '******'})) self.assertEqual(response.status_code, 200)
class TestFormList(TestBase): def setUp(self): super(TestFormList, self).setUp() self.profile = UserProfile.objects.create( user=self.user, require_auth=True) self.profile.save() self.digest_client = DigestClient() def test_returns_200_for_owner(self): self.digest_client.set_authorization('bob', 'bob') response = self.digest_client.get(reverse(formList, kwargs={ 'username': '******' })) self.assertEqual(response.status_code, 200) def test_returns_401_for_anon(self): response = self.anon.get(reverse(formList, kwargs={ 'username': '******' })) self.assertEqual(response.status_code, 401) def test_returns_200_for_authenticated_non_owner(self): credentials = ('alice', 'alice',) self._create_user(*credentials) self.digest_client.set_authorization(*credentials) response = self.digest_client.get(reverse(formList, kwargs={ 'username': '******' })) self.assertEqual(response.status_code, 200)
def _authenticated_client( self, url, username='******', password='******', extra={}): client = DigestClient() # request with no credentials req = client.get(url, {}, **extra) self.assertEqual(req.status_code, 401) # apply credentials client.set_authorization(username, password, 'Digest') req = client.get(url, {}, **extra) # if 204 authorization successfull, proceed self.assertEqual(req.status_code, 204) # submissions should use this authenticated client return client
def instances_xml(url, request, **kwargs): response = requests.Response() client = DigestClient() client.set_authorization('bob', 'bob', 'Digest') res = client.get('%s?%s' % (url.path, url.query)) if res.status_code == 302: res = client.get(res['Location']) response.encoding = res.get('content-type') response._content = get_streaming_content(res) else: response._content = res.content response.status_code = 200 return response
def test_retrieve_xform_manifest_linked_form(self): # for linked forms check if manifest media download url for csv # has a group_delimiter param data_type = 'media' data_value = 'xform {} transportation'.format(self.xform.pk) media = self._add_form_metadata(self.xform, data_type, data_value) self.view = XFormListViewSet.as_view( { "get": "manifest", "head": "manifest" } ) # sign in bob request = self.factory.head('/') auth_response = self.view(request, pk=self.xform.pk) auth = DigestAuth('bob', 'bobbob') # set up bob's request request = self.factory.get('/xformsManifest') request.META.update(auth(request.META, auth_response)) # make request response = self.view(request, pk=self.xform.pk, format='csv') # test manifest_media_url = '{}{}'.format( media.data['media_url'], '?group_delimiter=.&repeat_index_tags=_,_') download_url = response.data[0]['downloadUrl'] self.assertEqual(manifest_media_url, download_url) url = '/bob/xformsMedia/{}/{}.csv?group_delimiter=.'\ .format(self.xform.pk, self.metadata.pk) username = '******' password = '******' client = DigestClient() client.set_authorization(username, password, 'Digest') req = client.get(url) self.assertEqual(req.status_code, 200) # enable meta perms data_value = "editor-minor|dataentry" MetaData.xform_meta_permission(self.xform, data_value=data_value) req = client.get(url) self.assertEqual(req.status_code, 401)
def _authenticated_client(self, url, username='******', password='******', extra={}): client = DigestClient() # request with no credentials req = client.get(url, {}, **extra) self.assertEqual(req.status_code, 401) # apply credentials client.set_authorization(username, password, 'Digest') req = client.get(url, {}, **extra) # if 204 authorization successfull, proceed self.assertEqual(req.status_code, 204) # submissions should use this authenticated client return client
def _download_xform(self): client = DigestClient() client.set_authorization('bob', 'bob') response = client.get(self.download_url) response_doc = minidom.parseString(response.content) xml_path = os.path.join(self.this_directory, "fixtures", "transportation", "transportation.xml") with open(xml_path) as xml_file: expected_doc = minidom.parse(xml_file) model_node = [ n for n in response_doc.getElementsByTagName("h:head")[0].childNodes if n.nodeType == Node.ELEMENT_NODE and n.tagName == "model"][0] # check for UUID and remove uuid_nodes = [node for node in model_node.childNodes if node.nodeType == Node.ELEMENT_NODE and node.getAttribute("nodeset") == "/transportation/formhub/uuid"] self.assertEqual(len(uuid_nodes), 1) uuid_node = uuid_nodes[0] uuid_node.setAttribute("calculate", "''") response_xml = response_doc.toxml().replace( self.xform.version, u"201411120717") # check content without UUID self.assertEqual(response_xml, expected_doc.toxml())
def _download_xform(self): client = DigestClient() client.set_authorization('bob', 'bob') response = client.get(self.download_url) response_doc = minidom.parseString(response.content) xml_path = os.path.join(self.this_directory, "fixtures", "transportation", "transportation.xml") with open(xml_path) as xml_file: expected_doc = minidom.parse(xml_file) model_node = [ n for n in response_doc.getElementsByTagName("h:head")[0].childNodes if n.nodeType == Node.ELEMENT_NODE and n.tagName == "model" ][0] # check for UUID and remove uuid_nodes = [ node for node in model_node.childNodes if node.nodeType == Node.ELEMENT_NODE and node.getAttribute("nodeset") == "/transportation/formhub/uuid" ] self.assertEqual(len(uuid_nodes), 1) uuid_node = uuid_nodes[0] uuid_node.setAttribute("calculate", "''") # check content without UUID self.assertEqual(response_doc.toxml(), expected_doc.toxml())
def _get_authenticated_client(self, url, username="******", password="******", extra={}): client = DigestClient() # request with no credentials req = client.get(url, {}, **extra) self.assertEqual(req.status_code, 401) # apply credentials client.set_authorization(username, password, "Digest") return client
def testOtaRestore(self, password=None): client = Client() client.set_authorization(self.couch_user.username, password if password else self.password, method='Digest') resp = client.get('/a/%s/phone/restore' % self.domain, follow=True) self.assertEqual(resp.status_code, 200) self.assertTrue(resp.content.count("Successfully restored account %s!" % self.username) > 0)
def _get_authenticated_client( self, url, username='******', password='******', extra={}): client = DigestClient() # request with no credentials req = client.get(url, {}, **extra) self.assertEqual(req.status_code, 401) # apply credentials client.set_authorization(username, password, 'Digest') return client
def test_attachment_url_with_digest_auth(self): self.client.logout() response = self.client.get(self.url, {'media_file': self.attachment_media_file}) self.assertEqual(response.status_code, 401) # nginx is used as proxy self.assertTrue('WWW-Authenticate' in response) digest_client = DigestClient() digest_client.set_authorization(self.login_username, self.login_password) response = digest_client.get( self.url, {'media_file': self.attachment_media_file}) self.assertEqual(response.status_code, 200)
def testOtaRestore(self, password=None): client = Client() client.set_authorization(self.couch_user.username, password if password else self.password, method='Digest') resp = client.get('/a/%s/phone/restore' % self.domain, follow=True) self.assertEqual(resp.status_code, 200) self.assertTrue( resp.content.count("Successfully restored account %s!" % self.username) > 0)
def _check_formlist(self): url = '/%s/formList' % self.user.username client = DigestClient() client.set_authorization('bob', 'bob') response = client.get(url) self.download_url = \ 'http://testserver/%s/forms/%s/form.xml'\ % (self.user.username, self.xform.pk) md5_hash = md5(self.xform.xml.encode('utf-8')).hexdigest() expected_content = """<?xml version="1.0" encoding="utf-8"?> <xforms xmlns="http://openrosa.org/xforms/xformsList"><xform><formID>transportation_2011_07_25</formID><name>transportation_2011_07_25</name><version>2014111</version><hash>md5:%(hash)s</hash><descriptionText></descriptionText><downloadUrl>%(download_url)s</downloadUrl><manifestUrl></manifestUrl></xform></xforms>""" # noqa expected_content = expected_content % { 'download_url': self.download_url, 'hash': md5_hash } self.assertEqual(response.content.decode('utf-8'), expected_content) self.assertTrue(response.has_header('X-OpenRosa-Version')) self.assertTrue(response.has_header('Date'))
def test_pages(self): """ Confirm that all the groups/locations/users appear on the correct pages """ client = Client() client.login(username=self.username, password=self.password) # expected_id_sets is a list of sets. # expected_id_sets is constructed such that # For option with index x yielded by the view: # the option's id should be in expected_ids[x] expected_id_sets = [{"user_location"}, {"user_parent_location"}] for i in self.groups: expected_id_sets.append(self.group_ids) for i in self.locations: expected_id_sets.append(self.location_ids) for i in self.users: expected_id_sets.append(self.user_ids) page_size = 3 # using a small number because more pages will hopefully be more likely to reveal bugs expected_num_pages = int( math.ceil(len(expected_id_sets) / float(page_size))) for i in range(expected_num_pages): page = i + 1 response = client.get(reverse(CallCenterOwnerOptionsView.url_name, args=[self.domain.name]), data={ "page": page, "page_limit": page_size, "q": "" }) response_json = json.loads(response.content) self.assertEqual(response_json['total'], len(expected_id_sets)) for item_index, item in enumerate(response_json['results']): id_ = item['id'] option_index = ((page - 1) * page_size) + item_index self.assertTrue( id_ in expected_id_sets[option_index], "Unexpected item {} at index {}.".format( item, option_index))
def _check_formList(self): url = '/%s/formList' % self.user.username client = DigestClient() client.set_authorization('bob', 'bob') response = client.get(url) self.download_url = \ 'http://testserver/%s/forms/%s/form.xml'\ % (self.user.username, self.xform.pk) self.manifest_url = \ 'http://testserver/%s/xformsManifest/%s'\ % (self.user.username, self.xform.pk) md5_hash = md5(self.xform.xml).hexdigest() expected_content = """<?xml version="1.0" encoding="utf-8"?> <xforms xmlns="http://openrosa.org/xforms/xformsList"><xform><formID>transportation_2011_07_25</formID><name>transportation_2011_07_25</name><majorMinorVersion></majorMinorVersion><version></version><hash>md5:%(hash)s</hash><descriptionText>transportation_2011_07_25</descriptionText><downloadUrl>%(download_url)s</downloadUrl><manifestUrl>%(manifest_url)s</manifestUrl></xform></xforms>""" # noqa expected_content = expected_content % { 'download_url': self.download_url, 'manifest_url': self.manifest_url, 'hash': md5_hash } self.assertEqual(response.content, expected_content) self.assertTrue(response.has_header('X-OpenRosa-Version')) self.assertTrue(response.has_header('Date'))
def test_pages(self): """ Confirm that all the groups/locations/users appear on the correct pages """ client = Client() client.login(username=self.username, password=self.password) # expected_id_sets is a list of sets. # expected_id_sets is constructed such that # For option with index x yielded by the view: # the option's id should be in expected_ids[x] expected_id_sets = [{"user_location"}, {"user_parent_location"}] for i in self.groups: expected_id_sets.append(self.group_ids) for i in self.locations: expected_id_sets.append(self.location_ids) for i in self.users: expected_id_sets.append(self.user_ids) page_size = 3 # using a small number because more pages will hopefully be more likely to reveal bugs expected_num_pages = int(math.ceil(len(expected_id_sets) / float(page_size))) for i in range(expected_num_pages): page = i + 1 response = client.get(reverse( CallCenterOwnerOptionsView.url_name, args=[self.domain.name]), data={"page": page, "page_limit": page_size, "q": ""} ) response_json = json.loads(response.content) self.assertEqual(response_json['total'], len(expected_id_sets)) for item_index, item in enumerate(response_json['results']): id_ = item['id'] option_index = ((page - 1) * page_size) + item_index self.assertTrue( id_ in expected_id_sets[option_index], "Unexpected item {} at index {}.".format(item, option_index) )