def test_permissions():
dev1 = models.Developer.query(models.Developer.consumer_key == "valid_key1").get()
consumer1 = oauth.Consumer(key=dev1.consumer_key, secret=dev1.consumer_secret)
# Make a call with no api level permissions, confirm that we get a 403
url = create_GET_url({"email":"*****@*****.**","components":"blacklist"},
"/api/v1/query/report", consumer1)
response = testapp.get(url, status=403)
eq_(response.status_int, 403)
eq_(response.body, "Insufficent permissions to access this resource")
grant_query()
# Make a call with api level permissions, but no component permissions,
# confirm that we still get a 403
response = testapp.get(url, status=403)
eq_(response.status_int, 403)
eq_(response.body, "Insufficent permissions to access components: blacklist")
grant_component(dev1, "blacklist")
# Make a request with both api and component level permissions, confirm
# that everything is a-ok
response = testapp.get(url)
eq_(response.status_int, 200)
def test_permissions():
dev1 = models.Developer.query(
models.Developer.consumer_key == "valid_key1").get()
consumer1 = oauth.Consumer(key=dev1.consumer_key,
secret=dev1.consumer_secret)
# Make a call with no api level permissions, confirm that we get a 403
url = create_GET_url({
"email": "*****@*****.**",
"components": "blacklist"
}, "/api/v1/query/report", consumer1)
response = testapp.get(url, status=403)
eq_(response.status_int, 403)
eq_(response.body, "Insufficent permissions to access this resource")
grant_query()
# Make a call with api level permissions, but no component permissions,
# confirm that we still get a 403
response = testapp.get(url, status=403)
eq_(response.status_int, 403)
eq_(response.body,
"Insufficent permissions to access components: blacklist")
grant_component(dev1, "blacklist")
# Make a request with both api and component level permissions, confirm
# that everything is a-ok
response = testapp.get(url)
eq_(response.status_int, 200)
def test_blacklist():
grant_query()
_load_test_data()
dev1 = models.Developer.query(models.Developer.consumer_key == "valid_key1").get()
grant_component(dev1, "blacklist")
consumer1 = oauth.Consumer(key=dev1.consumer_key, secret=dev1.consumer_secret)
# Check a user who has not been blacklisted
url = create_GET_url({"email":"*****@*****.**", "components": "blacklist"},
"/api/v1/query/report", consumer1)
response = testapp.get(url)
eq_(response.status_int, 200)
blacklist_data = response.json["blacklist"]
eq_(blacklist_data["blacklisting_count"], 0)
eq_(len(blacklist_data["blacklistings"]), 0)
# Check a user who HAS been blacklisted
# This test also tests our correlation algorithm by querying on a piece of
# PII that is NOT directly associated with the blacklisting - it's
# affiliated with the user through another marketplace.
url = create_GET_url({"email":"*****@*****.**", "components": "blacklist"},
"/api/v1/query/report", consumer1)
response = testapp.get(url)
eq_(response.status_int, 200)
blacklist_data = response.json["blacklist"]
eq_(blacklist_data["blacklisting_count"], 1)
eq_(len(blacklist_data["blacklistings"]), 1)
eq_(blacklist_data["blacklistings"][0]["date_banned"], "2009-09-25")
eq_(blacklist_data["blacklistings"][0]["reason_banned"], None)
eq_(blacklist_data["blacklistings"][0]["marketplace_type"], "ride sharing")
def test_blacklist():
grant_query()
_load_test_data()
dev1 = models.Developer.query(
models.Developer.consumer_key == "valid_key1").get()
grant_component(dev1, "blacklist")
consumer1 = oauth.Consumer(key=dev1.consumer_key,
secret=dev1.consumer_secret)
# Check a user who has not been blacklisted
url = create_GET_url({
"email": "*****@*****.**",
"components": "blacklist"
}, "/api/v1/query/report", consumer1)
response = testapp.get(url)
eq_(response.status_int, 200)
blacklist_data = response.json["blacklist"]
eq_(blacklist_data["blacklisting_count"], 0)
eq_(len(blacklist_data["blacklistings"]), 0)
# Check a user who HAS been blacklisted
# This test also tests our correlation algorithm by querying on a piece of
# PII that is NOT directly associated with the blacklisting - it's
# affiliated with the user through another marketplace.
url = create_GET_url({
"email": "*****@*****.**",
"components": "blacklist"
}, "/api/v1/query/report", consumer1)
response = testapp.get(url)
eq_(response.status_int, 200)
blacklist_data = response.json["blacklist"]
eq_(blacklist_data["blacklisting_count"], 1)
eq_(len(blacklist_data["blacklistings"]), 1)
eq_(blacklist_data["blacklistings"][0]["date_banned"], "2009-09-25")
eq_(blacklist_data["blacklistings"][0]["reason_banned"], None)
eq_(blacklist_data["blacklistings"][0]["marketplace_type"], "ride sharing")
def test_sandboxing():
"""
Tests the ability for orgs to use the sandbox API.
"""
grant_submit()
grant_query()
test_data = {"user_id": "1",
"ssn": "123121234",
"facebook_id": "132452356",
"name": "Rob Boyle",
"email": "*****@*****.**",
"date_joined": "1983-04-15",
"date_banned": "1983-10-30",
"reason_banned": "Too awesome.",
"review_count": 235,
"transaction_count": 942,
"positive_review_percentage": 74.23 }
# Setup developer 1
dev1 = models.Developer.query(models.Developer.consumer_key == "valid_key1").get()
consumer1 = oauth.Consumer(key=dev1.consumer_key, secret=dev1.consumer_secret)
grant_component(dev1, "blacklist")
# Setup developer 2
dev2 = models.Developer.query(models.Developer.consumer_key == "valid_key2").get()
consumer2 = oauth.Consumer(key=dev2.consumer_key, secret=dev2.consumer_secret)
grant_component(dev2, "blacklist")
# Submit a user to the dev1 sandbox
req = create_request(consumer1, "http://localhost/sandbox/v1/submit/user", "POST", urlencode(test_data))
response = testapp.post("/sandbox/v1/submit/user", req.to_postdata())
assert response.status_int == 200
assert response.json["user_id"] == u"1"
assert response.json["is_new"]
assert models.IntakeUser.query(models.IntakeUser.api_type=="api").count() == 0
assert models.IntakeUser.query(models.IntakeUser.org==dev1.org, models.IntakeUser.api_type=="sandbox").count() == 1
intake_user = models.IntakeUser.query(models.IntakeUser.api_type=="sandbox", models.IntakeUser.org==dev1.org).get()
check_intakeuser(intake_user, test_data, dev1.key, dev1.org)
# Query for the user using the sandbox blacklist query method
url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"},
"/sandbox/v1/query/report", consumer1)
response = testapp.get(url)
blacklist_data = response.json["blacklist"]
eq_(blacklist_data["blacklisting_count"], 1)
eq_(len(blacklist_data["blacklistings"]), 1)
eq_(blacklist_data["blacklistings"][0]["date_banned"], "1983-10-30")
eq_(blacklist_data["blacklistings"][0]["reason_banned"], "Too awesome.")
eq_(blacklist_data["blacklistings"][0]["marketplace_type"], "testing")
# Query for the user using the production API, make sure they don't show up
url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"},
"/api/v1/query/report", consumer1)
response = testapp.get(url)
blacklist_data = response.json["blacklist"]
eq_(len(blacklist_data["blacklistings"]), 0)
eq_(blacklist_data["blacklisting_count"], 0)
# Submit a user to the dev2 sandbox
test_data2 = {}
test_data2.update(test_data)
test_data2["email"] = "*****@*****.**"
req = create_request(consumer2, "http://localhost/sandbox/v1/submit/user", "POST", urlencode(test_data2))
response = testapp.post("/sandbox/v1/submit/user", req.to_postdata())
assert response.status_int == 200
assert response.json["user_id"] == u"1"
assert response.json["is_new"]
assert models.IntakeUser.query(models.IntakeUser.api_type=="api").count() == 0
assert models.IntakeUser.query(models.IntakeUser.org==dev2.org, models.IntakeUser.api_type=="sandbox").count() == 1
intake_user = models.IntakeUser.query(models.IntakeUser.api_type=="sandbox", models.IntakeUser.org==dev2.org).get()
check_intakeuser(intake_user, test_data2, dev2.key, dev2.org)
# Query for the user using the sandbox query method and the dev that created it
url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"},
"/sandbox/v1/query/report", consumer2)
response = testapp.get(url)
blacklist_data = response.json["blacklist"]
eq_(blacklist_data["blacklisting_count"], 1)
eq_(len(blacklist_data["blacklistings"]), 1)
eq_(blacklist_data["blacklistings"][0]["date_banned"], "1983-10-30")
eq_(blacklist_data["blacklistings"][0]["reason_banned"], "Too awesome.")
eq_(blacklist_data["blacklistings"][0]["marketplace_type"], "testing")
# Query for the user using the production API, make sure they don't show up
url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"},
"/api/v1/query/report", consumer2)
response = testapp.get(url)
blacklist_data = response.json["blacklist"]
eq_(len(blacklist_data["blacklistings"]), 0)
eq_(blacklist_data["blacklisting_count"], 0)
# Query for the user using the sandbox API, but the other developer, make
# sure developer 2's data doesn't show up.
url = create_GET_url({"email":"*****@*****.**", "components":"blacklist"},
"/sandbox/v1/query/report", consumer1)
response = testapp.get(url)
blacklist_data = response.json["blacklist"]
eq_(len(blacklist_data["blacklistings"]), 0)
eq_(blacklist_data["blacklisting_count"], 0)
