Esempio n. 1
0
    def test_get_with_product_id(self, mock_get_user):
        user_info = {
            'openid': 'test-open-id',
            'email': '*****@*****.**',
            'fullname': 'Foo Bar'
        }
        db.user_save(user_info)

        mock_get_user.return_value = 'test-open-id'

        fake_product = {
            'name': 'product name',
            'description': 'product description',
            'product_type': api_const.CLOUD,
        }

        product = json.dumps(fake_product)
        response = self.post_json('/v1/products/', params=product)
        product_id = response['id']

        # Create a version.
        version_url = '/v1/products/' + product_id + '/versions'
        version = {'cpid': '123', 'version': '6.0'}
        post_response = self.post_json(version_url, params=json.dumps(version))
        version_id = post_response['id']

        # Create a test and associate it to the product version and user.
        results = json.dumps(FAKE_TESTS_RESULT)
        post_response = self.post_json('/v1/results', params=results)
        test_id = post_response['test_id']
        test_info = {'id': test_id, 'product_version_id': version_id}
        db.update_test(test_info)
        db.save_test_meta_item(test_id, api_const.USER, 'test-open-id')

        url = self.URL + '?page=1&product_id=' + product_id

        # Test GET.
        response = self.get_json(url)
        self.assertEqual(1, len(response['results']))
        self.assertEqual(test_id, response['results'][0]['id'])

        # Test unauthorized.
        mock_get_user.return_value = 'test-foo-id'
        response = self.get_json(url, expect_errors=True)
        self.assertEqual(403, response.status_code)

        # Make product public.
        product_info = {'id': product_id, 'public': 1}
        db.update_product(product_info)

        # Test result is not shared yet, so no tests should return.
        response = self.get_json(url)
        self.assertFalse(response['results'])

        # Share the test run.
        db.save_test_meta_item(test_id, api_const.SHARED_TEST_RUN, 1)
        response = self.get_json(url)
        self.assertEqual(1, len(response['results']))
        self.assertEqual(test_id, response['results'][0]['id'])
Esempio n. 2
0
    def test_get_with_product_id(self, mock_get_user):
        user_info = {
            'openid': 'test-open-id',
            'email': '*****@*****.**',
            'fullname': 'Foo Bar'
        }
        db.user_save(user_info)

        mock_get_user.return_value = 'test-open-id'

        fake_product = {
            'name': 'product name',
            'description': 'product description',
            'product_type': api_const.CLOUD,
        }

        product = json.dumps(fake_product)
        response = self.post_json('/v1/products/', params=product)
        product_id = response['id']

        # Create a version.
        version_url = '/v1/products/' + product_id + '/versions'
        version = {'cpid': '123', 'version': '6.0'}
        post_response = self.post_json(version_url, params=json.dumps(version))
        version_id = post_response['id']

        # Create a test and associate it to the product version and user.
        results = json.dumps(FAKE_TESTS_RESULT)
        post_response = self.post_json('/v1/results', params=results)
        test_id = post_response['test_id']
        test_info = {'id': test_id, 'product_version_id': version_id}
        db.update_test_result(test_info)
        db.save_test_result_meta_item(test_id, api_const.USER, 'test-open-id')

        url = self.URL + '?page=1&product_id=' + product_id

        # Test GET.
        response = self.get_json(url)
        self.assertEqual(1, len(response['results']))
        self.assertEqual(test_id, response['results'][0]['id'])

        # Test unauthorized.
        mock_get_user.return_value = 'test-foo-id'
        response = self.get_json(url, expect_errors=True)
        self.assertEqual(403, response.status_code)

        # Make product public.
        product_info = {'id': product_id, 'public': 1}
        db.update_product(product_info)

        # Test result is not shared yet, so no tests should return.
        response = self.get_json(url)
        self.assertFalse(response['results'])

        # Share the test run.
        db.save_test_result_meta_item(test_id, api_const.SHARED_TEST_RUN, 1)
        response = self.get_json(url)
        self.assertEqual(1, len(response['results']))
        self.assertEqual(test_id, response['results'][0]['id'])
Esempio n. 3
0
 def setUp(self):
     super(TestProfileEndpoint, self).setUp()
     self.user_info = {
         'openid': 'test-open-id',
         'email': '*****@*****.**',
         'fullname': 'Foo Bar'
     }
     db.user_save(self.user_info)
Esempio n. 4
0
 def setUp(self):
     super(TestProfileEndpoint, self).setUp()
     self.user_info = {
         'openid': 'test-open-id',
         'email': '*****@*****.**',
         'fullname': 'Foo Bar'
     }
     db.user_save(self.user_info)
Esempio n. 5
0
    def setUp(self):
        super(TestProductsEndpoint, self).setUp()
        self.config_fixture = config_fixture.Config()
        self.CONF = self.useFixture(self.config_fixture).conf

        self.user_info = {
            'openid': 'test-open-id',
            'email': '*****@*****.**',
            'fullname': 'Foo Bar'
        }
        db.user_save(self.user_info)
Esempio n. 6
0
    def signin_return(self):
        """Handle returned request from OpenID 2.0 IdP."""
        session = api_utils.get_user_session()
        if pecan.request.GET.get(const.OPENID_ERROR):
            api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
            self._auth_failure(pecan.request.GET.get(const.OPENID_ERROR))

        if pecan.request.GET.get(const.OPENID_MODE) == 'cancel':
            api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
            self._auth_failure('Authentication canceled.')

        session_token = session.get(const.CSRF_TOKEN)
        request_token = pecan.request.GET.get(const.CSRF_TOKEN)
        if request_token != session_token:
            api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
            self._auth_failure('Authentication failed. Please try again.')

        api_utils.verify_openid_request(pecan.request)
        user_info = {
            'openid': pecan.request.GET.get(const.OPENID_CLAIMED_ID),
            'email': pecan.request.GET.get(const.OPENID_NS_SREG_EMAIL),
            'fullname': pecan.request.GET.get(const.OPENID_NS_SREG_FULLNAME)
        }
        user = db.user_save(user_info)

        api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
        session[const.USER_OPENID] = user.openid
        session.save()

        pecan.redirect(CONF.ui_url)
Esempio n. 7
0
    def signin_return(self):
        """Handle returned request from OpenID 2.0 IdP."""
        session = api_utils.get_user_session()
        if pecan.request.GET.get(const.OPENID_ERROR):
            api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
            self._auth_failure(pecan.request.GET.get(const.OPENID_ERROR))

        if pecan.request.GET.get(const.OPENID_MODE) == 'cancel':
            api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
            self._auth_failure('Authentication canceled.')

        session_token = session.get(const.CSRF_TOKEN)
        request_token = pecan.request.GET.get(const.CSRF_TOKEN)
        if request_token != session_token:
            api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
            self._auth_failure('Authentication failed. Please try again.')

        api_utils.verify_openid_request(pecan.request)
        user_info = {
            'openid': pecan.request.GET.get(const.OPENID_CLAIMED_ID),
            'email': pecan.request.GET.get(const.OPENID_NS_SREG_EMAIL),
            'fullname': pecan.request.GET.get(const.OPENID_NS_SREG_FULLNAME)
        }
        user = db.user_save(user_info)

        api_utils.delete_params_from_user_session([const.CSRF_TOKEN])
        session[const.USER_OPENID] = user.openid
        session.save()

        pecan.redirect(CONF.ui_url)
Esempio n. 8
0
    def setUp(self):
        super(TestResultsEndpointNoAnonymous, self).setUp()
        self.config_fixture = config_fixture.Config()
        self.CONF = self.useFixture(self.config_fixture).conf
        self.CONF.api.enable_anonymous_upload = False

        self.user_info = {
            'openid': 'test-open-id',
            'email': '*****@*****.**',
            'fullname': 'Foo Bar'
        }

        db.user_save(self.user_info)

        good_key = self._generate_keypair_()
        self.body = json.dumps(FAKE_TESTS_RESULT).encode()
        signature = self._sign_body_(good_key, self.body)
        pubkey = self._get_public_key_(good_key)
        x_signature = binascii.b2a_hex(signature)

        self.good_headers = {
            'X-Signature': x_signature,
            'X-Public-Key': pubkey
        }

        self.pubkey_info = {
            'openid': 'test-open-id',
            'format': 'ssh-rsa',
            'pubkey': pubkey.split()[1],
            'comment': 'comment'
        }

        db.store_pubkey(self.pubkey_info)

        bad_key = self._generate_keypair_()
        bad_signature = self._sign_body_(bad_key, self.body)
        bad_pubkey = self._get_public_key_(bad_key)
        x_bad_signature = binascii.b2a_hex(bad_signature)

        self.bad_headers = {
            'X-Signature': x_bad_signature,
            'X-Public-Key': bad_pubkey
        }
Esempio n. 9
0
    def setUp(self):
        super(TestResultsEndpointNoAnonymous, self).setUp()
        self.config_fixture = config_fixture.Config()
        self.CONF = self.useFixture(self.config_fixture).conf
        self.CONF.api.enable_anonymous_upload = False

        self.user_info = {
            'openid': 'test-open-id',
            'email': '*****@*****.**',
            'fullname': 'Foo Bar'
        }

        db.user_save(self.user_info)

        good_key = self._generate_keypair_()
        self.body = json.dumps(FAKE_TESTS_RESULT).encode()
        signature = self._sign_body_(good_key, self.body)
        pubkey = self._get_public_key_(good_key)
        x_signature = binascii.b2a_hex(signature)

        self.good_headers = {
            'X-Signature': x_signature,
            'X-Public-Key': pubkey
        }

        self.pubkey_info = {
            'openid': 'test-open-id',
            'format': 'ssh-rsa',
            'pubkey': pubkey.split()[1],
            'comment': 'comment'
        }

        db.store_pubkey(self.pubkey_info)

        bad_key = self._generate_keypair_()
        bad_signature = self._sign_body_(bad_key, self.body)
        bad_pubkey = self._get_public_key_(bad_key)
        x_bad_signature = binascii.b2a_hex(bad_signature)

        self.bad_headers = {
            'X-Signature': x_bad_signature,
            'X-Public-Key': bad_pubkey
        }
Esempio n. 10
0
    def setUp(self):
        super(TestProductVersionEndpoint, self).setUp()
        self.config_fixture = config_fixture.Config()
        self.CONF = self.useFixture(self.config_fixture).conf

        self.user_info = {
            'openid': 'test-open-id',
            'email': '*****@*****.**',
            'fullname': 'Foo Bar'
        }
        db.user_save(self.user_info)

        patcher = mock.patch('refstack.api.utils.get_user_id')
        self.addCleanup(patcher.stop)
        self.mock_get_user = patcher.start()
        self.mock_get_user.return_value = 'test-open-id'

        product = json.dumps(FAKE_PRODUCT)
        response = self.post_json('/v1/products/', params=product)
        self.product_id = response['id']
        self.URL = '/v1/products/' + self.product_id + '/versions/'
Esempio n. 11
0
    def test_put(self, mock_user, mock_check_foundation, mock_check_owner):
        """Test results endpoint with put request."""
        results = json.dumps(FAKE_TESTS_RESULT)
        test_response = self.post_json(self.URL, params=results)
        test_id = test_response.get('test_id')
        url = self.URL + test_id

        user_info = {
            'openid': 'test-open-id',
            'email': '*****@*****.**',
            'fullname': 'Foo Bar'
        }
        db.user_save(user_info)

        fake_product = {
            'name': 'product name',
            'description': 'product description',
            'product_type': api_const.CLOUD,
        }

        # Create a product
        product_response = self.post_json('/v1/products/',
                                          params=json.dumps(fake_product))
        # Create a product version
        version_url = '/v1/products/' + product_response['id'] + '/versions/'
        version_response = self.post_json(version_url,
                                          params=json.dumps({'version': '1'}))

        # Test Foundation admin can put.
        mock_check_foundation.return_value = True
        body = {'product_version_id': version_response['id']}
        self.put_json(url, params=json.dumps(body))
        get_response = self.get_json(url)
        self.assertEqual(version_response['id'],
                         get_response['product_version']['id'])

        # Test when product_version_id is None.
        body = {'product_version_id': None}
        self.put_json(url, params=json.dumps(body))
        get_response = self.get_json(url)
        self.assertIsNone(get_response['product_version'])

        # Test when test verification preconditions are not met.
        body = {'verification_status': api_const.TEST_VERIFIED}
        put_response = self.put_json(url, expect_errors=True,
                                     params=json.dumps(body))
        self.assertEqual(403, put_response.status_code)

        # Share the test run.
        db.save_test_result_meta_item(test_id, api_const.SHARED_TEST_RUN, True)
        put_response = self.put_json(url, expect_errors=True,
                                     params=json.dumps(body))
        self.assertEqual(403, put_response.status_code)

        # Now associate guideline and target program. Now we should be
        # able to mark a test verified.
        db.save_test_result_meta_item(test_id, 'target', 'platform')
        db.save_test_result_meta_item(test_id, 'guideline', '2016.01.json')
        put_response = self.put_json(url, params=json.dumps(body))
        self.assertEqual(api_const.TEST_VERIFIED,
                         put_response['verification_status'])

        # Unshare the test, and check that we can mark it not verified.
        db.delete_test_result_meta_item(test_id, api_const.SHARED_TEST_RUN)
        body = {'verification_status': api_const.TEST_NOT_VERIFIED}
        put_response = self.put_json(url, params=json.dumps(body))
        self.assertEqual(api_const.TEST_NOT_VERIFIED,
                         put_response['verification_status'])

        # Test when verification_status value is invalid.
        body = {'verification_status': 111}
        put_response = self.put_json(url, expect_errors=True,
                                     params=json.dumps(body))
        self.assertEqual(400, put_response.status_code)

        # Check test owner can put.
        mock_check_foundation.return_value = False
        mock_check_owner.return_value = True
        body = {'product_version_id': version_response['id']}
        self.put_json(url, params=json.dumps(body))
        get_response = self.get_json(url)
        self.assertEqual(version_response['id'],
                         get_response['product_version']['id'])

        # Test non-Foundation user can't change verification_status.
        body = {'verification_status': 1}
        put_response = self.put_json(url, expect_errors=True,
                                     params=json.dumps(body))
        self.assertEqual(403, put_response.status_code)

        # Test unauthorized put.
        mock_check_foundation.return_value = False
        mock_check_owner.return_value = False
        self.assertRaises(webtest.app.AppError,
                          self.put_json,
                          url,
                          params=json.dumps(body))
Esempio n. 12
0
 def test_user_save(self, mock_db):
     user_info = '*****@*****.**'
     db.user_save(user_info)
     mock_db.assert_called_once_with(user_info)
Esempio n. 13
0
    def test_put(self, mock_user, mock_check_foundation, mock_check_owner):
        """Test results endpoint with put request."""
        results = json.dumps(FAKE_TESTS_RESULT)
        test_response = self.post_json(self.URL, params=results)
        test_id = test_response.get('test_id')
        url = self.URL + test_id

        user_info = {
            'openid': 'test-open-id',
            'email': '*****@*****.**',
            'fullname': 'Foo Bar'
        }
        db.user_save(user_info)

        fake_product = {
            'name': 'product name',
            'description': 'product description',
            'product_type': api_const.CLOUD,
        }

        # Create a product
        product_response = self.post_json('/v1/products/',
                                          params=json.dumps(fake_product))
        # Create a product version
        version_url = '/v1/products/' + product_response['id'] + '/versions/'
        version_response = self.post_json(version_url,
                                          params=json.dumps({'version': '1'}))

        # Test Foundation admin can put.
        mock_check_foundation.return_value = True
        body = {'product_version_id': version_response['id']}
        self.put_json(url, params=json.dumps(body))
        get_response = self.get_json(url)
        self.assertEqual(version_response['id'],
                         get_response['product_version']['id'])

        # Test when product_version_id is None.
        body = {'product_version_id': None}
        self.put_json(url, params=json.dumps(body))
        get_response = self.get_json(url)
        self.assertIsNone(get_response['product_version'])

        # Test when test verification preconditions are not met.
        body = {'verification_status': api_const.TEST_VERIFIED}
        put_response = self.put_json(url, expect_errors=True,
                                     params=json.dumps(body))
        self.assertEqual(403, put_response.status_code)

        # Share the test run.
        db.save_test_meta_item(test_id, api_const.SHARED_TEST_RUN, True)
        put_response = self.put_json(url, expect_errors=True,
                                     params=json.dumps(body))
        self.assertEqual(403, put_response.status_code)

        # Now associate guideline and target program. Now we should be
        # able to mark a test verified.
        db.save_test_meta_item(test_id, 'target', 'platform')
        db.save_test_meta_item(test_id, 'guideline', '2016.01.json')
        put_response = self.put_json(url, params=json.dumps(body))
        self.assertEqual(api_const.TEST_VERIFIED,
                         put_response['verification_status'])

        # Unshare the test, and check that we can mark it not verified.
        db.delete_test_meta_item(test_id, api_const.SHARED_TEST_RUN)
        body = {'verification_status': api_const.TEST_NOT_VERIFIED}
        put_response = self.put_json(url, params=json.dumps(body))
        self.assertEqual(api_const.TEST_NOT_VERIFIED,
                         put_response['verification_status'])

        # Test when verification_status value is invalid.
        body = {'verification_status': 111}
        put_response = self.put_json(url, expect_errors=True,
                                     params=json.dumps(body))
        self.assertEqual(400, put_response.status_code)

        # Check test owner can put.
        mock_check_foundation.return_value = False
        mock_check_owner.return_value = True
        body = {'product_version_id': version_response['id']}
        self.put_json(url, params=json.dumps(body))
        get_response = self.get_json(url)
        self.assertEqual(version_response['id'],
                         get_response['product_version']['id'])

        # Test non-Foundation user can't change verification_status.
        body = {'verification_status': 1}
        put_response = self.put_json(url, expect_errors=True,
                                     params=json.dumps(body))
        self.assertEqual(403, put_response.status_code)

        # Test unauthorized put.
        mock_check_foundation.return_value = False
        mock_check_owner.return_value = False
        self.assertRaises(webtest.app.AppError,
                          self.put_json,
                          url,
                          params=json.dumps(body))