Esempio n. 1
0
def test_org_admin_get_own_org(org_admin_headers):
    """ services api allows org admins to get their own org's document """
    org = org_admin_headers["CVE-API-ORG"]
    res = requests.get(f'{env.AWG_BASE_URL}{ORG_URL}/{org}',
                       headers=org_admin_headers)
    assert res.status_code == 200
    response_contains(res, org_admin_headers['CVE-API-ORG'])
Esempio n. 2
0
def test_put_update_user_org_short_name():
    """ services api allows users org to be updated by secretariat """
    org, user = create_new_user_with_new_org_by_uuid()
    new_org = str(uuid.uuid4())
    new_org_res = post_new_org(new_org, new_org)
    assert new_org_res.status_code == 200

    res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}',
                       headers=utils.BASE_HEADERS,
                       params={'org_shortname': new_org})
    assert res.status_code == 200
    response_contains_json(res, 'message', f'{user} was successfully updated.')

    # user doesn't exist at this endpoint because its under a new org
    res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}',
                       headers=utils.BASE_HEADERS,
                       params={'org_shortname': new_org})
    assert res.status_code == 404
    response_contains(res,
                      'designated by the username parameter does not exist.')
    response_contains_json(res, 'error', 'USER_DNE')

    # but we can get the new user
    res = requests.get(f'{env.AWG_BASE_URL}{ORG_URL}/{new_org}/user/{user}',
                       headers=utils.BASE_HEADERS)
    ok_response_contains(res, user)
Esempio n. 3
0
def test_post_cve_id_range_already_exists(choose_year):
    """ ranges for 1999 to the current year must exist """
    res = requests.post(f'{env.AWG_BASE_URL}{CVE_ID_RANGE_URL}/{choose_year}',
                        headers=utils.BASE_HEADERS)
    assert res.status_code == 400
    response_contains(res, (f'document for year {choose_year} was not created '
                            'because it already exists.'))
    response_contains_json(res, 'error', 'YEAR_RANGE_EXISTS')
Esempio n. 4
0
def test_put_update_user_reset_secret():
    """ services api allows the secretariat to reset user secrets """
    org, user = create_new_user_with_new_org_by_uuid()
    res = requests.put(
        f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}/reset_secret',
        headers=utils.BASE_HEADERS)
    assert res.status_code == 200
    response_contains(res, 'API-secret')
Esempio n. 5
0
def test_org_admin_get_own_user_info(org_admin_headers):
    """ services api allows org admin to get its own user info """
    org = org_admin_headers['CVE-API-ORG']
    user = org_admin_headers['CVE-API-USER']
    res = requests.get(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}',
                       headers=org_admin_headers)
    assert res.status_code == 200
    response_contains(res, user)
Esempio n. 6
0
def test_org_admin_reset_own_secret(org_admin_headers):
    """ services api allows admin users to reset their own secret """
    org = org_admin_headers['CVE-API-ORG']
    user = org_admin_headers['CVE-API-USER']
    res = requests.put(
        f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}/reset_secret',
        headers=org_admin_headers)
    assert res.status_code == 200
    response_contains(res, 'API-secret')
Esempio n. 7
0
def test_org_admin_get_own_users_info(org_admin_headers):
    """ services api allows org admin to get its own users info """
    org = org_admin_headers['CVE-API-ORG']
    user = org_admin_headers['CVE-API-USER']
    res = requests.get(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/users',
                       headers=org_admin_headers)
    assert res.status_code == 200
    assert len(json.loads(res.content.decode())['users']) >= 1
    response_contains(res, user)
Esempio n. 8
0
def test_put_cve_id_id_empty_params():
    """ cve services id update endpoint fails for empty query parameters """
    res = requests.put(
        f'{env.AWG_BASE_URL}{CVE_ID_URL}/{cve_id}',
        headers=utils.BASE_HEADERS,
        params={'state': '', 'cna': ''}
    )
    assert res.status_code == 400
    response_contains(res, 'state')
    response_contains_json(res, 'message', 'Parameters were invalid')
Esempio n. 9
0
def test_put_update_user_add_empty_role():
    """ services api rejects request to add roles that do not exist """
    org, user = create_new_user_with_new_org_by_uuid()
    res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}',
                       headers=utils.BASE_HEADERS,
                       params={'active_roles.add': 'MAGNANIMOUS'})
    assert res.status_code == 400
    assert 'MAGNANIMOUS' not in res.content.decode()
    response_contains_json(res, 'error', 'BAD_INPUT')
    response_contains_json(res, 'message', 'Parameters were invalid')
    response_contains(res, 'User role does not exist.')
Esempio n. 10
0
def test_org_admin_reset_same_org_secret(org_admin_headers):
    """ services api allows admin users to reset the secret of users of same org"""
    org = org_admin_headers['CVE-API-ORG']
    user = str(uuid.uuid4())
    res = post_new_org_user(org, user)
    assert res.status_code == 200
    res = requests.put(
        f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}/reset_secret',
        headers=org_admin_headers)
    assert res.status_code == 200
    response_contains(res, 'API-secret')
Esempio n. 11
0
def test_put_cve_id_id_state_blarg():
    """ an id's state can only be set to public or reject """
    res = requests.put(
        f'{env.AWG_BASE_URL}{CVE_ID_URL}/{cve_id}',
        headers=utils.BASE_HEADERS,
        params={'state':'BLARG'}
    )
    assert res.status_code == 400
    assert 'BLARG' not in res.content.decode()
    response_contains(res, 'state')
    response_contains_json(res, 'message', 'Parameters were invalid')
Esempio n. 12
0
def test_post_cve_id_empty_params(org_admin_headers):
    """ cve services doesn't accept id reservation with blank parameters """
    res = requests.post(f'{env.AWG_BASE_URL}{CVE_ID_URL}',
                        headers=org_admin_headers,
                        params={
                            'amount': '',
                            'batch_type': '',
                            'cve_year': '',
                            'short_name': ''
                        })
    # NOTE: there isn't a `short_name` error here, why?
    assert res.status_code == 400
    response_contains(res, 'amount')
    response_contains(res, 'cve_year')
Esempio n. 13
0
def test_get_cve_id_available_state():
    """ CVE ID filter endpoint does not return any IDs with state 'AVAILABLE' """
    res = requests.get(
        f'{env.AWG_BASE_URL}{CVE_ID_URL}',
        headers=utils.BASE_HEADERS,
        params={
            'page': 1,
            'state': 'PUBLIC',
            'cve_id_year': 2011
        }
    )
    assert res.status_code == 200
    assert 'AVAILABLE' not in res.content.decode()
    response_contains(res, 'state')
Esempio n. 14
0
def test_put_update_user_username():
    """ services api allows user usernames to be updated by secretariat """
    org, user = create_new_user_with_new_org_by_uuid()
    new_user_uid = str(uuid.uuid4())

    # finally, we can update that user
    res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}',
                       headers=utils.BASE_HEADERS,
                       params={'new_username': new_user_uid})
    assert res.status_code == 200
    response_contains_json(res, 'message', f'{user} was successfully updated.')

    # we can't try again because the user doesn't exist anymore
    res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}',
                       headers=utils.BASE_HEADERS,
                       params={'new_username': new_user_uid})
    assert res.status_code == 404
    response_contains(res,
                      'designated by the username parameter does not exist.')
    response_contains_json(res, 'error', 'USER_DNE')
Esempio n. 15
0
def test_post_cve_id_no_params(org_admin_headers):
    """ batch type is the only optional parameter for reserving ids """
    res = requests.post(f'{env.AWG_BASE_URL}{CVE_ID_URL}',
                        headers=org_admin_headers)
    assert res.status_code == 400
    response_contains(res, 'amount')
    response_contains(res, 'cve_year')
    response_contains(res, 'short_name')
Esempio n. 16
0
def test_get_cve_id_empty_parameters(reg_user_headers):
    """ cannot get id with empty parameters """
    res = requests.get(
        f'{env.AWG_BASE_URL}{CVE_ID_URL}',
        headers=reg_user_headers,
        params={
            'page': ' ',
            'state': ' ',
            'cve_id_year': ' ',
            'time_reserved.lt': ' ',
            'time_reserved.gt': ' ',
            'time_modified.lt': ' ',
            'time_modified.gt': ' '
        }
    )
    assert res.status_code == 400
    response_contains(res, 'page')
    response_contains(res, 'state')
    response_contains(res, 'cve_id_year')
    response_contains(res, 'time_reserved.lt')
    response_contains(res, 'time_reserved.gt')
    response_contains(res, 'time_modified.lt')
    response_contains(res, 'time_modified.gt')
    response_contains_json(res, 'error', 'BAD_INPUT')