def test_get_spec_apps(self): apps = _db_get_spec_apps("http://justatest.com") assert len(apps) == 1 # Add a second spec (which should NOT be retrieved) for further testing. app2 = api.create_app("UTApp (1)", "translate", "http://different.com", "{'spec':'http://different.com'}") apps = _db_get_spec_apps("http://justatest.com") # Should still be 1. The new app is of a different spec. assert len(apps) == 1 # Add a second spec (which should be retrieved) for further testing. app2 = api.create_app("UTApp2", "translate", "http://justatest.com", "{'spec':'http://justatest.com'}") apps = _db_get_spec_apps("http://justatest.com") # Should now be 2. assert len(apps) == 2
def test_get_ownerships(self): # There should be no ownerships declared on the spec. ownerships = _db_get_ownerships("http://justatest.com") assert len(ownerships) == 0 # We now declare 1 ownership. _db_declare_ownership(self.tapp, "test_TEST") ownerships = _db_get_ownerships("http://justatest.com") assert len(ownerships) == 1 # We now create a second app for further testing. app2 = api.create_app("UTApp2", "translate", "{'spec':'http://justatest.com'}") api.add_var(app2, "spec", "http://justatest.com") # Ensure we still have 1 ownership. ownerships = _db_get_ownerships("http://justatest.com") assert len(ownerships) == 1 # Add a second ownership for another language. _db_declare_ownership(app2, "testen_TESTEN") ownerships = _db_get_ownerships("http://justatest.com") assert len(ownerships) == 2 # Ensure that the ownerships are right. firstOwnership = next(o for o in ownerships if o.value == "test_TEST") assert firstOwnership.app == self.tapp secondOwnership = next(o for o in ownerships if o.value == "testen_TESTEN") assert secondOwnership.app == app2
def test_delete_app(self): app = api.create_app("UTAppDel", "dummy", None, "{}") assert app is not None api.delete_app(app) app = api.get_app_by_name("UTAppDel") assert app is None
def test_delete_app(self): app = api.create_app("UTAppDel", "dummy", "{}") assert app is not None api.delete_app(app) app = api.get_app_by_name("UTAppDel") assert app is None
def test_created_app_persists(self): rv = self.login("testuser", "password") # import readline # optional, will allow Up/Down/History in the console # import code # vars = globals().copy() # vars.update(locals()) # shell = code.InteractiveConsole(vars) # shell.interact() # Create an App for the tests. self.tapp = api.create_app("UTApp", "dummy", None, "{}") self.tapp = api.get_app_by_name("UTApp") api.set_var(self.tapp, "TestVar", "TestValue") rv = self.login("testuser", "password") app = api.get_app_by_name("UTApp") assert app is not None vars = api.get_all_vars(app) assert len(vars) == 1 var = vars[0] assert var.name == "TestVar" assert var.value == "TestValue"
def setUp(self): from appcomposer.appstorage import api super(AppCreatedComposerTest, self).setUp() try: self.tapp = api.create_app("UTApp", "dummy", None, "{}") except: self.tearDown() raise
def new(): next_url = request.args.get('next', '') or request.form.get('next', '') name = request.args.get("name") if name is None: return "Missing parameter: name", 400 owner = current_user() app = create_app(name, owner, "dummy", "{'message':'Hello world'}") return "Application created"
def test_translate_default_autoaccept(self): with self.flask_app: rv = self.login("testuser", "password") app = api.create_app("UTApp", "translate", '{"spec":"http://justatest.com", "bundles":{}}') api.add_var(app, "spec", "http://justatest.com") # Test that autoaccept is True (it's the default). bm = BundleManager.create_from_existing_app(json.loads(app.data)) assert bm.get_autoaccept() == True
def test_translate_default_autoaccept(self): with self.flask_app: rv = self.login("testuser", "password") app = api.create_app("UTApp", "translate", "http://justatest.com", '{"spec":"http://justatest.com", "bundles":{}}') # Test that autoaccept is True (it's the default). full_app_data = load_appdata_from_db(app) bm = BundleManager.create_from_existing_app(full_app_data) assert bm.get_autoaccept() == True
def test_create_app(self): app = api.create_app("UTApp", "dummy", None, "{}") assert app is not None assert app.name == "UTApp" id = app.unique_id # TODO: Probably no point for App to have two different unique ids. app = None app = api.get_app(id) assert app is not None assert app.name == "UTApp" assert app.owner == current_user()
def test_create_app(self): app = api.create_app("UTApp", "dummy", "{}") assert app is not None assert app.name == "UTApp" id = app.unique_id # TODO: Probably no point for App to have two different unique ids. app = None app = api.get_app(id) assert app is not None assert app.name == "UTApp" assert app.owner == current_user()
def test_find_unique_name_for_app(self): # There is no conflict, so the name should be exactly the chosen one. name = find_unique_name_for_app("UTAPPDoesntExist") assert name == "UTAPPDoesntExist" # There is a conflict, so the name should include a number, starting at 1. name = find_unique_name_for_app("UTApp") assert name == "UTApp (1)" # We create a new app so that we can force a second conflict. app2 = api.create_app("UTApp (1)", "translate", "http://justatest.com", "{'spec':'http://justatest.com'}") name = find_unique_name_for_app("UTApp") assert name == "UTApp (2)"
def test_get_diff_specs(self): """ Check that we can retrieve a list of all specs from the DB. Because we don't re-create a test DB explicitly, the checks are limited. """ specs = _db_get_diff_specs() assert "http://justatest.com" in specs app2 = api.create_app("UTApp2", "translate", "ATESTSPEC", "{'spec':'ATESTSPEC'}") specs = _db_get_diff_specs() assert "http://justatest.com" in specs assert "ATESTSPEC" in specs
def new(): # If we receive a get we just want to show the page. if request.method == "GET": return render_template("composers/dummy/new.html") # If we receive a post we have filled the page and are creating the app. elif request.method == "POST": name = request.form["name"] try: app = appstorage.create_app(name, "dummy", data='{"text":""}') except appstorage.AppExistsException: flash(gettext("An App with that name exists already"), "error") return render_template("composers/dummy/new.html", name=name) return redirect(url_for("dummy.edit", appid=app.unique_id))
def test_conflicting_composer_proposal(self): """ Check that there is no mistake when there is a conflicting composer using the same appvar names. """ # We now declare add 1 proposal to the app. add_var(self.tapp, "proposal", "{}") # We now create a non-translate app. app2 = api.create_app("UTApp2", "dummy", "{'spec':'http://justatest.com'}") # We add 1 proposal to the app with the same spec but different composer type. add_var(app2, "proposal", "{}") # Get the proposals for our app. proposals = _db_get_proposals(self.tapp) assert len(proposals) == 1
def setUp(self): appcomposer.app.config['DEBUG'] = True appcomposer.app.config['TESTING'] = True appcomposer.app.config['CSRF_ENABLED'] = False appcomposer.app.config["SECRET_KEY"] = 'secret' self.flask_app = appcomposer.app.test_client() self.flask_app.__enter__() rv = self.login("testuser", "password") # In case the test failed before, start from a clean state. self._cleanup() # Create an App for the tests. self.tapp = api.create_app("UTApp", "translate", "http://justatest.com", '{"spec":"http://justatest.com"}')
def setUp(self): appcomposer.app.config['DEBUG'] = True appcomposer.app.config['TESTING'] = True appcomposer.app.config['CSRF_ENABLED'] = False appcomposer.app.config["SECRET_KEY"] = 'secret' self.flask_app = appcomposer.app.test_client() self.flask_app.__enter__() self._cleanup() self.flask_app.get("/") rv = self.login("testuser", "password") # Create a test application. self.tapp = api.create_app("UTApp", "translate", "http://fake.spec", "{}", False)
def adapt_duplicate(appid): app = get_app(appid) if app is None: return render_template("composers/errors.html", message="Application not found") form = DuplicationForm() if form.validate_on_submit(): # Protect against CSRF attacks. if not verify_csrf(request): return render_template( "composers/errors.html", message= "Request does not seem to come from the right source (csrf check)" ), 400 existing_app = get_app_by_name(form.name.data) if existing_app: if not form.name.errors: form.name.errors = [] form.name.errors.append( lazy_gettext("You already have an application with this name")) else: new_app = create_app(form.name.data, 'adapt', app.spec.url, app.data) for appvar in app.appvars: # Copy every appvar for the original app as well. add_var(new_app, appvar.name, appvar.value) return redirect(url_for('.adapt_edit', appid=new_app.unique_id)) if not form.name.data: counter = 2 potential_name = '' while counter < 1000: potential_name = '%s (%s)' % (app.name, counter) existing_app = get_app_by_name(potential_name) if not existing_app: break counter += 1 form.name.data = potential_name return render_template("composers/adapt/duplicate.html", form=form, app=app)
def test_conflicting_composer(self): """ Check that there is no mistake when there is a conflicting composer using the same appvar names. """ # We now declare 1 ownership. _db_declare_ownership(self.tapp, "test_TEST") ownerships = _db_get_ownerships("http://justatest.com") assert len(ownerships) == 1 # We now create a non-translate app. app2 = api.create_app("UTApp2", "dummy", "http://justatest.com", "{'spec':'http://justatest.com'}") api.add_var(app2, "ownership", "test_TEST") # Make sure that even though we added an ownership on an app with the same spec, it won't be # taken into account because it is a DUMMY and not a TRANSLATE composer. assert len(ownerships) == 1
def test_delete_is_csrf_protected(self): """ Ensure that app delete is not vulnerable to CSRF exploits. """ # Create utapp1 in utuser1 with self.flask_app: rv = self.login("utuser1", "password") assert session["logged_in"] == True app = api.create_app("utapp1", "translate", "http://justatest.com", '{"spec":"http://justatest.com", "bundles":{}}') self.appid = app.unique_id # Try to delete the app with the CSRF enabled. flask_instance.config["CSRF_ENABLED"] = True rv = self.flask_app.post("/composers/translate/delete", data={"appid": self.appid, "delete": "Delete"}, follow_redirects=True) assert rv.status_code == 400 # We are not complying with the CSRF code, so an error 400 should be returned.
def test_transfer_ownership(self): """ Tests the method to transfer ownership. """ # We now declare 1 ownership. _db_declare_ownership(self.tapp, "test_TEST") ownerships = _db_get_ownerships("http://justatest.com") assert len(ownerships) == 1 # We now create a second app for further testing. app2 = api.create_app("UTApp2", "translate", "http://justatest.com", "{'spec':'http://justatest.com'}") # We transfer the ownership to the second app. _db_transfer_ownership("test_TEST", self.tapp, app2) # Verify that the ownership has indeed been transferred.. owner = _db_get_lang_owner_app("http://justatest.com", "test_TEST") assert owner == app2
def new(): # If we receive a get we just want to show the page. if request.method == "GET": return render_template("composers/dummy/new.html") # If we receive a post we have filled the page and are creating the app. elif request.method == "POST": name = request.form["name"] try: app = appstorage.create_app(name, "dummy", spec_url=None, data='{"text":""}') except appstorage.AppExistsException: flash(gettext("An App with that name exists already"), "error") return render_template("composers/dummy/new.html", name=name) return redirect(url_for("dummy.edit", appid=app.unique_id))
def setUp(self): appcomposer.app.config['DEBUG'] = True appcomposer.app.config['TESTING'] = True appcomposer.app.config['CSRF_ENABLED'] = False appcomposer.app.config["SECRET_KEY"] = 'secret' self.flask_app = appcomposer.app.test_client() self.flask_app.__enter__() rv = self.login("testuser", "password") # In case the test failed before, start from a clean state. self._cleanup() # Create an App for the tests. self.tapp = api.create_app("UTApp", "translate", '{"spec":"http://justatest.com"}') # Because it's a translate app it needs an spec when it is created, and that is in fact required by some of the tests. api.add_var(self.tapp, "spec", "http://justatest.com")
def test_view_other_user_app(self): """ Viewing an app that does not belong to the user SHOULD be allowed. """ # Create utapp1 in utuser1 with self.flask_app: rv = self.login("utuser1", "password") assert session["logged_in"] == True app = api.create_app("utapp1", "translate", "http://justatest.com", '{"spec":"http://justatest.com", "bundles":{}}') self.appid = app.unique_id # Login as utuser2 to check whether he can indeed view the app. # It SHOULD be view-able by anyone. rv = self.login("utuser2", "password") rv = self.flask_app.get("/composers/translate/selectlang?appid="+self.appid) assert rv.status_code == 200 assert "utapp1" in rv.data
def test_delete_other_user_app(self): """ Deleting an app that does not belong to the user SHOULD NOT be allowed (and return a 401 error). """ # Create utapp1 in utuser1 with self.flask_app: rv = self.login("utuser1", "password") app = api.create_app("utapp1", "translate", "http://justatest.com", '{"spec":"http://justatest.com"}') self.appid = app.unique_id # Login as utuser2 to check whether he can indeed view the app. # It SHOULD be view-able by anyone. with self.flask_app: rv = self.login("utuser2", "password") rv = self.flask_app.post("/composers/translate/delete", data={"appid": app.unique_id, "delete": "Delete"}, follow_redirects=True) assert rv.status_code == 401 # Make sure deletion is NOT ALLOWED from a different user. app = db.session.query(App).filter_by(unique_id=self.appid) assert app is not None # Make sure the app still exists.
def test_delete_csrf_field_appears(self): """ Ensure that a csrf field is added to the delete view form. """ # Create utapp1 in utuser1 with self.flask_app: rv = self.login("utuser1", "password") assert session["logged_in"] == True app = api.create_app("utapp1", "translate", "http://justatest.com", '{"spec":"http://justatest.com", "bundles":{}}') self.appid = app.unique_id # GET the app delete view with CSRF enabled. flask_instance.config["CSRF_ENABLED"] = True rv = self.flask_app.get("/composers/translate/delete?" + urllib.urlencode({"appid": self.appid, "delete": "Delete"})) # Check whether there is indeed a _csrf_token field print rv.data assert "_csrf_token" in rv.data assert re.search("^.*?<input.*?hidden.*?_csrf_token.*?$", rv.data, re.MULTILINE) is not None
def adapt_duplicate(appid): app = get_app(appid) if app is None: return render_template("composers/errors.html", message="Application not found") form = DuplicationForm() if form.validate_on_submit(): # Protect against CSRF attacks. if not verify_csrf(request): return render_template("composers/errors.html", message="Request does not seem to come from the right source (csrf check)"), 400 existing_app = get_app_by_name(form.name.data) if existing_app: if not form.name.errors: form.name.errors = [] form.name.errors.append(lazy_gettext("You already have an application with this name")) else: new_app = create_app(form.name.data, 'adapt', app.spec.url, app.data) for appvar in app.appvars: # Copy every appvar for the original app as well. add_var(new_app, appvar.name, appvar.value) return redirect(url_for('.adapt_edit', appid=new_app.unique_id)) if not form.name.data: counter = 2 potential_name = '' while counter < 1000: potential_name = '%s (%s)' % (app.name, counter) existing_app = get_app_by_name(potential_name) if not existing_app: break counter += 1 form.name.data = potential_name return render_template("composers/adapt/duplicate.html", form=form, app=app)
def setUp(self): appcomposer.app.config['DEBUG'] = True appcomposer.app.config['TESTING'] = True appcomposer.app.config['CSRF_ENABLED'] = False appcomposer.app.config["SECRET_KEY"] = 'secret' self.flask_app = appcomposer.app.test_client() self.flask_app.__enter__() rv = self.login("testuser", "password") # In case the test failed before, start from a clean state. self._cleanup() # import readline # optional, will allow Up/Down/History in the console # import code # vars = globals().copy() # vars.update(locals()) # shell = code.InteractiveConsole(vars) # shell.interact() # Create an App for the tests. self.tapp = api.create_app("UTApp", "dummy", None, "{}")
def setUp(self): appcomposer.app.config["DEBUG"] = True appcomposer.app.config["TESTING"] = True appcomposer.app.config["CSRF_ENABLED"] = False appcomposer.app.config["SECRET_KEY"] = "secret" self._cleanup() self.flask_app = appcomposer.app.test_client() with self.flask_app: rv = self.login("testuser", "password") # import readline # optional, will allow Up/Down/History in the console # import code # vars = globals().copy() # vars.update(locals()) # shell = code.InteractiveConsole(vars) # shell.interact() # Create an App for the tests. self.tapp = api.create_app("UTApp", "dummy", None, "{}") self.tapp = api.get_app_by_name("UTApp") api.set_var(self.tapp, "TestVar", "TestValue")
def adapt_create(adaptor_type): """ adapt_create() Loads the form for creating new adaptor apps and the list of adaptor apps from a specific type. @return: The app unique id. """ def build_edit_link(app): return url_for("adapt.adapt_edit", appid=app.unique_id) if adaptor_type not in ADAPTORS: flash("Invalid adaptor type", "error") return render_template('composers/adapt/create.html', apps=[], adaptor_type=adaptor_type, build_edit_link=build_edit_link) app_plugin = ADAPTORS[adaptor_type] apps = appstorage.get_my_apps(adaptor_type=adaptor_type) # If a get request is received, we just show the new app form and the list of adaptor apps if request.method == "GET": return render_template('composers/adapt/create.html', apps=apps, adaptor_type=adaptor_type, build_edit_link=build_edit_link) # If a post is received, we are creating an adaptor app. elif request.method == "POST": # Protect against CSRF attacks. if not verify_csrf(request): return render_template("composers/errors.html", message="Request does not seem to come from the right source (csrf check)"), 400 # We read the app details provided by the user name = request.form["app_name"] app_description = request.form["app_description"] if not name: flash("An application name is required", "error") return render_template("composers/adapt/create.html", name=name, apps=apps, adaptor_type=adaptor_type, build_edit_link=build_edit_link) if not app_description: app_description = "" # Build the basic JSON schema of the adaptor app data = { 'adaptor_version': '1', 'name': unicode(name), 'description': unicode(app_description), 'adaptor_type': unicode(adaptor_type) } # Fill with the initial structure data.update(app_plugin['initial']) # URL was originally added in a later stage in case it could be changed, but not anymore. # TODO: The app_plugin["initial"] seems to tend to contain an url field set to NULL. This is why we # initialize the URL here instead of the first data initialization. This should be tidied up to be # less confusing. appurl = unicode(request.values.get("appurl")) data['url'] = appurl #Dump the contents of the previous block and check if an app with the same name exists. # (TODO): do we force different names even if the apps belong to another adaptor type? app_data = json.dumps(data) print "INITIAL DATA: " + app_data try: # This is where the App object itself is created. app = appstorage.create_app(name, 'adapt', appurl, app_data, description=app_description) appstorage.add_var(app, 'adaptor_type', unicode(adaptor_type)) except appstorage.AppExistsException: flash("An App with that name already exists", "error") return render_template("composers/adapt/create.html", name=name, apps=apps, adaptor_type=adaptor_type, build_edit_link=build_edit_link) return redirect(url_for("adapt.adapt_edit", appid=app.unique_id))