def test_auth_process(self):
auth_id = self._log_in()
res = make_app_request('/submit-totp',
method='POST',
cookies={
acm.CSRF_COOKIE_NAME:
common.get_csrf_token(),
},
data={
'login': '******',
'password': self._get_otp(),
'auth_id': auth_id,
'return-path': 'http://foo',
acm.CSRF_FIELD_NAME:
common.get_csrf_token(),
},
set_token=False)
assert res.status_code == 302
assert res.headers['content-type'] == 'text/html; charset=utf-8'
assert res.headers['location'] == 'http://foo'
assert 'Redirecting...' in res.text
message = url_parse.unquote(res.headers['x-login-message'])
assert 'New login success' in message
assert 'IP:' in message
assert 'Browser:' in message
def test_no_auth(self):
res = make_app_request('/import-filters', method='POST', set_token=False, cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
}, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()})
assert res.status_code == 403
assert res.headers['content-type'] == 'application/json'
assert res.json().get('error') == 'Auth error'
def test_import_no_file(self):
upload = {}
res = make_app_request('/import-filters', method='POST', cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
}, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload)
assert res.status_code == 400
assert res.headers['content-type'] == 'application/json; charset=utf-8'
assert res.json().get('error') == 'No uploaded file'
def test_import_invalid_content_type(self):
filters0 = self._remove_filters()
upload = {
'filters_file': ('filters.json', self._create_filters_file(filters0), 'text/plain')
}
res = make_app_request('/import-filters', method='POST', cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
}, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload)
assert res.status_code == 400
assert res.headers['content-type'] == 'application/json; charset=utf-8'
assert res.json().get('error') == 'Invalid content type: text/plain. Need JSON'
def test_import_invalid_json_structure(self):
filters0 = {'foo': 'bar'}
upload = {
'filters_file': ('filters.json', self._create_filters_file(filters0), 'application/json')
}
res = make_app_request('/import-filters', method='POST', cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
}, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload)
assert res.status_code == 400
assert res.headers['content-type'] == 'application/json; charset=utf-8'
assert res.json().get('error') == 'Filter data should be a list, got dict instead'
def test_create(self):
filters = self._get_filters()
assert filters[0]['text'] == 'Foo'
req_data = self._create_update_data(filters)
req_data.update({
'op:new': 'and',
'tel:new': '487',
'device_id:new': 'Device Foo',
'text:new': 'Quux',
'action:new': 'mark',
})
res = make_app_request('/save-filters', method='POST', data=req_data, cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
})
assert 'Redirecting...' in res.text
assert res.status_code == 302
filters = self._get_filters()
assert len(filters) > 1
first = filters[0]
second = filters[1]
assert first['op'] == 'and'
assert first['tel'] == '487'
assert first['device_id'] == 'Device Foo'
assert first['text'] == 'Quux'
assert first['action'] == 'mark'
assert second['text'] == 'Foo'
def test_remove_by_param(self):
filters = self._get_filters()
len0 = len(filters)
req_data = self._create_update_data(filters)
rec_id0 = filters[0]['id']
req_data[f'remove:{rec_id0}'] = '1'
res = make_app_request('/save-filters', method='POST', data=req_data, cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
})
assert 'Redirecting...' in res.text
assert res.status_code == 302
filters = self._get_filters()
assert len(filters) == len0 - 1
ids = set()
for rec in filters:
ids.add(rec['id'])
assert rec_id0 not in ids
def test_import(self):
filters0 = self._remove_filters()
upload = {
'filters_file': ('filters.json', self._create_filters_file(filters0), 'application/json')
}
res = make_app_request('/import-filters', method='POST', cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
}, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload)
assert 'Redirecting...' in res.text
assert res.status_code == 302
filters = self._get_filters()
assert filters == filters0
def test_import_invalid_action(self):
filters0 = self._remove_filters()
filters0[0]['action'] = 'make'
upload = {
'filters_file': ('filters.json', self._create_filters_file(filters0), 'application/json')
}
res = make_app_request('/import-filters', method='POST', cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
}, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload)
assert res.status_code == 400
assert res.headers['content-type'] == 'application/json; charset=utf-8'
assert res.json().get('error', '').startswith('Invalid action: make')
def test_create_no_csrf(self):
res = make_app_request('/save-filters', method='POST', data={}, cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
})
assert res.status_code == 403
assert res.headers['content-type'] == 'text/html; charset=utf-8'
assert res.text == 'No CSRF token'
def test_no_password(self):
res = make_app_request('/login',
method='POST',
cookies={
acm.CSRF_COOKIE_NAME:
common.get_csrf_token(),
},
data={
'login': '******',
'return-path': 'http://foo',
acm.CSRF_FIELD_NAME:
common.get_csrf_token(),
},
set_token=False)
assert res.status_code == 400
assert res.headers['content-type'] == 'text/html; charset=utf-8'
assert 'No auth info' in res.text
def test_import_invalid_corrupted_json(self):
filters0 = self._remove_filters()
json_string = json.dumps(filters0)
f = StringIO(json_string[:-10])
upload = {
'filters_file': ('filters.json', f, 'application/json')
}
res = make_app_request('/import-filters', method='POST', cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
}, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload)
assert res.status_code == 400
assert res.headers['content-type'] == 'application/json; charset=utf-8'
assert res.json().get('error').startswith('Invalid JSON: Unterminated string starting at')
def test_main(self):
res = make_app_request('/logout',
method='POST',
cookies={
acm.CSRF_COOKIE_NAME:
common.get_csrf_token(),
},
data={
'login': '******',
'password': '******',
'return-path': 'http://foo',
acm.CSRF_FIELD_NAME:
common.get_csrf_token(),
})
assert res.status_code == 302
assert res.headers['content-type'] == 'text/html; charset=utf-8'
assert res.headers['location'] == 'http://foo'
assert f'{acm.AUTH_COOKIE_NAME}=;' in res.headers['set-cookie']
assert 'Redirecting...' in res.text
def _create_update_data(self, filters):
req_data = {acm.CSRF_FIELD_NAME: common.get_csrf_token()}
for filter_data in filters:
rec_id = filter_data['id']
for name, val in filter_data.items():
if name == 'id':
continue
req_data[f'{name}:{rec_id}'] = val
return req_data
def test_no_login(self):
auth_id = self._log_in()
res = make_app_request('/submit-totp',
method='POST',
cookies={
acm.CSRF_COOKIE_NAME:
common.get_csrf_token(),
},
data={
'password': self._get_otp(),
'auth_id': auth_id,
'return-path': 'http://foo',
acm.CSRF_FIELD_NAME:
common.get_csrf_token(),
},
set_token=False)
assert res.status_code == 400
assert res.headers['content-type'] == 'text/html; charset=utf-8'
assert 'No auth info' in res.text
def _log_in(self, login='******'):
res = make_app_request('/login',
method='POST',
cookies={
acm.CSRF_COOKIE_NAME:
common.get_csrf_token(),
},
data={
'login': login,
'password': '******',
'return-path': 'http://foo',
acm.CSRF_FIELD_NAME:
common.get_csrf_token(),
},
set_token=False)
assert res.status_code == 200
auth_id = res.headers.get('x-auth-id')
assert auth_id is not None
return auth_id
def test_update_invalid_id(self):
filters = self._get_filters()
filters[0]['id'] = 'invalid'
req_data = self._create_update_data(filters)
res = make_app_request('/save-filters', method='POST', data=req_data, cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
})
assert res.headers['content-type'] == 'application/json; charset=utf-8'
assert res.json().get('error') == 'Invalid filter ID: invalid'
assert res.status_code == 400
def test_import_no_csrf(self):
filters0 = self._remove_filters()
upload = {
'filters_file': ('filters.json', self._create_filters_file(filters0), 'application/json')
}
res = make_app_request('/import-filters', method='POST', cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
}, files=upload)
assert res.status_code == 403
assert res.headers['content-type'] == 'text/html; charset=utf-8'
assert res.text == 'No CSRF token'
def test_update(self):
filters = self._get_filters()
assert filters[0]['text'] == 'Foo'
filters[0]['text'] = 'Bar'
req_data = self._create_update_data(filters)
res = make_app_request('/save-filters', method='POST', data=req_data, cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
})
assert 'Redirecting...' in res.text
assert res.status_code == 302
filters = self._get_filters()
assert filters[0]['text'] == 'Bar'
def test_create_invalid_action(self):
filters = self._get_filters()
req_data = self._create_update_data(filters)
req_data.update({
'op:new': 'or',
'tel:new': '487',
'device_id:new': 'Device Foo',
'text:new': 'Quux',
'action:new': 'make',
})
res = make_app_request('/save-filters', method='POST', data=req_data, cookies={
acm.CSRF_COOKIE_NAME: common.get_csrf_token(),
})
assert res.headers['content-type'] == 'application/json; charset=utf-8'
assert res.json().get('error', '').startswith('Invalid action: make')
assert res.status_code == 400
