async def test_invalid_ds_indieauth_cookie(bad_cookie): datasette = Datasette([], memory=True) app = datasette.app() state = datasette.sign({"a": "auth-url"}, "datasette-indieauth-state") if isinstance(bad_cookie, dict): ds_indieauth = datasette.sign(bad_cookie, "datasette-indieauth-cookie") else: ds_indieauth = bad_cookie async with httpx.AsyncClient(app=app) as client: response = await client.get( "http://localhost/-/indieauth/done", params={ "state": state, "code": "123", }, cookies={"ds_indieauth": ds_indieauth}, allow_redirects=False, ) assert '<p class="message-error">Invalid ds_indieauth cookie' in response.text
async def test_import_table_multiple_databases(tmpdir): db_path1 = str(tmpdir / "test.db") db_path2 = str(tmpdir / "test2.db") datasette = Datasette([db_path1, db_path2]) cookies = {"ds_actor": datasette.sign({"a": {"id": "root"}}, "actor")} async with httpx.AsyncClient(app=datasette.app()) as client: response = await client.get("http://localhost/-/import-table", cookies=cookies) assert response.status_code == 200 assert "<option>test</option>" in response.text assert "<option>test2</option>" in response.text response2 = await client.get( "http://localhost/-/import-table?database=test2", cookies=cookies) assert response2.status_code == 200 assert '<option selected="selected">test2</option>' in response2.text
async def test_dashboard_list_permissions(datasette_db, datasette_metadata, metadata, authenticated, expected_status): datasette = Datasette([str(datasette_db)], metadata={ **datasette_metadata, **metadata }) cookies = {} if authenticated: cookies["ds_actor"] = datasette.sign({"a": {"id": "user"}}, "actor") response = await datasette.client.get("/-/dashboards", cookies=cookies) assert response.status_code == expected_status
async def test_permissions(tmpdir): path = str(tmpdir / "test.db") ds = Datasette([path]) app = ds.app() async with httpx.AsyncClient(app=app) as client: response = await client.get("http://localhost/-/import-table") assert 403 == response.status_code # Now try with a root actor async with httpx.AsyncClient(app=app) as client2: response2 = await client2.get( "http://localhost/-/import-table", cookies={"ds_actor": ds.sign({"a": { "id": "root" }}, "actor")}, allow_redirects=False, ) assert 403 != response2.status_code
async def test_dashboard_view_permissions(datasette_db, datasette_metadata, metadata, authenticated, expected_status): datasette = Datasette([str(datasette_db)], metadata={ **datasette_metadata, **metadata }) cookies = {} if authenticated: cookies["ds_actor"] = datasette.sign({"a": {"id": "user"}}, "actor") slug = list( datasette_metadata["plugins"]["datasette-dashboards"].keys())[0] response = await datasette.client.get(f"/-/dashboards/{slug}", cookies=cookies) assert response.status_code == expected_status
async def test_restrict_access(): datasette = Datasette( [], memory=True, metadata={ "plugins": { "datasette-indieauth": { "restrict_access": "https://simonwillison.net/" } } }, ) app = datasette.app() paths = ("/-/actor.json", "/", "/:memory:", "/-/metadata") async with httpx.AsyncClient(app=app) as client: # All pages should 403 and show login form for path in paths: response = await client.get("http://localhost{}".format(path)) assert response.status_code == 403 assert '<form action="/-/indieauth" method="post">' in response.text assert "simonwillison.net" not in response.text # Now try with a signed ds_actor cookie - everything should 200 cookies = { "ds_actor": datasette.sign( { "a": { "me": "https://simonwillison.net/", "display": "simonwillison.net", } }, "actor", ) } for path in paths: response2 = await client.get( "http://localhost{}".format(path), cookies=cookies, ) assert response2.status_code == 200 assert "simonwillison.net" in response2.text
async def test_import_table(tmpdir, httpx_mock): db_path = str(tmpdir / "test.db") httpx_mock.add_response( url="http://example/some/table.json?_shape=objects&_size=max", json={ "table": "mytable", "rows": [{ "foo": "bar" }], "primary_keys": [], "filtered_table_rows_count": 1, "next_url": None, }, headers={"content-type": "application/json"}, ) datasette = Datasette([db_path]) cookies = {"ds_actor": datasette.sign({"a": {"id": "root"}}, "actor")} async with httpx.AsyncClient(app=datasette.app()) as client: response = await client.get("http://localhost/-/import-table", cookies=cookies) assert 200 == response.status_code csrftoken = response.cookies["ds_csrftoken"] cookies["ds_csrftoken"] = csrftoken response = await client.post( "http://localhost/-/import-table", data={ "url": "http://example/some/table", "csrftoken": csrftoken, }, allow_redirects=False, cookies=cookies, ) assert response.status_code == 302 assert response.headers[ "location"] == "/test/mytable?_import_expected_rows=1"