def test_spot_generate_max_count(self): data = dict(count=100, ) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] rv = self.app.post(self.GENERATE_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 200) assert self.valid_xml(rv.data)
def test_spot_linking_faled_request(self): data = dict(pids=self.random_hid, ean=self.spot.barcode) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] rv = self.app.post(self.LINKING_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 400)
def test_spot_free(self): data = dict() sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] rv = self.app.get(self.FREE_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 200) assert self.valid_xml(rv.data)
def test_spot_linking_not_found_spot(self): data = dict(hid=self.random_hid, pids=self.random_hid, ean='0011111111111') sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] rv = self.app.post(self.LINKING_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 404)
def test_auth(self): sign = hash_helper.get_api_sign(self.ADMIN_SECRET, self.data) headers = [ ('Key', self.FALED_KEY), ('Sign', sign) ] rv = self.app.post(self.GENERATE_URL, headers=headers, data=self.data) self.assertEqual(rv.status_code, 403)
def test_spot_info_faled_hid(self): data = dict() sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] url = "%s/hid/%s" % (self.INFO_URL, 'rwewertwrgsrg') rv = self.app.get(url, headers=headers) self.assertEqual(rv.status_code, 404)
def test_spot_generate(self): sign = hash_helper.get_api_sign(self.ADMIN_SECRET, self.data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] rv = self.app.post(self.GENERATE_URL, headers=headers, data=self.data) self.assertEqual(rv.status_code, 200) assert self.valid_xml(rv.data)
def test_spot_delete(self): wallet = PaymentWallet.query.filter_by(user_id=0).first() data = dict(hid=wallet.hard_id) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] rv = self.app.post(self.DELETE_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 201)
def test_spot_info_by_hid(self): data = dict() sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] wallet = PaymentWallet.query.first() url = "%s/hid/%s" % (self.INFO_URL, wallet.hard_id) rv = self.app.get(url, headers=headers) self.assertEqual(rv.status_code, 200) assert self.valid_xml(rv.data)
def test_spot_generate_faled_request(self): data = dict( count='erete', ) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] rv = self.app.post(self.GENERATE_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 405)
def test_spot_free(self): data = dict() sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] rv = self.app.get(self.FREE_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 200) assert self.valid_xml(rv.data)
def test_spot_info_by_ean(self): data = dict() sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] url = "%s/ean/%s" % (self.INFO_URL, self.spot.barcode) rv = self.app.get(url, headers=headers) self.assertEqual(rv.status_code, 200) assert self.valid_xml(rv.data)
def test_spot_linking_foreign_wallet(self): wallet = PaymentWallet.query.filter( PaymentWallet.discodes_id != self.spot.discodes_id).first() data = dict(hid=wallet.hard_id, pids=self.random_hid, ean=self.spot.barcode) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] rv = self.app.post(self.LINKING_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 400)
def test_spot_info_faled_hid(self): data = dict() sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] url = "%s/hid/%s" % (self.INFO_URL, 'rwewertwrgsrg') rv = self.app.get(url, headers=headers) self.assertEqual(rv.status_code, 404)
def test_spot_linking_faled_request(self): data = dict( pids=self.random_hid, ean=self.spot.barcode ) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] rv = self.app.post(self.LINKING_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 400)
def test_spot_info_by_ean(self): data = dict() sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] url = "%s/ean/%s" % (self.INFO_URL, self.spot.barcode) rv = self.app.get(url, headers=headers) self.assertEqual(rv.status_code, 200) assert self.valid_xml(rv.data)
def test_spot_info_by_hid(self): data = dict() sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] wallet = PaymentWallet.query.first() url = "%s/hid/%s" % (self.INFO_URL, wallet.hard_id) rv = self.app.get(url, headers=headers) self.assertEqual(rv.status_code, 200) assert self.valid_xml(rv.data)
def test_spot_delete(self): wallet = PaymentWallet.query.filter_by( user_id=0).first() data = dict(hid=wallet.hard_id) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] rv = self.app.post(self.DELETE_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 201)
def test_spot_linking_not_found_spot(self): data = dict( hid=self.random_hid, pids=self.random_hid, ean='0011111111111' ) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] rv = self.app.post(self.LINKING_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 404)
def _api_access(request): """Проверка прав на доступ к апи""" headers = request.headers if 'Key' not in headers or 'Sign' not in headers: abort(400) term_user = TermUser().get_by_api_key(headers['Key']) if not term_user: abort(403) true_sign = hash_helper.get_api_sign(str(term_user.api_secret), request.form) if not true_sign == headers['Sign']: abort(403)
def _api_access(request): """Проверка прав на доступ к апи""" headers = request.headers if 'Key' not in headers or 'Sign' not in headers: abort(400) term_user = TermUser().get_by_api_key(headers['Key']) if not term_user: abort(403) true_sign = hash_helper.get_api_sign( str(term_user.api_secret), request.form) if not true_sign == headers['Sign']: abort(403)
def test_spot_linking_foreign_wallet(self): wallet = PaymentWallet.query.filter( PaymentWallet.discodes_id != self.spot.discodes_id).first() data = dict( hid=wallet.hard_id, pids=self.random_hid, ean=self.spot.barcode ) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [ ('Key', self.ADMIN_KEY), ('Sign', sign) ] rv = self.app.post(self.LINKING_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 400)
def test_spot_generate_faled_request(self): data = dict(count='erete', ) sign = hash_helper.get_api_sign(self.ADMIN_SECRET, data) headers = [('Key', self.ADMIN_KEY), ('Sign', sign)] rv = self.app.post(self.GENERATE_URL, headers=headers, data=data) self.assertEqual(rv.status_code, 405)
def test_auth(self): sign = hash_helper.get_api_sign(self.ADMIN_SECRET, self.data) headers = [('Key', self.FALED_KEY), ('Sign', sign)] rv = self.app.post(self.GENERATE_URL, headers=headers, data=self.data) self.assertEqual(rv.status_code, 403)