def test_success(self): self.factory.create_application_dashboard(application_id=self.application.id, dashboard_id=self.dashboard.id) timestamp = int(time.time()) params = { "secret_key": self.application.secret_key, "timestamp": str(timestamp), "max_age": "3600", "p_countries": "['us', 'ke', 'en']", "p_type": "游戏", "p_time": "['2021年01月01日', '2022年12月31日']", } s = encode_params(params) url = "?".join([self.embed_url, s]) signature = get_embed_signature(self.application.secret_token, self.basic_url+url, timestamp) path = "{}&signature={}".format(url, signature) res = self.make_request( "get", path, user=False, is_json=False, ) self.assertEqual(res.status_code, 200) self.assertIn("frame-ancestors *", res.headers["Content-Security-Policy"]) self.assertNotIn("X-Frame-Options", res.headers)
def test_success(self): timestamp = int(time.time()) params = { "secret_key": self.application.secret_key, "timestamp": str(timestamp), } s = encode_params(params) url = "?".join([self.basic_embed_url, s]) signature = get_embed_signature(self.application.secret_token, url, timestamp) path = "{}&signature={}".format(url, signature) with self.app.test_client() as c: rv = c.get(path) self.assertIsNotNone(api_key_load_user_from_request(request))
def test_expired_timestamp(self): application = self.factory.create_application(name="test_expired_timestamp") self.factory.create_application_dashboard(application_id=application.id, dashboard_id=self.dashboard.id) timestamp = int(time.time()) timestamp = timestamp - 10 - 1 params = { "secret_key": application.secret_key, "timestamp": str(timestamp), } s = encode_params(params) url = "?".join([self.embed_url, s]) signature = get_embed_signature(application.secret_token, self.basic_url+url, timestamp) path = "{}&signature={}".format(url, signature) res = self.make_request( "get", path, is_json=False, ) self.assertEqual(res.status_code, 401) timestamp = int(time.time()) timestamp = timestamp + 10 + 1 params = { "secret_key": application.secret_key, "timestamp": str(timestamp), } s = encode_params(params) url = "?".join([self.embed_url, s]) signature = get_embed_signature(application.secret_token, self.basic_url+url, timestamp) path = "{}&signature={}".format(url, signature) res = self.make_request( "get", path, is_json=False, ) self.assertEqual(res.status_code, 401)
def test_not_add_dashboard_to_application(self): timestamp = int(time.time()) params = { "secret_key": self.application.secret_key, "timestamp": str(timestamp), } s = encode_params(params) url = "?".join([self.embed_url, s]) signature = get_embed_signature(self.application.secret_token, self.basic_url+url, timestamp) path = "{}&signature={}".format(url, signature) print(path) res = self.make_request( "get", path, user=False, is_json=False, ) self.assertEqual(res.status_code, 403)
def test_no_secret_key(self): timestamp = int(time.time()) params = { "timestamp": str(timestamp), } s = encode_params(params) url = "?".join([self.basic_embed_url, s]) signature = get_embed_signature(self.application.secret_token, url, timestamp) path = "{}&signature={}".format(url, signature) with self.app.test_client() as c: rv = c.get(path) try: user = api_key_load_user_from_request(request) except Unauthorized as e: self.assertEqual(type(e), Unauthorized) else: self.assertTrue(False)
def test_application_deactive(self): application = self.factory.create_application( name='test_application_deactive', active=False) timestamp = int(time.time()) params = { "secret_key": application.secret_key, "timestamp": str(timestamp), } s = encode_params(params) url = "?".join([self.basic_embed_url, s]) signature = get_embed_signature(application.secret_token, url, timestamp) path = "{}&signature={}".format(url, signature) with self.app.test_client() as c: rv = c.get(path) try: user = api_key_load_user_from_request(request) except Unauthorized as e: self.assertEqual(type(e), Unauthorized) else: self.assertIsNone(user)