def test_from_str(app): """from_str returns a TokenUser object for a good token""" tok = FakeSerializer.prm(1) with app.app_context(): eq_( loader.token_loader.from_str(tok).permissions, set([p.test_tokenauth.zig]))
def test_loader_good_header(app, client): """With a good Authorization header, the permissions in the DB are allowed""" tok = FakeSerializer.prm(1) auth = json.loads( client.get('/test_tokenauth', headers=[('Authorization', 'Bearer ' + tok)]).data) eq_(auth['permissions'], ['test_tokenauth.zig'], auth)
def assert_prm_token(data, **attrs): token = _get_token(data) attrs['typ'] = 'prm' attrs['id'] = id = token.id attrs['token'] = FakeSerializer.prm(id) attrs['disabled'] = False _eq_token(token, attrs)
def assert_usr_token(data, **attrs): token = _get_token(data) attrs['typ'] = 'usr' attrs['id'] = id = token.id attrs['token'] = FakeSerializer.usr(id) attrs['disabled'] = False _eq_token(token, attrs)
def test_loader_good_header_Authentication(app, client): """The old 'Authentication' header can be used instead of 'Authorization'""" # see https://github.com/mozilla/build-relengapi/pull/192/files tok = FakeSerializer.prm(1) auth = json.loads( client.get('/test_tokenauth', headers=[('Authentication', 'Bearer ' + tok)]).data) eq_(auth['permissions'], ['test_tokenauth.zig'], auth)
def test_query_prm_token_exists(client): """Querying a permanent token, with base.tokens.prm.view, returns that token.""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.prm(1)) eq_(res.status_code, 200) eq_(json.loads(res.data), {'result': {'id': 1, 'description': 'Zig only', 'typ': 'prm', 'permissions': ['test_tokenauth.zig'], 'disabled': False}})
def test_query_prm_token_exists(client): """Querying a permanent token, with base.tokens.prm.view, returns that token.""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.prm(1)) eq_(res.status_code, 200) assert_result(res.data, {'id': 1, 'description': 'Zig only', 'typ': 'prm', 'permissions': ['test_tokenauth.zig'], 'disabled': False})
def assert_tmp_token(data, **attrs): token = _get_token(data) attrs['typ'] = 'tmp' attrs['disabled'] = False nbf = JAN_2014 exp = calendar.timegm(token.expires.utctimetuple()) attrs['token'] = FakeSerializer.tmp( nbf=nbf, exp=exp, prm=token.permissions, mta=token.metadata) _eq_token(token, attrs)
def app_setup(app): # utility endpoint @app.route('/test_tokenauth') def test_route(): assert isinstance(current_user.permissions, set) return json.dumps({ 'id': current_user.get_id(), 'permissions': sorted(str(a) for a in current_user.permissions), }) # fake out the serializer to make it easier to debug app.tokenauth_serializer = FakeSerializer()
def test_query_tmp_token(client): """Querying a temporary token returns that token's info, without requiring any special permissions""" tok = FakeSerializer.tmp( nbf=946684800, # Jan 1, 2000 exp=32503680000, # Jan 1, 3000 prm=['test_tokenauth.zag'], mta={}) res = client.post_json('/tokenauth/tokens/query', tok) eq_(res.status_code, 200) assert_result(res.data, { 'typ': 'tmp', 'not_before': '2000-01-01T00:00:00+00:00', 'expires': '3000-01-01T00:00:00+00:00', 'metadata': {}, 'permissions': ['test_tokenauth.zag'], 'disabled': False, })
def test_query_usr_token_forbidden(client): """Querying a user token without permission results in a 403""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.usr(2)) eq_(res.status_code, 403)
def test_query_usr_token_success_mine(client): """Querying a user token with base.tokens.usr.view.my returns the token if the emails match""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.usr(2)) assert_result(res.data, usr_json)
def test_query_token_missing(client): """Querying a permanent token that does not exist returns status 404""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.prm(99)) eq_(res.status_code, 404)
def test_query_usr_token_success_all(client): """Querying a user token with base.tokens.usr.view.all returns the token.""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.usr(2)) eq_(json.loads(res.data), {'result': usr_json})
def test_query_usr_token_forbidden_not_mine(client): """Querying a user token with base.tokens.usr.view.my gives 403 if the token email doesn't match the request email""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.usr(2)) eq_(res.status_code, 403)
def test_query_prm_token_forbidden_wrong_perm(client): """Querying a permanent token requires base.tokens.prm.view""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.prm(1)) eq_(res.status_code, 403)
def test_from_str_no_type(app): """from_str does not return a user for a token with no 'typ'""" tok = FakeSerializer.dumps({}) with app.app_context(): eq_(loader.token_loader.from_str(tok), None)
def test_from_str_bad_type(app): """from_str does not return a user for a token with a bogus typ""" tok = FakeSerializer.dumps({'iss': 'ra2', 'typ': 'booogus'}) with app.app_context(): eq_(loader.token_loader.from_str(tok), None)
def test_query_usr_token_success_mine(client): """Querying a user token with base.tokens.usr.view.my returns the token if the emails match""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.usr(2)) eq_(json.loads(res.data), {'result': usr_json})
def test_from_str(app): """from_str returns a TokenUser object for a good token""" tok = FakeSerializer.prm(1) with app.app_context(): eq_(loader.token_loader.from_str(tok).permissions, set([p.test_tokenauth.zig]))
def test_query_usr_token_success_all(client): """Querying a user token with base.tokens.usr.view.all returns the token.""" res = client.post_json('/tokenauth/tokens/query', FakeSerializer.usr(2)) assert_result(res.data, usr_json)