def test_workflow_detail_get(self): pk_workflow = self.workflow1.id request = self.factory.get('/api/workflows/%d/' % pk_workflow) force_authenticate(request, user=self.user) response = workflow_detail(request, pk = pk_workflow) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['name'], 'Workflow 1') self.assertEqual(response.data['public'], False) self.assertEqual(response.data['module_library_collapsed'], False) # bad ID should give 404 request = self.factory.get('/api/workflows/%d/' % 10000) force_authenticate(request, user=self.user) response = workflow_detail(request, pk = 10000) self.assertIs(response.status_code, status.HTTP_404_NOT_FOUND) # not authenticated should also give 404 so we don't expose an attack surface request = self.factory.get('/api/workflows/%d/' % pk_workflow) response = workflow_detail(request, pk=pk_workflow) self.assertIs(response.status_code, status.HTTP_404_NOT_FOUND) # someone else's public workflow should be gettable request = self.factory.get('/api/workflows/%d/' % self.other_workflow_public.id) force_authenticate(request, user=self.user) response = workflow_detail(request, pk = self.other_workflow_public.id) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['name'], 'Other workflow public') # someone else's private workflow should 404 request = self.factory.get('/api/workflows/%d/' % self.other_workflow_private.id) force_authenticate(request, user=self.user) response = workflow_detail(request, pk=self.other_workflow_private.id) self.assertIs(response.status_code, status.HTTP_404_NOT_FOUND)
def test_workflow_reorder_modules(self): wfm1 = add_new_wf_module(self.workflow1, self.module_version1, 0) wfm2 = add_new_wf_module(self.workflow1, self.module_version1, 1) wfm3 = add_new_wf_module(self.workflow1, self.module_version1, 2) # your basic reordering request = self.factory.patch('/api/workflows/%d/' % self.workflow1.id, data=[{'id': wfm1.id, 'order': 2}, {'id': wfm2.id, 'order': 0}, {'id': wfm3.id, 'order': 1}], format='json') force_authenticate(request, user=self.user) response = workflow_detail(request, pk = self.workflow1.id) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(list(WfModule.objects.order_by('order').values_list('id', flat=True)), [wfm2.id, wfm3.id, wfm1.id]) # bad data should generate a 400 error # (we don't test every possible failure case, ReorderModulesCommand tests does that) request = self.factory.patch('/api/workflows/%d/' % self.workflow1.id, data=[{'problem':'bad data'}], format='json') force_authenticate(request, user=self.user) response = workflow_detail(request, pk = self.workflow1.id) self.assertIs(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_email_leakage(self): # We user email as display name if the user has not set first,last # But don't ever give this out for a public workflow, either through page or API request = self._build_get('/workflows/%d/' % self.other_workflow_public.id, user=None) response = workflow_detail(request, pk=self.other_workflow_public.id) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertNotContains(response, self.otheruser.email) request = self._build_get('/api/workflows/%d/' % self.other_workflow_public.id, user=self.user) response = workflow_detail(request, pk = self.other_workflow_public.id) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertNotContains(response, self.otheruser.email)
def test_workflow_detail_delete(self): pk_workflow = self.workflow1.id request = self._build_delete('/api/workflows/%d/' % pk_workflow, user=self.user) response = workflow_detail(request, workflow_id=pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(Workflow.objects.filter(name='Workflow 1').count(), 0)
def test_workflow_detail_delete(self): pk_workflow = Workflow.objects.get(name='Workflow 1').id request = self.factory.delete('/api/workflows/%d/' % pk_workflow) force_authenticate(request, user=self.user) response = workflow_detail(request, pk = pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(Workflow.objects.filter(name='Workflow 1').count(), 0)
def test_parameterval_detail_get(self): # This test _actually_ tests Workflow.get. TODO move to test_workflow request = self._build_get('/api/workflows/%d/' % self.workflowID, user=self.user) response = workflow_detail(request, pk=self.workflowID) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['workflow']['name'], 'Test Workflow') # workflow has correct wfmodule self.assertEqual(response.data['workflow']['wf_modules'], [self.wfmoduleID]) # wfmodule has correct parameters parameter_vals = \ response.data['wfModules'][str(self.wfmoduleID)]['parameter_vals'] self.assertEqual(len(parameter_vals), 6) valIDs = [self.stringID, self.stringemptyID, self.integerID, self.floatID, self.checkboxID, self.menuID] self.assertEqual(set([p['id'] for p in parameter_vals]), set(valIDs)) # parameters have correct types and values str_val = [p for p in parameter_vals if p['id'] == self.stringID][0] self.assertEqual(str_val['parameter_spec']['name'], 'StringParam') self.assertEqual(str_val['parameter_spec']['id_name'], 'stringparam') self.assertEqual(str_val['parameter_spec']['type'], ParameterSpec.STRING) self.assertEqual(str_val['parameter_spec']['placeholder'], 'placeholder') self.assertEqual(str_val['value'], 'fooval') # parameters have correct types and values str_val = [p for p in parameter_vals if p['id'] == self.stringemptyID][0] self.assertEqual(str_val['parameter_spec']['name'], 'StringParamEmpty') self.assertEqual(str_val['parameter_spec']['id_name'], 'stringparamempty') self.assertEqual(str_val['parameter_spec']['type'], ParameterSpec.STRING) self.assertEqual(str_val['parameter_spec']['placeholder'], '') self.assertEqual(str_val['value'], '') int_val = [p for p in parameter_vals if p['id']==self.integerID][0] self.assertEqual(int_val['parameter_spec']['name'], 'IntegerParam') self.assertEqual(int_val['parameter_spec']['id_name'], 'integerparam') self.assertEqual(int_val['parameter_spec']['type'], ParameterSpec.INTEGER) self.assertEqual(int_val['value'], 10) float_val = [p for p in parameter_vals if p['id']==self.floatID][0] self.assertEqual(float_val['parameter_spec']['name'], 'FloatParam') self.assertEqual(float_val['parameter_spec']['id_name'], 'floatparam') self.assertEqual(float_val['parameter_spec']['type'], ParameterSpec.FLOAT) self.assertEqual(float_val['value'], 3.14159) checkbox_val = [p for p in parameter_vals if p['id']==self.checkboxID][0] self.assertEqual(checkbox_val['parameter_spec']['name'], 'CheckboxParam') self.assertEqual(checkbox_val['parameter_spec']['id_name'], 'checkboxparam') self.assertEqual(checkbox_val['parameter_spec']['type'], ParameterSpec.CHECKBOX) self.assertEqual(checkbox_val['value'], True) menu_val = [p for p in parameter_vals if p['id'] == self.menuID][0] self.assertEqual(menu_val['parameter_spec']['name'], 'MenuParam') self.assertEqual(menu_val['parameter_spec']['id_name'], 'menuparam') self.assertEqual(menu_val['parameter_spec']['type'], ParameterSpec.MENU) self.assertEqual(menu_val['value'], 2)
def test_workflow_public_post(self): pk_workflow = self.workflow1.id request = self._build_post('/api/workflows/%d' % pk_workflow, {'public': True}, user=self.user) response = workflow_detail(request, workflow_id=pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) self.workflow1.refresh_from_db() self.assertEqual(self.workflow1.public, True)
def test_workflow_detail_get(self): pk_workflow = Workflow.objects.get(name='Workflow 1').id request = self.factory.get('/api/workflows/%d/' % pk_workflow) force_authenticate(request, user=self.user) response = workflow_detail(request, pk = pk_workflow) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['name'], 'Workflow 1') # bad ID should give 404 request = self.factory.get('/api/workflows/%d/' % 10000) force_authenticate(request, user=self.user) response = workflow_detail(request, pk = 10000) self.assertIs(response.status_code, status.HTTP_404_NOT_FOUND) # not authenticated should give 403 request = self.factory.get('/api/workflows/%d/' % pk_workflow) response = workflow_detail(request, pk=pk_workflow) self.assertIs(response.status_code, status.HTTP_403_FORBIDDEN)
def test_workflow_public_post(self): workflow = Workflow.objects.get(name='Workflow 1') self.assertEqual(workflow.public, False) pk_workflow = workflow.id request = self._build_post('/api/workflows/%d' % pk_workflow, {'public': True}, user=self.user) response = workflow_detail(request, pk=pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) workflow.refresh_from_db() self.assertEqual(workflow.public, True)
def test_workflow_selected_wf_module_post(self): workflow = Workflow.objects.get(name='Workflow 1') self.assertEqual(workflow.selected_wf_module, None) pk_workflow = workflow.id request = self.factory.post('/api/workflows/%d' % pk_workflow, {'selected_wf_module': 808}) force_authenticate(request, user=self.user) response = workflow_detail(request, pk=pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) workflow.refresh_from_db() self.assertEqual(workflow.selected_wf_module, 808)
def test_workflow_library_collapse_post(self): workflow = Workflow.objects.get(name='Workflow 1') self.assertEqual(workflow.module_library_collapsed, False) pk_workflow = workflow.id request = self.factory.post('/api/workflows/%d' % pk_workflow, {'module_library_collapsed': True}) force_authenticate(request, user=self.user) response = workflow_detail(request, pk=pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) workflow.refresh_from_db() self.assertEqual(workflow.module_library_collapsed, True)
def test_workflow_title_post(self): workflow = Workflow.objects.get(name='Workflow 1') self.assertEqual(workflow.name, 'Workflow 1') pk_workflow = workflow.id request = self.factory.post('/api/workflows/%d' % pk_workflow, {'newName': 'Billy Bob Thornton'}) force_authenticate(request, user=self.user) response = workflow_detail(request, pk=pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) workflow.refresh_from_db() self.assertEqual(workflow.name, 'Billy Bob Thornton')
def test_workflow_detail_get(self): # Should be able to get your own workflow pk_workflow = self.workflow1.id request = self._build_get('/api/workflows/%d/' % pk_workflow, user=self.user) response = workflow_detail(request, workflow_id=pk_workflow) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['workflow']['name'], 'Workflow 1') self.assertEqual(response.data['workflow']['public'], False) # bad ID should give 404 request = self._build_get('/api/workflows/%d/' % 10000, user=self.user) response = workflow_detail(request, workflow_id=10000) self.assertIs(response.status_code, status.HTTP_404_NOT_FOUND) # someone else's public workflow should be gettable request = self._build_get('/api/workflows/%d/' % self.other_workflow_public.id, user=self.user) response = workflow_detail(request, workflow_id=self.other_workflow_public.id) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['workflow']['name'], 'Other workflow public') # not authenticated should give 403 (not 404, because users try to # share their URLs without setting them public first and we need to # help them debug that case) request = self._build_get('/api/workflows/%d/' % pk_workflow, user=AnonymousUser()) response = workflow_detail(request, workflow_id=pk_workflow) self.assertEqual(response.status_code, 403) # similarly, someone else's private workflow should 403 request = self._build_get('/api/workflows/%d/' % self.other_workflow_private.id, user=self.user) response = workflow_detail(request, workflow_id=self.other_workflow_private.id) self.assertEqual(response.status_code, 403)
def test_parameterval_detail_get(self): request = self.factory.get('/api/workflows/%d/' % self.workflowID) force_authenticate(request, user=self.user) response = workflow_detail(request, pk = self.workflowID) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['name'], 'Test Workflow') # workflow has correct wfmodule self.assertEqual(len(response.data['wf_modules']), 1) self.assertEqual(response.data['wf_modules'][0]['id'], self.moduleID) # wfmodule has correct parameters self.assertEqual(len(response.data['wf_modules'][0]['parameter_vals']), 5) valIDs = [self.stringID, self.integerID, self.floatID, self.checkboxID, self.menuID] param_vals = response.data['wf_modules'][0]['parameter_vals'] responseIDs = [x['id'] for x in param_vals] self.assertCountEqual(responseIDs, valIDs) # parameters have correct types and values str_val = [p for p in param_vals if p['id']==self.stringID][0] self.assertEqual(str_val['parameter_spec']['name'], 'StringParam') self.assertEqual(str_val['parameter_spec']['id_name'], 'stringparam') self.assertEqual(str_val['parameter_spec']['type'], ParameterSpec.STRING) self.assertEqual(str_val['value'], 'fooval') int_val = [p for p in param_vals if p['id']==self.integerID][0] self.assertEqual(int_val['parameter_spec']['name'], 'IntegerParam') self.assertEqual(int_val['parameter_spec']['id_name'], 'integerparam') self.assertEqual(int_val['parameter_spec']['type'], ParameterSpec.INTEGER) self.assertEqual(int_val['value'], 10) float_val = [p for p in param_vals if p['id']==self.floatID][0] self.assertEqual(float_val['parameter_spec']['name'], 'FloatParam') self.assertEqual(float_val['parameter_spec']['id_name'], 'floatparam') self.assertEqual(float_val['parameter_spec']['type'], ParameterSpec.FLOAT) self.assertEqual(float_val['value'], 3.14159) checkbox_val = [p for p in param_vals if p['id']==self.checkboxID][0] self.assertEqual(checkbox_val['parameter_spec']['name'], 'CheckboxParam') self.assertEqual(checkbox_val['parameter_spec']['id_name'], 'checkboxparam') self.assertEqual(checkbox_val['parameter_spec']['type'], ParameterSpec.CHECKBOX) self.assertEqual(checkbox_val['value'], True) menu_val = [p for p in param_vals if p['id'] == self.menuID][0] self.assertEqual(menu_val['parameter_spec']['name'], 'MenuParam') self.assertEqual(menu_val['parameter_spec']['id_name'], 'menuparam') self.assertEqual(menu_val['parameter_spec']['type'], ParameterSpec.MENU) self.assertEqual(menu_val['value'], 2)
def test_parameterval_detail_get(self): request = self.factory.get('/api/workflows/%d/' % self.workflowID) force_authenticate(request, user=self.user) response = workflow_detail(request, pk=self.workflowID) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['name'], 'Test Workflow') # workflow has correct wfmodule self.assertEqual(len(response.data['wf_modules']), 1) self.assertEqual(response.data['wf_modules'][0]['id'], self.moduleID) # wfmodule has correct parameters self.assertEqual(len(response.data['wf_modules'][0]['parameter_vals']), 3) valIDs = [self.stringID, self.numberID, self.checkboxID] param_vals = response.data['wf_modules'][0]['parameter_vals'] responseIDs = [x['id'] for x in param_vals] self.assertCountEqual(responseIDs, valIDs) # parameters have correct types and values str_val = [p for p in param_vals if p['id'] == self.stringID][0] self.assertEqual(str_val['parameter_spec']['name'], 'StringParam') self.assertEqual(str_val['parameter_spec']['id_name'], 'stringparam') self.assertEqual(str_val['parameter_spec']['type'], ParameterSpec.STRING) self.assertEqual(str_val['value'], 'fooval') num_val = [p for p in param_vals if p['id'] == self.numberID][0] self.assertEqual(num_val['parameter_spec']['name'], 'NumberParam') self.assertEqual(num_val['parameter_spec']['id_name'], 'numberparam') self.assertEqual(num_val['parameter_spec']['type'], ParameterSpec.NUMBER) self.assertEqual(num_val['value'], 10.11) checkbox_val = [p for p in param_vals if p['id'] == self.checkboxID][0] self.assertEqual(checkbox_val['parameter_spec']['name'], 'CheckboxParam') self.assertEqual(checkbox_val['parameter_spec']['id_name'], 'checkboxparam') self.assertEqual(checkbox_val['parameter_spec']['type'], ParameterSpec.CHECKBOX) self.assertEqual(checkbox_val['value'], True)
def test_workflow_detail_get(self): pk_workflow = Workflow.objects.get(name='Workflow 1').id request = self.factory.get('/api/workflows/%d/' % pk_workflow) response = workflow_detail(request, pk = pk_workflow) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['name'], 'Workflow 1')