def test_org_admin_get_own_org(org_admin_headers): """ services api allows org admins to get their own org's document """ org = org_admin_headers["CVE-API-ORG"] res = requests.get(f'{env.AWG_BASE_URL}{ORG_URL}/{org}', headers=org_admin_headers) assert res.status_code == 200 response_contains(res, org_admin_headers['CVE-API-ORG'])
def test_put_update_user_org_short_name(): """ services api allows users org to be updated by secretariat """ org, user = create_new_user_with_new_org_by_uuid() new_org = str(uuid.uuid4()) new_org_res = post_new_org(new_org, new_org) assert new_org_res.status_code == 200 res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}', headers=utils.BASE_HEADERS, params={'org_shortname': new_org}) assert res.status_code == 200 response_contains_json(res, 'message', f'{user} was successfully updated.') # user doesn't exist at this endpoint because its under a new org res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}', headers=utils.BASE_HEADERS, params={'org_shortname': new_org}) assert res.status_code == 404 response_contains(res, 'designated by the username parameter does not exist.') response_contains_json(res, 'error', 'USER_DNE') # but we can get the new user res = requests.get(f'{env.AWG_BASE_URL}{ORG_URL}/{new_org}/user/{user}', headers=utils.BASE_HEADERS) ok_response_contains(res, user)
def test_post_cve_id_range_already_exists(choose_year): """ ranges for 1999 to the current year must exist """ res = requests.post(f'{env.AWG_BASE_URL}{CVE_ID_RANGE_URL}/{choose_year}', headers=utils.BASE_HEADERS) assert res.status_code == 400 response_contains(res, (f'document for year {choose_year} was not created ' 'because it already exists.')) response_contains_json(res, 'error', 'YEAR_RANGE_EXISTS')
def test_put_update_user_reset_secret(): """ services api allows the secretariat to reset user secrets """ org, user = create_new_user_with_new_org_by_uuid() res = requests.put( f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}/reset_secret', headers=utils.BASE_HEADERS) assert res.status_code == 200 response_contains(res, 'API-secret')
def test_org_admin_get_own_user_info(org_admin_headers): """ services api allows org admin to get its own user info """ org = org_admin_headers['CVE-API-ORG'] user = org_admin_headers['CVE-API-USER'] res = requests.get(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}', headers=org_admin_headers) assert res.status_code == 200 response_contains(res, user)
def test_org_admin_reset_own_secret(org_admin_headers): """ services api allows admin users to reset their own secret """ org = org_admin_headers['CVE-API-ORG'] user = org_admin_headers['CVE-API-USER'] res = requests.put( f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}/reset_secret', headers=org_admin_headers) assert res.status_code == 200 response_contains(res, 'API-secret')
def test_org_admin_get_own_users_info(org_admin_headers): """ services api allows org admin to get its own users info """ org = org_admin_headers['CVE-API-ORG'] user = org_admin_headers['CVE-API-USER'] res = requests.get(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/users', headers=org_admin_headers) assert res.status_code == 200 assert len(json.loads(res.content.decode())['users']) >= 1 response_contains(res, user)
def test_put_cve_id_id_empty_params(): """ cve services id update endpoint fails for empty query parameters """ res = requests.put( f'{env.AWG_BASE_URL}{CVE_ID_URL}/{cve_id}', headers=utils.BASE_HEADERS, params={'state': '', 'cna': ''} ) assert res.status_code == 400 response_contains(res, 'state') response_contains_json(res, 'message', 'Parameters were invalid')
def test_put_update_user_add_empty_role(): """ services api rejects request to add roles that do not exist """ org, user = create_new_user_with_new_org_by_uuid() res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}', headers=utils.BASE_HEADERS, params={'active_roles.add': 'MAGNANIMOUS'}) assert res.status_code == 400 assert 'MAGNANIMOUS' not in res.content.decode() response_contains_json(res, 'error', 'BAD_INPUT') response_contains_json(res, 'message', 'Parameters were invalid') response_contains(res, 'User role does not exist.')
def test_org_admin_reset_same_org_secret(org_admin_headers): """ services api allows admin users to reset the secret of users of same org""" org = org_admin_headers['CVE-API-ORG'] user = str(uuid.uuid4()) res = post_new_org_user(org, user) assert res.status_code == 200 res = requests.put( f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}/reset_secret', headers=org_admin_headers) assert res.status_code == 200 response_contains(res, 'API-secret')
def test_put_cve_id_id_state_blarg(): """ an id's state can only be set to public or reject """ res = requests.put( f'{env.AWG_BASE_URL}{CVE_ID_URL}/{cve_id}', headers=utils.BASE_HEADERS, params={'state':'BLARG'} ) assert res.status_code == 400 assert 'BLARG' not in res.content.decode() response_contains(res, 'state') response_contains_json(res, 'message', 'Parameters were invalid')
def test_post_cve_id_empty_params(org_admin_headers): """ cve services doesn't accept id reservation with blank parameters """ res = requests.post(f'{env.AWG_BASE_URL}{CVE_ID_URL}', headers=org_admin_headers, params={ 'amount': '', 'batch_type': '', 'cve_year': '', 'short_name': '' }) # NOTE: there isn't a `short_name` error here, why? assert res.status_code == 400 response_contains(res, 'amount') response_contains(res, 'cve_year')
def test_get_cve_id_available_state(): """ CVE ID filter endpoint does not return any IDs with state 'AVAILABLE' """ res = requests.get( f'{env.AWG_BASE_URL}{CVE_ID_URL}', headers=utils.BASE_HEADERS, params={ 'page': 1, 'state': 'PUBLIC', 'cve_id_year': 2011 } ) assert res.status_code == 200 assert 'AVAILABLE' not in res.content.decode() response_contains(res, 'state')
def test_put_update_user_username(): """ services api allows user usernames to be updated by secretariat """ org, user = create_new_user_with_new_org_by_uuid() new_user_uid = str(uuid.uuid4()) # finally, we can update that user res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}', headers=utils.BASE_HEADERS, params={'new_username': new_user_uid}) assert res.status_code == 200 response_contains_json(res, 'message', f'{user} was successfully updated.') # we can't try again because the user doesn't exist anymore res = requests.put(f'{env.AWG_BASE_URL}{ORG_URL}/{org}/user/{user}', headers=utils.BASE_HEADERS, params={'new_username': new_user_uid}) assert res.status_code == 404 response_contains(res, 'designated by the username parameter does not exist.') response_contains_json(res, 'error', 'USER_DNE')
def test_post_cve_id_no_params(org_admin_headers): """ batch type is the only optional parameter for reserving ids """ res = requests.post(f'{env.AWG_BASE_URL}{CVE_ID_URL}', headers=org_admin_headers) assert res.status_code == 400 response_contains(res, 'amount') response_contains(res, 'cve_year') response_contains(res, 'short_name')
def test_get_cve_id_empty_parameters(reg_user_headers): """ cannot get id with empty parameters """ res = requests.get( f'{env.AWG_BASE_URL}{CVE_ID_URL}', headers=reg_user_headers, params={ 'page': ' ', 'state': ' ', 'cve_id_year': ' ', 'time_reserved.lt': ' ', 'time_reserved.gt': ' ', 'time_modified.lt': ' ', 'time_modified.gt': ' ' } ) assert res.status_code == 400 response_contains(res, 'page') response_contains(res, 'state') response_contains(res, 'cve_id_year') response_contains(res, 'time_reserved.lt') response_contains(res, 'time_reserved.gt') response_contains(res, 'time_modified.lt') response_contains(res, 'time_modified.gt') response_contains_json(res, 'error', 'BAD_INPUT')