def test_taskrun_anonymous_post(self, guard, mock_request): """Test API TaskRun creation and auth for anonymous users""" guard.return_value = mock_contributions_guard(True) project = ProjectFactory.create() task = TaskFactory.create(project=project) data = dict( project_id=project.id, task_id=task.id, info='my task result') mock_request.data = json.dumps(data) # With wrong project_id mock_request.remote_addr = '127.0.0.0' data['project_id'] = 100000000000000000 datajson = json.dumps(data) tmp = self.app.post('/api/taskrun', data=datajson) err_msg = "This post should fail as the project_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, tmp.data assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid project_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # With wrong task_id data['project_id'] = task.project_id data['task_id'] = 100000000000000000000 datajson = json.dumps(data) tmp = self.app.post('/api/taskrun', data=datajson) err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid task_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # Now with everything fine data = dict( project_id=task.project_id, task_id=task.id, info='my task result') datajson = json.dumps(data) tmp = self.app.post('/api/taskrun', data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun # If the anonymous tries again it should be forbidden tmp = self.app.post('/api/taskrun', data=datajson) err_msg = ("Anonymous users should be only allowed to post \ one task_run per task") assert tmp.status_code == 403, err_msg
def test_taskrun_anonymous_post(self, guard, mock_request): """Test API TaskRun creation and auth for anonymous users""" guard.return_value = mock_contributions_guard(True) project = ProjectFactory.create() task = TaskFactory.create(project=project) data = dict( project_id=project.id, task_id=task.id, info='my task result') mock_request.data = json.dumps(data) # With wrong project_id mock_request.remote_addr = '127.0.0.0' data['project_id'] = 100000000000000000 datajson = json.dumps(data) tmp = self.app.post('/api/taskrun', data=datajson) err_msg = "This post should fail as the project_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, tmp.data assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid project_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # With wrong task_id data['project_id'] = task.project_id data['task_id'] = 100000000000000000000 datajson = json.dumps(data) tmp = self.app.post('/api/taskrun', data=datajson) err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid task_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # Now with everything fine data = dict( project_id=task.project_id, task_id=task.id, info='my task result') datajson = json.dumps(data) tmp = self.app.post('/api/taskrun', data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun # If the anonymous tries again it should be forbidden tmp = self.app.post('/api/taskrun', data=datajson) err_msg = ("Anonymous users should be only allowed to post \ one task_run per task") assert tmp.status_code == 403, err_msg
def test_taskrun_authenticated_post(self, guard): """Test API TaskRun creation and auth for authenticated users""" guard.return_value = mock_contributions_guard(True) project = ProjectFactory.create() task = TaskFactory.create(project=project) data = dict( project_id=project.id, task_id=task.id, info='my task result') # With wrong project_id data['project_id'] = 100000000000000000 datajson = json.dumps(data) url = '/api/taskrun?api_key=%s' % project.owner.api_key tmp = self.app.post(url, data=datajson) err_msg = "This post should fail as the project_id is wrong" err = json.loads(tmp.data) print err assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid project_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # With wrong task_id data['project_id'] = task.project_id data['task_id'] = 100000000000000000000 datajson = json.dumps(data) tmp = self.app.post(url, data=datajson) err_msg = "This post should fail as the task_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid task_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # Now with everything fine data = dict( project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my task result') datajson = json.dumps(data) tmp = self.app.post(url, data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun # If the user tries again it should be forbidden tmp = self.app.post(url, data=datajson) assert tmp.status_code == 403, tmp.data
def test_taskrun_authenticated_post(self, guard): """Test API TaskRun creation and auth for authenticated users""" guard.return_value = mock_contributions_guard(True) project = ProjectFactory.create() task = TaskFactory.create(project=project) data = dict( project_id=project.id, task_id=task.id, info='my task result') # With wrong project_id data['project_id'] = 100000000000000000 datajson = json.dumps(data) url = '/api/taskrun?api_key=%s' % project.owner.api_key tmp = self.app.post(url, data=datajson) err_msg = "This post should fail as the project_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid project_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # With wrong task_id data['project_id'] = task.project_id data['task_id'] = 100000000000000000000 datajson = json.dumps(data) tmp = self.app.post(url, data=datajson) err_msg = "This post should fail as the task_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid task_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # Now with everything fine data = dict( project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my task result') datajson = json.dumps(data) tmp = self.app.post(url, data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun # If the user tries again it should be forbidden tmp = self.app.post(url, data=datajson) assert tmp.status_code == 403, tmp.data
def test_post_taskrun_not_creates_result_for_draft_project(self, guard): """Test API taskrun post creates a result if project is not published.""" guard.return_value = mock_contributions_guard(True, "a while ago") project = ProjectFactory.create(published=False) task = TaskFactory.create(project=project, n_answers=1) url = '/api/taskrun?api_key=%s' % project.owner.api_key data = dict(project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my task result') datajson = json.dumps(data) self.app.post(url, data=datajson) result = result_repo.get_by(project_id=project.id, task_id=task.id) assert result is None, result
def test_taskrun_created_with_time_it_was_requested_on_creation( self, guard): """Test API taskrun post adds the created timestamp of the moment the task was requested by the user""" guard.return_value = mock_contributions_guard(True, "a while ago") project = ProjectFactory.create() task = TaskFactory.create(project=project) url = '/api/taskrun?api_key=%s' % project.owner.api_key data = dict(project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my result') datajson = json.dumps(data) resp = self.app.post(url, data=datajson) taskrun = task_repo.filter_task_runs_by(task_id=data['task_id'])[0] assert taskrun.created == "a while ago", taskrun.created
def test_taskrun_is_stored_if_project_is_not_published(self, guard): """Test API taskrun post stores the taskrun even if project is not published""" guard.return_value = mock_contributions_guard(True, "a while ago") project = ProjectFactory.create(published=False) task = TaskFactory.create(project=project) url = '/api/taskrun?api_key=%s' % project.owner.api_key data = dict(project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my result') datajson = json.dumps(data) resp = self.app.post(url, data=datajson) task_runs = task_repo.filter_task_runs_by( project_id=data['project_id']) assert resp.status_code == 200, resp.status_code assert len(task_runs) == 1, task_runs assert task_runs[0].info == 'my result', task_runs[0]
def test_taskrun_created_with_time_it_was_requested_on_creation(self, guard): """Test API taskrun post adds the created timestamp of the moment the task was requested by the user""" guard.return_value = mock_contributions_guard(True, "a while ago") project = ProjectFactory.create() task = TaskFactory.create(project=project) url = '/api/taskrun?api_key=%s' % project.owner.api_key data = dict( project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my result') datajson = json.dumps(data) resp = self.app.post(url, data=datajson) taskrun = task_repo.filter_task_runs_by(task_id=data['task_id'])[0] assert taskrun.created == "a while ago", taskrun.created
def test_taskrun_is_stored_if_project_is_not_published(self, guard): """Test API taskrun post stores the taskrun even if project is not published""" guard.return_value = mock_contributions_guard(True, "a while ago") project = ProjectFactory.create(published=False) task = TaskFactory.create(project=project) url = '/api/taskrun?api_key=%s' % project.owner.api_key data = dict( project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my result') datajson = json.dumps(data) resp = self.app.post(url, data=datajson) task_runs = task_repo.filter_task_runs_by(project_id=data['project_id']) assert resp.status_code == 200, resp.status_code assert len(task_runs) == 1, task_runs assert task_runs[0].info == 'my result', task_runs[0]
def test_post_taskrun_not_creates_result_for_draft_project(self, guard): """Test API taskrun post creates a result if project is not published.""" guard.return_value = mock_contributions_guard(True, "a while ago") project = ProjectFactory.create(published=False) task = TaskFactory.create(project=project, n_answers=1) url = '/api/taskrun?api_key=%s' % project.owner.api_key data = dict( project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my task result') datajson = json.dumps(data) self.app.post(url, data=datajson) result = result_repo.get_by(project_id=project.id, task_id=task.id) assert result is not None, result
def test_taskrun_updates_task_state(self, guard, mock_request): """Test API TaskRun POST updates task state""" guard.return_value = mock_contributions_guard(True) project = ProjectFactory.create() task = TaskFactory.create(project=project, n_answers=2) url = '/api/taskrun?api_key=%s' % project.owner.api_key # Post first taskrun data = dict( project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my task result') datajson = json.dumps(data) mock_request.data = datajson tmp = self.app.post(url, data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun err_msg = "Task state should be different from completed" assert task.state == 'ongoing', err_msg # Post second taskrun mock_request.remote_addr = '127.0.0.0' admin = UserFactory.create() url = '/api/taskrun?api_key=%s' % admin.api_key data = dict( project_id=task.project_id, task_id=task.id, info='my task result anon') datajson = json.dumps(data) tmp = self.app.post(url, data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun assert r_taskrun['user_ip'] != '127.0.0.0', r_taskrun err_msg = "Task state should be equal to completed" assert task.state == 'completed', err_msg
def test_taskrun_updates_task_state(self, guard, mock_request): """Test API TaskRun POST updates task state""" guard.return_value = mock_contributions_guard(True) project = ProjectFactory.create() task = TaskFactory.create(project=project, n_answers=2) url = '/api/taskrun?api_key=%s' % project.owner.api_key # Post first taskrun data = dict( project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my task result') datajson = json.dumps(data) mock_request.data = datajson tmp = self.app.post(url, data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun err_msg = "Task state should be different from completed" assert task.state == 'ongoing', err_msg # Post second taskrun mock_request.remote_addr = '127.0.0.0' url = '/api/taskrun' data = dict( project_id=task.project_id, task_id=task.id, info='my task result anon') datajson = json.dumps(data) tmp = self.app.post(url, data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun err_msg = "Task state should be equal to completed" assert task.state == 'completed', err_msg
def test_taskrun_authenticated_external_uid_post(self, guard): """Test API TaskRun creation and auth for authenticated external uid""" guard.return_value = mock_contributions_guard(True) project = ProjectFactory.create() url = '/api/auth/project/%s/token' % project.short_name headers = {'Authorization': project.secret_key} token = self.app.get(url, headers=headers) headers['Authorization'] = 'Bearer %s' % token.data task = TaskFactory.create(project=project) data = dict(project_id=project.id, task_id=task.id, info='my task result', external_uid='1xa') # With wrong project_id data['project_id'] = 100000000000000000 datajson = json.dumps(data) url = '/api/taskrun?api_key=%s' % project.owner.api_key tmp = self.app.post(url, data=datajson, headers=headers) err_msg = "This post should fail as the project_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid project_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # With wrong task_id data['project_id'] = task.project_id data['task_id'] = 100000000000000000000 datajson = json.dumps(data) tmp = self.app.post(url, data=datajson, headers=headers) err_msg = "This post should fail as the task_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid task_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # Now with everything fine data = dict(project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my task result', external_uid='1xa') datajson = json.dumps(data) # But without authentication tmp = self.app.post(url, data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 403, r_taskrun tmp = self.app.post(url, data=datajson, headers=headers) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun # If the user tries again it should be forbidden tmp = self.app.post(url, data=datajson, headers=headers) assert tmp.status_code == 403, tmp.data
def test_taskrun_authenticated_external_uid_post(self, guard): """Test API TaskRun creation and auth for authenticated external uid""" guard.return_value = mock_contributions_guard(True) project = ProjectFactory.create() url = '/api/auth/project/%s/token' % project.short_name headers = {'Authorization': project.secret_key} token = self.app.get(url, headers=headers) headers['Authorization'] = 'Bearer %s' % token.data external_uid = 'as2d-4cab-3daf-234a-2344x' task = TaskFactory.create(project=project) data = dict( project_id=project.id, task_id=task.id, info='my task result', external_uid=external_uid) # With wrong project_id data['project_id'] = 100000000000000000 datajson = json.dumps(data) url = '/api/taskrun?api_key=%s' % project.owner.api_key tmp = self.app.post(url, data=datajson, headers=headers) err_msg = "This post should fail as the project_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid project_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # With wrong task_id data['project_id'] = task.project_id data['task_id'] = 100000000000000000000 datajson = json.dumps(data) tmp = self.app.post(url, data=datajson, headers=headers) err_msg = "This post should fail as the task_id is wrong" err = json.loads(tmp.data) assert tmp.status_code == 403, err_msg assert err['status'] == 'failed', err_msg assert err['status_code'] == 403, err_msg assert err['exception_msg'] == 'Invalid task_id', err_msg assert err['exception_cls'] == 'Forbidden', err_msg assert err['target'] == 'taskrun', err_msg # Now with everything fine data = dict( project_id=task.project_id, task_id=task.id, user_id=project.owner.id, info='my task result', external_uid=external_uid) datajson = json.dumps(data) # But without authentication tmp = self.app.post(url, data=datajson) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 403, r_taskrun tmp = self.app.post(url, data=datajson, headers=headers) r_taskrun = json.loads(tmp.data) assert tmp.status_code == 200, r_taskrun # If the user tries again it should be forbidden tmp = self.app.post(url, data=datajson, headers=headers) assert tmp.status_code == 403, tmp.data