def test_erasure_certificate_public_one(user: UserClient, client: Client):
"""Public user can get certificate from one device as HTML or PDF."""
s = file('erase-sectors.snapshot')
snapshot, _ = user.post(s, res=e.Snapshot)
doc, response = client.get(res=docs.DocumentDef.t,
item='erasures/{}'.format(snapshot['device']['id']),
accept=ANY)
assert 'html' in response.content_type
assert '<html' in doc
assert '2018' in doc
doc, response = client.get(res=docs.DocumentDef.t,
item='erasures/{}'.format(snapshot['device']['id']),
query=[('format', 'PDF')],
accept='application/pdf')
assert 'application/pdf' == response.content_type
erasure = next(e for e in snapshot['events'] if e['type'] == 'EraseSectors')
doc, response = client.get(res=docs.DocumentDef.t,
item='erasures/{}'.format(erasure['id']),
accept=ANY)
assert 'html' in response.content_type
assert '<html' in doc
assert '2018' in doc
def test_auth_view(user: UserClient, client: Client):
"""Tests authentication at endpoint / view."""
user.get(res='User', item=user.user['id'], status=200)
client.get(res='User', item=user.user['id'], status=Unauthorized)
client.get(res='User',
item=user.user['id'],
token='wrong token',
status=Unauthorized)
def test_device_public(user: UserClient, client: Client):
s, _ = user.post(file('asus-eee-1000h.snapshot.11'), res=m.Snapshot)
html, _ = client.get(res=d.Device,
item=s['device']['devicehubID'],
accept=ANY)
assert 'intel atom cpu n270 @ 1.60ghz' in html
assert '00:24:8C:7F:CF:2D – 100 Mbps' in html
def test_api_docs(client: Client):
"""Tests /apidocs correct initialization."""
docs, _ = client.get('/apidocs')
assert set(docs['paths'].keys()) == {
# todo this does not appear: '/tags/{id}/device',
'/apidocs',
'/users/',
'/devices/',
'/tags/',
'/users/login/',
'/events/',
'/lots/',
'/manufacturers/',
'/lots/{id}/children',
'/lots/{id}/devices',
'/documents/erasures/',
'/documents/devices/',
'/documents/static/{filename}',
'/tags/{tag_id}/device/{device_id}',
'/devices/static/{filename}'
}
assert docs['info'] == {'title': 'Devicehub', 'version': '0.2'}
assert docs['components']['securitySchemes']['bearerAuth'] == {
'description': 'Basic scheme with token.',
'in': 'header',
'description:': 'HTTP Basic scheme',
'type': 'http',
'scheme': 'basic',
'name': 'Authorization'
}
assert len(docs['definitions']) == 96
def test_tag_get_device_from_tag_endpoint_multiple_tags(app: Devicehub, user: UserClient, user2: UserClient, client: Client):
"""As above, but when there are two tags with the secondary ID, the
system should not return any of both (to be deterministic) so
it should raise an exception.
"""
g.user = User.query.all()[0]
db.session.add(Tag(id='foo', secondary='bar', owner_id=user.user['id']))
db.session.commit()
db.session.add(Tag(id='foo', secondary='bar', owner_id=user2.user['id']))
db.session.commit()
db.session.add(Tag(id='foo2', secondary='bar', owner_id=user.user['id']))
with raises(DBError):
db.session.commit()
db.session.rollback()
tag1 = Tag.from_an_id('foo').filter_by(owner_id=user.user['id']).one()
tag2 = Tag.from_an_id('foo').filter_by(owner_id=user2.user['id']).one()
pc1 = Desktop(serial_number='sn1', chassis=ComputerChassis.Tower, owner_id=user.user['id'])
pc2 = Desktop(serial_number='sn2', chassis=ComputerChassis.Tower, owner_id=user2.user['id'])
pc1.tags.add(tag1)
pc2.tags.add(tag2)
db.session.add(pc1)
db.session.add(pc2)
db.session.commit()
computer, _ = user.get(res=Tag, item='foo/device')
assert computer['serialNumber'] == 'sn1'
computer, _ = user2.get(res=Tag, item='foo/device')
assert computer['serialNumber'] == 'sn2'
_, status = client.get(res=Tag, item='foo/device', status=MultipleResourcesFound)
assert status.status_code == 422
def test_get_version(client: Client):
"""Checks GETting versions of services."""
content, res = client.get("/versions/", None)
version = {'devicehub': __version__, 'ereuse_tag': '0.0.0'}
assert res.status_code == 200
assert content == version
def test_delete_tags(user: UserClient, client: Client):
"""Delete a named tag."""
# Delete Tag Named
g.user = User.query.one()
pc = Desktop(serial_number='sn1', chassis=ComputerChassis.Tower, owner_id=user.user['id'])
db.session.add(pc)
db.session.commit()
tag = Tag(id='bar', owner_id=user.user['id'], device_id=pc.id)
db.session.add(tag)
db.session.commit()
tag = Tag.query.all()[-1]
assert tag.id == 'bar'
# Is not possible delete one tag linked to one device
res, _ = user.delete(res=Tag, item=tag.id, status=422)
msg = 'The tag bar is linked to device'
assert msg in res['message'][0]
tag.device_id = None
db.session.add(tag)
db.session.commit()
# Is not possible delete one tag from an anonymous user
client.delete(res=Tag, item=tag.id, status=401)
# Is possible delete one normal tag
user.delete(res=Tag, item=tag.id)
user.get(res=Tag, item=tag.id, status=404)
# Delete Tag UnNamed
org = Organization(name='bar', tax_id='bartax')
tag = Tag(id='bar-1', org=org, provider=URL('http://foo.bar'), owner_id=user.user['id'])
db.session.add(tag)
db.session.commit()
tag = Tag.query.all()[-1]
assert tag.id == 'bar-1'
res, _ = user.delete(res=Tag, item=tag.id, status=422)
msg = 'This tag {} is unnamed tag. It is imposible delete.'.format(tag.id)
assert msg in res['message']
tag = Tag.query.all()[-1]
assert tag.id == 'bar-1'
def test_api_docs(client: Client):
"""Tests /apidocs correct initialization."""
docs, _ = client.get('/apidocs')
assert set(docs['paths'].keys()) == {
'/actions/',
'/apidocs',
'/allocates/',
'/deallocates/',
'/deliverynotes/',
'/devices/',
'/devices/static/{filename}',
'/documents/static/{filename}',
'/documents/actions/',
'/documents/erasures/',
'/documents/devices/',
'/documents/stamps/',
'/documents/wbconf/{wbtype}',
'/documents/internalstats/',
'/documents/stock/',
'/documents/check/',
'/documents/lots/',
'/versions/',
'/manufacturers/',
'/licences/',
'/lives/',
'/lots/',
'/lots/{id}/children',
'/lots/{id}/devices',
'/metrics/',
'/tags/',
'/tags/{tag_id}/device/{device_id}',
'/trade-documents/',
'/users/',
'/users/login/',
'/users/logout/',
}
assert docs['info'] == {'title': 'Devicehub', 'version': '0.2'}
assert docs['components']['securitySchemes']['bearerAuth'] == {
'description': 'Basic scheme with token.',
'in': 'header',
'description:': 'HTTP Basic scheme',
'type': 'http',
'scheme': 'basic',
'name': 'Authorization'
}
assert len(docs['definitions']) == 132
def test_login_failure(client: Client, app: Devicehub):
"""Tests performing wrong login."""
# Wrong password
with app.app_context():
create_user()
client.post({
'email': '*****@*****.**',
'password': '******'
},
uri='/users/login/',
status=WrongCredentials)
# Wrong URI
client.post({}, uri='/wrong-uri', status=NotFound)
# Malformed data
client.post({}, uri='/users/login/', status=ValidationError)
client.post({
'email': 'this is not an email',
'password': '******'
},
uri='/users/login/',
status=ValidationError)
def test_get_device_permissions(app: Devicehub, user: UserClient,
user2: UserClient, client: Client):
"""Checks GETting a d.Desktop with its components."""
s, _ = user.post(file('asus-eee-1000h.snapshot.11'), res=m.Snapshot)
pc, res = user.get(res=d.Device, item=s['device']['devicehubID'])
assert res.status_code == 200
assert len(pc['actions']) == 9
html, _ = client.get(res=d.Device,
item=s['device']['devicehubID'],
accept=ANY)
assert 'intel atom cpu n270 @ 1.60ghz' in html
assert '00:24:8C:7F:CF:2D – 100 Mbps' in html
pc2, res2 = user2.get(res=d.Device,
item=s['device']['devicehubID'],
accept=ANY)
assert res2.status_code == 200
assert pc2 == html
def test_login_success(client: Client, app: Devicehub):
"""
Tests successfully performing login.
This checks that:
- User is returned.
- User has token.
- User has not the password.
"""
with app.app_context():
create_user()
user, _ = client.post({
'email': '*****@*****.**',
'password': '******'
},
uri='/users/login',
status=200)
assert user['email'] == '*****@*****.**'
assert UUID(b64decode(user['token'].encode()).decode()[:-1])
assert 'password' not in user
def test_login_success(client: Client, app: Devicehub):
"""Tests successfully performing login.
This checks that:
- User is returned.
- User has token.
- User has not the password.
"""
with app.app_context():
create_user()
user, _ = client.post({
'email': '*****@*****.**',
'password': '******'
},
uri='/users/login/',
status=200)
assert user['email'] == '*****@*****.**'
assert UUID(auth.Auth.decode(user['token']))
assert 'password' not in user
assert user['individuals'][0]['name'] == 'Timmy'
assert user['individuals'][0]['type'] == 'Person'
assert len(user['individuals']) == 1
assert user['inventories'][0]['id'] == 'test'
def test_login_active_phantom(client: Client):
"""Tests successfully performing login.
This checks that:
- User is returned if is active and is not phantom.
"""
dbuser = User(email='*****@*****.**', password='******')
dbuser1 = User(email='*****@*****.**',
password='******',
active=True,
phantom=False)
dbuser2 = User(email='*****@*****.**',
password='******',
active=False,
phantom=False)
dbuser3 = User(email='*****@*****.**',
password='******',
active=True,
phantom=True)
dbuser4 = User(email='*****@*****.**',
password='******',
active=False,
phantom=True)
db.session.add(dbuser)
db.session.add(dbuser1)
db.session.add(dbuser2)
db.session.add(dbuser3)
db.session.add(dbuser4)
db.session.commit()
db.session.flush()
assert dbuser.active
assert not dbuser.phantom
uri = '/users/login/'
client.post({
'email': '*****@*****.**',
'password': '******'
},
uri=uri,
status=200)
client.post({
'email': '*****@*****.**',
'password': '******'
},
uri=uri,
status=200)
client.post({
'email': '*****@*****.**',
'password': '******'
},
uri=uri,
status=401)
client.post({
'email': '*****@*****.**',
'password': '******'
},
uri=uri,
status=401)
client.post({
'email': '*****@*****.**',
'password': '******'
},
uri=uri,
status=401)
def test_erasure_certificate_wrong_id(client: Client):
client.get(res=docs.DocumentDef.t, item='erasures/this-is-not-an-id',
status=teal.marshmallow.ValidationError)