def test_mobile_version(app_dev): testapp = app_dev.test_client() upgrade_header = app_dev.config.VERSION_UPGRADE_HEADER version_header = app_dev.config.VERSION_API_HEADER mobile_version = app_dev.config.VERSION_HEADER_KEY agent_header = app_dev.config.VERSION_AGENT_HEADER headers = { app_dev.config.LIMITER.BYPASS_KEY: app_dev.config.LIMITER.BYPASS_VALUE, agent_header: "ios", } res = testapp.get(h.url_for("web.index"), headers={ mobile_version: "0.0.0", **headers }) h.Asserter.assert_header(res, upgrade_header, "0") h.Asserter.assert_header(res, version_header, "1.0.0") url = h.url_for("api.mobile_release", ver="1.0.1", critical="true", agent="ios") res = testapp.post(url, headers=headers) h.Asserter.assert_status_code(res) res = testapp.get(h.url_for("web.index"), headers={ mobile_version: "0.0.0", **headers }) h.Asserter.assert_header(res, upgrade_header, "1") res = testapp.get("/web-page-not-found") h.Asserter.assert_not_in(upgrade_header, list(res.headers.keys())) h.Asserter.assert_not_in(version_header, list(res.headers.keys()))
def test_method_override(testapp): res = testapp.post( h.url_for("test.method_override_post"), headers={"X-HTTP-Method-Override": h.HttpMethod.PUT}, ) h.Asserter.assert_status_code(res) res = testapp.post( h.url_for("test.method_override_post", _method_override="PUT")) h.Asserter.assert_status_code(res)
def test_apidoc(test_client, views): headers = h.basic_auth_header() res = test_client.get(h.url_for(views.apidocs), headers=headers) h.Asserter.assert_status_code(res) h.Asserter.assert_content_type(res, h.CTS.html) res = test_client.get(h.url_for(views.api_spec), headers=headers) h.Asserter.assert_status_code(res) h.Asserter.assert_different(res.json, {}) h.Asserter.assert_content_type(res, h.CTS.json)
def test_app_dev(app_dev): h.Asserter.assert_equals(app_dev.config.FLASK_ENV, "development") h.Asserter.assert_equals(app_dev.config.SECRET_KEY, "fake_very_complex_string") client = TestHttpCall(app_dev.test_client()) client.perform(request={"url": h.url_for("web.index")}) client = TestHttpApi(app_dev.test_client()) client.perform(request={"url": h.url_for("test.test_https")}) h.Asserter.assert_equals(client.json.scheme, "https") h.Asserter.assert_true(client.json.url_for.startswith("https"))
def test_proxy_view(app_dev): testapp = app_dev.test_client() res = testapp.post(h.url_for("api.proxyview", p="v1"), json={"test": "test"}) h.Asserter.assert_status_code(res) h.Asserter.assert_equals(res.json.json.test, "test") h.Asserter.assert_equals(res.json.args.p, "v1") res = testapp.get(h.url_for("api.confproxy")) h.Asserter.assert_status_code(res) h.Asserter.assert_equals(res.json.headers.k, "v") h.Asserter.assert_equals(res.json.params.k, "v")
def test_apidoc(testapp): res = testapp.get(h.url_for("api.apidocs")) h.Asserter.assert_status_code(res) h.Asserter.assert_content_type(res, h.CTS.html) res = testapp.get(h.url_for("api.apispec")) h.Asserter.assert_status_code(res) h.Asserter.assert_content_type(res, h.CTS.json) h.Asserter.assert_equals(res.json.info.version, "1.0.0") h.Asserter.assert_equals(res.json.servers[0].variables.context.default, "/") h.Asserter.assert_equals(res.json.servers[0].variables.host.default, "https://127.0.0.1:5000")
def test_jsonrpc_proxy_view(app_dev): testapp = app_dev.test_client() res = testapp.post(h.url_for("api.jsonrpc_proxyview"), json={"test": "test"}) h.Asserter.assert_status_code(res, h.httpcode.NO_CONTENT) res = testapp.get(h.url_for("api.jsonrpc_proxyview", param1=1, param2=2)) h.Asserter.assert_status_code(res) response = json.loads(res.json.data) h.Asserter.assert_schema(response, schemas.SCHEMAS.JSONRPC.REQUEST) h.Asserter.assert_equals(response["method"], "jsonrpc_method") h.Asserter.assert_equals(response["params"]["param1"], "1") h.Asserter.assert_equals(response["params"]["param2"], "2")
def test_reverse_proxy(testapp): res = testapp.get(h.url_for("test.test_proxy"), headers={"X-Forwarded-Prefix": "/test"}) h.Asserter.assert_status_code(res) h.Asserter.assert_true(bool(res.json.request_id)) h.Asserter.assert_equals(res.json.script_name, "/test") h.Asserter.assert_equals(res.json.original.SCRIPT_NAME, "")
def test_api_jsonrpc_notification(app_dev): url = h.url_for("api.jsonrpc") testapp = app_dev.test_client() headers = dict(headers={ app_dev.config.LIMITER.BYPASS_KEY: app_dev.config.LIMITER.BYPASS_VALUE }) res = testapp.jsonrpc_batch( url, requests=( dict(method="MyJsonRPC.testAction1", params={}), dict(method="MyJsonRPC.NotFoundMethod"), ), **headers, ) h.Asserter.assert_status_code(res, h.httpcode.NO_CONTENT) res = testapp.jsonrpc_batch( url, requests=( dict(method="MyJsonRPC.testAction1", call_id=1, params={}), dict(method="MyJsonRPC.NotFoundMethod"), ), **headers, ) h.Asserter.assert_status_code(res) h.Asserter.assert_equals(len(res.json), 1)
def test_api_jsonrpc_params(app_dev): url = h.url_for("api.jsonrpc") method = "MyJsonRPC.testInvalidParams" testapp = app_dev.test_client() response_schema = schemas.SCHEMAS.JSONRPC.RESPONSE headers = dict(headers={ app_dev.config.LIMITER.BYPASS_KEY: app_dev.config.LIMITER.BYPASS_VALUE }) res = testapp.jsonrpc(url, method=method, call_id=1, params={"param": "testparam"}, **headers) h.Asserter.assert_status_code(res) h.Asserter.assert_schema(res.json, response_schema) h.Asserter.assert_not_in("error", res.json) res = testapp.jsonrpc(url, method=method, call_id=1, params={"params": None}, **headers) h.Asserter.assert_status_code(res) h.Asserter.assert_schema(res.json, response_schema) h.Asserter.assert_equals(res.json.error.code, rpc.RPCInvalidParams().code)
def test_api_jsonrpc_batch(app_dev): url = h.url_for("api.jsonrpc") testapp = app_dev.test_client() headers = dict(headers={ app_dev.config.LIMITER.BYPASS_KEY: app_dev.config.LIMITER.BYPASS_VALUE }) res = testapp.jsonrpc_batch( url, requests=( dict(method="MyJsonRPC.testAction1", call_id=1, params={}), dict(method="MyJsonRPC.NotFoundMethod", call_id=2), ), **headers, ) h.Asserter.assert_status_code(res, h.httpcode.MULTI_STATUS) h.Asserter.assert_true(res.json[0].result.action1) h.Asserter.assert_equals(res.json[1].error.code, rpc.RPCMethodNotFound().code) res = testapp.jsonrpc_batch( url, requests=( dict(method="MyJsonRPC.testAction1", call_id=1, params={}), dict(method="MyJsonRPC.NotFoundMethod", call_id=2), dict(method="MyJsonRPC.NotFoundMethod", call_id=3), ), **headers, ) h.Asserter.assert_status_code(res, h.httpcode.REQUEST_ENTITY_TOO_LARGE)
def test_api_resources(testapp): res = testapp.get(h.url_for("api.resource_api"), headers={"Accept": h.CTS.xml}) h.Asserter.assert_status_code(res) h.Asserter.assert_content_type(res, h.CTS.xml) res = testapp.get(h.url_for("api.resource_api", res_id=1)) h.Asserter.assert_status_code(res) h.Asserter.assert_content_type(res, h.CTS.json) res = testapp.get( h.url_for("api.resource_api", res_id=1, sub_resource="items")) h.Asserter.assert_status_code(res) h.Asserter.assert_content_type(res, h.CTS.json) res = testapp.get( h.url_for("api.resource_api", res_id=1, sub_resource="not-found")) h.Asserter.assert_status_code(res, h.httpcode.NOT_FOUND) h.Asserter.assert_content_type(res, h.CTS.json_problem) h.Asserter.assert_schema(res.json, schemas.SCHEMAS.API_PROBLEM) h.Asserter.assert_equals(res.json.detail, "not found") res = testapp.get( h.url_for("api.resource_api", res_id=1, sub_resource="not-found")) h.Asserter.assert_status_code(res, h.httpcode.TOO_MANY_REQUESTS) time.sleep(int(res.headers.get("Retry-After") or 0)) # check rate limit res = testapp.delete(h.url_for("api.resource_api", res_id=1)) h.Asserter.assert_status_code(res, h.httpcode.NO_CONTENT) data = dict(item="test") res = testapp.put(h.url_for("api.resource_api", res_id=1), json=data) h.Asserter.assert_status_code(res) res = testapp.post(h.url_for("api.resource_api"), json=data) h.Asserter.assert_status_code(res, h.httpcode.CREATED) res = testapp.post(h.url_for("api.resource_api", res_id=1, sub_resource="items"), json=data) h.Asserter.assert_status_code(res, h.httpcode.CREATED) res = testapp.post(h.url_for("api.resource_api"), json={}) h.Asserter.assert_status_code(res, h.httpcode.UNPROCESSABLE_ENTITY) h.Asserter.assert_allin(res.json.response.reason, ("cause", "message", "path"))
def test_utils_uuid(testapp): res = testapp.get(h.url_for("test.return_uuid")) h.Asserter.assert_false(uuid.check_uuid("fake uuid")) h.Asserter.assert_true(uuid.check_uuid(uuid.get_uuid(hexify=False))) h.Asserter.assert_true(uuid.check_uuid(res.json.get("uuid1"), ver=1)) h.Asserter.assert_true(uuid.check_uuid(res.json.get("uuid3"), ver=3)) h.Asserter.assert_true(uuid.check_uuid(res.json.get("uuid4"))) h.Asserter.assert_true(uuid.check_uuid(res.json.get("uuid5"), ver=5))
def test_api_jsonrpc_success(app_dev): call_id = 1 url = h.url_for("api.jsonrpc") client = TestJsonRPC(app_dev.test_client(), endpoint=url) client.perform(request=dict(method="MyJsonRPC.testAction1", id=call_id)) h.Asserter.assert_equals(client.json.id, call_id) h.Asserter.assert_true(client.json.result.action1) res = app_dev.test_client().jsonrpc(url, method="MyJsonRPC.testAction2") h.Asserter.assert_status_code(res, h.httpcode.NO_CONTENT)
def test_proxy_schema(app_dev): view = "api.schema_proxy" testapp = app_dev.test_client() bypass = { app_dev.config.LIMITER.BYPASS_KEY: app_dev.config.LIMITER.BYPASS_VALUE } _ = h.api_tester( testapp, h.url_for(view, filepath="pippo"), status=h.httpcode.NOT_FOUND, headers=bypass, ) res = h.api_tester(testapp, h.url_for(view, filepath="jsonrpc/request.json")) h.Asserter.assert_equals(res.json, app_dev.config.SCHEMAS.JSONRPC.REQUEST) res = h.api_tester(testapp, h.url_for(view, filepath="api_problem")) h.Asserter.assert_equals(res.json, app_dev.config.SCHEMAS.API_PROBLEM)
def test_mobile_views(app_dev): testapp = app_dev.test_client() url = h.url_for("api.mobile_logger") data = {"stacktrace": "exception"} res = testapp.post(url, json=data) h.Asserter.assert_status_code(res, h.httpcode.NO_CONTENT) res = testapp.post(f"{url}?debug", json=data) h.Asserter.assert_status_code(res) h.Asserter.assert_equals(res.json, data)
def test_useragent(testapp): res = testapp.get(h.url_for("test.useragent")) h.Asserter.assert_status_code(res) h.Asserter.assert_allin(res.json.keys(), ("browser", "device", "os", "raw")) ua_string = """ Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 """ res = useragent.UserAgent().parse(ua_string) h.Asserter.assert_equals(res.raw, ua_string)
def test_mobile_release(app_dev): agent = {"agent": "ios"} version = "1.0.0" testapp = app_dev.test_client() res = testapp.delete(h.url_for("api.mobile_release", **agent)) h.Asserter.assert_status_code(res) res = testapp.delete(h.url_for("api.mobile_release", all="true", **agent)) h.Asserter.assert_status_code(res, h.httpcode.NO_CONTENT) res = testapp.post(h.url_for("api.mobile_release", ver=version, **agent)) h.Asserter.assert_status_code(res) h.Asserter.assert_equals(res.json, 1) h.Asserter.assert_allin(res.json[0], ("critical", "version")) res = testapp.get(h.url_for("api.mobile_release", all="true", **agent)) h.Asserter.assert_status_code(res) h.Asserter.assert_allin(res.json[0], ("critical", "version")) res = testapp.post(h.url_for("api.mobile_release", ver=version, **agent)) h.Asserter.assert_status_code(res, h.httpcode.BAD_REQUEST) bypass = { app_dev.config.LIMITER.BYPASS_KEY: app_dev.config.LIMITER.BYPASS_VALUE } res = testapp.get(h.url_for("api.mobile_release", ver="latest", **agent), headers=bypass) h.Asserter.assert_status_code(res) h.Asserter.assert_header(res, "Content-Type", h.CTS.text) h.Asserter.assert_equals(res.data, version.encode())
def get_access_token(token=None, email=None, password=None, in_query=True): if token is not None: if in_query is True: return f"jwt={token}" return dict(Authorization=f"Bearer {token}") credentials = dict( email=email or h.config.ADMIN_EMAIL, password=password or h.config.ADMIN_PASSWORD, ) tokens = test_client.post(h.url_for(views.access_token), json=credentials) if in_query is True: return f"jwt={tokens.json.access_token}" return dict(Authorization=f"Bearer {tokens.json.access_token}")
def test_utils_send_file(testapp): filename = "MANIFEST.in" url = h.url_for("test.download") + "?filename={}" res = testapp.get(url.format(filename)) h.Asserter.assert_status_code(res) h.Asserter.assert_header(res, "Content-Disposition", f"attachment; filename={filename}") h.Asserter.assert_header(res, "X-Accel-Redirect", f"./{filename}") h.Asserter.assert_true(res.headers.get("X-Sendfile").endswith(filename)) h.Asserter.assert_equals(res.data, b"") res = testapp.get(url.format("nofile.txt")) h.Asserter.assert_status_code(res, h.httpcode.NOT_FOUND) h.Asserter.assert_content_type(res, h.CTS.html)
def test_api_jsonrpc_error(app_dev): call_id = 1 url = h.url_for("api.jsonrpc") testapp = app_dev.test_client() response_schema = schemas.SCHEMAS.JSONRPC.RESPONSE headers = dict(headers={ app_dev.config.LIMITER.BYPASS_KEY: app_dev.config.LIMITER.BYPASS_VALUE }) res = testapp.jsonrpc(url, method="NotFoundMethod", call_id=call_id, **headers) h.Asserter.assert_status_code(res) h.Asserter.assert_equals(res.json.error.code, rpc.RPCMethodNotFound().code) h.Asserter.assert_schema(res.json, response_schema) h.Asserter.assert_equals(res.json.id, call_id) h.Asserter.assert_true(res.json.error.message) res = testapp.jsonrpc(url, json={}, **headers) h.Asserter.assert_status_code(res, h.httpcode.BAD_REQUEST) h.Asserter.assert_schema(res.json, response_schema) h.Asserter.assert_equals(res.json.error.code, rpc.RPCParseError().code) res = testapp.jsonrpc(url, json={"params": None}, **headers) h.Asserter.assert_status_code(res, h.httpcode.BAD_REQUEST) h.Asserter.assert_schema(res.json, response_schema) h.Asserter.assert_equals(res.json.error.code, rpc.RPCInvalidRequest().code) res = testapp.jsonrpc(url, json={ "jsonrpc": 1, "method": "MyJsonRPC.testAction1" }, **headers) h.Asserter.assert_status_code(res, h.httpcode.BAD_REQUEST) h.Asserter.assert_schema(res.json, response_schema) h.Asserter.assert_equals(res.json.error.code, rpc.RPCInvalidRequest().code) res = testapp.jsonrpc(url, method="MyJsonRPC.testInternalError", call_id=call_id, **headers) h.Asserter.assert_status_code(res) h.Asserter.assert_schema(res.json, response_schema) h.Asserter.assert_equals(res.json.error.code, rpc.RPCInternalError().code)
def get_access_token( token: Optional[str] = None, token_type: str = "Bearer", is_query: bool = False, credentials: Optional[Union[Dict[str, str], Tuple[str, str]]] = None, access_view: str = "auth.token_access", ): if token is not None: return dict(Authorization=f"Bearer {token}") if not credentials: config = test_client.application.config credentials = dict(email=config.ADMIN_EMAIL, password=config.ADMIN_PASSWORD) if isinstance(credentials, tuple): credentials = dict(email=credentials[0], password=credentials[1]) tokens = test_client.post(url_for(access_view), json=credentials) if is_query is True: return dict(jwt={tokens.json.access_token}) return dict(Authorization=f"{token_type} {tokens.json.access_token}")
def test_api_cors(testapp): client = TestHttpApi(testapp) client.perform( request={"url": h.url_for("api.resource_api")}, response={ "status": { "code": h.httpcode.TOO_MANY_REQUESTS }, "headers": { "Access-Control-Allow-Origin": { "value": "*" }, "Content-Type": { "value": h.CTS.json_problem }, }, }, ) headers = testapp.application.config.CORS_EXPOSE_HEADERS res = h.api_tester(testapp, url="/") h.Asserter.assert_header(res, "Access-Control-Allow-Origin", "*") h.Asserter.assert_allin( res.headers["Access-Control-Expose-Headers"].split(", "), headers)
def test_restful(app_dev): h.restful_tester( app_dev.test_client(), view="api.items", schema_read=schemas.SCHEMAS.ITEM, schema_collection=schemas.SCHEMAS.ITEM_LIST, body_create=dict(item="test"), headers={ app_dev.config.LIMITER.BYPASS_KEY: app_dev.config.LIMITER.BYPASS_VALUE, **h.basic_auth_header(), }, ) client = TestRestApi(app_dev.test_client(), endpoint=h.url_for("api.items")) client.test_post( request=dict(json=dict(item="test"), headers=h.basic_auth_header()), response=dict(schema=schemas.SCHEMAS.ITEM), ) res_id = client.json.id client.test_get( res_id, request=dict(headers=h.basic_auth_header()), response=dict(schema=schemas.SCHEMAS.ITEM), ) client.test_put( res_id, request=dict(json=dict(item="test"), headers=h.basic_auth_header()), response=dict(schema=schemas.SCHEMAS.ITEM), ) client.test_collection( request=dict(headers=h.basic_auth_header()), response=dict(schema=schemas.SCHEMAS.ITEM_LIST), ) client.test_delete(res_id, request=dict(headers=h.basic_auth_header()))
def test_force_https(testapp): _ = testapp.get(h.url_for("test.test_https")) client = TestHttpApi(testapp) client.perform(request={"url": h.url_for("test.test_https")}) h.Asserter.assert_equals(client.json.scheme, "https") h.Asserter.assert_true(client.json.url_for.startswith("https"))
def test_converters(testapp): res = testapp.get(h.url_for("test.list_converter", data=["a", "b", "c"])) h.Asserter.assert_status_code(res) h.Asserter.assert_equals(res.json, 3)
def test_utils_get_json(testapp): res = testapp.post(h.url_for("test.get_invalid_json")) h.Asserter.assert_status_code(res, h.httpcode.BAD_REQUEST)
def test_crypto(testapp): passwd = "my-favourite-password" crypto = ExtProxy("argon2") res = testapp.get(h.url_for("test.crypt", passwd=passwd)) h.Asserter.assert_true(crypto.verify_hash(res.data, passwd)) h.Asserter.assert_false(crypto.verify_hash(res.data, "wrong-pass"))
def test_jwt(app_dev): testapp = app_dev.test_client() conf = testapp.application.config bypass = {conf.LIMITER.BYPASS_KEY: conf.LIMITER.BYPASS_VALUE} tokens = testapp.post( h.url_for("api.token_access", expires_access=1), json=dict(email=conf.BASIC_AUTH_USERNAME, password=conf.BASIC_AUTH_PASSWORD), ) h.Asserter.assert_status_code(tokens) check = testapp.get( h.url_for("api.token_check"), headers={ "Authorization": f"Bearer {tokens.json.access_token}", **bypass }, ) h.Asserter.assert_status_code(check) time.sleep(2) check = testapp.get( h.url_for("api.token_check"), headers={ "Authorization": f"Bearer {tokens.json.access_token}", **bypass }, ) h.Asserter.assert_status_code(check, h.httpcode.UNAUTHORIZED) tokens = testapp.post( h.url_for("api.token_access"), json=dict(email=conf.BASIC_AUTH_USERNAME, password=conf.BASIC_AUTH_PASSWORD), headers=bypass, ) h.Asserter.assert_status_code(tokens) h.Asserter.assert_allin( tokens.json.keys(), ( "access_token", "refresh_token", "expires_in", "issued_at", "token_type", "scope", ), ) res = testapp.post( h.url_for("api.token_refresh"), headers={ "Authorization": f"Bearer {tokens.json.refresh_token}", **bypass }, ) h.Asserter.assert_status_code(res) h.Asserter.assert_allin( res.json.keys(), ("access_token", "expires_in", "issued_at", "token_type", "scope"), ) check = testapp.get( h.url_for("api.token_check"), headers={ "Authorization": f"Bearer {res.json.access_token}", **bypass }, ) h.Asserter.assert_status_code(check) unauth = testapp.get( h.url_for("api.token_check"), headers={ "Authorization": "Bearer invalid-token", **bypass }, ) h.Asserter.assert_status_code(unauth, h.httpcode.UNAUTHORIZED) revoked = testapp.post( h.url_for("api.token_revoke"), headers={ "Authorization": f"Bearer {tokens.json.access_token}", **bypass }, json={ "access_token": tokens.json.access_token, "refresh_token": tokens.json.refresh_token, }, ) h.Asserter.assert_status_code(revoked, h.httpcode.NO_CONTENT) res = testapp.get( h.url_for("api.token_check"), headers={ "Authorization": f"Bearer {tokens.json.access_token}", **bypass }, ) h.Asserter.assert_status_code(res, h.httpcode.UNAUTHORIZED)