def test_includeme(forklift): settings = {} if forklift: settings["forklift.domain"] = forklift config = pretend.stub( get_settings=lambda: settings, include=pretend.call_recorder(lambda n: None), add_legacy_action_route=pretend.call_recorder(lambda *a, **k: None), ) includeme(config) config.include.calls == [pretend.call(".action_routing")] config.add_legacy_action_route.calls == [ pretend.call( "forklift.legacy.file_upload", "file_upload", domain=forklift, ), pretend.call("forklift.legacy.submit", "submit", domain=forklift), pretend.call( "forklift.legacy.submit_pkg_info", "submit_pkg_info", domain=forklift, ), pretend.call( "forklift.legacy.doc_upload", "doc_upload", domain=forklift, ), ]
def test_csp_policy(self): response = pretend.stub(headers={}) handler = pretend.call_recorder(lambda request: response) settings = { "csp": { "default-src": ["*"], "style-src": ["'self'", "example.net"], }, } registry = pretend.stub(settings=settings) tween = csp.content_security_policy_tween_factory(handler, registry) request = pretend.stub( path="/project/foobar/", find_service=pretend.call_recorder( lambda *args, **kwargs: settings["csp"] ), ) assert tween(request) is response assert response.headers == { "Content-Security-Policy": "default-src *; style-src 'self' example.net", }
def test_resets_password_bad_confirm(self, db_request, monkeypatch): user = UserFactory.create() db_request.matchdict["user_id"] = str(user.id) db_request.params = {"username": "******"} db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/foobar") db_request.user = UserFactory.create() db_request.remote_addr = "10.10.10.10" service = pretend.stub( find_userid=pretend.call_recorder(lambda username: user.id), disable_password=pretend.call_recorder(lambda userid, reason: None), ) db_request.find_service = pretend.call_recorder(lambda iface, context: service) send_email = pretend.call_recorder(lambda *a, **kw: None) monkeypatch.setattr(views, "send_password_compromised_email", send_email) result = views.user_reset_password(db_request) assert db_request.find_service.calls == [] assert send_email.calls == [] assert service.disable_password.calls == [] assert db_request.route_path.calls == [ pretend.call("admin.user.detail", user_id=user.id) ] assert result.status_code == 303 assert result.location == "/foobar"
def test_call(self, monkeypatch): request = pretend.stub() registry = pretend.stub() result = pretend.stub() prepared = { "registry": registry, "request": request, "closer": pretend.call_recorder(lambda: None) } prepare = pretend.call_recorder(lambda *a, **kw: prepared) monkeypatch.setattr(scripting, "prepare", prepare) @pretend.call_recorder def runner(irequest): assert irequest is request return result task = celery.WarehouseTask() task.app = Celery() task.app.pyramid_config = pretend.stub(registry=registry) task.run = runner assert task() is result assert prepare.calls == [pretend.call(registry=registry)] assert prepared["closer"].calls == [pretend.call()] assert runner.calls == [pretend.call(request)]
def test_configuration(self, url, cache_class, monkeypatch): client_obj = pretend.stub() client_cls = pretend.stub( create_service=pretend.call_recorder(lambda *a, **kw: client_obj) ) monkeypatch.setattr(cache, cache_class, client_cls) registry = {} config = pretend.stub( add_view_deriver=pretend.call_recorder( lambda deriver, over=None, under=None: None ), register_service_factory=pretend.call_recorder( lambda service, iface=None: None ), registry=pretend.stub( settings={"warehouse.xmlrpc.cache.url": url}, __setitem__=registry.__setitem__, ), ) cache.includeme(config) assert config.add_view_deriver.calls == [ pretend.call( cache.cached_return_view, under="rendered_view", over="mapped_view" ) ]
def test_delete_by_prefix_with_storage_prefix(self): files = {"Contents": [{"Key": f"docs/foo/{i}.html"} for i in range(150)]} s3_client = pretend.stub( list_objects_v2=pretend.call_recorder( lambda Bucket=None, Prefix=None: files ), delete_objects=pretend.call_recorder(lambda Bucket=None, Delete=None: None), ) storage = S3DocsStorage(s3_client, "bucket-name", prefix="docs") storage.remove_by_prefix("foo") assert s3_client.list_objects_v2.calls == [ pretend.call(Bucket="bucket-name", Prefix="docs/foo") ] assert s3_client.delete_objects.calls == [ pretend.call( Bucket="bucket-name", Delete={"Objects": [{"Key": f"docs/foo/{i}.html"} for i in range(100)]}, ), pretend.call( Bucket="bucket-name", Delete={ "Objects": [{"Key": f"docs/foo/{i}.html"} for i in range(100, 150)] }, ), ]
def test_with_disabled_user_compromised_pw(self, pyramid_request, pyramid_services): user = pretend.stub(id=1) service = pretend.stub( get_user=pretend.call_recorder(lambda user_id: user), find_userid=pretend.call_recorder(lambda username: 1), check_password=pretend.call_recorder( lambda userid, password, tags=None: False ), is_disabled=pretend.call_recorder( lambda user_id: (True, DisableReason.CompromisedPassword) ), ) pyramid_services.register_service(IUserService, None, service) pyramid_services.register_service( IPasswordBreachedService, None, pretend.stub(failure_message_plain="Bad Password!"), ) with pytest.raises(BasicAuthBreachedPassword) as excinfo: assert ( accounts._basic_auth_login("myuser", "mypass", pyramid_request) is None ) assert excinfo.value.status == "401 Bad Password!" assert service.find_userid.calls == [pretend.call("myuser")] assert service.get_user.calls == [pretend.call(1)] assert service.is_disabled.calls == [pretend.call(1)] assert service.check_password.calls == []
def test_deriver(self, service_available, xmlrpc_cache, fakeredis): context = pretend.stub() purger = pretend.call_recorder(lambda tags: None) service = RedisXMLRPCCache("redis://127.0.0.2:6379/0", purger) service.redis_conn = fakeredis service.redis_lru.conn = fakeredis if service_available: _find_service = pretend.call_recorder(lambda *args, **kwargs: service) else: _find_service = pretend.raiser(LookupError) request = pretend.stub( find_service=_find_service, rpc_method="rpc_method", rpc_args=(0, 1) ) response = {} @pretend.call_recorder def view(context, request): return response info = pretend.stub(options={}, exception_only=False) info.options["xmlrpc_cache"] = xmlrpc_cache derived_view = cached_return_view(view, info) assert derived_view(context, request) is response assert view.calls == [pretend.call(context, request)]
def test_after_commit_hook(self, monkeypatch, success): args = [pretend.stub(), pretend.stub()] kwargs = {"foo": pretend.stub(), "bar": pretend.stub()} super_class = pretend.stub( apply_async=pretend.call_recorder(lambda *a, **kw: None), ) real_super = __builtins__["super"] inner_super = pretend.call_recorder(lambda *a, **kw: super_class) def fake_super(*args, **kwargs): if not args and not kwargs: return inner_super(*args, **kwargs) else: return real_super(*args, **kwargs) monkeypatch.setitem(__builtins__, "super", fake_super) task = celery.WarehouseTask() task.app = Celery() task._after_commit_hook(success, *args, **kwargs) if success: assert inner_super.calls == [pretend.call()] else: assert inner_super.calls == []
def test_send_email_success(self, monkeypatch): message_obj = Message() def mock_message(*args, **kwargs): return message_obj monkeypatch.setattr(email, "Message", mock_message) task = pretend.stub() mailer = pretend.stub( send_immediately=pretend.call_recorder(lambda i: None) ) request = pretend.stub( registry=pretend.stub( settings=pretend.stub( get=pretend.call_recorder(lambda k: 'SENDER'), ), getUtility=pretend.call_recorder(lambda mailr: mailer) ) ) email.send_email( task, request, "body", "subject", recipients=["recipients"], ) assert mailer.send_immediately.calls == [pretend.call(message_obj)] assert request.registry.getUtility.calls == [pretend.call(IMailer)] assert request.registry.settings.get.calls == [ pretend.call("mail.sender")]
def test_404_when_missing_file(self, db_request, pyramid_config): @pretend.call_recorder def raiser(path): raise FileNotFoundError storage_service = pretend.stub(get=raiser) project = ProjectFactory.create() release = ReleaseFactory.create(project=project) file_ = FileFactory.create( release=release, filename="{}-{}.tar.gz".format(project.name, release.version), python_version="source", ) path = "source/{}/{}/{}".format( project.name[0], project.name, file_.filename ) db_request.matchdict["path"] = path db_request.log = pretend.stub( error=pretend.call_recorder(lambda event, **kw: None), ) db_request.find_service = pretend.call_recorder( lambda iface: storage_service ) resp = views.packages(db_request) assert isinstance(resp, HTTPNotFound) assert db_request.find_service.calls == [pretend.call(IFileStorage)] assert storage_service.get.calls == [pretend.call(path)] assert db_request.log.error.calls == [ pretend.call("missing file data", path=path), ]
def test_invalidated_deletes_no_save(self, pyramid_request): session_factory = SessionFactory( "mysecret", "redis://redis://localhost:6379/0", ) session_factory.redis = pretend.stub( delete=pretend.call_recorder(lambda key: None) ) pyramid_request.session.invalidated = ["1", "2"] pyramid_request.session.should_save = pretend.call_recorder( lambda: False ) response = pretend.stub( delete_cookie=pretend.call_recorder(lambda cookie: None), ) session_factory._process_response(pyramid_request, response) assert session_factory.redis.delete.calls == [ pretend.call("warehouse/session/data/1"), pretend.call("warehouse/session/data/2"), ] assert pyramid_request.session.should_save.calls == [ pretend.call(), pretend.call(), ] assert response.delete_cookie.calls == [pretend.call("session_id")]
def test_devel_csp(self): settings = { "csp": { "script-src": ["{request.scheme}://{request.host}"], } } response = pretend.stub(headers={}) registry = pretend.stub(settings=settings) handler = pretend.call_recorder(lambda request: response) tween = csp.content_security_policy_tween_factory(handler, registry) request = pretend.stub( scheme="https", host="example.com", path="/path/to/nowhere", find_service=pretend.call_recorder( lambda *args, **kwargs: settings["csp"], ), ) assert tween(request) is response assert response.headers == { "Content-Security-Policy": "script-src https://example.com", }
def test_includeme(monkeypatch): session_factory_obj = pretend.stub() session_factory_cls = pretend.call_recorder( lambda secret, url: session_factory_obj ) monkeypatch.setattr( warehouse.sessions, "SessionFactory", session_factory_cls, ) config = pretend.stub( set_session_factory=pretend.call_recorder(lambda factory: None), registry=pretend.stub( settings={ "sessions.secret": "my secret", "sessions.url": "my url", }, ), add_view_deriver=pretend.call_recorder(lambda *a, **kw: None), ) includeme(config) assert config.set_session_factory.calls == [ pretend.call(session_factory_obj), ] assert session_factory_cls.calls == [pretend.call("my secret", "my url")] assert config.add_view_deriver.calls == [ pretend.call( session_view, over="csrf_view", under=viewderivers.INGRESS, ), ]
def test_virtualenv_state(monkeypatch): CONTENT = '{"last_check": "1970-01-02T11:00:00Z", "pypi_version": "1.0"}' fake_file = pretend.stub( read=pretend.call_recorder(lambda: CONTENT), write=pretend.call_recorder(lambda s: None), ) @pretend.call_recorder @contextmanager def fake_open(filename, mode='r'): yield fake_file monkeypatch.setattr(outdated, 'open', fake_open, raising=False) monkeypatch.setattr(outdated, 'running_under_virtualenv', pretend.call_recorder(lambda: True)) monkeypatch.setattr(sys, 'prefix', 'virtually_env') state = outdated.load_selfcheck_statefile() state.save('2.0', datetime.datetime.utcnow()) assert len(outdated.running_under_virtualenv.calls) == 1 expected_path = os.path.join('virtually_env', 'pip-selfcheck.json') assert fake_open.calls == [ pretend.call(expected_path), pretend.call(expected_path, 'w'), ] # json.dumps will call this a number of times assert len(fake_file.write.calls)
def test_valid_session_id_invalid_data(self, pyramid_request): pyramid_request.cookies["session_id"] = "123456" session_factory = SessionFactory( "mysecret", "redis://redis://localhost:6379/0", ) session_factory.signer.unsign = pretend.call_recorder( lambda session_id, max_age: b"123456" ) session_factory.redis = pretend.stub( get=pretend.call_recorder(lambda key: b"invalid data"), ) session_factory._process_response = pretend.stub() session = session_factory(pyramid_request) assert len(pyramid_request.response_callbacks) == 1 assert pyramid_request.response_callbacks[0] is \ session_factory._process_response assert session_factory.signer.unsign.calls == [ pretend.call("123456", max_age=12 * 60 * 60), ] assert session_factory.redis.get.calls == [ pretend.call("warehouse/session/data/123456"), ] assert isinstance(session, Session) assert session._sid is None assert session.new
def test_render_response(): template = pretend.stub(render=pretend.call_recorder(lambda **k: "test")) app = pretend.stub( config=pretend.stub(), templates=pretend.stub( get_template=pretend.call_recorder(lambda t: template), ), ) request = pretend.stub() resp = render_response(app, request, "template.html", foo="bar") assert resp.get_wsgi_headers(create_environ())["Content-Length"] == "4" assert resp.data == b"test" assert app.templates.get_template.calls == [pretend.call("template.html")] assert template.render.calls == [ pretend.call( foo="bar", config=app.config, csrf_token=mock.ANY, gravatar_url=mock.ANY, url_for=mock.ANY, static_url=mock.ANY, ), ]
def test_without_a_query(self, monkeypatch, db_request, page): params = MultiDict() if page is not None: params["page"] = page db_request.params = params es_query = pretend.stub() db_request.es = pretend.stub(query=lambda *a, **kw: es_query) page_obj = pretend.stub(page_count=(page or 1) + 10) page_cls = pretend.call_recorder(lambda *a, **kw: page_obj) monkeypatch.setattr(views, "ElasticsearchPage", page_cls) url_maker = pretend.stub() url_maker_factory = pretend.call_recorder(lambda request: url_maker) monkeypatch.setattr(views, "paginate_url_factory", url_maker_factory) assert search(db_request) == { "page": page_obj, "term": params.get("q", ''), "order": params.get("o", ''), "applied_filters": [], "available_filters": [], } assert page_cls.calls == [ pretend.call(es_query, url_maker=url_maker, page=page or 1), ] assert url_maker_factory.calls == [pretend.call(db_request)]
def test_includeme(): config = pretend.stub( add_directive=pretend.call_recorder(lambda name, callable: None), add_tween=pretend.call_recorder(lambda tween, over, under: None), ) static.includeme(config) assert config.add_directive.calls == [ pretend.call( "whitenoise_serve_static", static.whitenoise_serve_static, ), pretend.call( "whitenoise_add_files", static.whitenoise_add_files, ), ] assert config.add_tween.calls == [ pretend.call( "warehouse.static.whitenoise_tween_factory", over=[ "warehouse.utils.compression.compression_tween_factory", EXCVIEW, ], under=[ "warehouse.csp.content_security_policy_tween_factory", "warehouse.config.require_https_tween_factory", INGRESS, ], ), ]
def test_wsgi_app_exception(app, monkeypatch): match = pretend.stub(match=pretend.call_recorder(lambda: ("warehouse.fake.view", {}))) urls = pretend.stub(bind_to_environ=pretend.call_recorder(lambda e: match)) response = pretend.call_recorder(lambda e, s: None) class FakeException(HTTPException): # @pretend.call_recorder def __call__(self, *args, **kwargs): return response @pretend.call_recorder def fake_view(*args, **kwargs): raise FakeException("An error has occurred") fake_module = pretend.stub(view=fake_view) import_module = pretend.call_recorder(lambda mod: fake_module) monkeypatch.setattr(importlib, "import_module", import_module) environ = create_environ() start_response = pretend.stub() app.urls = urls app.wsgi_app(environ, start_response) assert match.match.calls == [pretend.call()] assert urls.bind_to_environ.calls == [pretend.call(environ)] assert import_module.calls == [pretend.call("warehouse.fake")] assert fake_view.calls == [pretend.call(app, mock.ANY)]
def test_purges_fails(self, monkeypatch, exception_type): exc = exception_type() class Cacher: @staticmethod @pretend.call_recorder def purge_key(key): raise exc class Task: @staticmethod @pretend.call_recorder def retry(exc): raise celery.exceptions.Retry task = Task() cacher = Cacher() request = pretend.stub( find_service=pretend.call_recorder(lambda iface: cacher), log=pretend.stub( info=pretend.call_recorder(lambda *args, **kwargs: None), error=pretend.call_recorder(lambda *args, **kwargs: None), ), ) with pytest.raises(celery.exceptions.Retry): fastly.purge_key(task, request, "foo") assert request.find_service.calls == [pretend.call(IOriginCache)] assert cacher.purge_key.calls == [pretend.call("foo")] assert task.retry.calls == [pretend.call(exc=exc)] assert request.log.info.calls == [pretend.call("Purging %s", "foo")] assert request.log.error.calls == [ pretend.call("Error purging %s: %s", "foo", str(exception_type())) ]
def test_project_detail_invalid_version(): app = pretend.stub( config=pretend.stub( cache=pretend.stub( browser=False, varnish=False, ), ), db=pretend.stub( packaging=pretend.stub( get_project=pretend.call_recorder( lambda proj: "test-project", ), get_releases=pretend.call_recorder( lambda proj: [{"version": "1.0"}], ), ), ), ) request = pretend.stub() project_name = "test-project" with pytest.raises(NotFound): project_detail(app, request, project_name, "2.0") assert app.db.packaging.get_project.calls == [ pretend.call("test-project"), ] assert app.db.packaging.get_releases.calls == [ pretend.call("test-project"), ]
def test_purge_key_unsuccessful(self, monkeypatch, result): cacher = fastly.FastlyCache( api_key="an api key", service_id="the-service-id", purger=None ) response = pretend.stub( raise_for_status=pretend.call_recorder(lambda: None), json=lambda: result ) requests_post = pretend.call_recorder(lambda *a, **kw: response) monkeypatch.setattr(requests, "post", requests_post) with pytest.raises(fastly.UnsuccessfulPurge): cacher.purge_key("one") assert requests_post.calls == [ pretend.call( "https://api.fastly.com/service/the-service-id/purge/one", headers={ "Accept": "application/json", "Fastly-Key": "an api key", "Fastly-Soft-Purge": "1", }, ) ] assert response.raise_for_status.calls == [pretend.call()]
def test_delete_by_prefix(self, file_count): files = { 'Contents': [ {'Key': f'foo/{i}.html'} for i in range(file_count) ], } s3_client = pretend.stub( list_objects_v2=pretend.call_recorder( lambda Bucket=None, Prefix=None: files), delete_objects=pretend.call_recorder( lambda Bucket=None, Delete=None: None), ) storage = S3DocsStorage(s3_client, 'bucket-name') storage.remove_by_prefix('foo') assert s3_client.list_objects_v2.calls == [ pretend.call(Bucket='bucket-name', Prefix='foo'), ] assert s3_client.delete_objects.calls == [ pretend.call( Bucket='bucket-name', Delete={ 'Objects': [ {'Key': f'foo/{i}.html'} for i in range(file_count) ] }, ), ]
def test_includeme_with_origin_cache(): cache_class = pretend.stub(create_service=pretend.stub()) config = pretend.stub( add_directive=pretend.call_recorder(lambda name, func: None), registry=pretend.stub( settings={ "origin_cache.backend": "warehouse.cache.origin.fastly.FastlyCache", }, ), maybe_dotted=pretend.call_recorder(lambda n: cache_class), register_service_factory=pretend.call_recorder(lambda f, iface: None) ) origin.includeme(config) assert config.add_directive.calls == [ pretend.call( "register_origin_cache_keys", origin.register_origin_cache_keys, ), ] assert config.maybe_dotted.calls == [ pretend.call("warehouse.cache.origin.fastly.FastlyCache"), ] assert config.register_service_factory.calls == [ pretend.call(cache_class.create_service, IOriginCache), ]
def test_includeme(monkeypatch): class FakeRegistry(dict): settings = {"database.url": pretend.stub()} engine = pretend.stub() create_engine = pretend.call_recorder(lambda url, isolation_level: engine) config = pretend.stub( add_directive=pretend.call_recorder(lambda *a: None), registry=FakeRegistry(), add_request_method=pretend.call_recorder(lambda f, name, reify: None), ) monkeypatch.setattr(sqlalchemy, "create_engine", create_engine) includeme(config) assert config.add_directive.calls == [ pretend.call("alembic_config", _configure_alembic), ] assert create_engine.calls == [ pretend.call( config.registry.settings["database.url"], isolation_level="SERIALIZABLE", ), ] assert config.registry["sqlalchemy.engine"] is engine assert config.add_request_method.calls == [ pretend.call(_create_session, name="db", reify=True), ]
def test_request_without_tm(self, monkeypatch): async_result = pretend.stub() super_class = pretend.stub( apply_async=pretend.call_recorder(lambda *a, **kw: async_result), ) real_super = __builtins__["super"] inner_super = pretend.call_recorder(lambda *a, **kw: super_class) def fake_super(*args, **kwargs): if not args and not kwargs: return inner_super(*args, **kwargs) else: return real_super(*args, **kwargs) monkeypatch.setitem(__builtins__, "super", fake_super) request = pretend.stub() get_current_request = pretend.call_recorder(lambda: request) monkeypatch.setattr(celery, "get_current_request", get_current_request) task = celery.WarehouseTask() task.app = Celery() assert task.apply_async() is async_result assert super_class.apply_async.calls == [pretend.call()] assert get_current_request.calls == [pretend.call()] assert inner_super.calls == [pretend.call()]
def test_with_valid_password(self, monkeypatch): principals = pretend.stub() authenticate = pretend.call_recorder( lambda userid, request: principals ) monkeypatch.setattr(accounts, "_authenticate", authenticate) userid = pretend.stub() service = pretend.stub( find_userid=pretend.call_recorder(lambda username: userid), check_password=pretend.call_recorder( lambda userid, password: True ), ) request = pretend.stub( find_service=pretend.call_recorder(lambda iface, context: service), ) assert accounts._login("myuser", "mypass", request) is principals assert request.find_service.calls == [ pretend.call(IUserService, context=None), ] assert service.find_userid.calls == [pretend.call("myuser")] assert service.check_password.calls == [pretend.call(userid, "mypass")] assert authenticate.calls == [pretend.call(userid, request)]
def test_simple_csp(self): settings = { "csp": { "default-src": ["'none'"], "sandbox": ["allow-top-navigation"], } } response = pretend.stub(headers={}) registry = pretend.stub(settings=settings) handler = pretend.call_recorder(lambda request: response) tween = csp.content_security_policy_tween_factory(handler, registry) request = pretend.stub( scheme="https", host="example.com", path="/simple/", find_service=pretend.call_recorder( lambda *args, **kwargs: settings["csp"], ), ) assert tween(request) is response assert response.headers == { "Content-Security-Policy": "default-src 'none'; sandbox allow-top-navigation", }
def test_custom_tag(self, service_available, xmlrpc_cache): context = pretend.stub() service = pretend.stub( fetch=pretend.call_recorder( lambda func, args, kwargs, key, tag, expires: func(*args, **kwargs) ) ) if service_available: _find_service = pretend.call_recorder(lambda *args, **kwargs: service) else: _find_service = pretend.raiser(LookupError) request = pretend.stub( find_service=_find_service, rpc_method="rpc_method", rpc_args=("warehouse", "1.0.0"), ) response = {} @pretend.call_recorder def view(context, request): return response info = pretend.stub(options={}, exception_only=False) info.options["xmlrpc_cache"] = xmlrpc_cache info.options["xmlrpc_cache_tag"] = "arg1/%s" info.options["xmlrpc_cache_arg_index"] = 1 derived_view = cached_return_view(view, info) assert derived_view(context, request) is response assert view.calls == [pretend.call(context, request)]
def test_verify_error(self): metrics = pretend.stub( increment=pretend.call_recorder(lambda str: None)) cache = integrations.PublicKeysCache(cache_time=12) github_verifier = utils.GitHubTokenScanningPayloadVerifier( api_url="http://foo", session=pretend.stub(), metrics=metrics, api_token="api-token", public_keys_cache=cache, ) github_verifier.retrieve_public_key_payload = pretend.raiser( integrations.InvalidPayloadSignatureError("Bla", "bla")) assert github_verifier.verify(payload={}, key_id="a", signature="a") is False assert metrics.increment.calls == [ pretend.call("warehouse.token_leak.github.auth.cache.miss"), pretend.call("warehouse.token_leak.github.auth.error.bla"), ]
def test_main_no_vlads_in_args(monkeypatch): monkeypatch.setattr( 'vladiate.main.parse_args', lambda: stub( list_commands=False, show_version=False, vladfile=stub(), vlads=[], processes=1, ) ) monkeypatch.setattr( 'vladiate.main.find_vladfile', lambda *args, **kwargs: stub() ) vlad = call_recorder(lambda *args, **kwargs: stub(validate=lambda: stub())) vlad.source = stub() monkeypatch.setattr( 'vladiate.main.load_vladfile', lambda *args, **kwargs: (None, {'Something Else': vlad}) ) assert main() is None
def test_analyze_disclosures_raise(monkeypatch): metrics = collections.Counter() def metrics_increment(key): metrics.update([key]) metrics_service = pretend.stub(increment=metrics_increment) task = pretend.stub(delay=pretend.call_recorder(lambda *a, **k: None)) monkeypatch.setattr(tasks, "analyze_disclosure_task", task) utils.analyze_disclosures(disclosure_records=[1, 2, 3], origin="yay", metrics=metrics_service) assert task.delay.calls == [ pretend.call(disclosure_record=1, origin="yay"), pretend.call(disclosure_record=2, origin="yay"), pretend.call(disclosure_record=3, origin="yay"), ]
def test_creates_validated_credential(self): fake_validated_credential = object() user_service = pretend.stub( verify_webauthn_credential=lambda *a, **kw: fake_validated_credential, get_webauthn_by_label=pretend.call_recorder(lambda *a: None), ) form = forms.ProvisionWebAuthnForm( data={ "credential": "{}", "label": "fake label" }, user_service=user_service, user_id=pretend.stub(), challenge=pretend.stub(), rp_id=pretend.stub(), origin=pretend.stub(), ) assert form.validate() assert form.validated_credential is fake_validated_credential
def test_adds_blacklist(self, db_request): db_request.user = UserFactory.create() db_request.POST["project"] = "foo" db_request.POST["confirm"] = "foo" db_request.POST["comment"] = "This is a comment" db_request.session = pretend.stub( flash=pretend.call_recorder(lambda *a, **kw: None)) db_request.route_path = lambda a: "/admin/blacklist/" views.add_blacklist(db_request) assert db_request.session.flash.calls == [ pretend.call("Blacklisted 'foo'", queue="success") ] blacklist = (db_request.db.query(BlacklistedProject).filter( BlacklistedProject.name == "foo").one()) assert blacklist.name == "foo" assert blacklist.blacklisted_by == db_request.user assert blacklist.comment == "This is a comment"
def test_basic(self, pyramid_request, metrics): limiter_obj = pretend.stub() limiter_class = pretend.call_recorder(lambda *a, **kw: limiter_obj) context = pretend.stub() pyramid_request.registry["ratelimiter.storage"] = pretend.stub() result = RateLimit("1 per 5 minutes", identifiers=["foo"], limiter_class=limiter_class)(context, pyramid_request) assert result is limiter_obj assert limiter_class.calls == [ pretend.call( pyramid_request.registry["ratelimiter.storage"], limit="1 per 5 minutes", identifiers=["foo"], metrics=metrics, ) ]
def test_via_basic_auth_compromised( self, monkeypatch, pyramid_request, pyramid_services ): send_email = pretend.call_recorder(lambda *a, **kw: None) monkeypatch.setattr(accounts, "send_password_compromised_email", send_email) user = pretend.stub(id=2) service = pretend.stub( get_user=pretend.call_recorder(lambda user_id: user), find_userid=pretend.call_recorder(lambda username: 2), check_password=pretend.call_recorder( lambda userid, password, tags=None: True ), is_disabled=pretend.call_recorder(lambda user_id: (False, None)), disable_password=pretend.call_recorder(lambda user_id, reason=None: None), ) breach_service = pretend.stub( check_password=pretend.call_recorder(lambda pw, tags=None: True), failure_message_plain="Bad Password!", ) pyramid_services.register_service(IUserService, None, service) pyramid_services.register_service( IPasswordBreachedService, None, breach_service ) with pytest.raises(BasicAuthBreachedPassword) as excinfo: accounts._basic_auth_login("myuser", "mypass", pyramid_request) assert excinfo.value.status == "401 Bad Password!" assert service.find_userid.calls == [pretend.call("myuser")] assert service.get_user.calls == [pretend.call(2)] assert service.is_disabled.calls == [pretend.call(2)] assert service.check_password.calls == [ pretend.call(2, "mypass", tags=["method:auth", "auth_method:basic"]) ] assert breach_service.check_password.calls == [ pretend.call("mypass", tags=["method:auth", "auth_method:basic"]) ] assert service.disable_password.calls == [ pretend.call(2, reason=DisableReason.CompromisedPassword) ] assert send_email.calls == [pretend.call(pyramid_request, user)]
def test_token_service_factory_default_max_age(monkeypatch): name = "name" service_obj = pretend.stub() service_cls = pretend.call_recorder(lambda *args: service_obj) service_factory = services.TokenServiceFactory(name, service_cls) assert service_factory.name == name assert service_factory.service_class == service_cls context = pretend.stub() secret = pretend.stub() default_max_age = pretend.stub() request = pretend.stub(registry=pretend.stub( settings={ "token.name.secret": secret, "token.default.max_age": default_max_age, })) assert service_factory(context, request) is service_obj assert service_cls.calls == [pretend.call(secret, name, default_max_age)]
def test_with_error(self): request = pretend.stub( raven=pretend.stub( captureException=pretend.call_recorder(lambda: None), ), ) class TestException(Exception): pass @pretend.call_recorder def handler(request): raise TestException tween = raven.raven_tween_factory(handler, pretend.stub()) with pytest.raises(TestException): tween(request) assert handler.calls == [pretend.call(request)] assert request.raven.captureException.calls == [pretend.call()]
def test_camoify_no_src(self, monkeypatch): html = "<img>" request = pretend.stub(registry=pretend.stub( settings={ "camo.url": "https://camo.example.net/", "camo.key": "fake key", })) camo_url = partial(filters._camo_url, request) request.camo_url = camo_url ctx = {"request": request} gen_camo_url = pretend.call_recorder( lambda curl, ckey, url: "https://camo.example.net/image.jpg") monkeypatch.setattr(filters, "_camo_url", gen_camo_url) result = filters.camoify(ctx, html) assert result == "<img>" assert gen_camo_url.calls == []
def test_csp_policy_inject(self): response = pretend.stub(headers={}) def handler(request): request.find_service("csp")["default-src"].append("example.com") return response settings = {"csp": {"default-src": ["*"], "style-src": ["'self'"]}} registry = pretend.stub(settings=settings) tween = csp.content_security_policy_tween_factory(handler, registry) request = pretend.stub( path="/example", find_service=pretend.call_recorder(lambda *args, **kwargs: settings["csp"]), ) assert tween(request) is response assert response.headers == { "Content-Security-Policy": "default-src * example.com; style-src 'self'" }
def test_with_valid_password(self, monkeypatch, pyramid_request, pyramid_services): principals = pretend.stub() authenticate = pretend.call_recorder(lambda userid, request: principals) monkeypatch.setattr(accounts, "_authenticate", authenticate) user = pretend.stub(id=2) service = pretend.stub( get_user=pretend.call_recorder(lambda user_id: user), find_userid=pretend.call_recorder(lambda username: 2), check_password=pretend.call_recorder( lambda userid, password, tags=None: True ), update_user=pretend.call_recorder(lambda userid, last_login: None), is_disabled=pretend.call_recorder(lambda user_id: (False, None)), ) breach_service = pretend.stub( check_password=pretend.call_recorder(lambda pw, tags=None: False) ) pyramid_services.register_service(IUserService, None, service) pyramid_services.register_service( IPasswordBreachedService, None, breach_service ) now = datetime.datetime.utcnow() with freezegun.freeze_time(now): assert ( accounts._basic_auth_login("myuser", "mypass", pyramid_request) is principals ) assert service.find_userid.calls == [pretend.call("myuser")] assert service.get_user.calls == [pretend.call(2)] assert service.is_disabled.calls == [pretend.call(2)] assert service.check_password.calls == [ pretend.call(2, "mypass", tags=["method:auth", "auth_method:basic"]) ] assert breach_service.check_password.calls == [ pretend.call("mypass", tags=["method:auth", "auth_method:basic"]) ] assert service.update_user.calls == [pretend.call(2, last_login=now)] assert authenticate.calls == [pretend.call(2, pyramid_request)]
def test_csp_policy_default_inject(self): settings = collections.defaultdict(list) response = pretend.stub(headers={}) registry = pretend.stub(settings=settings) def handler(request): request.find_service("csp")["default-src"].append("example.com") return response tween = csp.content_security_policy_tween_factory(handler, registry) request = pretend.stub( path="/path/to/nowhere/", find_service=pretend.call_recorder( lambda *args, **kwargs: settings), ) assert tween(request) is response assert response.headers == { "Content-Security-Policy": "default-src example.com" }
def test_unknown_view(self, pyramid_services, metrics, route): response = pretend.stub() view = pretend.call_recorder(lambda request, context: response) view_info = pretend.stub(original_view=pretend.stub()) derived = views.timing_view(view, view_info) request = pretend.stub( matched_route=pretend.stub(name=route) if route else None, find_service=pyramid_services.find_service, ) context = pretend.stub() route_tag = "route:null" if route is None else f"route:{route}" assert derived(context, request) is response assert view.calls == [pretend.call(context, request)] assert metrics.timed.calls == [ pretend.call("pyramid.view.duration", tags=[route_tag, "view:unknown"]) ]
def test_pass_foreign_args_true_sets_positional_args_key( self, configure_for_pf, capsys): """ If `pass_foreign_args` is `True` we set the `positional_args` key in the `event_dict` before clearing args. """ test_processor = call_recorder(lambda l, m, event_dict: event_dict) configure_logging((test_processor, ), pass_foreign_args=True) configure( processors=[ProcessorFormatter.wrap_for_formatter], logger_factory=LoggerFactory(), wrapper_class=BoundLogger, ) positional_args = {"foo": "bar"} logging.getLogger().info("okay %(foo)s", positional_args) event_dict = test_processor.calls[0].args[2] assert "positional_args" in event_dict assert positional_args == event_dict["positional_args"]
def test_normalizing_redirects(self, db_request): project = ProjectFactory.create() release = ReleaseFactory.create(project=project, version="3.0") name = release.project.name.lower() if name == release.project.name: name = release.project.name.upper() db_request.matchdict = {"name": name} db_request.current_route_path = pretend.call_recorder( lambda name: "/project/the-redirect/3.0/" ) resp = json.json_release(release, db_request) assert isinstance(resp, HTTPMovedPermanently) assert resp.headers["Location"] == "/project/the-redirect/3.0/" _assert_has_cors_headers(resp.headers) assert db_request.current_route_path.calls == [ pretend.call(name=release.project.name) ]
def test_missing_obj_id(self, db_session, monkeypatch): monkeypatch.setattr(tasks, "checks", test_checks) task = pretend.stub() MalwareCheckFactory.create(name="ExampleHookedCheck", state=MalwareCheckState.Enabled) task = pretend.stub() request = pretend.stub( db=db_session, log=pretend.stub( error=pretend.call_recorder(lambda *args, **kwargs: None)), ) tasks.run_check(task, request, "ExampleHookedCheck") assert request.log.error.calls == [ pretend.call( "Fatal exception: ExampleHookedCheck: Missing required kwarg `obj_id`" ) ]
def test_includeme(): config_settings = {} config = pretend.stub( add_request_method=pretend.call_recorder(lambda f, name, reify: None), get_settings=lambda: config_settings, ) i18n.includeme(config) assert config.add_request_method.calls == [ pretend.call(i18n._locale, name="locale", reify=True), ] assert config_settings == { "jinja2.filters": { "format_date": "warehouse.i18n.filters:format_date", "format_datetime": "warehouse.i18n.filters:format_datetime", "format_rfc822_datetime": "warehouse.i18n.filters:format_rfc822_datetime", "format_number": "warehouse.i18n.filters:format_number", }, }
def test_csp_policy(self): response = pretend.stub(headers={}) handler = pretend.call_recorder(lambda request: response) registry = pretend.stub( settings={ "csp": { "default-src": ["*"], "style-src": ["'self'", "example.net"], }, }, ) tween = config.content_security_policy_tween_factory(handler, registry) request = pretend.stub(path="/project/foobar/") assert tween(request) is response assert response.headers == { "Content-Security-Policy": "default-src *; style-src 'self' example.net", }
def test_invalidated_deletes_save_non_secure(self, monkeypatch, pyramid_request): msgpack_packb = pretend.call_recorder(lambda *a, **kw: b"msgpack data") monkeypatch.setattr(msgpack, "packb", msgpack_packb) session_factory = SessionFactory("mysecret", "redis://redis://localhost:6379/0") session_factory.redis = pretend.stub( delete=pretend.call_recorder(lambda key: None), setex=pretend.call_recorder(lambda key, age, data: None), ) session_factory.signer.sign = pretend.call_recorder(lambda data: "cookie data") pyramid_request.scheme = "http" pyramid_request.session.sid = "123456" pyramid_request.session.invalidated = ["1", "2"] pyramid_request.session.should_save = pretend.call_recorder(lambda: True) response = pretend.stub( set_cookie=pretend.call_recorder( lambda cookie, data, max_age, httponly, secure, samesite: None ) ) session_factory._process_response(pyramid_request, response) assert session_factory.redis.delete.calls == [ pretend.call("warehouse/session/data/1"), pretend.call("warehouse/session/data/2"), ] assert msgpack_packb.calls == [ pretend.call( pyramid_request.session, default=object_encode, use_bin_type=True, ) ] assert session_factory.redis.setex.calls == [ pretend.call("warehouse/session/data/123456", 12 * 60 * 60, b"msgpack data") ] assert pyramid_request.session.should_save.calls == [ pretend.call(), pretend.call(), ] assert session_factory.signer.sign.calls == [pretend.call(b"123456")] assert response.set_cookie.calls == [ pretend.call( "session_id", "cookie data", max_age=12 * 60 * 60, httponly=True, secure=False, samesite=b"lax", ) ]
def test_aws_session_factory(monkeypatch, region): boto_session_obj = pretend.stub() boto_session_cls = pretend.call_recorder(lambda **kw: boto_session_obj) monkeypatch.setattr(aws, "_Boto3Session", boto_session_cls) request = pretend.stub(registry=pretend.stub(settings={ "aws.key_id": "my key", "aws.secret_key": "my secret", }, ), ) if region is not None: request.registry.settings["aws.region"] = region assert aws.aws_session_factory(None, request) is boto_session_obj assert boto_session_cls.calls == [ pretend.call(aws_access_key_id="my key", aws_secret_access_key="my secret", **({} if region is None else { "region_name": region })) ]
def test_xmlrpc_updated_releases(): now = datetime.datetime.utcnow() result = [ dict(name='one', version='1', created=now, summary='text'), dict(name='two', version='2', created=now, summary='text'), dict(name='two', version='3', created=now, summary='text'), dict(name='three', version='4', created=now, summary='text') ] app = pretend.stub(db=pretend.stub(packaging=pretend.stub( get_releases_since=pretend.call_recorder(lambda *a: result), ), ), ) interface = xmlrpc.Interface(app, pretend.stub()) old_timestamp = arrow.get(now - datetime.timedelta(days=1)).timestamp assert interface.updated_releases(old_timestamp) == \ [['one', '1'], ['two', '2'], ['two', '3'], ['three', '4']] assert app.db.packaging.get_releases_since.calls == [ pretend.call(arrow.get(old_timestamp).datetime) ]
def test_successfully_indexes(self, db_request, monkeypatch): docs = pretend.stub() task = pretend.stub() def project_docs(db, project_name=None): return docs monkeypatch.setattr(warehouse.search.tasks, "_project_docs", project_docs) es_client = FakeESClient() es_client.indices.indices["warehouse-aaaaaaaaaa"] = None es_client.indices.aliases["warehouse"] = ["warehouse-aaaaaaaaaa"] db_engine = pretend.stub() db_request.registry.update({ "elasticsearch.client": es_client, "elasticsearch.index": "warehouse", "elasticsearch.shards": 42, "sqlalchemy.engine": db_engine, }) parallel_bulk = pretend.call_recorder( lambda client, iterable, index=None: [None]) monkeypatch.setattr(warehouse.search.tasks, "parallel_bulk", parallel_bulk) monkeypatch.setattr(redis.StrictRedis, "from_url", lambda *a, **kw: pretend.stub(lock=NotLock)) reindex_project(task, db_request, "foo") assert parallel_bulk.calls == [ pretend.call(es_client, docs, index="warehouse") ] assert es_client.indices.create.calls == [] assert es_client.indices.delete.calls == [] assert es_client.indices.aliases == { "warehouse": ["warehouse-aaaaaaaaaa"] } assert es_client.indices.put_settings.calls == []
def test_delivery(self, db_request, monkeypatch): verify_sns_message = pretend.call_recorder(lambda *a, **kw: None) monkeypatch.setattr(views, "_verify_sns_message", verify_sns_message) e = EmailFactory.create() em = EmailMessageFactory.create(to=e.email) event_id = str(uuid.uuid4()) db_request.json_body = { "Type": "Notification", "MessageId": event_id, "Message": json.dumps({ "notificationType": "Delivery", "mail": { "messageId": em.message_id }, "delivery": { "someData": "this is some data" }, }), } resp = views.notification(db_request) assert verify_sns_message.calls == [ pretend.call(db_request, db_request.json_body), ] assert resp.status_code == 200 assert em.status is EmailStatuses.Delivered event = (db_request.db.query(Event).filter( Event.event_id == event_id).one()) assert event.email == em assert event.event_type is EventTypes.Delivery assert event.data == {"someData": "this is some data"}
def test_creates_project_and_assigns_role(self, db_request): db_request.session = pretend.stub( flash=pretend.call_recorder(lambda *a, **kw: None) ) db_request.route_path = ( lambda *a, **kw: f"/admin/projects/{kw['project_name']}/" ) user = UserFactory.create(username="******") ProhibitedProjectFactory.create(name="wutangclan") db_request.POST["project_name"] = "wutangclan" db_request.POST["username"] = "******" result = views.release_prohibited_project_name(db_request) assert isinstance(result, HTTPSeeOther) assert result.headers["Location"] == "/admin/projects/wutangclan/" assert db_request.session.flash.calls == [ pretend.call("'wutangclan' released to 'methodman'.", queue="success") ] assert not ( db_request.db.query(ProhibitedProjectName) .filter(ProhibitedProjectName.name == "wutangclan") .count() ) project = ( db_request.db.query(Project).filter(Project.name == "wutangclan").one() ) assert project is not None role = ( db_request.db.query(Role) .filter( Role.user == user, Role.project == project, Role.role_name == "Owner" ) .first() ) assert role is not None all_roles = db_request.db.query(Role).filter(Role.project == project).count() assert all_roles == 1
def test_request_password_reset(self, monkeypatch, pyramid_request, pyramid_config, user_service, token_service): stub_user = pretend.stub(username=pretend.stub()) pyramid_request.method = "POST" token_service.dumps = pretend.call_recorder(lambda a: "TOK") user_service.get_user_by_username = pretend.call_recorder( lambda a: stub_user) pyramid_request.find_service = pretend.call_recorder( lambda interface, **kw: { IUserService: user_service, ITokenService: token_service, }[interface], ) form_obj = pretend.stub( username_or_email=pretend.stub(data=stub_user.username), validate=pretend.call_recorder(lambda: True), ) form_class = pretend.call_recorder(lambda d, user_service: form_obj) n_hours = token_service.max_age // 60 // 60 send_password_reset_email = pretend.call_recorder( lambda *args, **kwargs: {'n_hours': n_hours}, ) monkeypatch.setattr(views, 'send_password_reset_email', send_password_reset_email) result = views.request_password_reset(pyramid_request, _form_class=form_class) assert result == {'n_hours': n_hours} assert user_service.get_user_by_username.calls == [ pretend.call(stub_user.username), ] assert pyramid_request.find_service.calls == [ pretend.call(IUserService, context=None), pretend.call(ITokenService, name='password'), ] assert form_obj.validate.calls == [ pretend.call(), ] assert form_class.calls == [ pretend.call(pyramid_request.POST, user_service=user_service), ] assert send_password_reset_email.calls == [ pretend.call(pyramid_request, stub_user), ]
def test_with_invalid_password(self, pyramid_request, pyramid_services): user = pretend.stub( id=1, record_event=pretend.call_recorder(lambda *a, **kw: None), ) service = pretend.stub( get_user=pretend.call_recorder(lambda user_id: user), find_userid=pretend.call_recorder(lambda username: 1), check_password=pretend.call_recorder( lambda userid, password, ip_address, tags=None: False ), is_disabled=pretend.call_recorder(lambda user_id: (False, None)), ) pyramid_services.register_service(service, IUserService, None) pyramid_services.register_service( pretend.stub(), IPasswordBreachedService, None ) pyramid_request.matched_route = pretend.stub(name="forklift.legacy.file_upload") pyramid_request.help_url = pretend.call_recorder(lambda **kw: "/the/help/url/") with pytest.raises(BasicAuthFailedPassword) as excinfo: assert ( accounts._basic_auth_login("myuser", "mypass", pyramid_request) is None ) assert excinfo.value.status == ( "403 Invalid or non-existent authentication information. " "See /the/help/url/ for more information." ) assert service.find_userid.calls == [pretend.call("myuser")] assert service.get_user.calls == [pretend.call(1)] assert service.is_disabled.calls == [pretend.call(1)] assert service.check_password.calls == [ pretend.call( 1, "mypass", "1.2.3.4", tags=["mechanism:basic_auth", "method:auth", "auth_method:basic"], ) ] assert user.record_event.calls == [ pretend.call( tag="account:login:failure", ip_address="1.2.3.4", additional={"reason": "invalid_password", "auth_method": "basic"}, ) ]
def test_returns_400_when_unknown_message(self, db_request, monkeypatch): verify_sns_message = pretend.call_recorder(lambda *a, **kw: None) monkeypatch.setattr(views, "_verify_sns_message", verify_sns_message) db_request.json_body = { "Type": "Notification", "MessageId": str(uuid.uuid4()), "Message": json.dumps({ "mail": { "messageId": str(uuid.uuid4()) }, }), } with pytest.raises(HTTPBadRequest, match="Unknown messageId"): views.notification(db_request) assert verify_sns_message.calls == [ pretend.call(db_request, db_request.json_body), ] assert db_request.db.query(EmailMessage).count() == 0 assert db_request.db.query(Event).count() == 0
def test_verify_webauthn_assertion(self, user_service, monkeypatch): user = UserFactory.create() user_service.add_webauthn( user.id, label="test_label", credential_id="foo", public_key="bar", sign_count=1, ) verify_assertion_response = pretend.call_recorder(lambda *a, **kw: 2) monkeypatch.setattr(webauthn, "verify_assertion_response", verify_assertion_response) updated_sign_count = user_service.verify_webauthn_assertion( user.id, pretend.stub(), challenge=pretend.stub(), origin=pretend.stub(), rp_id=pretend.stub(), ) assert updated_sign_count == 2
def test_password_breached(self): form = forms.ResetPasswordForm( data={ "new_password": "******", "password_confirm": "MyStr0ng!shPassword", "username": "******", "full_name": "full_name", "email": "email", }, user_service=pretend.stub( find_userid=pretend.call_recorder(lambda _: None)), breach_service=pretend.stub( check_password=lambda pw, tags=None: True, failure_message= ("This password has appeared in a breach or has otherwise been " "compromised and cannot be used."), ), ) assert not form.validate() assert form.new_password.errors.pop() == ( "This password has appeared in a breach or has otherwise been " "compromised and cannot be used.")