def setup_basic_get_test(self, user, with_local_site, local_site_name): app = self.create_oauth_application(user, with_local_site=with_local_site) return (get_oauth_app_item_url(app.pk, local_site_name), oauth_app_item_mimetype, app)
def test_put_re_enable_security_disabled(self): """Testing the PUT <URL> API with enabled=1 for an application disabled due to security """ self.user = self._login_user(admin=True) doc = User.objects.get(username='******') local_site = LocalSite.objects.get(pk=1) app = self.create_oauth_application(user=doc, local_site=local_site) original_secret = app.client_secret local_site.users.remove(doc) app = Application.objects.get(pk=app.pk) self.assertTrue(app.is_disabled_for_security) self.assertEqual(app.user, self.user) self.assertEqual(app.original_user, doc) rsp = self.api_put(get_oauth_app_item_url(app.pk, local_site.name), {'enabled': '1'}, expected_status=400) app = Application.objects.get(pk=app.pk) self.assertIn('stat', rsp) self.assertEqual(rsp['stat'], 'fail') self.assertIn('fields', rsp) self.assertIn('__all__', rsp['fields']) self.assertEqual(rsp['fields']['__all__'][0], ApplicationChangeForm.DISABLED_FOR_SECURITY_ERROR) self.assertEqual(app.original_user, doc) self.assertEqual(app.client_secret, original_secret)
def test_get_without_local_site(self): """Testing the GET <URL> API for an app related to a LocalSite""" local_site = LocalSite.objects.get(pk=1) local_site.users.add(self.user) app = self.create_oauth_application( self.user, local_site=LocalSite.objects.get(pk=1)) rsp = self.api_get(get_oauth_app_item_url(app.pk), expected_status=404) self.assertIn('stat', rsp) self.assertEqual(rsp['stat'], 'fail')
def test_get_without_owner_as_superuser(self): """Testing the GET <URL> API without owner as superuser""" self.user = self._login_user(admin=True) app = self.create_oauth_application(User.objects.get(username='******')) rsp = self.api_get(get_oauth_app_item_url(app.pk), expected_mimetype=oauth_app_item_mimetype) self.assertIn('stat', rsp) self.assertEqual(rsp['stat'], 'ok') self.assertIn('oauth_app', rsp) self.compare_item(rsp['oauth_app'], app)
def test_get_with_invalid_local_site(self): """Testing the GET <URL> API with an app related to a LocalSite not using the LocalSite's API """ local_site = LocalSite.objects.get(pk=1) local_site.users.add(self.user) app = self.create_oauth_application(self.user) rsp = self.api_get(get_oauth_app_item_url(app.pk, local_site.name), expected_status=404) self.assertIn('stat', rsp) self.assertEqual(rsp['stat'], 'fail')
def test_put_regenerate_secret_key(self): """Testing the PUT <URL> API with regenerate_client_secret=1""" app = self.create_oauth_application(user=self.user) original_secret = app.client_secret rsp = self.api_put(get_oauth_app_item_url(app.pk), {'regenerate_client_secret': 1}, expected_mimetype=oauth_app_item_mimetype) app = Application.objects.get(pk=app.pk) self.assertIn('stat', rsp) self.assertEqual(rsp['stat'], 'ok') self.compare_item(rsp['oauth_app'], app) self.assertNotEqual(app.client_secret, original_secret)
def test_get_without_owner_as_local_site_admin(self): """Testing the GET <URL> API without owner on a LocalSite as a LocalSite admin """ local_site = LocalSite.objects.get(pk=1) local_site.users.add(self.user) app = self.create_oauth_application(self.user, local_site=local_site) self.user = self._login_user(admin=True, local_site=True) rsp = self.api_get(get_oauth_app_item_url(app.pk, local_site.name), expected_mimetype=oauth_app_item_mimetype) self.assertIn('stat', rsp) self.assertEqual(rsp['stat'], 'ok') self.assertIn('oauth_app', rsp) self.compare_item(rsp['oauth_app'], app)
def setup_basic_put_test(self, user, with_local_site, local_site_name, put_valid_data): app = self.create_oauth_application(user, with_local_site=with_local_site) if put_valid_data: request_data = { 'extra_data.fake_key': '', } else: request_data = { 'user': '******', } return (get_oauth_app_item_url(app.pk, local_site_name), oauth_app_item_mimetype, request_data, app, [])
def test_put_regenerate_secret_key_enable(self): """Testing the PUT <URL> API with regenerate_secret_key=1 and enabled=1 """ self.user = self._login_user(admin=True) doc = User.objects.get(username='******') local_site = LocalSite.objects.get(pk=1) app = self.create_oauth_application(user=doc, local_site=local_site) original_secret = app.client_secret local_site.users.remove(doc) app = Application.objects.get(pk=app.pk) self.assertTrue(app.is_disabled_for_security) self.assertEqual(app.user, self.user) self.assertEqual(app.original_user, doc) rsp = self.api_put( get_oauth_app_item_url(app.pk, local_site.name), { 'enabled': '1', 'regenerate_client_secret': '1', }, expected_mimetype=oauth_app_item_mimetype) app = Application.objects.get(pk=app.pk) self.assertIn('stat', rsp) self.assertEqual(rsp['stat'], 'ok') item_rsp = rsp['oauth_app'] self.compare_item(item_rsp, app) self.assertNotEqual(item_rsp['client_secret'], original_secret) self.assertFalse(app.is_disabled_for_security) self.assertIsNone(app.original_user) self.assertTrue(app.enabled) self.assertNotEqual(app.client_secret, original_secret)
def setup_basic_delete_test(self, user, with_local_site, local_site_name): app = self.create_oauth_application(user=user, with_local_site=with_local_site) return (get_oauth_app_item_url(app.pk, local_site_name), [app.pk])
def test_get_without_owner(self): """Testing the GET <URL> API without owner""" app = self.create_oauth_application(User.objects.get(username='******')) self.api_get(get_oauth_app_item_url(app.pk), expected_status=404)