def test_soft_auth_check_returns_true_when_not_authenticated():
auth_params = {
"login": DEMO_USER_LOGIN,
"password": DEMO_USER_PASSWORD
}
app = setup_application(force_recreate_database=True, force_initialize_database=True)
resp = app.post("/auth/token", params=auth_params, expect_errors=False)
assert resp.status_code == 200
assert resp.json is not None
json_response = resp.json
assert "access_token" in json_response
assert "scope" in json_response
assert "token_type" in json_response
assert "expires_in" in json_response
assert json_response["access_token"] is not None
resp = app.get("/auth/soft_check")
assert resp.status_code == 200
assert resp.json is not None
json_response = resp.json
assert "authenticated" in json_response
assert json_response["authenticated"]
def test_returns_401_on_no_access_token_sent():
app = setup_application(force_recreate_database=True,
force_initialize_database=False)
resp = app.get("/view_all", expect_errors=True)
assert resp.status_code == 401
def test_returns_200_when_checking_valid_jwt():
auth_params = {
"login": DEMO_USER_LOGIN,
"password": DEMO_USER_PASSWORD
}
app = setup_application(force_recreate_database=False, force_initialize_database=False)
resp = app.post("/auth/token", params=auth_params, expect_errors=False)
assert resp.status_code == 200
assert resp.json is not None
json_response = resp.json
token = json_response["access_token"]
headers = {
"Authorization": "Bearer " + token
}
resp = app.get("/auth/check", headers=headers, expect_errors=False)
assert resp.status_code == 200
assert resp.json is not None
json_resp = resp.json
assert "ok" in json_resp
assert "user_uid" in json_resp
assert json_resp["ok"] == True
assert json_resp["user_uid"] == DEMO_USER_UID
def test_returns_403_when_wrong_token_sent_in_request_header():
app = setup_application(force_recreate_database=True,
force_initialize_database=False)
headers = {"access_token": "bad"}
resp = app.get("/view_all", headers=headers, expect_errors=True)
assert resp.status_code == 403
def test_returns_403_when_wrong_token_sent_in_request_parameters():
app = setup_application(force_recreate_database=True,
force_initialize_database=False)
params = {"t": "bad"}
resp = app.get("/view_all", params=params, expect_errors=True)
assert resp.status_code == 403
def test_returns_403_when_checking_token_without_authentication():
headers = {
"client_type": "json_api"
}
app = setup_application(force_recreate_database=False, force_initialize_database=False)
resp = app.get("/auth/check", headers=headers, expect_errors=True)
assert resp.status_code == 403
def test_soft_auth_check_returns_false_when_not_authenticated():
app = setup_application(force_recreate_database=False, force_initialize_database=False)
resp = app.get("/auth/soft_check")
assert resp.status_code == 200
assert resp.json is not None
json_response = resp.json
assert "authenticated" in json_response
assert not json_response["authenticated"]
def test_returns_401_on_no_access_token_sent():
app = setup_application(force_recreate_database=False, force_initialize_database=False)
params = {
"foo": "bar",
"bizz": "bazz",
"boo": "poo"
}
resp = app.post("/collect", params=params, expect_errors=True)
assert resp.status_code == 401
def test_returns_403_when_wrong_token_sent_in_request_parameters():
app = setup_application(force_recreate_database=True, force_initialize_database=False)
params = {
"foo": "bar",
"bizz": "bazz",
"boo": "poo",
"t": "bad"
}
resp = app.post("/collect", params=params, expect_errors=True)
assert resp.status_code == 403
def test_adds_and_returns_valid_events():
app = setup_application(force_recreate_database=True,
force_initialize_database=True)
headers = {"access_token": DEMO_DEVICE_WRITE_TOKEN}
expected_uid = ksuid.ksuid().toBase62()
params = {
"id": expected_uid,
"foo": "bar",
"bizz": "bazz",
"boo": "poo",
"t": "special"
}
resp = app.post("/collect", params=params, headers=headers)
assert resp.status_code == 200
assert resp.json is not None
json_resp = resp.json
requies_uid = json_resp["request"]["uid"]
assert requies_uid is not None
headers = {"access_token": DEMO_DEVICE_READ_TOKEN}
resp = app.get("/view_all", headers=headers)
assert resp.status_code == 200
assert resp.json is not None
json_resp = resp.json
assert "data" in json_resp
json_data = json_resp["data"]
assert type(json_data) == list
found = False
for item in json_data:
assert "request_uid" in item
assert "request_id" in item
assert "request_uid" in item
assert "adding_dts" in item
assert "method" in item
assert "parameters" in item
if item["request_uid"] == requies_uid:
v = {item["name"]: item["value"] for item in item["parameters"]}
assert v == params
found = True
break
assert found
def test_version_route_returns_valid_values():
app = setup_application(False, False)
resp = app.get("/version")
assert resp.status_code == 200
js_response = resp.json
assert js_response is not None
assert "version" in js_response
assert "app_name" in js_response
assert js_response["version"] == __version__
assert js_response["app_name"] == __app_name__
def test_successfully_adds_values_with_access_token_in_header():
app = setup_application()
headers = {
"access_token": DEMO_DEVICE_WRITE_TOKEN
}
expected_t_value = "foo_bar"
params = {
"foo": "bar",
"bizz": "bazz",
"boo": "poo",
"t": expected_t_value
}
resp = app.post("/collect", params=params, headers=headers)
assert resp.status_code == 200
assert resp.json is not None
json_resp = resp.json
assert "method" in json_resp
assert "dcd_id" in json_resp
assert "request" in json_resp
request_info = json_resp["request"]
assert type(request_info) == dict
assert "id" in request_info
assert "uid" in request_info
assert "params" in request_info
request_id = request_info["id"]
assert request_id is not None
assert str(request_id).isnumeric()
assert request_id > 0
added_params = request_info["params"]
assert "t" in added_params
assert added_params["t"] == expected_t_value
response_params = request_info["params"]
for item in params:
assert item in response_params
def test_authenticates_jwt_to_demo_user():
auth_params = {
"login": DEMO_USER_LOGIN,
"password": DEMO_USER_PASSWORD
}
app = setup_application(force_recreate_database=True, force_initialize_database=True)
resp = app.post("/auth/token", params=auth_params, expect_errors=False)
assert resp.status_code == 200
assert resp.json is not None
json_response = resp.json
assert "access_token" in json_response
assert "scope" in json_response
assert "token_type" in json_response
assert "expires_in" in json_response
assert json_response["access_token"] is not None
# TODO: validate token
assert "Authorization" in resp.headers
assert "Authorization-Scope" in resp.headers
assert "Authorization-Token-Type" in resp.headers
assert "Authorization-Expires-In" in resp.headers
assert resp.headers["Authorization"] == "Bearer " + json_response["access_token"]
assert resp.headers["Authorization-Scope"] == json_response["scope"]
assert resp.headers["Authorization-Token-Type"] == json_response["token_type"]
assert str(resp.headers["Authorization-Expires-In"]) == str(json_response["expires_in"])
cookie_found = False
for k, v in resp.headers.items():
v = str(v)
if k == "Set-Cookie":
if v.startswith("Authorization"):
auth_cookie_value = v[v.index("=") + 2: v.index(";") - 1]
assert auth_cookie_value is not None
assert auth_cookie_value == "Bearer " + json_response["access_token"]
cookie_found = True
assert cookie_found
def test_successfully_adds_values_again():
app = setup_application(force_recreate_database=True, force_initialize_database=True)
params = {
"foo": "bar",
"bizz": "bazz",
"boo": "poo",
"t": DEMO_DEVICE_WRITE_TOKEN
}
resp = app.post("/collect", params=params)
assert resp.status_code == 200
assert resp.json is not None
json_resp = resp.json
request_id = json_resp["request"]["id"]
assert str(request_id).isnumeric()
assert request_id == 1
def test_successfully_adds_values():
app = setup_application()
params = {
"foo": "bar",
"bizz": "bazz",
"boo": "poo",
"t": DEMO_DEVICE_WRITE_TOKEN
}
resp = app.post("/collect", params=params)
assert resp.status_code == 200
assert resp.json is not None
json_resp = resp.json
assert "method" in json_resp
assert "dcd_id" in json_resp
assert "request" in json_resp
request_info = json_resp["request"]
assert type(request_info) == dict
assert "id" in request_info
assert "uid" in request_info
assert "params" in request_info
request_id = request_info["id"]
assert request_id is not None
assert str(request_id).isnumeric()
assert request_id == 1
response_params = request_info["params"]
for item in params:
if item == "t":
continue
assert item in response_params
def test_version_route_returns_200():
app = setup_application(False, False)
resp = app.get("/version")
assert resp.status_code == 200
def test_returns_302_when_checking_token_without_authentication():
app = setup_application(force_recreate_database=False, force_initialize_database=False)
resp = app.get("/auth/check", expect_errors=True)
assert resp.status_code == 302
