def test_login_fails_demo_project_admin(self):
# Admin role on demo project, but missing the admin project
(self.user, password) = create_user({'demo': 'admin'},
{'Default': 'admin'})
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'access to the admin project'):
auth_token.login(self.user.name, password)
def test_login_fails_domain_admin(self):
# Domain admin, but lacking access to admin project
(self.user, password) = create_user({'demo': 'admin'},
{'Default': 'admin'})
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'access to the admin project'):
auth_token.login(self.user.name, password)
def test_login_fails_domain_member(self):
# Admin role on admin project, domain member, but missing the domain
# admin
(self.user, password) = create_user({'admin': 'admin'},
{'Default': '_member_'})
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'not an admin of the default domain'):
auth_token.login(self.user.name, password)
def test_login_fails_multiple_admin_projects(self):
# Admin role on both projects, but missing the domain admin
(self.user, password) = create_user({
'admin': 'admin',
'demo': 'admin'
})
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'not authorized on the .* domain'):
auth_token.login(self.user.name, password)
def login(self):
(self.user, password) = create_user({'admin': 'admin'},
{'Default': 'admin'})
auth_ref = auth_token.login(self.user.name, password)
self.assertIsNotNone(auth_ref)
self.assertIsNotNone(auth_ref.auth_token)
self.assertTrue(auth_token.validate(auth_ref.auth_token))
return auth_ref
def test_monasca_user_role(self):
# Test that a user with monasca-user role can retrieve monasca data
(self.user,
password) = create_user({
'admin': 'monasca-user',
'demo': 'admin'
}, {'Default': 'admin'})
data = self.monitor('notification_list')
self.assertGreater(len(data), 0)
def test_find_by_id():
db = DB()
user = create_user()
blog = create_blog(user=user)
found_blog = BlogLoader.find_by_id(db, blog.id)
assert found_blog.id == blog.id
assert BlogLoader.find_by_id(db, -1) is None
def test_find_by_name():
db = DB()
user = create_user()
found_user = UserLoader.find_by_name(db, user.name)
assert isinstance(found_user, User)
assert found_user.name == user.name
not_found_user = UserLoader.find_by_name(db, random_string(10))
assert not_found_user is None
def test_login_other_admin(self):
# Domain admin, and demo project admin, and monasca-user role
# on admin project. This should succeed
(self.user,
password) = create_user({
'admin': 'monasca-user',
'demo': 'admin'
}, {'Default': 'admin'})
auth_ref = auth_token.login(self.user.name, password)
token = auth_ref.auth_token
ref = auth_token.get_appropriate_auth_ref(token)
self.assertIsNotNone(ref)
self.assertIsNotNone(ref.auth_token)
self.assertEqual('demo', ref.project_name)
def test_create():
db = DB()
user = create_user()
title = random_string(10)
blog_id = BlogAction.create(
db,
owner_id=user.id,
title=title,
)
found_blog = BlogLoader.find_by_id(db, blog_id)
assert found_blog.id == blog_id
assert found_blog.owner_id == user.id
assert found_blog.title == title
def test_patch_account_without_request_content_type_returning_400_status_code(client, session):
"""
GIVEN a Flask application
WHEN the '/account' URL is requested (PATH) without the request content type
THEN check the response HTTP 400 response
"""
user = create_user(session)
tokens = create_tokens(user.username)
endpoint = '/account'
response = client.patch(endpoint,
headers={'Authorization': 'Bearer ' + tokens['access']['enconded']})
assert response.status_code == 400
assert response.json['status'] == 'fail'
assert response.json['message'] == 'bad request'
def test_auth_register_with_an_existent_username_returning_400_status_code(
client, session):
"""
GIVEN a Flask application
WHEN the '/auth/register' URL is requested (POST) with an existent username
THEN check the response HTTP 400 response
"""
user = create_user(session)
data = {'username': user.username, 'password': "******"}
response = client.post('/auth/register',
data=json.dumps(data),
content_type='application/json')
assert response.status_code == 400
assert response.json['status'] == 'fail'
assert {'username': '******'} in response.json['data']
def test_patch_account_with_password_length_smaller_than_3_character_returning_400_status_code(client, session):
"""
GIVEN a Flask application
WHEN the '/account' URL is requested (PATCH) with invalid password value
THEN check the response HTTP 400 response
"""
user = create_user(session)
tokens = create_tokens(user.username)
endpoint = '/account'
data = {'password': "******"}
response = client.patch(endpoint,
data=json.dumps(data),
content_type='application/json',
headers={'Authorization': 'Bearer ' + tokens['access']['enconded']})
assert response.status_code == 400
assert response.json['status'] == 'fail'
assert {"password": "******"} in response.json['data']
def test_update_account_with_empty_data_returning_400_status_code(
client, session):
"""
GIVEN a Flask application
WHEN the '/account' URL is requested (PUT) with empty data
THEN check the response HTTP 400 response
"""
user = create_user(session)
tokens = create_tokens(user.username)
endpoint = '/account'
data = {}
response = client.put(
endpoint,
data=json.dumps(data),
content_type='application/json',
headers={'Authorization': 'Bearer ' + tokens['access']['enconded']})
assert response.status_code == 400
assert response.json['status'] == 'fail'
assert {'password': '******'} in response.json['data']
def test_patch_account_with_data_well_formatted_returning_200_status_code(client, session, auth):
"""
GIVEN a Flask application
WHEN the '/account' URL is requested (PATCH)
THEN check the response is valid
"""
user = create_user(session)
tokens = create_tokens(user.username)
endpoint = '/account'
data = {'password': "******"}
response = client.patch(endpoint,
data=json.dumps(data),
content_type='application/json',
headers={'Authorization': 'Bearer ' + tokens['access']['enconded']})
assert response.status_code == 200
assert response.json['status'] == 'success'
assert int(response.json['data']['id']) == user.id
def test_patch_account_with_an_user_already_excluded_returning_404_status_code(client, session):
"""
GIVEN a Flask application
WHEN the '/account' URL is requested (PATCH) with inexistent user
THEN check the response HTTP 404 response
"""
user = create_user(session)
tokens = create_tokens(user.username)
# delete the user
session.delete(user)
session.commit()
# request
response = client.patch('/account',
content_type='application/json',
headers={'Authorization': 'Bearer ' + tokens['access']['enconded']})
# asserts
assert response.status_code == 404
assert response.json['status'] == 'error'
assert response.json['message'] == 'not Found'
def test_delete_with_all_data_passed_returning_200_status_code(
client, session):
"""
GIVEN a Flask application
WHEN the '/account' URL is requested (DELETE)
THEN check the response is valid
"""
user = create_user(session)
tokens = create_tokens(user.username)
endpoint = '/account'
# assert user was deleted
response = client.delete(
endpoint,
headers={'Authorization': 'Bearer ' + tokens['access']['enconded']})
assert response.status_code == 201
from app.model import Token
tokens = session.query(Token).filter_by(user_identity=user.username,
revoked=False).all()
assert len(tokens) == 0
def test_delete_with_inexistent_user_id_returning_404_status_code(
client, session):
"""
GIVEN a Flask application
WHEN the '/account' URL is requested (DELETE) with inexistent user
THEN check the response HTTP 404 response
"""
user = create_user(session)
tokens = create_tokens(user.username)
# delete the user
session.delete(user)
session.commit()
# request
endpoint = '/account'
response = client.delete(
endpoint,
headers={'Authorization': 'Bearer ' + tokens['access']['enconded']})
assert response.status_code == 404
assert response.json['status'] == 'error'
assert response.json['message'] == 'not Found'
def test_auth_list_tokens_of_logged_user_returning_200_status_code(
client, session):
"""
GIVEN a Flask application
WHEN the '/auth/token' URL is requested (GET)
THEN check the response is valid and for the tokens created
"""
user = create_user(session)
tokens = create_tokens(user.username)
# request
response = client.get(
'/auth/token',
content_type='application/json',
headers={'Authorization': 'Bearer ' + tokens['access']['enconded']})
# asserts
assert response.status_code == 200
assert response.json['status'] == 'success'
data = response.json['data']
assert len(data) == 2
assert data[0]['token_type'] == 'access'
assert data[0]['jti'] == tokens['access']['decoded']['jti']
assert data[1]['token_type'] == 'refresh'
assert data[1]['jti'] == tokens['refresh']['decoded']['jti']
def test_login_fails_without_project_or_domain(self):
(self.user, password) = create_user()
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'access to the admin project'):
auth_token.login(self.user.name, password)
