def test_bad_secret(self): """ The DB API should return a 401 unauthorised if I submit a request as an agent but with a bad or empty password. """ app = TestApp(get_app(test_ini)) #With no password app.authorization = ('Basic', ('agent', '')) app.get("/users/testuser/credit", status=401) #And with a bad one app.authorization = ('Basic', ('agent', 'badpass')) app.get("/users/testuser/credit", status=401)
def test_view_wabstic_proporz(election_day_app): id_, token = add_data_source( Client(election_day_app), upload_type='proporz', fill=True ) client = Client(election_day_app) client.authorization = ('Basic', ('', token)) params = [ (name, Upload('{}.csv'.format(name), 'a'.encode('utf-8'))) for name in ( 'wp_wahl', 'wpstatic_gemeinden', 'wp_gemeinden', 'wp_listen', 'wp_listengde', 'wpstatic_kandidaten', 'wp_kandidaten', 'wp_kandidatengde', ) ] with patch( 'onegov.election_day.views.upload.wabsti_exporter' '.import_election_wabstic_proporz' ) as import_: result = client.post('/upload-wabsti-proporz', params=params) assert import_.called assert '1' in import_.call_args[0] assert '2' in import_.call_args[0] assert result.json['status'] == 'success'
def test_view_rest_parties(election_day_app): token = UploadTokenCollection(election_day_app.session()).create() token = str(token.token) transaction.commit() client = Client(election_day_app) client.authorization = ('Basic', ('', token)) create_election(election_day_app, 'proporz') params = ( ('id', 'election'), ('type', 'parties'), ('results', Upload('results.csv', 'a'.encode('utf-8'))), ) with patch( 'onegov.election_day.views.upload.rest.import_party_results', return_value=[] ) as import_: result = client.post('/upload', params=params) assert result.json['status'] == 'success' assert import_.called assert isinstance(import_.call_args[0][0], Election) assert isinstance(import_.call_args[0][1], BytesIO) assert import_.call_args[0][2] == 'application/octet-stream'
def test_auth(monkeypatch): monkeypatch.setenv("WSGI_AUTH_CREDENTIALS", "foo:bar") application = wsgi_basic_auth.BasicAuth(wsgi_app) app = TestApp(application) app.get("/", status=401) app.authorization = ("Basic", ("foo", "bar")) app.get("/", status=200)
def test_states_empty(self): #Get a valid log-in app = TestApp(get_app(test_ini)) settings = get_appsettings(test_ini) app.authorization = ('Basic', ('agent', settings['agent.secret'])) r = app.get('/states') self.assertEqual(r.json, { s : 0 for s in server.get_state_list() })
def test_view_rest_authenticate(election_day_app): client = Client(election_day_app) client.post('/upload', status=401) client.authorization = ('Basic', ('', 'password')) client.post('/upload', status=401) collection = UploadTokenCollection(election_day_app.session()) token = str(collection.create().token) transaction.commit() client.post('/upload', status=401) client.authorization = ('Basic', ('', token)) client.post('/upload', status=400) for token in collection.query(): collection.delete(token) transaction.commit() client.post('/upload', status=401)
def test_view_rest_validation(election_day_app): token = UploadTokenCollection(election_day_app.session()).create() token = str(token.token) transaction.commit() client = Client(election_day_app) client.authorization = ('Basic', ('', token)) # No parameters result = client.post('/upload', status=400).json assert result['status'] == 'error' assert result['errors'] == { 'id': [{'message': 'This field is required.'}], 'results': [{'message': 'This field is required.'}], 'type': [{'message': 'This field is required.'}], } # Invalid type result = client.post('/upload', status=400, params=(('type', 'xyz'),)).json assert result['errors']['type'] == [{'message': 'Not a valid choice'}] # No vote params = ( ('id', 'vote-id'), ('type', 'vote'), ('results', Upload('results.csv', 'a'.encode('utf-8'))), ) result = client.post('/upload', status=400, params=params).json assert result['errors']['id'] == [{'message': 'Invalid id'}] # No election params = ( ('id', 'election-id'), ('type', 'election'), ('results', Upload('results.csv', 'a'.encode('utf-8'))), ) result = client.post('/upload', status=400, params=params).json assert result['errors']['id'] == [{'message': 'Invalid id'}] # Wrong election type create_election(election_day_app, 'majorz') params = ( ('id', 'election'), ('type', 'parties'), ('results', Upload('results.csv', 'a'.encode('utf-8'))), ) result = client.post('/upload', status=400, params=params).json assert result['errors']['id'] == [{ 'message': 'Use an election based on proportional representation' }]
def test_view_wabstic_authenticate(election_day_app): client = Client(election_day_app) urls = ('vote', 'majorz', 'proporz') def post(url): return client.post('/upload-wabsti-{}'.format(url), expect_errors=True) assert all((post(url).status_code == 403 for url in urls)) client.authorization = ('Basic', ('', 'password')) assert all((post(url).status_code == 403 for url in urls)) id_, token = add_data_source(Client(election_day_app)) assert all((post(url).status_code == 403 for url in urls)) client.authorization = ('Basic', ('', token)) assert all((post(url).status_code == 200 for url in urls)) regenerate_token(Client(election_day_app), id_) assert all((post(url).status_code == 403 for url in urls))
def test_env_secretfile(self): """ I should be able to supply the secret in the environment and it should override the config file. """ #Don't do this, it stays set and breaks other tests #os.environ['agent_secretfile'] = secret_file #Do this... with patch.dict('os.environ', {'agent_secretfile': secret_file}): app = TestApp(get_app(test_ini)) # We know what's in the secret_file; see the first test above app.authorization = ('Basic', ('agent', 'testsharedsecret')) r = app.get("/users/testuser/credit") self.assertEqual(r.json['credit_balance'], 200)
def test_secret_in_file(self): """ Likewise I should be able to set a secretfile in the config file and the secret should be read from there. """ #self test 2 above confirms that this sets the agent.secretfile correctly with patch('builtins.open', filter_open(TestAgentAPI._ini_filter, pattern=r'test\.ini$', verbose=False)): appconf = get_app(test_ini) app = TestApp(appconf) # We know what's in the secret_file; see the first test above app.authorization = ('Basic', ('agent', 'testsharedsecret')) r = app.get("/users/testuser/credit") self.assertEqual(r.json['credit_balance'], 200)
def test_view_wabstic_vote(election_day_app): id_, token = add_data_source(Client(election_day_app), fill=True) client = Client(election_day_app) client.authorization = ('Basic', ('', token)) params = [ (name, Upload('{}.csv'.format(name), 'a'.encode('utf-8'))) for name in ('sg_geschaefte', 'sg_gemeinden') ] with patch( 'onegov.election_day.views.upload.wabsti_exporter.import_vote_wabstic' ) as import_: result = client.post('/upload-wabsti-vote', params=params) assert import_.called assert '1' in import_.call_args[0] assert '2' in import_.call_args[0] assert result.json['status'] == 'success'
def _get_test_app(self): # This is tested in the test below, and also convenient for other tests where # we just want a working agent log-in. app = TestApp(get_app(test_ini)) #Re-read the .ini to find out the secret. settings = get_appsettings(test_ini) #This should not be the same as what's in secret-file.txt. #Actually, I already tested this above, no matter. # self.assertNotEqual(settings['agent.secret'], 'testsharedsecret') app.authorization = ('Basic', ('agent', settings['agent.secret'])) #And we need this, or else the second call will fail with # KeyError: 'No such user'. Really we should either suppress HAP returning # a login token to agents or else allow it to validate the token successfully. app.cookiejar.set_policy(DefaultCookiePolicy(allowed_domains=[])) return app
def connected_admin_app(app): """A Webtest app with connected admin user.""" test_app = TestApp(app) user = User(username='******', email='*****@*****.**', password=sha256_crypt.hash("123456"), admin=1) _db.session.add(user) _db.session.commit() access_token = create_access_token(identity=user.as_dict()) refresh_token = create_refresh_token(identity=user.as_dict()) test_app.authorization = ('Bearer', access_token) login_user(user) user.authenticated = True yield test_app
def test__get_user_config_endpoint_new_user( self, user_api_factory: UserApiFactory, web_testapp: TestApp): uapi = user_api_factory.get() profile = Profile.USER test_user = uapi.create_user( email="*****@*****.**", password="******", name="bob", profile=profile, timezone="Europe/Paris", lang="fr", do_save=True, do_notify=False, ) transaction.commit() user_id = test_user.user_id web_testapp.authorization = ("Basic", ("*****@*****.**", "password")) res = web_testapp.get( "/api/users/{user_id}/config".format(user_id=user_id), status=200) assert json.loads(res.body, encoding="utf-8")["parameters"] == {}
def connected_app(app): """A Webtest app with connected user.""" test_app = TestApp(app) user = User(username='******', color='blue', mode='light', email='*****@*****.**', password=sha256_crypt.hash("123456"), firstname="User", lastname="Name", language="en-US") _db.session.add(user) _db.session.commit() access_token = create_access_token(identity=to_dict(user)) refresh_token = create_refresh_token(identity=to_dict(user)) test_app.authorization = ('Bearer', access_token) yield test_app
def test_view_rest_translations(election_day_app): token = UploadTokenCollection(election_day_app.session()).create() token = str(token.token) transaction.commit() client = Client(election_day_app) client.authorization = ('Basic', ('', token)) params = ( ('id', 'vote-id'), ('type', 'vote'), ('results', Upload('results.csv', 'a'.encode('utf-8'))), ) # Default result = client.post('/upload', status=400).json assert result['errors']['id'][0]['message'] == 'This field is required.' result = client.post('/upload', status=400, params=params).json assert result['errors']['id'][0]['message'] == 'Invalid id' # Invalid header headers = [('Accept-Language', 'xxx')] result = client.post('/upload', status=400, headers=headers).json assert result['errors']['id'][0]['message'] == 'This field is required.' result = client.post('/upload', status=400, headers=headers, params=params) result = result.json assert result['errors']['id'][0]['message'] == 'Invalid id' # German headers = [('Accept-Language', 'de_CH')] result = client.post('/upload', status=400, headers=headers).json assert result['errors']['id'][0]['message'] == 'Dieses Feld wird benötigt.' result = client.post('/upload', status=400, headers=headers, params=params) result = result.json assert result['errors']['id'][0]['message'] == 'Ungültige ID'
def test_view_wabstic_translations(election_day_app): id_, token = add_data_source(Client(election_day_app), fill=True) client = Client(election_day_app) client.authorization = ('Basic', ('', token)) params = ( ('sg_geschaefte', Upload('sg_geschaefte.txt', 'a'.encode('utf-8'))), ('sg_gemeinden', Upload('sg_gemeinden.txt', 'a'.encode('utf-8'))), ) # Default result = client.post('/upload-wabsti-vote') assert result.json['errors']['sg_gemeinden'] == ['This field is required.'] result = client.post('/upload-wabsti-majorz') assert result.json['errors']['data_source'] == [ 'The data source is not configured properly' ] result = client.post('/upload-wabsti-vote', params=params) assert result.json['errors']['item'][0]['message'] == ( 'Not a valid xls/xlsx file.' ) # Invalid header headers = [('Accept-Language', 'xxx')] result = client.post('/upload-wabsti-vote', headers=headers) assert result.json['errors']['sg_gemeinden'] == ['This field is required.'] result = client.post('/upload-wabsti-majorz', headers=headers) assert result.json['errors']['data_source'] == [ 'The data source is not configured properly' ] result = client.post('/upload-wabsti-vote', headers=headers, params=params) assert result.json['errors']['item'][0]['message'] == ( 'Not a valid xls/xlsx file.' ) # German headers = [('Accept-Language', 'de_CH')] result = client.post('/upload-wabsti-vote', headers=headers) assert result.json['errors']['sg_gemeinden'] == [ 'Dieses Feld wird benötigt.' ] result = client.post('/upload-wabsti-majorz', headers=headers) assert result.json['errors']['data_source'] == [ 'Die Datenquellekonfiguration ist ungültig' ] result = client.post('/upload-wabsti-vote', headers=headers, params=params) assert result.json['errors']['item'][0]['message'] == ( 'Keine gültige XLS/XLSX Datei.' ) # Italian headers = [('Accept-Language', 'it_CH')] result = client.post('/upload-wabsti-vote', headers=headers) assert result.json['errors']['sg_gemeinden'] == [ 'Questo campo è obbligatorio.' ] result = client.post('/upload-wabsti-majorz', headers=headers) assert result.json['errors']['data_source'] == [ 'L\'origine dati non è configurata correttamente' ] result = client.post('/upload-wabsti-vote', headers=headers, params=params) assert result.json['errors']['item'][0]['message'] == ( 'Nessun file XLS/XLSX valido.' )
def test__subscribe_workspace__ok__200__resubscribe_to_rejected_subscription( self, user_api_factory: UserApiFactory, workspace_api_factory: WorkspaceApiFactory, web_testapp: TestApp, subscription_lib_factory: SubscriptionLibFactory, admin_user: User, event_helper: EventHelper, ): on_request_workspace = workspace_api_factory.get().create_workspace( "on_request", access_type=WorkspaceAccessType.ON_REQUEST, save_now=True) uapi = user_api_factory.get() profile = Profile.USER test_user = uapi.create_user( email="*****@*****.**", password="******", name="bob", profile=profile, timezone="Europe/Paris", lang="fr", do_save=True, do_notify=False, ) subscription = subscription_lib_factory.get( test_user).submit_subscription(workspace=on_request_workspace) subscription_lib_factory.get().reject_subscription(subscription) transaction.commit() web_testapp.authorization = ("Basic", ("*****@*****.**", "password")) res = web_testapp.get("/api/users/{}/workspace_subscriptions".format( test_user.user_id), status=200) assert len(res.json_body) == 1 subscription = res.json_body[0] assert subscription[ "state"] == WorkspaceSubscriptionState.REJECTED.value assert subscription["workspace"][ "workspace_id"] == on_request_workspace.workspace_id assert subscription["author"]["user_id"] == test_user.user_id assert subscription["created_date"] assert subscription["evaluation_date"] assert subscription["evaluator"]["user_id"] == admin_user.user_id # resubscribe rejected subscription params = {"workspace_id": on_request_workspace.workspace_id} res = web_testapp.put_json( "/api/users/{}/workspace_subscriptions".format(test_user.user_id), status=200, params=params, ) subscription = res.json_body assert subscription[ "state"] == WorkspaceSubscriptionState.PENDING.value assert subscription["workspace"][ "workspace_id"] == on_request_workspace.workspace_id assert subscription["author"]["user_id"] == test_user.user_id assert subscription["created_date"] assert subscription["evaluation_date"] is None assert subscription["evaluator"] is None last_event = event_helper.last_event assert last_event.event_type == "workspace_subscription.modified" author = web_testapp.get("/api/users/{}".format(test_user.user_id), status=200).json_body assert last_event.author == author web_testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) workspace = web_testapp.get("/api/workspaces/{}".format( on_request_workspace.workspace_id), status=200).json_body assert last_event.workspace == workspace assert last_event.subscription["state"] == subscription["state"] assert last_event.subscription["workspace"] == subscription[ "workspace"] assert last_event.subscription["author"] == subscription["author"] assert last_event.subscription["evaluator"] == subscription[ "evaluator"] # after resubscribe res = web_testapp.get("/api/users/{}/workspace_subscriptions".format( test_user.user_id), status=200) assert len(res.json_body) == 1 subscription = res.json_body[0] assert subscription[ "state"] == WorkspaceSubscriptionState.PENDING.value assert subscription["workspace"][ "workspace_id"] == on_request_workspace.workspace_id assert subscription["author"]["user_id"] == test_user.user_id assert subscription["created_date"] assert subscription["evaluation_date"] is None assert subscription["evaluator"] is None last_event = event_helper.last_event assert last_event.event_type == "workspace_subscription.modified" author = web_testapp.get("/api/users/{}".format(test_user.user_id), status=200).json_body assert last_event.author == author web_testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) workspace = web_testapp.get("/api/workspaces/{}".format( on_request_workspace.workspace_id), status=200).json_body assert last_event.workspace == workspace assert last_event.subscription["state"] == subscription["state"] assert last_event.subscription["workspace"] == subscription[ "workspace"] assert last_event.subscription["author"] == subscription["author"] assert last_event.subscription["evaluator"] == subscription[ "evaluator"]
def test__get_user_subscription__ok__200__nominal_case( self, user_api_factory: UserApiFactory, workspace_api_factory: WorkspaceApiFactory, web_testapp: TestApp, subscription_lib_factory: SubscriptionLibFactory, admin_user: User, ): workspace_api_factory.get().create_workspace( "open", access_type=WorkspaceAccessType.OPEN, save_now=True) on_request_workspace = workspace_api_factory.get().create_workspace( "on_request", access_type=WorkspaceAccessType.ON_REQUEST, save_now=True) on_request_workspace_2 = workspace_api_factory.get().create_workspace( "on_request_2", access_type=WorkspaceAccessType.ON_REQUEST, save_now=True) workspace_api_factory.get().create_workspace( "confidential", access_type=WorkspaceAccessType.CONFIDENTIAL, save_now=True) uapi = user_api_factory.get() profile = Profile.USER test_user = uapi.create_user( email="*****@*****.**", password="******", name="bob", profile=profile, timezone="Europe/Paris", lang="fr", do_save=True, do_notify=False, ) subscription_lib_factory.get(test_user).submit_subscription( workspace=on_request_workspace) subscription = subscription_lib_factory.get( test_user).submit_subscription(workspace=on_request_workspace_2) subscription_lib_factory.get().reject_subscription(subscription) transaction.commit() web_testapp.authorization = ("Basic", ("*****@*****.**", "password")) res = web_testapp.get("/api/users/{}/workspace_subscriptions".format( test_user.user_id), status=200) assert len(res.json_body) == 2 first_subscription = res.json_body[0] assert first_subscription[ "state"] == WorkspaceSubscriptionState.PENDING.value assert first_subscription["workspace"][ "workspace_id"] == on_request_workspace.workspace_id assert first_subscription["author"]["user_id"] == test_user.user_id assert first_subscription["created_date"] assert first_subscription["evaluation_date"] is None assert first_subscription["evaluator"] is None second_subscription = res.json_body[1] assert second_subscription[ "state"] == WorkspaceSubscriptionState.REJECTED.value assert (second_subscription["workspace"]["workspace_id"] == on_request_workspace_2.workspace_id) assert second_subscription["author"]["user_id"] == test_user.user_id assert second_subscription["created_date"] assert second_subscription["evaluation_date"] assert second_subscription["evaluator"][ "user_id"] == admin_user.user_id web_testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**")) res2 = web_testapp.get("/api/users/{}/workspace_subscriptions".format( test_user.user_id), status=200) assert res.json_body == res2.json_body
def authorized_app(): app = WebTestApp(main({}, **test_app_configuration)) admin = UserModel.get(id='admin') app.authorization = ('Basic', (admin.id, admin.api_key)) return app
def test_api__try_login_enpoint__ok_200__with_username_basic_auth( self, web_testapp: TestApp, ) -> None: web_testapp.authorization = ("Basic", ("TheAdmin", "*****@*****.**")) res = web_testapp.get("/api/auth/whoami", status=200) assert res.json_body["public_name"] == "Global manager"