def test_auth_process(self): auth_id = self._log_in() res = make_app_request('/submit-totp', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={ 'login': '******', 'password': self._get_otp(), 'auth_id': auth_id, 'return-path': 'http://foo', acm.CSRF_FIELD_NAME: common.get_csrf_token(), }, set_token=False) assert res.status_code == 302 assert res.headers['content-type'] == 'text/html; charset=utf-8' assert res.headers['location'] == 'http://foo' assert 'Redirecting...' in res.text message = url_parse.unquote(res.headers['x-login-message']) assert 'New login success' in message assert 'IP:' in message assert 'Browser:' in message
def test_no_auth(self): res = make_app_request('/import-filters', method='POST', set_token=False, cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}) assert res.status_code == 403 assert res.headers['content-type'] == 'application/json' assert res.json().get('error') == 'Auth error'
def test_import_no_file(self): upload = {} res = make_app_request('/import-filters', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload) assert res.status_code == 400 assert res.headers['content-type'] == 'application/json; charset=utf-8' assert res.json().get('error') == 'No uploaded file'
def test_import_invalid_content_type(self): filters0 = self._remove_filters() upload = { 'filters_file': ('filters.json', self._create_filters_file(filters0), 'text/plain') } res = make_app_request('/import-filters', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload) assert res.status_code == 400 assert res.headers['content-type'] == 'application/json; charset=utf-8' assert res.json().get('error') == 'Invalid content type: text/plain. Need JSON'
def test_import_invalid_json_structure(self): filters0 = {'foo': 'bar'} upload = { 'filters_file': ('filters.json', self._create_filters_file(filters0), 'application/json') } res = make_app_request('/import-filters', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload) assert res.status_code == 400 assert res.headers['content-type'] == 'application/json; charset=utf-8' assert res.json().get('error') == 'Filter data should be a list, got dict instead'
def test_create(self): filters = self._get_filters() assert filters[0]['text'] == 'Foo' req_data = self._create_update_data(filters) req_data.update({ 'op:new': 'and', 'tel:new': '487', 'device_id:new': 'Device Foo', 'text:new': 'Quux', 'action:new': 'mark', }) res = make_app_request('/save-filters', method='POST', data=req_data, cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }) assert 'Redirecting...' in res.text assert res.status_code == 302 filters = self._get_filters() assert len(filters) > 1 first = filters[0] second = filters[1] assert first['op'] == 'and' assert first['tel'] == '487' assert first['device_id'] == 'Device Foo' assert first['text'] == 'Quux' assert first['action'] == 'mark' assert second['text'] == 'Foo'
def test_remove_by_param(self): filters = self._get_filters() len0 = len(filters) req_data = self._create_update_data(filters) rec_id0 = filters[0]['id'] req_data[f'remove:{rec_id0}'] = '1' res = make_app_request('/save-filters', method='POST', data=req_data, cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }) assert 'Redirecting...' in res.text assert res.status_code == 302 filters = self._get_filters() assert len(filters) == len0 - 1 ids = set() for rec in filters: ids.add(rec['id']) assert rec_id0 not in ids
def test_import(self): filters0 = self._remove_filters() upload = { 'filters_file': ('filters.json', self._create_filters_file(filters0), 'application/json') } res = make_app_request('/import-filters', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload) assert 'Redirecting...' in res.text assert res.status_code == 302 filters = self._get_filters() assert filters == filters0
def test_import_invalid_action(self): filters0 = self._remove_filters() filters0[0]['action'] = 'make' upload = { 'filters_file': ('filters.json', self._create_filters_file(filters0), 'application/json') } res = make_app_request('/import-filters', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload) assert res.status_code == 400 assert res.headers['content-type'] == 'application/json; charset=utf-8' assert res.json().get('error', '').startswith('Invalid action: make')
def test_create_no_csrf(self): res = make_app_request('/save-filters', method='POST', data={}, cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }) assert res.status_code == 403 assert res.headers['content-type'] == 'text/html; charset=utf-8' assert res.text == 'No CSRF token'
def test_no_password(self): res = make_app_request('/login', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={ 'login': '******', 'return-path': 'http://foo', acm.CSRF_FIELD_NAME: common.get_csrf_token(), }, set_token=False) assert res.status_code == 400 assert res.headers['content-type'] == 'text/html; charset=utf-8' assert 'No auth info' in res.text
def test_import_invalid_corrupted_json(self): filters0 = self._remove_filters() json_string = json.dumps(filters0) f = StringIO(json_string[:-10]) upload = { 'filters_file': ('filters.json', f, 'application/json') } res = make_app_request('/import-filters', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={acm.CSRF_FIELD_NAME: common.get_csrf_token()}, files=upload) assert res.status_code == 400 assert res.headers['content-type'] == 'application/json; charset=utf-8' assert res.json().get('error').startswith('Invalid JSON: Unterminated string starting at')
def test_main(self): res = make_app_request('/logout', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={ 'login': '******', 'password': '******', 'return-path': 'http://foo', acm.CSRF_FIELD_NAME: common.get_csrf_token(), }) assert res.status_code == 302 assert res.headers['content-type'] == 'text/html; charset=utf-8' assert res.headers['location'] == 'http://foo' assert f'{acm.AUTH_COOKIE_NAME}=;' in res.headers['set-cookie'] assert 'Redirecting...' in res.text
def _create_update_data(self, filters): req_data = {acm.CSRF_FIELD_NAME: common.get_csrf_token()} for filter_data in filters: rec_id = filter_data['id'] for name, val in filter_data.items(): if name == 'id': continue req_data[f'{name}:{rec_id}'] = val return req_data
def test_no_login(self): auth_id = self._log_in() res = make_app_request('/submit-totp', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={ 'password': self._get_otp(), 'auth_id': auth_id, 'return-path': 'http://foo', acm.CSRF_FIELD_NAME: common.get_csrf_token(), }, set_token=False) assert res.status_code == 400 assert res.headers['content-type'] == 'text/html; charset=utf-8' assert 'No auth info' in res.text
def _log_in(self, login='******'): res = make_app_request('/login', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, data={ 'login': login, 'password': '******', 'return-path': 'http://foo', acm.CSRF_FIELD_NAME: common.get_csrf_token(), }, set_token=False) assert res.status_code == 200 auth_id = res.headers.get('x-auth-id') assert auth_id is not None return auth_id
def test_update_invalid_id(self): filters = self._get_filters() filters[0]['id'] = 'invalid' req_data = self._create_update_data(filters) res = make_app_request('/save-filters', method='POST', data=req_data, cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }) assert res.headers['content-type'] == 'application/json; charset=utf-8' assert res.json().get('error') == 'Invalid filter ID: invalid' assert res.status_code == 400
def test_import_no_csrf(self): filters0 = self._remove_filters() upload = { 'filters_file': ('filters.json', self._create_filters_file(filters0), 'application/json') } res = make_app_request('/import-filters', method='POST', cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }, files=upload) assert res.status_code == 403 assert res.headers['content-type'] == 'text/html; charset=utf-8' assert res.text == 'No CSRF token'
def test_update(self): filters = self._get_filters() assert filters[0]['text'] == 'Foo' filters[0]['text'] = 'Bar' req_data = self._create_update_data(filters) res = make_app_request('/save-filters', method='POST', data=req_data, cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }) assert 'Redirecting...' in res.text assert res.status_code == 302 filters = self._get_filters() assert filters[0]['text'] == 'Bar'
def test_create_invalid_action(self): filters = self._get_filters() req_data = self._create_update_data(filters) req_data.update({ 'op:new': 'or', 'tel:new': '487', 'device_id:new': 'Device Foo', 'text:new': 'Quux', 'action:new': 'make', }) res = make_app_request('/save-filters', method='POST', data=req_data, cookies={ acm.CSRF_COOKIE_NAME: common.get_csrf_token(), }) assert res.headers['content-type'] == 'application/json; charset=utf-8' assert res.json().get('error', '').startswith('Invalid action: make') assert res.status_code == 400