class FacadeTest(FluidinfoTestCase):
"""
Simple tests of L{Facade} functionality that are not to do with user
creation or authentication.
"""
resources = [('config', ConfigResource()),
('log', LoggingResource()),
('store', DatabaseResource()),
('threadPool', ThreadPoolResource())]
def setUp(self):
super(FacadeTest, self).setUp()
factory = FluidinfoSessionFactory('API-9000')
self.transact = Transact(self.threadPool)
self.facade = Facade(self.transact, factory)
self.system = createSystemData()
@inlineCallbacks
def testCreateAnonymousSession(self):
"""
L{FacadeAuthMixin.createAnonymousSession} creates a
L{FluidinfoSession} for the anonymous user C{anon} so that anonymous
requests coming from the C{WSFE} can be correctly verified by the
L{Facade}.
"""
anon = self.system.users[u'anon']
self.store.commit()
session = yield self.facade.createAnonymousSession()
self.assertEqual('anon', session.auth.username)
self.assertEqual(anon.objectID, session.auth.objectID)
class NamespaceAPITest(NamespaceAPITestMixin, FluidinfoTestCase):
resources = [('config', ConfigResource()), ('store', DatabaseResource())]
def setUp(self):
super(NamespaceAPITest, self).setUp()
self.system = createSystemData()
UserAPI().create([(u'username', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'username')
self.namespaces = NamespaceAPI(self.user)
self.permissions = PermissionAPI(self.user)
def testCreateWithoutData(self):
"""
L{NamespaceAPI.create} returns an empty C{list} if no L{Namespace}
data is available.
"""
result = self.namespaces.create([])
self.assertEqual([], result)
ignored = (self.system.namespaces.keys() +
[u'username', u'username/private'])
result = self.store.find(Namespace, Not(Namespace.path.is_in(ignored)))
self.assertIdentical(None, result.one())
def testPermissionsAreNotCreatedIfCreateFails(self):
"""
If L{NamespaceAPI.create} fails, no permissions should be created.
"""
self.assertRaises(MalformedPathError, self.namespaces.create,
[(u'!!!!/test', u'description')])
result = getNamespacePermissions([u'username/test'])
self.assertTrue(result.is_empty())
class RecentActivityAPITest(RecentActivityAPITestMixin, FluidinfoTestCase):
resources = [('config', ConfigResource()), ('store', DatabaseResource())]
def setUp(self):
super(RecentActivityAPITest, self).setUp()
createSystemData()
self.recentActivity = RecentActivityAPI()
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
self.user = getUser(u'user')
def getObjectAPI(self, user):
"""Get an L{ObjectAPI} instance for the specified user.
@param user: The L{User} to configure the L{ObjectAPI} instance.
@return: An L{ObjectAPI} instance.
"""
return ObjectAPI(user)
def getTagValueAPI(self, user):
"""Get a L{TagValueAPI} instance for the specified user.
@param user: The L{User} to configure the L{TagValueAPI} instance.
@return: A L{TagValueAPI} instance.
"""
return TagValueAPI(user)
class GetCacheClientTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource())]
def testGetCacheClient(self):
"""
L{getCacheClient} returns a configured L{Redis} client that is ready to
use.
"""
client = getCacheClient()
self.assertIsInstance(client, Redis)
def testGetCacheClientUsesGlobalConnectionPool(self):
"""
L{getCacheClient} returns a L{Redis} client that uses the global
connection pool.
"""
client = getCacheClient()
connectionPool = getCacheConnectionPool()
self.assertIdentical(client.connection_pool, connectionPool)
def testGetCacheClientsUseTheSameConnectionPool(self):
"""
L{getCacheClient} returns a L{Redis} client that uses the global
connection pool.
"""
client1 = getCacheClient()
client2 = getCacheClient()
self.assertIdentical(client1.connection_pool, client2.connection_pool)
class SecureRecentActivityAPIWithBrokenCacheTest(RecentActivityAPITestMixin,
FluidinfoTestCase):
resources = [('cache', BrokenCacheResource()), ('client', IndexResource()),
('config', ConfigResource()), ('log', LoggingResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureRecentActivityAPIWithBrokenCacheTest, self).setUp()
createSystemData()
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
self.user = getUser(u'user')
self.recentActivity = SecureRecentActivityAPI(self.user)
def getObjectAPI(self, user):
"""Get an L{CachingObjectAPI} instance for the specified user.
@param user: The L{User} to configure the L{CachingObjectAPI}
instance.
@return: An L{CachingObjectAPI} instance.
"""
return CachingObjectAPI(user)
def getTagValueAPI(self, user):
"""Get a L{TagValueAPI} instance for the specified user.
@param user: The L{User} to configure the L{TagValueAPI} instance.
@return: A L{TagValueAPI} instance.
"""
return CachingTagValueAPI(user)
class AuthenticateTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def testAuthenticate(self):
"""
L{authenticate} will be successful if the C{username} and the
plaintext C{password} passed match a L{User} in the database.
"""
user = createUser(u'fred', u'fred-secret', u'Fred',
u'*****@*****.**')
self.assertIdentical(user, authenticate(u'fred', u'fred-secret'))
def testAuthenticateFailsWithIncorrectPassword(self):
"""
L{authenticate} will be unsuccessful if the C{username} and the
plaintext C{password} passed don't match a L{User} in the database.
"""
createUser(u'fred', u'fred-secret', u'Fred', u'*****@*****.**')
self.assertRaises(AuthenticationError, authenticate, u'fred',
u'bad-secret')
def testAuthenticateFailsWithUnknownUser(self):
"""
L{authenticate} will be unsuccessful if the C{username} and the
plaintext C{password} passed don't match a L{User} in the database.
"""
error = self.assertRaises(UnknownUserError, authenticate, u'unknown',
u'bad-secret')
self.assertEqual([u'unknown'], error.usernames)
class IsEqualsQueryTest(FluidinfoTestCase):
resources = [('config', ConfigResource())]
def testIsEqualsQuery(self):
"""
L{isEqualsQuery} returns C{True} if the given query uses the C{equals}
operator and the given path.
"""
query = parseQuery(u'fluiddb/about = "test"')
self.assertTrue(isEqualsQuery(query, u'fluiddb/about'))
def testIsEqualsQueryWithOtherOperator(self):
"""
L{isEqualsQuery} returns C{False} if the given query doesn't use the
C{equals} operator operator and the given path.
"""
query = parseQuery(u'fluiddb/about > "test"')
self.assertFalse(isEqualsQuery(query, u'fluiddb/about'))
def testIsEqualsQueryWithDifferentPath(self):
"""
L{isEqualsQuery} returns C{True} if the given query uses the C{equals}
operator but not the given path.
"""
query = parseQuery(u'other/path = "test"')
self.assertFalse(isEqualsQuery(query, u'different/path'))
class RootResourceTest(FluidinfoTestCase):
resources = [('config', ConfigResource()), ('log', LoggingResource()),
('store', DatabaseResource()),
('threadPool', ThreadPoolResource())]
def setUp(self):
super(RootResourceTest, self).setUp()
factory = FluidinfoSessionFactory('API-9000')
transact = Transact(self.threadPool)
createSystemData()
self.checker = AnonymousChecker()
self.checker.facadeClient = Facade(transact, factory)
getConfig().set('service', 'allow-anonymous-access', 'False')
@inlineCallbacks
def testAnonymousAccessDenied(self):
"""
L{FacadeAnonymousCheckerTest.requestAvatarId} returns
an C{UnauthorizedLogin} for access by the C{anon} user if the
C{allow-anonymous-access} configuration option is C{False}. The
C{UnauthorizedLogin} is the C{session} attribute in L{RootResource} and
must result in the C{getChild} method returning a
L{WSFEUnauthorizedResource} instance.
"""
self.store.commit()
session = yield self.checker.requestAvatarId(credentials=None)
self.assertTrue(isinstance(session, UnauthorizedLogin))
root = RootResource(self.checker.facadeClient, session)
request = FakeRequest()
root.getChild('/', request)
class SecureNamespaceAPIWithSuperuserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureNamespaceAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.namespaces = SecureNamespaceAPI(user)
self.permissions = CachingPermissionAPI(user)
def testCreateIsAllowed(self):
"""
Creating a new L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
values = [(u'fluiddb', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
result = self.namespaces.create([(u'fluiddb/test', u'description')])
self.assertEqual(1, len(result))
def testDeleteIsAllowed(self):
"""
Deleting a L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result1 = self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.DELETE_NAMESPACE, Policy.CLOSED,
[])]
self.permissions.set(values)
result2 = self.namespaces.delete([u'fluiddb/test'])
self.assertEqual(result1, result2)
def testSetIsAllowed(self):
"""
Updating a L{Namespace} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.UPDATE_NAMESPACE, Policy.CLOSED,
[])]
self.permissions.set(values)
self.namespaces.set({u'fluiddb/test': u'new description'})
def testGetIsAllowed(self):
"""
Getting information about a L{Namespace} should be allowed if we're a
user with a L{Role.SUPERUSER} no matter what permissions we have.
"""
self.namespaces.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.LIST_NAMESPACE, Policy.CLOSED,
[])]
self.permissions.set(values)
result = self.namespaces.get([u'fluiddb'],
withDescriptions=False,
withTags=True,
withNamespaces=True)
self.assertEqual(1, len(result))
class UserAPITest(UserAPITestMixin, FluidinfoTestCase):
resources = [('config', ConfigResource()), ('store', DatabaseResource())]
def setUp(self):
super(UserAPITest, self).setUp()
self.system = createSystemData()
self.users = UserAPI()
class CachingUserAPIWithBrokenCacheTest(UserAPITestMixin, FluidinfoTestCase):
resources = [('cache', BrokenCacheResource()),
('config', ConfigResource()), ('log', LoggingResource()),
('store', DatabaseResource())]
def setUp(self):
super(CachingUserAPIWithBrokenCacheTest, self).setUp()
self.system = createSystemData()
self.users = CachingUserAPI()
class SecureUserAPITest(UserAPITestMixin, CachingUserAPITestMixin,
FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureUserAPITest, self).setUp()
self.system = createSystemData()
user = self.system.users[u'fluiddb']
self.users = SecureUserAPI(user)
class APIFactoryTest(FluidinfoTestCase):
resources = [('config', ConfigResource()), ('store', DatabaseResource())]
def setUp(self):
super(APIFactoryTest, self).setUp()
self.system = createSystemData()
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
self.user = getUser(u'user')
self.factory = APIFactory()
def testUsers(self):
"""L{APIFactory.users} returns a usable L{UserAPI} instance."""
self.assertIsInstance(self.factory.users(), UserAPI)
def testObjects(self):
"""L{APIFactory.objects} returns a usable L{ObjectAPI} instance."""
self.assertIsInstance(self.factory.objects(self.user), ObjectAPI)
def testNamespaces(self):
"""
L{APIFactory.namespaces} returns a usable L{NamespaceAPI} instance.
"""
self.assertIsInstance(self.factory.namespaces(self.user), NamespaceAPI)
def testTags(self):
"""L{APIFactory.tags} returns a usable L{TagAPI} instance."""
self.assertIsInstance(self.factory.tags(self.user), TagAPI)
def testTagValues(self):
"""L{APIFactory.tagValues} returns a usable L{TagValueAPI} instance."""
self.assertIsInstance(self.factory.tagValues(self.user), TagValueAPI)
def testPermissions(self):
"""
L{APIFactory.permissions} returns a usable L{PermissionAPI} instance.
"""
self.assertIsInstance(self.factory.permissions(self.user),
PermissionAPI)
def testPermissionCheckers(self):
"""
L{APIFactory.permissionCheckers} returns a usable
L{PermissionCheckerAPI} instance.
"""
self.assertIsInstance(self.factory.permissionCheckers(),
PermissionCheckerAPI)
def testRecentActivity(self):
"""
L{APIFactory.recentActivity} returns a usable L{RecentActivityAPI}
instance.
"""
self.assertIsInstance(self.factory.recentActivity(), RecentActivityAPI)
class SecureUserAPIWithAnonymousRoleTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureUserAPIWithAnonymousRoleTest, self).setUp()
system = createSystemData()
self.user = system.users[u'anon']
self.users = SecureUserAPI(self.user)
def testCreateIsDenied(self):
"""
L{SecureUserAPI.create} raises a L{PermissionDeniedError} if it's
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
values = [(u'user', u'secret', u'User', u'*****@*****.**')]
error = self.assertRaises(PermissionDeniedError, self.users.create,
values)
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'user', Operation.CREATE_USER)],
error.pathsAndOperations)
def testDeleteIsDenied(self):
"""
L{SecureUserAPI.delete} raises a L{PermissionDeniedError} if it's
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
error = self.assertRaises(PermissionDeniedError, self.users.delete,
[u'user'])
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'user', Operation.DELETE_USER)],
error.pathsAndOperations)
def testGetIsAllowed(self):
"""
L{SecureUserAPI.get} can always be invoked by a L{User} with the
L{Role.ANONYMOUS}.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
result = self.users.get([u'user'])
self.assertIn(u'user', result)
def testSetIsDenied(self):
"""
L{SecureUserAPI.set} raises a L{PermissionDeniedError} if it's invoked
by a L{User} with the L{Role.ANONYMOUS}.
"""
values = [(u'user', u'secret', u'User', u'*****@*****.**', None)]
error = self.assertRaises(PermissionDeniedError, self.users.set,
values)
self.assertEqual(self.user.username, error.username)
self.assertEqual([(u'user', Operation.UPDATE_USER)],
error.pathsAndOperations)
class GetObjectIndexTest(FluidinfoTestCase):
resources = [('config', ConfigResource())]
def testGetObjectIndex(self):
"""
L{getObjectIndex} returns a configured L{ObjectIndex} that is ready to
use.
"""
index = getObjectIndex()
self.assertIsInstance(index, ObjectIndex)
class OAuthRenewalTokenTest(OAuthAccessTokenBaseTestMixin, FluidinfoTestCase):
cls = OAuthRenewalToken
resources = [('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(OAuthRenewalTokenTest, self).setUp()
createSystemData()
secret = ''.join(sample(ALPHABET, 16))
self.config.set('oauth', 'renewal-secret', secret)
class ObjectAPITest(ObjectAPITestMixin, FluidinfoTestCase):
resources = [('client', IndexResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(ObjectAPITest, self).setUp()
self.system = createSystemData()
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
self.user = getUser(u'user')
self.objects = ObjectAPI(self.user)
class TagAPITest(TagAPITestMixin, FluidinfoTestCase):
resources = [('config', ConfigResource()), ('store', DatabaseResource())]
def setUp(self):
super(TagAPITest, self).setUp()
self.system = createSystemData()
UserAPI().create([(u'username', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'username')
self.permissions = PermissionAPI(self.user)
self.tags = TagAPI(self.user)
class SecureTagAPIWithSuperuserTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureTagAPIWithSuperuserTest, self).setUp()
system = createSystemData()
user = system.users[u'fluiddb']
self.tags = SecureTagAPI(user)
self.permissions = CachingPermissionAPI(user)
def testCreateIsAllowed(self):
"""
Creating a new L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
values = [(u'fluiddb', Operation.CREATE_NAMESPACE, Policy.CLOSED, [])]
self.permissions.set(values)
result = self.tags.create([(u'fluiddb/test', u'description')])
self.assertEqual(1, len(result))
def testDeleteIsAllowed(self):
"""
Deleting a L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result1 = self.tags.create([(u'fluiddb/test', u'description')])
values = [(u'fluiddb/test', Operation.DELETE_TAG, Policy.CLOSED, [])]
self.permissions.set(values)
result2 = self.tags.delete([u'fluiddb/test'])
self.assertEqual(result1, result2)
def testSetIsAllowed(self):
"""
Updating a L{Tag} should be allowed if we're a user with a
L{Role.SUPERUSER} no matter what permissions we have.
"""
result = self.tags.create([(u'fluiddb/test', u'A description')])
[(objectID, _)] = result
values = [(u'fluiddb/test', Operation.UPDATE_TAG, Policy.CLOSED, [])]
self.permissions.set(values)
self.tags.set({u'fluiddb/test': u'A new description'})
result = self.tags.get([u'fluiddb/test'], withDescriptions=True)
expected = {
u'fluiddb/test': {
'id': objectID,
'description': u'A new description'
}
}
self.assertEqual(expected, result)
class CachingRecentActivityAPITest(RecentActivityAPITestMixin,
CachingRecentActivityAPITestMixin,
FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(CachingRecentActivityAPITest, self).setUp()
createSystemData()
self.recentActivity = CachingRecentActivityAPI()
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
self.user = getUser(u'user')
class CachingPermissionAPIWithBrokenCacheTest(PermissionAPITestMixin,
FluidinfoTestCase):
resources = [('cache', BrokenCacheResource()),
('config', ConfigResource()), ('log', LoggingResource()),
('store', DatabaseResource())]
def setUp(self):
super(CachingPermissionAPIWithBrokenCacheTest, self).setUp()
self.system = createSystemData()
UserAPI().create([(u'username', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'username')
self.permissions = CachingPermissionAPI(self.user)
class SecureUserAPIWithSuperuserRoleTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureUserAPIWithSuperuserRoleTest, self).setUp()
self.system = createSystemData()
self.users = SecureUserAPI(self.system.users[u'fluiddb'])
def testCreateIsAllowed(self):
"""
L{SecureUserAPI.create} can always be invoked by a L{User} with the
L{Role.SUPERUSER}.
"""
self.users.create([(u'user', u'secret', u'User', u'*****@*****.**')])
user = getUser(u'user')
self.assertEqual(u'user', user.username)
def testDeleteIsAllowed(self):
"""
L{SecureUserAPI.delete} can always be invoked by a L{User} with the
L{Role.SUPERUSER}.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
namespaces = SecureNamespaceAPI(self.system.users['fluiddb'])
namespaces.delete([u'user/private'])
self.users.delete([u'user'])
self.assertIdentical(None, getUser(u'user'))
def testGetIsAllowed(self):
"""
L{SecureUserAPI.get} can always be invoked by a L{User} with the
L{Role.SUPERUSER}.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
result = self.users.get([u'user'])
self.assertIn(u'user', result)
def testSetIsAllowed(self):
"""
L{SecureUserAPI.set} can always be invoked by a L{User} with the
L{Role.SUPERUSER}.
"""
UserAPI().create([(u'user', u'secret', u'User', u'*****@*****.**')])
user = getUser(u'user')
self.users.set([(u'user', u'secret', u'User', u'*****@*****.**',
None)])
self.assertEqual(u'*****@*****.**', user.email)
class SecureCommentAPIWithAnonymousRoleTest(FluidinfoTestCase):
resources = [('config', ConfigResource()),
('client', IndexResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureCommentAPIWithAnonymousRoleTest, self).setUp()
system = createSystemData()
self.anon = system.users[u'anon']
def testCreateIsDenied(self):
"""
L{SecureObjectAPI.create} raises a L{PermissionDeniedError} if it's
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
commentAPI = SecureCommentAPI(self.anon)
error = self.assertRaises(PermissionDeniedError, commentAPI.create,
'text...', 'joe')
self.assertEqual(self.anon.username, error.username)
self.assertEqual(
[(u'fluidinfo.com/info/username', Operation.WRITE_TAG_VALUE)],
error.pathsAndOperations)
def testDeleteIsDenied(self):
"""
L{SecureObjectAPI.delete} raises a L{PermissionDeniedError} if it's
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
commentAPI = SecureCommentAPI(self.anon)
error = self.assertRaises(PermissionDeniedError, commentAPI.delete,
'digg.com', 'joe', datetime.utcnow())
self.assertEqual(self.anon.username, error.username)
self.assertEqual(
[(u'fluidinfo.com/info/username', Operation.DELETE_TAG_VALUE)],
error.pathsAndOperations)
def testUpdateWithAnonymous(self):
"""
L{SecureObjectAPI.update} raises a L{PermissionDeniedError} if it's
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
commentAPI = SecureCommentAPI(self.anon)
error = self.assertRaises(PermissionDeniedError, commentAPI.update,
'digg.com', 'joe', datetime.utcnow(), u'new')
self.assertEqual(self.anon.username, error.username)
self.assertEqual(
[(u'fluidinfo.com/info/username', Operation.WRITE_TAG_VALUE)],
error.pathsAndOperations)
class SecureNamespaceAPITest(NamespaceAPITestMixin,
CachingNamespaceAPITestMixin,
SecureNamespaceAPITestMixin, FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureNamespaceAPITest, self).setUp()
self.system = createSystemData()
UserAPI().create([(u'username', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'username')
self.namespaces = SecureNamespaceAPI(self.user)
self.permissions = CachingPermissionAPI(self.user)
class ObjectCacheTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('log', LoggingResource(format='%(message)s'))]
def setUp(self):
super(ObjectCacheTest, self).setUp()
self.objectCache = ObjectCache()
def testGetReturnsObjectsInCache(self):
"""L{ObjectCache.get} returns the objectIDs saved in the cache."""
objectID1 = uuid4()
objectID2 = uuid4()
self.cache.set(u'about:about1', str(objectID1))
self.cache.set(u'about:about2', str(objectID2))
result = self.objectCache.get([u'about1', u'about2'])
expected = {u'about1': objectID1, u'about2': objectID2}
self.assertEqual(expected, result.results)
self.assertEqual([], result.uncachedValues)
def testGetReturnsUncachedValues(self):
"""
L{ObjectCache.get} returns values not found in the cache in the
C{uncachedValues} field of the L{CacheResult} object.
"""
objectID1 = uuid4()
self.cache.set(u'about:about1', str(objectID1))
result = self.objectCache.get([u'about1', u'about2', u'about3'])
self.assertEqual({u'about1': objectID1}, result.results)
self.assertEqual([u'about2', u'about3'], result.uncachedValues)
def testGetWithUnicodeAboutValue(self):
"""
L{ObjectCache.get} correctly get objectIDs with unicode about values.
"""
objectID1 = uuid4()
self.cache.set(u'about:\N{HIRAGANA LETTER A}', str(objectID1))
result = self.objectCache.get([u'\N{HIRAGANA LETTER A}'])
self.assertEqual({u'\N{HIRAGANA LETTER A}': objectID1}, result.results)
self.assertEqual([], result.uncachedValues)
def testSaveStoresValuesInTheCache(self):
"""L{ObjectCache.save} stores a result in the cache."""
objectID1 = uuid4()
objectID2 = uuid4()
self.objectCache.save({u'about1': objectID1, u'about2': objectID2})
self.assertEqual(str(objectID1), self.cache.get('about:about1'))
self.assertEqual(str(objectID2), self.cache.get('about:about2'))
class SecureTagAPIWithAnonymousRoleTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureTagAPIWithAnonymousRoleTest, self).setUp()
system = createSystemData()
self.anon = system.users[u'anon']
UserAPI().create([(u'username', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'username')
self.tags = SecureTagAPI(self.anon)
def testCreateIsDenied(self):
"""
L{SecureTagAPI.create} raises a L{PermissionDeniedError} if its
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
error = self.assertRaises(PermissionDeniedError, self.tags.create,
[(u'user/foo', 'A foo tag')])
self.assertEqual(self.anon.username, error.username)
self.assertEqual([('user', Operation.CREATE_NAMESPACE)],
error.pathsAndOperations)
def testDeleteIsDenied(self):
"""
L{SecureTagAPI.delete} raises a L{PermissionDeniedError} if its
invoked by a L{User} with the L{Role.ANONYMOUS}.
"""
createTag(self.user, self.user.namespace, u'path')
error = self.assertRaises(PermissionDeniedError, self.tags.delete,
[u'user/path'])
self.assertEqual(self.anon.username, error.username)
self.assertEqual([('user/path', Operation.DELETE_TAG)],
error.pathsAndOperations)
def testSetIsDenied(self):
"""
L{SecureTagAPI.set} raises a L{PermissionDeniedError} if its invoked
by a L{User} with the L{Role.ANONYMOUS}.
"""
createTag(self.user, self.user.namespace, u'path')
error = self.assertRaises(PermissionDeniedError, self.tags.set,
{u'user/path': 'A path tag'})
self.assertEqual(self.anon.username, error.username)
self.assertEqual([('user/path', Operation.UPDATE_TAG)],
error.pathsAndOperations)
class SecureTagValueAPIWithSuperuserRoleTest(FluidinfoTestCase):
resources = [('cache', CacheResource()),
('config', ConfigResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureTagValueAPIWithSuperuserRoleTest, self).setUp()
system = createSystemData()
self.superuser = system.users[u'fluiddb']
TagAPI(self.superuser).create([(u'fluiddb/tag', u'description')])
self.tagValues = SecureTagValueAPI(self.superuser)
self.permissions = CachingPermissionAPI(self.superuser)
def testGetIsAllowed(self):
"""L{SecureTagValueAPI.get} is always allowed for the superuser."""
objectID = uuid4()
values = {objectID: {u'fluiddb/tag': 16}}
self.tagValues.set(values)
self.permissions.set([(u'fluiddb/tag', Operation.READ_TAG_VALUE,
Policy.CLOSED, [])])
result = self.tagValues.get(objectIDs=[objectID],
paths=[u'fluiddb/tag'])
self.assertEqual(16, result[objectID][u'fluiddb/tag'].value)
def testSetIsAllowed(self):
"""L{SecureTagValueAPI.set} is always allowed for the superuser."""
self.permissions.set([(u'fluiddb/tag', Operation.WRITE_TAG_VALUE,
Policy.CLOSED, [])])
objectID = uuid4()
values = {objectID: {u'fluiddb/tag': 16}}
self.tagValues.set(values)
result = self.tagValues.get(objectIDs=[objectID],
paths=[u'fluiddb/tag'])
self.assertEqual(16, result[objectID][u'fluiddb/tag'].value)
def testDeleteIsAllowed(self):
"""L{SecureTagValueAPI.delete} is always allowed for the superuser."""
self.permissions.set([(u'fluiddb/tag', Operation.DELETE_TAG_VALUE,
Policy.CLOSED, [])])
objectID = uuid4()
values = {objectID: {u'fluiddb/tag': 16}}
self.tagValues.set(values)
self.tagValues.delete([(objectID, u'fluiddb/tag')])
result = self.tagValues.get(objectIDs=[objectID],
paths=[u'fluiddb/tag'])
self.assertEqual({}, result)
class FacadeCheckerTest(FluidinfoTestCase):
resources = [('cache', CacheResource()), ('config', ConfigResource()),
('log', LoggingResource()), ('store', DatabaseResource()),
('threadPool', ThreadPoolResource())]
def setUp(self):
super(FacadeCheckerTest, self).setUp()
factory = FluidinfoSessionFactory('API-9000')
transact = Transact(self.threadPool)
createSystemData()
self.checker = FacadeChecker()
self.checker.facadeClient = Facade(transact, factory)
def testRequestAvatarIdWithIncorrectPassword(self):
"""
L{FacadeChecker.requestAvatarId} when passed credentials with an
incorrect password must raise C{UnauthorizedLogin}.
"""
createUser(u'user', u'pass', u'User', u'*****@*****.**')
self.store.commit()
credentials = UsernamePassword('user', 'bad password')
deferred = self.checker.requestAvatarId(credentials)
return self.assertFailure(deferred, UnauthorizedLogin)
def testRequestAvatarIdWithNonExistentUser(self):
"""
L{FacadeChecker.requestAvatarId} when passed credentials with a
non-existent user must raise C{UnauthorizedLogin}.
"""
credentials = UsernamePassword('user', 'pass')
deferred = self.checker.requestAvatarId(credentials)
return self.assertFailure(deferred, UnauthorizedLogin)
@inlineCallbacks
def testRequestAvatarId(self):
"""
L{FacadeChecker.requestAvatarId} when passed credentials creates a
L{FluidinfoSession} for the authenticated user only if credentials
are correct.
"""
user = createUser(u'user', u'pass', u'User', u'*****@*****.**')
self.store.commit()
credentials = UsernamePassword('user', 'pass')
session = yield self.checker.requestAvatarId(credentials)
self.assertEqual(user.username, session.auth.username)
self.assertEqual(user.objectID, session.auth.objectID)
class SecureObjectAPIWithBrokenCacheTest(ObjectAPITestMixin,
SecureObjectAPITestMixin,
FluidinfoTestCase):
resources = [('cache', BrokenCacheResource()),
('client', IndexResource()),
('config', ConfigResource()),
('log', LoggingResource()),
('store', DatabaseResource())]
def setUp(self):
super(SecureObjectAPIWithBrokenCacheTest, self).setUp()
self.system = createSystemData()
UserAPI().create([(u'user', u'password', u'User',
u'*****@*****.**')])
self.user = getUser(u'user')
self.objects = SecureObjectAPI(self.user)
class BuildIndexTest(FluidinfoTestCase):
resources = [('client', IndexResource()), ('config', ConfigResource()),
('store', DatabaseResource())]
@inlineCallbacks
def testBuildIndexWithoutData(self):
"""L{buildIndex} is effectively a no-op if the main store is empty."""
with open(os.devnull, 'w') as stream:
yield buildIndex(self.client.url, stream=stream)
response = yield self.client.search('*:*')
self.assertEqual([], response.results.docs)
@inlineCallbacks
def testBuildIndexWithDirtyIndex(self):
"""
L{buildIndex} raises a C{RuntimeError} if the Solr index already
contains documents.
"""
objectID = uuid4()
index = ObjectIndex(self.client)
yield index.update({objectID: {u'test/tag': 42}})
yield self.client.commit()
yield self.assertFailure(buildIndex(self.client.url), RuntimeError)
@inlineCallbacks
def testBuildIndex(self):
"""
L{buildIndex} creates documents for all tags values in the main store.
"""
user = createUser(u'username', u'secret', u'User', u'*****@*****.**')
namespace = createNamespace(user, u'username', None)
tag = createTag(user, namespace, u'tag')
objectID1 = uuid4()
objectID2 = uuid4()
createTagValue(user.id, tag.id, objectID1, 42)
createTagValue(user.id, tag.id, objectID2, 65)
with open(os.devnull, 'w') as stream:
yield buildIndex(self.client.url, stream=stream)
response = yield self.client.search('*:*')
self.assertEqual(
sorted([{
u'fluiddb/id': str(objectID1)
}, {
u'fluiddb/id': str(objectID2)
}]), sorted(response.results.docs))