Exemplo n.º 1
0
    def test_request_token_success(self):
        """
        Verify that we can request an access token and use it
        to access a restricted resource.
        """
        token_request_data_ok = {
            'client_id': 'client_1',
            'client_secret': 'secret_1',
            'grant_type': 'client_credentials'
        }

        wsgi_env = {
            'REMOTE_ADDR': '1.2.3.4',
            'HTTP_USER_AGENT': 'UnitTester',
        }

        with self.app.test_request_context(environ_base=wsgi_env):
            with app.test_client() as client:

                response = client.post(token_request_url,
                                       data=token_request_data_ok)
                access_token = response.json.get('access_token')

                # Now use the retrieved access token
                query_data = {'access_token': access_token}
                response = client.get(private_url, data=query_data)
                self.assert200(response, "Response code is not 200")

                if 200 == response.status_code:
                    data = response.json.get('data')
                    self.assertEqual('*****@*****.**',
                                     data.get('user')['email'])
                else:
                    self.fail("This should no happen")
Exemplo n.º 2
0
    def test_request_token_success(self):
        """
        Verify that we can request an access token and use it
        to access a restricted resource.
        """
        token_request_data_ok = {
            'client_id': 'client_1',
            'client_secret': 'secret_1',
            'grant_type': 'client_credentials'
        }

        wsgi_env = {
            'REMOTE_ADDR': '1.2.3.4',
            'HTTP_USER_AGENT': 'UnitTester',
        }

        with self.app.test_request_context(environ_base=wsgi_env):
            with app.test_client() as client:

                response = client.post(token_request_url,
                                       data=token_request_data_ok)
                access_token = response.json.get('access_token')

                # Now use the retrieved access token
                query_data = {'access_token': access_token}
                response = client.get(private_url, data=query_data)
                self.assert200(response, "Response code is not 200")

                if 200 == response.status_code:
                    data = response.json.get('data')
                    self.assertEqual('*****@*****.**',
                                     data.get('user')['email'])
                else:
                    self.fail("This should no happen")
Exemplo n.º 3
0
    def test_success(self):

        with self.app.test_request_context():
            with app.test_client() as client:
                # print("\n Request access from:{}" .format(token_request_url))
                response = client.post(token_request_url,
                                       data=token_request_data_ok)
                access_token = response.json.get('access_token')
                # print("Retrieved access token: {}".format(access_token))

                # Now use the retrieved access token
                auth_headers = [
                    ('Authorization', "Basic: {}".format(access_token)),
                    ('Content-Type', 'application/json')]

                # Test_1 bad json
                bad_response = client.post(save_patient_chunks_url,
                                           data='{"a": "b",}',
                                           headers=auth_headers)
                # Verify that we get a "400 BAD REQUEST"
                # response for invalid json
                self.assert400(bad_response, "Response code is not 400")

                # Test_2 KeyError 'data'
                with self.assertRaises(Exception):
                    bad_response = client.post(save_patient_chunks_url,
                                               data='{"data2": ""}',
                                               headers=auth_headers)

                # Test_3 valid request
                response = client.post(save_patient_chunks_url,
                                       data=chunks,
                                       headers=auth_headers)

                self.assert200(response, "Response code is not 200")
                data = response.json.get('data')
                # print("==> Integration test response: {}".format(data))
                status = response.json.get('status')

                if 'success' == status:
                    group_1 = data.get('1')
                    group_2 = data.get('2')
                    group_3 = data.get('3')

                    # compare the UUIDs generated using
                    # base_test_with_data#dummy_get_uuid_hex()
                    self.assertEqual(
                        group_1.get('uuid'),
                        '409949141ba811e69454f45c898e9b67')

                    self.assertEqual(
                        group_2.get('uuid'),
                        '509949141ba811e69454f45c898e9b67')

                    self.assertEqual(
                        group_3.get('uuid'),
                        '709949141ba811e69454f45c898e9b67')
                else:
                    self.fail("Error response: {}".format(data))
Exemplo n.º 4
0
 def test_login_form_display(self):
     """
     Check the login form message presence
     """
     with self.app.test_request_context():
         with app.test_client() as client:
             response = client.get(login_url)
             self.assertTrue(b'Please login' in response.data)
Exemplo n.º 5
0
 def test_access_protected_resource(self):
     """
     Verify that when not logged in the user is
     unable to access the protected content.
     """
     with self.app.test_request_context():
         with app.test_client() as client:
             response = client.get("https://localhost/api/hello")
             self.assertTrue(b'Please <a href="/">login</a> first.'
                             in response.data)
Exemplo n.º 6
0
    def test_access_protected_resource(self):
        """
        Verify that without an access token we can't access
        restricted routes.
        """

        with self.app.test_request_context():
            with app.test_client() as client:
                response = client.get(private_url)
                self.assert401(response)
                self.assertEqual('401 UNAUTHORIZED', response.status)
Exemplo n.º 7
0
    def test_access_protected_resource(self):
        """
        Verify that without an access token we can't access
        restricted routes.
        """

        with self.app.test_request_context():
            with app.test_client() as client:
                response = client.get(private_url)
                self.assert401(response)
                self.assertEqual('401 UNAUTHORIZED', response.status)
Exemplo n.º 8
0
    def test_login_success(self):
        """
        Emulate user login
        """
        login_data = {'email': '*****@*****.**',
                      'password': '******'}

        with self.app.test_request_context():
            with app.test_client() as client:
                app.preprocess_request()
                response = client.post(login_url, data=login_data,
                                       follow_redirects=True)
                self.assert200(response, "Response code is not 200")
                self.assertTrue(b'Hello [email protected]' in response.data)
Exemplo n.º 9
0
    def test_login_failure(self):
        """
        Try to login with an invalid password
        """
        login_data = {'email': '*****@*****.**',
                      'password': '******'}

        with self.app.test_request_context():
            with app.test_client() as client:
                response = client.post(login_url, data=login_data,
                                       follow_redirects=True)
                self.assert200(response, "Response code is not 200")
                self.assertTrue(b'Please login' in response.data)
                self.assertTrue(b'Hello [email protected]'
                                not in response.data)
Exemplo n.º 10
0
    def test_request_token_no_secret(self):
        """
        Verify that not specifying a `client_secret`
        results in a `401 Unauthorized` response
        """
        token_request_data_fail = {
            'client_id': 'client_1',
            'client_secret': '',
            'grant_type': 'client_credentials'
        }

        with self.app.test_request_context():
            with app.test_client() as client:

                with self.assertRaises(Exception):
                    response_fail = client.post(token_request_url,
                                                data=token_request_data_fail)
                    self.assert401(response_fail)
Exemplo n.º 11
0
    def test_request_token_no_secret(self):
        """
        Verify that not specifying a `client_secret`
        results in a `401 Unauthorized` response
        """
        token_request_data_fail = {
            'client_id': 'client_1',
            'client_secret': '',
            'grant_type': 'client_credentials'
        }

        with self.app.test_request_context():
            with app.test_client() as client:

                with self.assertRaises(Exception):
                    response_fail = client.post(token_request_url,
                                                data=token_request_data_fail)
                    self.assert401(response_fail)
Exemplo n.º 12
0
    def test_get_expired_token(self):
        """

        """
        with self.app.test_request_context():
            with app.test_client() as client:
                response = client.post(token_request_url,
                                       data=token_request_data_expired)
                access_token = response.json.get('access_token')
                # Now use the retrieved access token
                auth_headers = [
                    ('Authorization', "Basic: {}".format(access_token)),
                    ('Content-Type', 'application/json')]

                response = client.post(save_patient_chunks_url,
                                       data='{"data2": ""}',
                                       headers=auth_headers)
                self.assert401(response, "Response code is not 401")
                self.assertEqual('401 UNAUTHORIZED', response.status)

                # Verify that a new code was generated on the second request
                response = client.post(token_request_url,
                                       data=token_request_data_expired)
                self.assert200(response, "Response code is not 200")