def test_can_authenticate_existent_user(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**')
with patch.object(AuthenticateHandler,
'authenticate_on_google') as auth_mock:
result = gen.Future()
result.set_result({
'email': '*****@*****.**',
'fullname': 'Test',
'id': '12345'
})
auth_mock.return_value = result
try:
response = yield self.anonymous_fetch('/authenticate',
method='POST',
body=dumps({
'provider':
'GooglePlus',
'access_token':
'VALID-TOKEN',
}))
except HTTPError, e:
response = e.response
expect(response.code).to_equal(200)
expect(loads(response.body)['first_login']).to_be_false()
expect(loads(response.body)['authenticated']).to_be_true()
expect(user).not_to_be_null()
def test_can_set_cookie_on_authentication(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', fullname='Test', id='1')
user.first_login = True
with patch.object(AuthenticateHandler, 'authenticate') as auth_mock:
result = gen.Future()
result.set_result(user)
auth_mock.return_value = result
try:
response = yield self.anonymous_fetch('/authenticate',
method='POST',
body=dumps({
'provider':
'GooglePlus',
'access_token':
'VALID-TOKEN',
}))
except HTTPError, e:
response = e.response
expect(response.code).to_equal(200)
expect(loads(response.body)['first_login']).to_be_true()
expect(loads(response.body)['authenticated']).to_be_true()
expect('HOLMES_AUTH_TOKEN' in response.headers.get(
'Set-Cookie')).to_equal(True)
def test_can_save_prefs_as_superuser(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
domain = DomainFactory.create(name='globo.com')
key = KeyFactory.create(name='some.random')
DomainsViolationsPrefsFactory.create(domain=domain, key=key, value=100)
loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
self.db, domain.name)
expect(loaded_prefs).to_length(1)
expect(loaded_prefs[0]).to_be_like({
'value': 100,
'key': 'some.random'
})
yield self.authenticated_fetch('/domains/%s/violations-prefs/' %
domain.name,
user_email=user.email,
method='POST',
body=dumps([
{
'key': 'some.random',
'value': 10
},
]))
loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
self.db, domain.name)
expect(loaded_prefs).to_length(1)
expect(loaded_prefs[0]).to_be_like({'value': 10, 'key': 'some.random'})
def test_cant_save_prefs_as_normal_user(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=False)
domain = DomainFactory.create(name='globo.com')
key = KeyFactory.create(name='some.random')
DomainsViolationsPrefsFactory.create(domain=domain, key=key, value=100)
loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
self.db, domain.name)
expect(loaded_prefs).to_length(1)
expect(loaded_prefs[0]).to_be_like({
'value': 100,
'key': 'some.random'
})
try:
yield self.authenticated_fetch('/domains/%s/violations-prefs/' %
domain.name,
user_email=user.email,
method='POST',
body=dumps([
{
'key': 'some.random',
'value': 10
},
]))
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(401)
expect(e.response.reason).to_be_like('Unauthorized')
def test_can_verify_authenticated_request_as_superuser(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
response = yield self.authenticated_fetch('/authenticate',
user_email=user.email)
expect(response.code).to_equal(200)
response_body = loads(response.body)
expect(response_body['authenticated']).to_be_true()
expect(response_body['isSuperUser']).to_be_true()
def test_cant_save_limiters_as_normal_user(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=False)
try:
yield self.authenticated_fetch('/limiters',
user_email=user.email,
method='POST',
body=dumps({
'url': 'http://globo.com/',
'maxValue': 10
}))
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(401)
expect(e.response.reason).to_be_like('Unauthorized')
def test_cant_delete_nonexistent_limiter_as_superuser(self):
self.db.query(Limiter).delete()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
try:
yield self.authenticated_fetch('/limiters/1',
user_email=user.email,
method='DELETE')
except HTTPError, e:
expected = {'reason': 'Not Found', 'description': 'Not Found'}
expect(e).not_to_be_null()
expect(e.code).to_equal(404)
expect(e.response.reason).to_equal('Not Found')
expect(loads(e.response.body)).to_equal(expected)
def test_cant_save_limiters_with_empty_values_as_superuser(self):
self.db.query(Limiter).delete()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
try:
yield self.authenticated_fetch('/limiters',
user_email=user.email,
method='POST',
body='{}')
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(400)
expect(e.response.body).to_equal(
'{"reason":"Not url or value","description":"Not url or value"}'
)
def test_cant_delete_limiter_as_normal_user(self):
self.db.query(Limiter).delete()
limiter = LimiterFactory.create()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=False)
loaded_limiter = Limiter.by_id(limiter.id, self.db)
expect(loaded_limiter).not_to_be_null()
try:
yield self.authenticated_fetch('/limiters/%d' % limiter.id,
user_email=user.email,
method='DELETE')
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(401)
expect(e.response.reason).to_be_like('Unauthorized')
def test_can_save_limiters_as_superuser(self):
self.db.query(Limiter).delete()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
response = yield self.authenticated_fetch('/limiters',
user_email=user.email,
method='POST',
body=dumps({
'url':
'http://globo.com/',
'maxValue': 10
}))
expect(response).not_to_be_null()
expect(response.code).to_equal(200)
loaded_limiter = Limiter.by_url('http://globo.com/', self.db)
expect(loaded_limiter).not_to_be_null()
def test_cant_delete_limiter_with_empty_values_as_superuser(self):
self.db.query(Limiter).delete()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
try:
yield self.authenticated_fetch('/limiters',
user_email=user.email,
method='DELETE')
except HTTPError, e:
expected = {
'reason': 'Invalid data',
'description': 'Invalid data'
}
expect(e).not_to_be_null()
expect(e.code).to_equal(400)
expect(e.response.reason).to_equal('Bad Request')
expect(loads(e.response.body)).to_equal(expected)
def test_can_delete_limiter_as_superuser(self):
self.db.query(Limiter).delete()
limiter = LimiterFactory.create()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
loaded_limiter = Limiter.by_id(limiter.id, self.db)
expect(loaded_limiter).not_to_be_null()
response = yield self.authenticated_fetch('/limiters/%d' % limiter.id,
user_email=user.email,
method='DELETE')
expect(response.code).to_equal(204)
expect(response.body).to_length(0)
loaded_limiter = Limiter.by_id(limiter.id, self.db)
expect(loaded_limiter).to_be_null()
def test_can_save_prefs_as_normal_user(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=False)
try:
yield self.authenticated_fetch(
'/domains/blah.com/violations-prefs/',
method='POST',
user_email=user.email,
body=dumps([
{
'key': 'some.random',
'value': 10
},
]))
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(401)
expect(e.response.reason).to_be_like('Unauthorized')
expect(e.response.body).to_be_like('Unauthorized')
def test_can_save_prefs_for_invalid_domain_as_superuser(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
try:
yield self.authenticated_fetch(
'/domains/blah.com/violations-prefs/',
method='POST',
user_email=user.email,
body=dumps([
{
'key': 'some.random',
'value': 10
},
]))
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(404)
expect(e.response.reason).to_equal('Domain blah.com not found')
