def setUp(self):
self.key_owner = User(username="******")
self.key_owner.save()
self.token = Token(description='test key valid', owner=self.key_owner, is_valid=True)
self.key_invalid = Token(description='test key invalid', owner=self.key_owner)
self.token.save()
self.key_invalid.save()
class TokenModelTest(TestCase):
fixtures = ['tokit/fixtures/initial_data.json']
def setUp(self):
self.c = Client()
self.key_owner = User(username="******")
self.key_owner.save()
self.token = Token(description='test key valid', owner=self.key_owner, is_valid=True)
self.key_invalid = Token(description='test key invalid', owner=self.key_owner)
self.token.save()
self.key_invalid.save()
self.request = HttpRequest()
def tearDown(self):
self.key_owner.delete()
def test_extract_api_key_should_return_a_key_when_set_in_header(self):
self.assertEqual(extract_api_key(self.request), None)
self.request.META['HTTP_API_KEY'] = 12345
self.assertEqual(extract_api_key(self.request), 12345)
def test_extract_api_key_should_return_the_key_from_the_querystring_for_get(self):
self.request.method = "GET"
self.request.GET['api_key'] = 12345
self.assertEqual(extract_api_key(self.request), 12345)
def test_extract_api_key_should_return_the_key_from_the_querystring_for_post(self):
self.request.method = "POST"
self.request.POST['api_key'] = 12345
self.assertEqual(extract_api_key(self.request), 12345)
def test_has_permission_should_return_a_boolean_specifying_if_the_key_has_the_requested_permission(self):
token = Token(description='test key', owner=self.key_owner, is_valid=True)
token.save()
token.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
key_postandget = Token(description='test key', owner=self.key_owner, is_valid=True)
key_postandget.save()
key_postandget.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
key_postandget.permissions.add(TokenPermission.objects.get(codename='can_post_to_api'))
self.assertTrue(token.has_permission('can_get_from_api'))
self.assertFalse(token.has_permission('can_post_to_api'))
self.assertTrue(key_postandget.has_permission('can_get_from_api'))
self.assertTrue(key_postandget.has_permission('can_post_to_api'))
def setUp(self):
self.key_owner = User(username="******")
self.key_owner.save()
self.api_key = Token(key="101010", owner=self.key_owner)
self.api_key.access_count_last_day = 0
self.api_key.save()
self.api_key.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
self.api_key.permissions.add(TokenPermission.objects.get(codename='can_post_to_api'))
def test_has_all_permissions_should_return_a_boolean_if_token_has_all_required_permissions(self):
key_postandget = Token(description='test key', owner=self.key_owner, is_valid=True)
key_postandget.save()
key_postandget.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
key_postandget.permissions.add(TokenPermission.objects.get(codename='can_post_to_api'))
permissions = ['can_get_from_api', 'can_post_to_api']
permissions_false = ['can_vote_in_china', 'can_get_from_api']
self.assertTrue(key_postandget.has_all_permissions(permissions))
self.assertFalse(key_postandget.has_all_permissions(permissions_false))
key_postandget.delete()
def test_decorated_function_should_fail_if_key_dont_have_permission_assign(self) :
token = Token(key="101011", owner=self.key_owner)
token.is_valid = True
token.save()
@validate_token(permissions=['can_post_to_api'])
def silly_fun(req) :
return "success"
request = Dummy()
request.POST = {"api_key" : token.key }
request.method = "POST"
result = silly_fun(request)
self.assertEqual(result.content, """{"msg": "Error this key does not have the permission to access this call", "status": -997, "API_KEY": "101011", "method": "POST"}""")
token.delete()
class DecoratorsTest(TestCase) :
fixtures = ['tokit/fixtures/initial_data.json']
def setUp(self):
self.key_owner = User(username="******")
self.key_owner.save()
self.api_key = Token(key="101010", owner=self.key_owner)
self.api_key.access_count_last_day = 0
self.api_key.save()
self.api_key.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
self.api_key.permissions.add(TokenPermission.objects.get(codename='can_post_to_api'))
def tearDown(self):
self.api_key.delete()
self.key_owner.delete()
def test_decorated_function_should_pass_with_valid_key(self) :
self.api_key.is_valid = True
self.api_key.is_internal = True
self.api_key.save()
@validate_token(permissions=['can_post_to_api', 'can_get_from_api'])
def silly_fun(req) :
return "success"
request = Dummy()
request.POST = { "api_key" : self.api_key.key }
request.method = "POST"
print silly_fun(request)
assert silly_fun(request) == "success", "Key was found to be invalid"
def test_decorated_function_should_fail_if_key_dont_have_permission_assign(self) :
token = Token(key="101011", owner=self.key_owner)
token.is_valid = True
token.save()
@validate_token(permissions=['can_post_to_api'])
def silly_fun(req) :
return "success"
request = Dummy()
request.POST = {"api_key" : token.key }
request.method = "POST"
result = silly_fun(request)
self.assertEqual(result.content, """{"msg": "Error this key does not have the permission to access this call", "status": -997, "API_KEY": "101011", "method": "POST"}""")
token.delete()
def test_decorated_function_should_fail_with_invalid_key_POST(self) :
self.api_key.is_valid = False
self.api_key.is_internal = True
self.api_key.save()
@validate_token(permissions=['can_post_to_api', 'can_get_from_api'])
def silly_fun(req) :
return "success"
request = Dummy()
request.POST = {"api_key" : self.api_key.key }
request.method = "POST"
result = silly_fun(request)
assert result.content == """{"msg": "Error INVALID API Key used please use or register a proper key", "status": -999, "API_KEY": "101010", "method": "POST"}""", "Key was found to be invalid"
def test_decorated_function_should_fail_with_invalid_key_GET(self):
self.api_key.is_valid = False
self.api_key.is_internal = False
@validate_token()
def silly_fun(req) :
return "success"
request = Dummy()
request.GET = {"api_key" : 'bob' }
request.method = "GET"
result = silly_fun(request)
assert result.content == """{"msg": "Error INVALID API Key used please use or register a proper key", "status": -999, "API_KEY": "bob", "method": "GET"}""", "Expected the key to check as False"
def test_decorated_function_should_valid_token_quota_is_over_limit_and_should_check_false(self):
self.api_key.is_valid = True
self.api_key.access_count_last_day = 1000000
self.api_key.save()
@validate_token()
def silly_fun(req) :
return "success"
request = Dummy()
request.GET = {"api_key" : self.api_key.key }
request.method = "GET"
result = silly_fun(request)
self.assertEqual(result.content, """{"msg": "Error quota exceeded!", "status": -800, "API_KEY": "101010", "method": "GET"}""")
def test_valid_token_over_its_limit_that_is_internal_should_check_true(self):
self.api_key.is_valid = True
self.api_key.access_count_last_day = 1000000
self.api_key.is_internal = True
self.api_key.save()
@validate_token()
def silly_fun(req) :
return "success"
request = Dummy()
request.GET = {"api_key" : self.api_key.key }
request.method = "GET"
result = silly_fun(request)
self.assertEqual(result, 'success')
class TokenModelTest(TestCase):
fixtures = ['tokit/fixtures/initial_data.json']
def setUp(self):
self.key_owner = User(username="******")
self.key_owner.save()
self.token = Token(description='test key valid', owner=self.key_owner, is_valid=True)
self.key_invalid = Token(description='test key invalid', owner=self.key_owner)
self.token.save()
self.key_invalid.save()
def tearDown(self):
self.key_invalid.delete()
self.token.delete()
self.key_owner.delete()
def test_token_should_be_able_to_generate_unique_key_on_creation(self):
key = Token(description='test key', owner=self.key_owner)
key.save()
self.assertFalse(key.key in ['',0 ])
key.delete()
def test_is_key_valid_should_return_true_if_the_key_exist_and_is_valid(self):
self.assertTrue(Token.objects.is_key_valid(self.token.key))
self.assertFalse(Token.objects.is_key_valid(self.key_invalid.key))
self.assertFalse(Token.objects.is_key_valid('asdfa-asdf-ads'))
def test_get_permissions_should_return_a_list_of_permissions_the_token_has_set(self):
token = Token(description='test key valid', owner=self.key_owner, is_valid=True)
token.save()
token.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
self.assertEqual(['can_get_from_api'], token.get_permissions())
def test_has_permission_should_return_a_boolean_specifying_if_the_key_has_the_requested_permission(self):
token = Token(description='test key', owner=self.key_owner, is_valid=True)
token.save()
token.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
key_postandget = Token(description='test key', owner=self.key_owner, is_valid=True)
key_postandget.save()
key_postandget.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
key_postandget.permissions.add(TokenPermission.objects.get(codename='can_post_to_api'))
self.assertTrue(token.has_permission('can_get_from_api'))
self.assertFalse(token.has_permission('can_post_to_api'))
self.assertTrue(key_postandget.has_permission('can_get_from_api'))
self.assertTrue(key_postandget.has_permission('can_post_to_api'))
def test_has_all_permissions_should_return_a_boolean_if_token_has_all_required_permissions(self):
key_postandget = Token(description='test key', owner=self.key_owner, is_valid=True)
key_postandget.save()
key_postandget.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
key_postandget.permissions.add(TokenPermission.objects.get(codename='can_post_to_api'))
permissions = ['can_get_from_api', 'can_post_to_api']
permissions_false = ['can_vote_in_china', 'can_get_from_api']
self.assertTrue(key_postandget.has_all_permissions(permissions))
self.assertFalse(key_postandget.has_all_permissions(permissions_false))
key_postandget.delete()
def test_has_access_should_return_true_if_token_is_internal(self):
self.token.is_internal = True
self.assertTrue(self.token.has_access())
def test_has_access_should_validate_if_token_exceeded_access_quota_and_is_not_internal(self):
self.token.is_internal = False
self.token.access_count_last_day = 1800
self.assertTrue(self.token.has_access())
self.token.access_count_last_day = 2200
self.assertFalse(self.token.has_access())
def test_get_permissions_should_return_a_list_of_permissions_the_token_has_set(self):
token = Token(description='test key valid', owner=self.key_owner, is_valid=True)
token.save()
token.permissions.add(TokenPermission.objects.get(codename='can_get_from_api'))
self.assertEqual(['can_get_from_api'], token.get_permissions())
def test_token_should_be_able_to_generate_unique_key_on_creation(self):
key = Token(description='test key', owner=self.key_owner)
key.save()
self.assertFalse(key.key in ['',0 ])
key.delete()
