def test_set_perms(self):
self.insert_user("foo", developer=True, level="basic")
user = AdsApiUser.from_dev_key("foo_dev_key")
self.assertTrue(user.is_developer())
self.assertEqual(user.user_rec.developer_perms, api_user.PERMISSION_LEVELS["basic"])
user.set_perms("devel")
user = AdsApiUser.from_dev_key("foo_dev_key")
self.assertEqual(user.user_rec.developer_perms, api_user.PERMISSION_LEVELS["devel"])
user.set_perms(perms={'bar': 'baz'})
user = AdsApiUser.from_dev_key("foo_dev_key")
self.assertEqual(user.user_rec.developer_perms, {'bar': 'baz'})
def test_allowed_ips_2(self):
dev_perms = api_user.PERMISSION_LEVELS['basic']
dev_perms['allowed_ips'] = ['192.168.0.1']
self.insert_user("foo", developer=True, dev_perms=dev_perms.copy())
user = AdsApiUser.from_dev_key("foo_dev_key")
with self.app.test_request_context('/'):
self.assertTrue(user.ip_allowed('192.168.0.1'))
self.assertFalse(user.ip_allowed('199.111.99.11'))
def test_allowed_ips_1(self):
"""
ip_allowed() should always be true if no 'allowed_ips' set in dev perms
"""
self.insert_user("foo", developer=True, level='basic')
user = AdsApiUser.from_dev_key("foo_dev_key")
with self.app.test_request_context('/'):
self.assertTrue(user.ip_allowed('192.168.0.1'))
def test_empty_dev_key(self):
"""ensure that a user record with a dev_key of "" doesn't allow access to empty dev_key input"""
self.insert_user("foo", developer=True)
with canned_solr_response_data():
user = AdsApiUser.from_dev_key("foo_dev_key")
user.set_dev_key("")
rv = self.client.get('/api/search/?q=black+holes&dev_key=')
self.assertEqual(rv.status_code, 401)
def test_default_perm_levels(self):
self.insert_user("foo", developer=True, level="basic")
u = AdsApiUser.from_dev_key("foo_dev_key")
self.assertIsNone(u._max_rows_ok(99))
self.assertIsNone(u._max_rows_ok(100))
self.assertRaisesRegexp(AssertionError, 'rows=101 exceeds max allowed value: 100', u._max_rows_ok, 101)
self.assertIsNone(u._max_start_ok(300))
self.assertRaisesRegexp(AssertionError, 'start=10001 exceeds max allowed value: 10000', u._max_start_ok, 10001)
self.assertRaisesRegexp(AssertionError, 'facets disabled', u._facets_ok, ["author"])
self.assertRaisesRegexp(AssertionError, 'highlighting disabled', u._highlight_ok, ["title"])
for f in config.API_SOLR_DEFAULT_FIELDS:
self.assertIsNone(u._fields_ok(f))
for f in config.API_SOLR_EXTRA_FIELDS:
self.assertRaisesRegexp(AssertionError, 'disallowed field: %s' % f, u._fields_ok, f)
self.insert_user("bar", developer=True, level="devel")
u = AdsApiUser.from_dev_key("bar_dev_key")
self.assertIsNone(u._max_rows_ok(200))
self.assertRaisesRegexp(AssertionError, 'rows=201 exceeds max allowed value: 200', u._max_rows_ok, 201)
self.assertIsNone(u._max_start_ok(50000))
self.assertRaisesRegexp(AssertionError, 'start=50001 exceeds max allowed value: 50000', u._max_start_ok, 50001)
self.assertIsNone(u._facets_ok(['author']))
self.assertIsNone(u._highlight_ok(['abstract']))
for f in config.API_SOLR_DEFAULT_FIELDS:
self.assertIsNone(u._fields_ok(f))
for f in config.API_SOLR_EXTRA_FIELDS:
self.assertRaisesRegexp(AssertionError, 'disallowed field: %s' % f, u._fields_ok, f)
for f in config.API_SOLR_HIGHLIGHT_FIELDS:
self.assertIsNone(u._highlight_ok([f]))
self.assertIsNone(u._highlight_ok(["%s:4" % f]))
self.assertRaisesRegexp(AssertionError, 'highlight count 5 exceeds', u._highlight_ok, ["%s:5" % f])
for f in config.API_SOLR_FACET_FIELDS.keys():
self.assertIsNone(u._facets_ok([f]))
def test_dev_user(self):
self.insert_user("a")
user = AdsApiUser.from_dev_key("b_dev_key")
self.assertIsNone(user)
self.insert_user("b")
user = AdsApiUser.from_dev_key("b_dev_key")
self.assertIsNone(user)
self.insert_user("c", developer=True)
user = AdsApiUser.from_dev_key("c_dev_key")
self.assertIsNotNone(user)
self.assertTrue(user.is_developer())
self.assertEqual("c_name", user.name)
self.insert_user("d", developer=True, dev_perms={"foo": 1})
user = AdsApiUser.from_dev_key("d_dev_key")
self.assertIsNotNone(user)
self.assertIn("foo", user.get_dev_perms())
def test_allowed_ips_4(self):
"""
once more with an real ip value use case
"""
dev_perms = api_user.PERMISSION_LEVELS['collab']
dev_perms['allowed_ips'] = ['131.142.184.0/24','131.142.185.0/24']
self.insert_user("foo", developer=True, dev_perms=dev_perms.copy())
user = AdsApiUser.from_dev_key("foo_dev_key")
with self.app.test_request_context('/'):
self.assertTrue(user.ip_allowed('131.142.184.21'))
self.assertTrue(user.ip_allowed('131.142.185.101'))
self.assertFalse(user.ip_allowed('131.142.186.190'))
def test_returned_fields(self):
self.insert_user("foo", developer=True, level="basic")
api_user = AdsApiUser.from_dev_key("foo_dev_key")
rv = self.client.get('/api/search/?q=black+holes&dev_key=foo_dev_key')
resp = json.loads(rv.data)
allowed_fields = api_user.get_allowed_fields()
for f in resp['results']['docs'][0].keys():
self.assertIn(f, allowed_fields)
rv = self.client.get('/api/search/?q=black+holes&dev_key=foo_dev_key&fl=abstract,title')
resp = json.loads(rv.data)
expected_fields = ['abstract','title'] + config.SOLR_SEARCH_REQUIRED_FIELDS
self.assertEqual(set(resp['results']['docs'][0].keys()), set(expected_fields))
def test_returned_highlights(self):
self.insert_user("foo", developer=True, level="devel")
api_user = AdsApiUser.from_dev_key("foo_dev_key")
regex = re.compile('<em>\(?black', re.IGNORECASE)
rv = self.client.get('/api/search/?q=abstract:\"black+holes\"&dev_key=foo_dev_key&hl=abstract&rows=1')
resp = json.loads(rv.data)
for doc in resp['results']['docs']:
self.assertIn('highlights', doc)
self.assertIn('abstract', doc['highlights'])
self.assertTrue(regex.search(doc['highlights']['abstract'][0]))
rv = self.client.get('/api/search/?q=abstract:\"black+holes\"&dev_key=foo_dev_key&hl=abstract:2')
resp = json.loads(rv.data)
maxh = 0
for doc in resp['results']['docs']:
self.assertIn('highlights', doc)
self.assertIn('abstract', doc['highlights'])
self.assertTrue(regex.search(doc['highlights']['abstract'][0]))
if len(doc['highlights']['abstract']) > maxh:
maxh = len(doc['highlights']['abstract'])
self.assertTrue(maxh == 2, "Twere were too few/many hightlights returned, requested=2, returned=%s" % maxh )
# multiple fields
rv = self.client.get('/api/search/?q=\"black+holes\"+AND+bibcode:2014MNRAS.440L.121D&qf=body+abstract&dev_key=foo_dev_key&hl=abstract:1&hl=body:3')
resp = json.loads(rv.data)
for doc in resp['results']['docs']:
self.assertIn('highlights', doc)
self.assertIn('abstract', doc['highlights'])
self.assertTrue(regex.search(doc['highlights']['abstract'][0]))
self.assertIn('body', doc['highlights'])
self.assertTrue(regex.search(doc['highlights']['body'][0]))
self.assertTrue(len(doc['highlights']['abstract']) == 1, "Too many highlights")
self.assertTrue(len(doc['highlights']['body']) == 3, "Too few highlights")
def DP(perms):
u = AdsApiUser.from_dev_key("foo_dev_key")
u.set_perms(perms=perms)
return u