def test_authenticate_no_token(client):
headers['Authorization'] = 'Bearer'
post = schemas.PostSchema().dumps({"id": "420"}).data
resp = client.post(url_for('api.posts_list'), headers=headers, data=post)
assert resp.status_code == 401
assert 'token not found' in resp.json['errors'][0]['detail']
def posts(app, headers, req_mock, tags, previews, images, user):
post = schemas.PostSchema().dumps({
"id":
"420",
"title":
"an amazing test post",
"tags": [{
'type': 'tags',
'id': str(tags['id'])
}],
'image': {
'type': 'images',
'id': str(images['id'])
},
'preview': {
'type': 'previews',
'id': str(previews['id'])
},
'user': {
'type': 'users',
'id': str(user['id'])
}
}).data
with app.test_client() as client:
resp = client.post(url_for('api.posts_list') +
'?include=tags,image,preview,user',
headers=headers,
data=post)
data = resp.json['data']
yield data
def like_post(app, headers, req_mock, user, posts):
like = schemas.PostSchema(many=True).dumps([{
"type": "posts",
"id": str(posts['id'])
}]).data
with app.test_client() as client:
resp = client.post(url_for('api.users_likes', id=user['id']),
headers=headers,
data=like)
data = resp.json['data']
yield data
def test_authenticate_invalid_audience(client, jwks):
claims = {'iss': ISSUER, 'aud': 'invalid'}
token = utils.generate_jwt(claims)
headers['Authorization'] = 'Bearer ' + token
post = schemas.PostSchema().dumps({"id": "420"}).data
with requests_mock.Mocker() as mock:
mock.get(current_app.config['JWKS_URL'], json=jwks)
resp = client.post(url_for('api.posts_list'),
headers=headers,
data=post)
assert resp.status_code == 401
assert 'Invalid audience' in resp.json['errors'][0]['detail']
def test_authenticate_invalid_header(client):
headers['Authorization'] = 'Wrong Type'
post = schemas.PostSchema().dumps({"id": "420"}).data
resp = client.post(url_for('api.posts_list'), headers=headers, data=post)
assert resp.status_code == 401
assert 'authorization header must start with Bearer' in resp.json[
'errors'][0]['detail']
headers['Authorization'] = 'Bearer Wrong Type'
resp = client.post(url_for('api.posts_list'), headers=headers, data=post)
assert resp.status_code == 401
assert 'authorization header must be Bearer token' in resp.json['errors'][
0]['detail']
def test_authenticate_expired_token(client, jwks):
now = (datetime(1971, 1, 1) - datetime(1970, 1, 1))
exp_at = now + timedelta(seconds=0)
claims = {
'iss': ISSUER,
'aud': API_AUDIENCE,
'sub': '6969',
'iat': now.total_seconds(),
'exp': exp_at.total_seconds()
}
token = utils.generate_jwt(claims)
headers['Authorization'] = 'Bearer ' + token
post = schemas.PostSchema().dumps({"id": "420"}).data
with requests_mock.Mocker() as mock:
mock.get(current_app.config['JWKS_URL'], json=jwks)
resp = client.post(url_for('api.posts_list'),
headers=headers,
data=post)
assert resp.status_code == 401
assert 'Signature has expired.' in resp.json['errors'][0]['detail']
def test_authenticate_no_header(client):
post = schemas.PostSchema().dumps({"id": "420"}).data
resp = client.post(url_for('api.posts_list'), headers=headers, data=post)
assert resp.status_code == 401
assert 'authorization header is expected' in resp.json['errors'][0][
'detail']
def test_create_post_with_tags(client):
now = (datetime.utcnow() - datetime(1970, 1, 1))
exp_at = now + timedelta(seconds=69)
claims = {
'iss': ISSUER,
'aud': API_AUDIENCE,
'sub': '696969',
'iat': now.total_seconds(),
'exp': exp_at.total_seconds()
}
token = utils.generate_jwt(claims)
headers['Authorization'] = 'Bearer ' + token
tag = schemas.TagSchema().dumps({'id': '1', 'name': 'test_tag'}).data
post = schemas.PostSchema().dumps({
"id": "420",
"title": "uh oh",
"tags": [{
'type': 'tags',
'id': '1'
}]
}).data
with requests_mock.Mocker() as mock:
mock.get(current_app.config['JWKS_URL'], json=JWKS)
resp = client.post(url_for('api.tags_list'), headers=headers, data=tag)
assert resp.status_code == 201
tag = schemas.TagSchema().load(resp.json).data
resp = client.post(url_for('api.posts_list') + '?include=tags',
headers=headers,
data=post)
assert resp.status_code == 201
post = schemas.PostSchema().load(resp.json).data
resp = client.get('/api/posts/{}'.format(post['id']), headers=headers)
assert resp.status_code == 200
resp = client.get('/api/posts/{}/tags'.format(post['id']),
headers=headers)
assert resp.status_code == 200
resp = client.get('/api/posts/{}/relationships/tags'.format(
post['id']),
headers=headers)
assert resp.status_code == 200
resp = client.delete(url_for('api.posts_detail', id=post['id']),
headers=headers)
assert resp.status_code == 200
resp = client.delete(url_for('api.tags_detail', id=tag['id']),
headers=headers)
assert resp.status_code == 200
# def test_delete_post(client):
# now = (datetime.utcnow() - datetime(1970, 1, 1))
# exp_at = now + timedelta(seconds=69)
# claims = {
# 'iss': ISSUER,
# 'aud': API_AUDIENCE,
# 'sub': '696969',
# 'iat': now.total_seconds(),
# 'exp': exp_at.total_seconds()
# }
# token = utils.generate_jwt(claims)
# headers['Authorization'] = 'Bearer ' + token
# with requests_mock.Mocker() as mock:
# mock.get(current_app.config['JWKS_URL'], json=JWKS)
# resp = client.delete(url_for('api.posts_detail', id=2), headers=headers)
# assert resp.status_code == 200
# resp = client.get('/api/posts/2', headers=headers)
# assert resp.status_code == 404