def test_unit_contacts(client, admin_token):
# Test db error
# Test empty query
headers = {'Authorization': "Bearer " + admin_token}
dynamodb.delete('test')
# No table - error
f1 = client.get('/rest/unit/test/contacts', headers=headers)
assert (f1.status_code == 500)
jf1 = json.loads(f1.data)
assert (jf1.get("error") == "DatabaseError")
assert (
jf1.get("detail") == "Cannot do operations on a non-existent table")
dynamodb.create('test')
#dynamodb.wait_until_active('test') # TODO
u1 = client.put('/rest/unit/test', data={"capcode": "23"}, headers=headers)
assert (u1.status_code == 201)
# No contacts - empty list
ge = client.get('/rest/unit/test/contacts', headers=headers)
assert (ge.status_code == 200)
jge = json.loads(ge.data)
assert (type(jge) is list)
assert (len(jge) == 0)
# Create fifty contacts
for i in range(50):
cr = client.put('/rest/contact/' + gen_phone(),
data={
"unit": "test",
"member_id": gen_memberid()
},
headers=headers)
assert (cr.status_code == 201)
# Fetch all contacts
ga = client.get('/rest/unit/test/contacts', headers=headers)
assert (ga.status_code == 200)
jga = json.loads(ga.data)
assert (type(jga) is list)
assert (len(jga) == 50)
# Non existant unit
go = client.get('/rest/unit/other/contacts', headers=headers)
assert (go.status_code == 404)
def test_pagelog_table(client, admin_token):
headers = {'Authorization': "Bearer " + admin_token}
dynamodb.delete('test')
# No table - error
f1 = client.get('/rest/unit/test/pagelog', headers=headers)
assert (f1.status_code == 500)
jf1 = json.loads(f1.data)
assert (jf1.get("error") == "DatabaseError")
assert (
jf1.get("detail") == "Cannot do operations on a non-existent table")
dynamodb.create_unit('test')
u0 = client.put('/rest/unit/test', data={"capcode": "23"}, headers=headers)
assert (u0.status_code == 201)
# Now we should fail on our DB
f4 = client.get('/rest/unit/test/pagelog', headers=headers)
assert (f4.status_code == 500)
jf4 = json.loads(f4.data)
assert (jf4.get("error") == "DatabaseError")
assert (
jf4.get("detail") == "Cannot do operations on a non-existent table")
dynamodb.create('test')
#dynamodb.wait_until_active('test') # TODO
# Create some dummy units
units = ["test1", "test2", "test3"]
for u in units:
capcode = random.randint(1, 1000)
ur = client.put('/rest/unit/' + u,
data={"capcode": capcode},
headers=headers)
assert (ur.status_code == 201)
phone_numbers = [gen_phone() for x in range(10)]
# Create a pile of pagelog entries
for i in range(500):
unit = random.choice(units)
phone_number = random.choice(phone_numbers)
body = fake.text(max_nb_chars=200, ext_word_list=None)
data = {"phone_number": phone_number, "unit": unit, "body": body}
now = decimal.Decimal(time.time())
dynamodb.add_pagelog('test', unit, now, phone_number, body)
# Fetch the pagelogs back
unit_data = []
for u in units:
gu = client.get('/rest/unit/' + u + '/pagelog', headers=headers)
assert (gu.status_code == 200)
unit_data.append(json.loads(gu.data))
assert (len(unit_data) == 3)
assert (len(unit_data[0]) + len(unit_data[1]) + len(unit_data[2]) == 500)
for ud in unit_data:
# Each list should have roughly 166 entries
assert (len(ud) > 100)
assert (len(ud) < 220)
entry = unit_data[0][0]
assert (entry.get("phone_number") is not None)
assert (entry.get("unit") is not None)
assert (entry.get("timestamp") is not None)
assert (entry.get("body") is not None)
go = client.get('/rest/unit/other/pagelog', headers=headers)
assert go.status_code == 404
def test_contact_table(client, admin_token):
headers = {'Authorization': "Bearer " + admin_token}
dynamodb.delete('test')
# No table - error
f1 = client.get('/rest/contact/61412123666', headers=headers)
assert (f1.status_code == 500)
jf1 = json.loads(f1.data)
assert (jf1.get("error") == "DatabaseError")
assert (
jf1.get("detail") == "Cannot do operations on a non-existent table")
dynamodb.create('test')
# dynamodb.wait_until_active('test') # TODO
u1 = client.put('/rest/unit/test', data={"capcode": "23"}, headers=headers)
assert (u1.status_code == 201)
data = {"member_id": 9998, "unit": "test"}
p1 = client.put('/rest/contact/61412123123', data=data, headers=headers)
assert (p1.status_code == 201)
j1 = json.loads(p1.data)
assert (len(j1) == 3)
assert (j1.get("member_id") == data.get("member_id"))
assert (j1.get("unit") == data.get("unit"))
assert (j1.get("phone_number") == '61412123123')
g1 = client.get('/rest/contact/61412123123', headers=headers)
assert (g1.status_code == 200)
j1 = json.loads(g1.data)
assert (len(j1) == 3)
assert (j1.get("member_id") == data.get("member_id"))
assert (j1.get("unit") == data.get("unit"))
assert (j1.get("phone_number") == '61412123123')
# Request non-existant entry
g2 = client.get('/rest/contact/61412123666', headers=headers)
assert (g2.status_code == 404)
# Insert an entry without a unit
data = {"member_id": 1123, "unit": "badtest"}
p2 = client.put('/rest/contact/61412123112', data=data, headers=headers)
assert (p2.status_code == 422)
j2 = json.loads(p2.data)
assert (j2.get("error") == "ValidationError")
assert (len(j2.get("detail")) == 1)
assert (len(j2.get("detail").get('unit')) == 1)
assert (j2.get("detail").get('unit')[0] == "Invalid value.")
# Update an existing entry, inserted in p1
data = {"member_id": 1113, "unit": "test"}
p3 = client.put('/rest/contact/61412123123', data=data, headers=headers)
assert (p3.status_code == 200)
j3 = json.loads(p3.data)
assert (len(j3) == 3)
assert (j3.get("member_id") == data.get("member_id"))
assert (j3.get("unit") == data.get("unit"))
assert (j3.get("phone_number") == '61412123123')
# Update, change to invalid unit
data = {"member_id": 1114, "unit": "badtest"}
p4 = client.put('/rest/contact/61412123123', data=data, headers=headers)
assert (p4.status_code == 422)
j4 = json.loads(p4.data)
assert (j4.get("error") == "ValidationError")
assert (len(j4.get("detail")) == 1)
assert (len(j4.get("detail").get('unit')) == 1)
assert (j4.get("detail").get('unit')[0] == "Invalid value.")
g5 = client.get('/rest/contact/61412123123', headers=headers)
j5 = json.loads(g5.data)
assert (len(j5) == 3)
assert (j5.get("member_id") == 1113)
assert (j5.get("unit") == "test")
assert (j5.get("phone_number") == '61412123123')
def clear_db():
dynamodb.delete('test')
dynamodb.create('test')
def test_get_token(client, b64_token_secret, mocker):
dynamodb.delete('test')
dynamodb.create('test')
dynamodb.add_role('test', 'ARole', ['read'])
dynamodb.add_role('test', 'BRole', ['read', 'dance'])
dynamodb.add_role('test', 'Doggone', ['dog'])
lookup = mocker.patch('web.authenticate.lookup_member')
missing_token_resp = {
"error": {
"code": "InvalidAuthenticationToken",
"message": "Bearer access token is empty.",
"innerError": {
"request-id": "80554f33-d7c0-4a94-bebf-3b3f1ee6d2d4",
"date": "2017-10-29T08:25:08"
}
}
}
bad_token_resp = {
"error": {
"code": "InvalidAuthenticationToken",
"message":
"CompactToken parsing failed with error code: -2147184105",
"innerError": {
"request-id": "e541876a-8621-4ea4-844d-15dfbf547626",
"date": "2017-10-29T09:21:23"
}
}
}
altered_token_resp = {
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "4b4e162d-cb56-4937-995b-2032c8823e1a",
"date": "2017-10-29T09:50:39"
}
}
}
userdata_resp = {
"businessPhones": ["61212341234"],
"displayName": "Two Names",
"givenName": "Two",
"surname": "Names",
"jobTitle": "Volunteer",
"mail": "*****@*****.**",
"mobilePhone": "6144123123",
"officeLocation": "Test", # unit
"preferredLanguage": "English",
"userPrincipalName": "*****@*****.**",
"id": "1234-5678-1234-5678"
}
lookup.return_value = {
'member_id': 123,
'name': "Test User",
'unit': 'Test',
'roles': '{"Role":"True"}',
}
# Good retrieve
responses.add(responses.GET,
'https://graph.microsoft.com/v1.0/me',
json=userdata_resp,
status=200)
access_bearer = "doesn't matter"
headers = {'Authorization': "Bearer " + access_bearer}
url_rsp = client.get('/authenticate', headers=headers)
assert url_rsp.status_code == 200
js = json.loads(url_rsp.data)
assert len(js) == 1
assert len(js.get('resource_token')) > 200
jjwt = jwt.decode(js.get('resource_token'), verify=False)
assert jjwt.get('exp') is not None
# Missing authentication token
responses.replace(responses.GET,
'https://graph.microsoft.com/v1.0/me',
json=missing_token_resp,
status=200)
url_rsp = client.get('/authenticate')
assert url_rsp.status_code == 403
assert url_rsp.data == b'This service is for vicses members only.'
# Bad format header
responses.replace(responses.GET,
'https://graph.microsoft.com/v1.0/me',
json=bad_token_resp,
status=200)
url_rsp = client.get('/authenticate',
headers={'Authorization': 'Bearer XXX'})
assert url_rsp.status_code == 403
assert url_rsp.data == b'This service is for vicses members only.'
# Altered token
responses.replace(responses.GET,
'https://graph.microsoft.com/v1.0/me',
json=altered_token_resp,
status=200)
url_rsp = client.get('/authenticate',
headers={'Authorization': 'Bearer XXX'})
assert url_rsp.status_code == 403
assert url_rsp.data == b'This service is for vicses members only.'
# member not found
lookup.return_value = None
responses.replace(responses.GET,
'https://graph.microsoft.com/v1.0/me',
json=userdata_resp,
status=200)
headers = {'Authorization': "Bearer " + access_bearer}
url_rsp = client.get('/authenticate', headers=headers)
assert url_rsp.status_code == 403
assert url_rsp.data == b'You must be authorized to use this service.'
# ensure roles etc. are reflected in token
lookup.return_value = {
'member_id': 123,
'name': "Test User",
'unit': 'Test',
'roles': '["ARole", "BRole", "Doggone"]',
}
url_rsp = client.get('/authenticate', headers=headers)
assert url_rsp.status_code == 200
js = json.loads(url_rsp.data)
assert len(js) == 1
assert len(js.get('resource_token')) > 200
token_secret = base64.b64decode(b64_token_secret)
jjwt = jwt.decode(js.get('resource_token'),
token_secret,
algorithms=['HS256'],
issuer='sms-page')
assert len(jjwt) == 7
assert jjwt.get('exp') is not None
assert jjwt.get('member_id') == '123'
assert jjwt.get('name') == 'Test User'
assert jjwt.get('unit') == 'Test'
assert jjwt.get('iss') == 'sms-page'
assert set(jjwt.get('roles')) == set(["ARole", "BRole", "Doggone"])
assert set(jjwt.get('permissions')) == set(["read", "dance", "dog"])