def test_list_is_denied_if_not_allowed_to_create(self):
     self.app.get('/buckets/beer/collections',
                  headers=get_user_headers('jean:paul'),
                  status=403)
     self.app.get('/buckets/beer/collections/barley/records',
                  headers=get_user_headers('mahmud:hatim'),
                  status=403)
Пример #2
0
    def setUp(self):
        self.alice_headers = get_user_headers("alice")
        self.bob_headers = get_user_headers("bob")
        self.julia_headers = get_user_headers("julia")

        self.alice_principal = (
            "basicauth:d5b0026601f1b251974e09548d44155e16" "812e3c64ff7ae053fe3542e2ca1570"
        )
        self.bob_principal = (
            "basicauth:c031ced27503f788b102ca54269a062ec737" "94bb075154c74a0d4311e74ca8b6"
        )
        self.julia_principal = (
            "basicauth:d8bab8d9fe0510fcaf9b5ad5942c027fc" "2fdf80b6dc59cc3c48d12a2fcb18f1c"
        )

        bucket = {"permissions": {"read": [self.alice_principal]}}
        collection = {"permissions": {"read": [self.julia_principal]}}
        record = {"permissions": {"write": [self.bob_principal, self.alice_principal]}}
        self.app.put("/buckets/author-only", headers=self.headers)
        self.app.put_json("/buckets/test", bucket, headers=self.headers)
        self.app.put_json(
            "/buckets/test/groups/admins", {"data": {"members": []}}, headers=self.headers
        )
        self.app.put_json(
            "/buckets/test/collections/alice-julia", collection, headers=self.headers
        )
        self.app.put_json("/buckets/test/collections/author-only", headers=self.headers)
        self.app.post_json(
            "/buckets/test/collections/alice-julia/records", record, headers=self.headers
        )
        self.app.post_json(
            "/buckets/test/collections/alice-julia/records",
            {"permissions": {"read": ["system.Authenticated"]}},
            headers=self.headers,
        )
Пример #3
0
 def test_adding_a_task_for_bob_doesnt_add_it_for_alice(self):
     record = {**MINIMALIST_RECORD}
     resp = self.app.post_json(
         self.collection_url + "/records", record, headers=get_user_headers("bob")
     )
     record_id = "{}/records/{}".format(self.collection_url, resp.json["data"]["id"])
     resp = self.app.get(record_id, headers=get_user_headers("alice"), status=404)
 def test_parent_metadata_cannot_be_read_if_not_allowed_to_create_child(self):
     self.app.get("/buckets/beer", headers=get_user_headers("jean:paul"), status=403)
     self.app.get(
         "/buckets/beer/collections/barley",
         headers=get_user_headers("mahmud:hatim"),
         status=403,
     )
Пример #5
0
 def test_adding_a_task_for_bob_doesnt_add_it_for_alice(self):
     record = {**MINIMALIST_RECORD}
     resp = self.app.post_json(self.collection_url + '/records',
                               record, headers=get_user_headers('bob'))
     record_id = '{}/records/{}'.format(self.collection_url, resp.json['data']['id'])
     resp = self.app.get(record_id, headers=get_user_headers('alice'),
                         status=404)
Пример #6
0
 def test_authentication_with_new_password_is_accepted_after_change(self):
     self.app.put_json(
         "/accounts/alice",
         {"data": {"password": "******"}},
         headers=get_user_headers("alice", "123456"),
         status=200,
     )
     self.app.get("/accounts/alice", headers=get_user_headers("alice", "bouh"))
Пример #7
0
    def test_fallsback_on_basicauth(self):
        self.app.post_json("/accounts", {"data": {"id": "me", "password": "******"}})

        resp = self.app.get("/", headers=get_user_headers("me", "wrong"))
        assert "basicauth" in resp.json["user"]["id"]

        resp = self.app.get("/", headers=get_user_headers("me", "bleh"))
        assert "account" in resp.json["user"]["id"]
Пример #8
0
    def test_fallsback_on_basicauth(self):
        self.app.post_json('/accounts', {'data': {'id': 'me', 'password': '******'}})

        resp = self.app.get('/', headers=get_user_headers('me', 'wrong'))
        assert 'basicauth' in resp.json['user']['id']

        resp = self.app.get('/', headers=get_user_headers('me', 'bleh'))
        assert 'account' in resp.json['user']['id']
    def setUpClass(cls):
        super().setUpClass()
        cls.alice_headers = {**cls.headers, **get_user_headers('alice')}
        cls.bob_headers = {**cls.headers, **get_user_headers('bob')}

        cls.alice_principal = ('basicauth:d5b0026601f1b251974e09548d44155e16'
                               '812e3c64ff7ae053fe3542e2ca1570')
        cls.bob_principal = ('basicauth:c031ced27503f788b102ca54269a062ec737'
                             '94bb075154c74a0d4311e74ca8b6')
Пример #10
0
    def test_authentication_does_not_call_bcrypt_twice(self):
        self.app.post_json("/accounts", {"data": {"id": "me", "password": "******"}}, status=201)
        with mock.patch("kinto.plugins.accounts.authentication.bcrypt") as mocked_bcrypt:
            resp = self.app.get("/", headers=get_user_headers("me", "bouh"))
            assert resp.json["user"]["id"] == "account:me"

            resp = self.app.get("/", headers=get_user_headers("me", "bouh"))
            assert resp.json["user"]["id"] == "account:me"

            assert mocked_bcrypt.checkpw.call_count == 1
    def __init__(self, *args, **kwargs):
        super(PermissionsTest, self).__init__(*args, **kwargs)
        self.alice_headers = self.headers.copy()
        self.alice_headers.update(**get_user_headers('alice'))
        self.bob_headers = self.headers.copy()
        self.bob_headers.update(**get_user_headers('bob'))

        self.alice_principal = ('basicauth:d5b0026601f1b251974e09548d44155e16'
                                '812e3c64ff7ae053fe3542e2ca1570')
        self.bob_principal = ('basicauth:c031ced27503f788b102ca54269a062ec737'
                              '94bb075154c74a0d4311e74ca8b6')
Пример #12
0
    def test_authentication_does_not_call_bcrypt_twice(self):
        self.app.post_json('/accounts', {'data': {'id': 'me', 'password': '******'}},
                           status=201)
        with mock.patch('kinto.plugins.accounts.authentication.bcrypt') as mocked_bcrypt:
            resp = self.app.get('/', headers=get_user_headers('me', 'bouh'))
            assert resp.json['user']['id'] == 'account:me'

            resp = self.app.get('/', headers=get_user_headers('me', 'bouh'))
            assert resp.json['user']['id'] == 'account:me'

            mocked_bcrypt.checkpw.assert_called_once()
Пример #13
0
    def test_authentication_checks_bcrypt_again_if_password_changes(self):
        self.app.post_json('/accounts', {'data': {'id': 'me', 'password': '******'}},
                           status=201)
        with mock.patch('kinto.plugins.accounts.authentication.bcrypt') as mocked_bcrypt:
            resp = self.app.get('/', headers=get_user_headers('me', 'bouh'))
            assert resp.json['user']['id'] == 'account:me'

            self.app.patch_json('/accounts/me', {'data': {'password': '******'}},
                                status=200, headers=get_user_headers('me', 'bouh'))

            resp = self.app.get('/', headers=get_user_headers('me', 'blah'))
            assert resp.json['user']['id'] == 'account:me'

            assert mocked_bcrypt.checkpw.call_count == 2
Пример #14
0
 def test_cannot_create_other_account_if_authenticated(self):
     self.app.post_json('/accounts', {'data': {'id': 'me', 'password': '******'}},
                        status=201)
     resp = self.app.post_json('/accounts', {'data': {'id': 'you', 'password': '******'}},
                               headers=get_user_headers('me', 'bouh'),
                               status=400)
     assert 'do not match' in resp.json['message']
Пример #15
0
    def test_user_created_by_admin_with_post_can_see_her_record(self):
        self.app.post_json('/accounts',
                           {'data': {'id': 'alice', 'password': '******'}},
                           headers=self.admin_headers)

        resp = self.app.get('/accounts/alice', headers=get_user_headers('alice', 'bouh'))
        assert resp.json['permissions'] == {'write': ['account:alice']}
Пример #16
0
 def test_object_get_403(self):
     headers = {**self.headers, **testing.get_user_headers("aaa")}
     response = self.app.get("/buckets/b1", headers=headers, status=403)
     response = self.cast_bravado_response(response)
     op = self.resources["Buckets"].get_bucket
     schema = self.spec.deref(op.op_spec["responses"]["403"])
     validate_response(schema, op, response)
Пример #17
0
    def setUp(self):
        super().setUp()

        del self.events[:]

        bucket = {**MINIMALIST_BUCKET}

        self.alice_headers = {**self.headers, **get_user_headers("alice")}

        resp = self.app.get("/", headers=self.alice_headers)
        alice_principal = resp.json["user"]["id"]
        bucket["permissions"] = {"write": [alice_principal]}

        # Create shared bucket.
        self.app.put_json("/buckets/beers", bucket, headers=self.headers)
        self.app.put_json(
            "/buckets/beers/collections/barley", MINIMALIST_COLLECTION, headers=self.headers
        )

        # Records for alice and bob.
        self.app.post_json(
            self.collection_url, MINIMALIST_RECORD, headers=self.headers, status=201
        )
        self.app.post_json(
            self.collection_url, MINIMALIST_RECORD, headers=self.alice_headers, status=201
        )
Пример #18
0
    def setUp(self):
        super().setUp()

        self.admin_headers = get_user_headers('admin')
        self.admin_principal = self.app.get('/', headers=self.admin_headers).json['user']['id']

        self.app.put_json('/buckets/beers',
                          {'permissions': {'write': ['/buckets/beers/groups/admins']}},
                          headers=self.headers)
        self.app.put_json('/buckets/beers/groups/admins',
                          {'data': {'members': [self.admin_principal]}},
                          headers=self.headers)
        self.app.put_json('/buckets/beers/collections/barley',
                          MINIMALIST_COLLECTION,
                          headers=self.headers)

        self.app.put_json('/buckets/sodas',
                          MINIMALIST_BUCKET,
                          headers=self.headers)
        self.app.put_json('/buckets/beers/groups/admins',
                          {'data': {'members': [self.admin_principal]}},
                          headers=self.headers)
        self.app.put_json('/buckets/sodas/collections/sprite',
                          {'permissions': {'read': ['/buckets/beers/groups/admins']}},
                          headers=self.headers)
Пример #19
0
 def test_cannot_patch_unknown_account(self):
     self.app.patch_json(
         "/accounts/bob",
         {"data": {"password": "******"}},
         headers=get_user_headers("alice", "123456"),
         status=403,
     )
Пример #20
0
    def test_user_created_by_admin_with_post_can_see_her_record(self):
        self.app.post_json(
            "/accounts", {"data": {"id": "alice", "password": "******"}}, headers=self.admin_headers
        )

        resp = self.app.get("/accounts/alice", headers=get_user_headers("alice", "bouh"))
        assert resp.json["permissions"] == {"write": ["account:alice"]}
Пример #21
0
 def test_metadata_can_be_changed(self):
     resp = self.app.patch_json(
         "/accounts/alice",
         {"data": {"age": "captain"}},
         headers=get_user_headers("alice", "123456"),
     )
     assert resp.json["data"]["age"] == "captain"
Пример #22
0
    def setUp(self):
        super().setUp()

        self.admin_headers = get_user_headers("admin")
        self.admin_principal = self.app.get("/", headers=self.admin_headers).json["user"]["id"]

        self.app.put_json(
            "/buckets/beers",
            {"permissions": {"write": ["/buckets/beers/groups/admins"]}},
            headers=self.headers,
        )
        self.app.put_json(
            "/buckets/beers/groups/admins",
            {"data": {"members": [self.admin_principal]}},
            headers=self.headers,
        )
        self.app.put_json(
            "/buckets/beers/collections/barley", MINIMALIST_COLLECTION, headers=self.headers
        )

        self.app.put_json("/buckets/sodas", MINIMALIST_BUCKET, headers=self.headers)
        self.app.put_json(
            "/buckets/beers/groups/admins",
            {"data": {"members": [self.admin_principal]}},
            headers=self.headers,
        )
        self.app.put_json(
            "/buckets/sodas/collections/sprite",
            {"permissions": {"read": ["/buckets/beers/groups/admins"]}},
            headers=self.headers,
        )
Пример #23
0
 def test_read_permission_can_be_given_to_anybody_via_settings(self):
     with mock.patch.dict(self.app.app.registry.settings,
                          [('history_read_principals', 'system.Everyone')]):
         resp = self.app.get('/buckets/test/history',
                             headers=get_user_headers('tartan:pion'))
         entries = resp.json['data']
         assert len(entries) == 6  # everything.
Пример #24
0
    def setUp(self):
        super(FlushViewTest, self).setUp()

        self.events = []

        bucket = MINIMALIST_BUCKET.copy()

        self.alice_headers = self.headers.copy()
        self.alice_headers.update(**get_user_headers('alice'))

        resp = self.app.get('/', headers=self.alice_headers)
        alice_principal = resp.json['user']['id']
        bucket['permissions'] = {'write': [alice_principal]}

        # Create shared bucket.
        self.app.put_json('/buckets/beers', bucket,
                          headers=self.headers)
        self.app.put_json('/buckets/beers/collections/barley',
                          MINIMALIST_COLLECTION,
                          headers=self.headers)

        # Records for alice and bob.
        self.app.post_json(self.collection_url,
                           MINIMALIST_RECORD,
                           headers=self.headers,
                           status=201)
        self.app.post_json(self.collection_url,
                           MINIMALIST_RECORD,
                           headers=self.alice_headers,
                           status=201)
 def test_creation_is_forbidden_is_no_write_on_bucket_nor_collection(self):
     headers = self.headers.copy()
     headers.update(**get_user_headers('jean-louis'))
     self.app.post_json('/buckets/beer/collections/barley/records',
                        MINIMALIST_RECORD,
                        headers=headers,
                        status=403)
Пример #26
0
 def test_read_permission_can_be_given_to_anybody_via_settings(self):
     with mock.patch.dict(
         self.app.app.registry.settings, [("history_read_principals", "system.Everyone")]
     ):
         resp = self.app.get("/buckets/test/history", headers=get_user_headers("tartan:pion"))
         entries = resp.json["data"]
         assert len(entries) == 6  # everything.
Пример #27
0
 def test_password_can_be_changed(self):
     self.app.put_json(
         "/accounts/alice",
         {"data": {"password": "******"}},
         headers=get_user_headers("alice", "123456"),
         status=200,
     )
Пример #28
0
 def test_lidt_delete_403(self):
     headers = {**self.headers, **testing.get_user_headers("aaa")}
     response = self.app.delete("/buckets/b1/collections", headers=headers, status=403)
     response = self.cast_bravado_response(response)
     op = self.resources["Collections"].delete_collections
     schema = self.spec.deref(op.op_spec["responses"]["403"])
     validate_response(schema, op, response)
 def test_creation_is_forbidden_is_no_write_on_bucket_nor_collection(self):
     headers = {**self.headers, **get_user_headers("jean-louis")}
     self.app.post_json(
         "/buckets/beer/collections/barley/records",
         MINIMALIST_RECORD,
         headers=headers,
         status=403,
     )
Пример #30
0
 def test_object_get_403(self):
     headers = {**self.headers, **testing.get_user_headers('aaa')}
     response = self.app.get('/buckets/b1',
                             headers=headers, status=403)
     response = self.cast_bravado_response(response)
     op = self.resources['Buckets'].get_bucket
     schema = self.spec.deref(op.op_spec['responses']['403'])
     validate_response(schema, op, response)
Пример #31
0
 def test_collection_write_taken_into_account(self):
     resp = self.app.get("/permissions", headers=get_user_headers("any"))
     collections = [e for e in resp.json["data"] if e["resource_name"] == "collection"]
     self.assertEqual(collections[0]["id"], "barley")
     self.assertIn("write", collections[0]["permissions"])
Пример #32
0
    def test_admin_can_delete_all_accounts(self):
        self.app.delete_json("/accounts", headers=self.admin_headers)

        self.app.get("/accounts/bob",
                     headers=get_user_headers("bob", "987654"),
                     status=401)
Пример #33
0
 def setUp(self):
     self.app.put_json("/accounts/bob", {"data": {
         "password": "******"
     }},
                       status=201)
     self.bob_headers = get_user_headers("bob", "123456")
Пример #34
0
class SettingsPermissionsTest(PermissionsViewTest):

    admin_headers = get_user_headers("admin")
    admin_principal = (
        "basicauth:bb7fe7b98e759578ef0de85b546dd57d21fe1e399390ad8dafc9886043a00e5c"
    )  # NOQA

    @classmethod
    def get_app_settings(cls, extras=None):
        settings = super().get_app_settings(extras)
        settings["bucket_write_principals"] = "system.Authenticated"
        settings["group_create_principals"] = cls.admin_principal
        settings["collection_write_principals"] = "system.Authenticated"
        settings["record_create_principals"] = "/buckets/beers/groups/admins"
        return settings

    def setUp(self):
        super().setUp()
        self.app.put_json("/buckets/beers", MINIMALIST_BUCKET, headers=self.headers)
        self.app.put_json(
            "/buckets/beers/groups/admins",
            {"data": {"members": [self.admin_principal]}},
            headers=self.headers,
        )
        self.app.put_json(
            "/buckets/beers/collections/barley", MINIMALIST_COLLECTION, headers=self.headers
        )

    def test_bucket_write_taken_into_account(self):
        resp = self.app.get("/permissions", headers=get_user_headers("any"))
        buckets = [e for e in resp.json["data"] if e["resource_name"] == "bucket"]
        self.assertEqual(buckets[0]["id"], "beers")
        self.assertIn("write", buckets[0]["permissions"])

    def test_collection_create_taken_into_account(self):
        resp = self.app.get("/permissions", headers=self.admin_headers)
        buckets = [e for e in resp.json["data"] if e["resource_name"] == "bucket"]
        self.assertEqual(buckets[0]["id"], "beers")
        self.assertIn("group:create", buckets[0]["permissions"])

    def test_collection_write_taken_into_account(self):
        resp = self.app.get("/permissions", headers=get_user_headers("any"))
        collections = [e for e in resp.json["data"] if e["resource_name"] == "collection"]
        self.assertEqual(collections[0]["id"], "barley")
        self.assertIn("write", collections[0]["permissions"])

    def test_record_create_taken_into_account(self):
        resp = self.app.get("/permissions", headers=self.admin_headers)
        collections = [e for e in resp.json["data"] if e["resource_name"] == "collection"]
        self.assertEqual(collections[0]["id"], "barley")
        self.assertIn("record:create", collections[0]["permissions"])

    def test_settings_permissions_are_merged_with_perms_backend(self):
        self.app.patch_json(
            "/buckets/beers",
            {"permissions": {"collection:create": [self.admin_principal]}},
            headers=self.headers,
        )
        self.app.patch_json(
            "/buckets/beers/collections/barley",
            {"permissions": {"read": [self.admin_principal]}},
            headers=self.headers,
        )

        resp = self.app.get("/permissions", headers=self.admin_headers)

        buckets = [e for e in resp.json["data"] if e["resource_name"] == "bucket"]
        self.assertEqual(buckets[0]["id"], "beers")
        self.assertIn("group:create", buckets[0]["permissions"])
        self.assertIn("collection:create", buckets[0]["permissions"])

        collections = [e for e in resp.json["data"] if e["resource_name"] == "collection"]
        self.assertEqual(collections[0]["id"], "barley")
        self.assertIn("record:create", collections[0]["permissions"])
        self.assertIn("read", collections[0]["permissions"])
Пример #35
0
class SettingsPermissionsTest(PermissionsViewTest):

    admin_headers = get_user_headers('admin')
    admin_principal = 'basicauth:bb7fe7b98e759578ef0de85b546dd57d21fe1e399390ad8dafc9886043a00e5c'  # NOQA

    def __init__(self, *args, **kwargs):
        super(SettingsPermissionsTest, self).__init__(*args, **kwargs)

    def get_app_settings(self, extras=None):
        settings = super(SettingsPermissionsTest,
                         self).get_app_settings(extras)
        settings['bucket_write_principals'] = 'system.Authenticated'
        settings['group_create_principals'] = self.admin_principal
        settings['collection_write_principals'] = 'system.Authenticated'
        settings['record_create_principals'] = '/buckets/beers/groups/admins'
        return settings

    def setUp(self):
        super(SettingsPermissionsTest, self).setUp()
        self.app.put_json('/buckets/beers',
                          MINIMALIST_BUCKET,
                          headers=self.headers)
        self.app.put_json('/buckets/beers/groups/admins',
                          {'data': {
                              'members': [self.admin_principal]
                          }},
                          headers=self.headers)
        self.app.put_json('/buckets/beers/collections/barley',
                          MINIMALIST_COLLECTION,
                          headers=self.headers)

    def test_bucket_write_taken_into_account(self):
        resp = self.app.get('/permissions', headers=get_user_headers("any"))
        buckets = [
            e for e in resp.json['data'] if e['resource_name'] == 'bucket'
        ]
        self.assertEqual(buckets[0]['id'], 'beers')
        self.assertIn('write', buckets[0]['permissions'])

    def test_collection_create_taken_into_account(self):
        resp = self.app.get('/permissions', headers=self.admin_headers)
        buckets = [
            e for e in resp.json['data'] if e['resource_name'] == 'bucket'
        ]
        self.assertEqual(buckets[0]['id'], 'beers')
        self.assertIn('group:create', buckets[0]['permissions'])

    def test_collection_write_taken_into_account(self):
        resp = self.app.get('/permissions', headers=get_user_headers("any"))
        collections = [
            e for e in resp.json['data'] if e['resource_name'] == 'collection'
        ]
        self.assertEqual(collections[0]['id'], 'barley')
        self.assertIn('write', collections[0]['permissions'])

    def test_record_create_taken_into_account(self):
        resp = self.app.get('/permissions', headers=self.admin_headers)
        collections = [
            e for e in resp.json['data'] if e['resource_name'] == 'collection'
        ]
        self.assertEqual(collections[0]['id'], 'barley')
        self.assertIn('record:create', collections[0]['permissions'])
Пример #36
0
 def test_account_record_can_be_obtained_if_authenticated(self):
     self.app.get('/accounts/alice', headers=get_user_headers('alice', '123456'))
Пример #37
0
 def test_account_record_can_be_obtained_if_authenticated(self):
     self.app.get("/accounts/alice",
                  headers=get_user_headers("alice", "123456"))
Пример #38
0
 def test_authentication_is_denied_after_delete(self):
     self.app.delete('/accounts/alice', headers=get_user_headers('alice', '123456'))
     self.app.get('/accounts/alice', headers=get_user_headers('alice', '123456'),
                  status=401)
Пример #39
0
 def test_accounts_list_contains_only_one_record(self):
     resp = self.app.get('/accounts', headers=get_user_headers('alice', '123456'))
     assert len(resp.json['data']) == 1
Пример #40
0
 def test_account_can_be_deleted(self):
     self.app.delete('/accounts/alice', headers=get_user_headers('alice', '123456'))
Пример #41
0
 def test_metadata_can_be_changed(self):
     resp = self.app.patch_json('/accounts/alice', {'data': {'age': 'captain'}},
                                headers=get_user_headers('alice', '123456'))
     assert resp.json['data']['age'] == 'captain'
Пример #42
0
 def test_cannot_patch_someone_else_account(self):
     self.app.put_json('/accounts/bob', {'data': {'password': '******'}}, status=201)
     self.app.patch_json('/accounts/bob', {'data': {'password': '******'}},
                         headers=get_user_headers('alice', '123456'),
                         status=403)
Пример #43
0
 def test_bucket_write_taken_into_account(self):
     resp = self.app.get("/permissions", headers=get_user_headers("any"))
     buckets = [e for e in resp.json["data"] if e["resource_name"] == "bucket"]
     self.assertEqual(buckets[0]["id"], "beers")
     self.assertIn("write", buckets[0]["permissions"])
Пример #44
0
 def test_cannot_read_if_not_allowed(self):
     headers = {**self.headers, **get_user_headers("jean-louis")}
     self.app.get("/buckets/beer/groups/moderators",
                  headers=headers,
                  status=403)
Пример #45
0
 def test_cannot_obtain_someone_else_account(self):
     self.app.get("/accounts/bob",
                  headers=get_user_headers("alice", "123456"),
                  status=403)
Пример #46
0
 def setUpClass(cls):
     super().setUpClass()
     cls.alice_headers = {**cls.headers, **get_user_headers("alice")}
     cls.alice_principal = (
         "basicauth:d5b0026601f1b251974e09548d44155e16812e3c64ff7ae053fe3542e2ca1570"
     )
Пример #47
0
 def test_accounts_list_contains_only_one_record(self):
     resp = self.app.get("/accounts",
                         headers=get_user_headers("alice", "123456"))
     assert len(resp.json["data"]) == 1
Пример #48
0
 def setUp(self):
     self.everyone_headers = get_user_headers("")
Пример #49
0
 def test_authentication_is_denied_after_delete(self):
     self.app.delete("/accounts/alice",
                     headers=get_user_headers("alice", "123456"))
     self.app.get("/accounts/alice",
                  headers=get_user_headers("alice", "123456"),
                  status=401)
Пример #50
0
 def test_authentication_with_new_password_is_accepted_after_change(self):
     self.app.put_json('/accounts/alice', {'data': {'password': '******'}},
                       headers=get_user_headers('alice', '123456'),
                       status=200)
     self.app.get('/accounts/alice', headers=get_user_headers('alice', 'bouh'))
Пример #51
0
 def test_account_can_be_deleted(self):
     self.app.delete("/accounts/alice",
                     headers=get_user_headers("alice", "123456"))
Пример #52
0
 def test_cannot_obtain_unknown_account(self):
     self.app.get("/accounts/jeanine",
                  headers=get_user_headers("alice", "123456"),
                  status=403)
Пример #53
0
 def setUpClass(cls):
     super().setUpClass()
     cls.headers.update(testing.get_user_headers("mat"))
Пример #54
0
 def test_default_bucket_can_be_created_with_simple_put(self):
     self.app.put(self.bucket_url,
                  headers=get_user_headers("bob"),
                  status=201)
Пример #55
0
 def setUpClass(cls):
     super().setUpClass()
     cls.headers.update(get_user_headers('mat'))
     cls.indexer = cls.app.app.registry.indexer
Пример #56
0
 def test_username_and_account_id_must_match(self):
     resp = self.app.patch_json('/accounts/alice', {'data': {'id': 'bob', 'password': '******'}},
                                headers=get_user_headers('alice', '123456'),
                                status=400)
     assert 'does not match' in resp.json['message']
Пример #57
0
 def test_cannot_obtain_someone_else_account(self):
     self.app.get('/accounts/bob', headers=get_user_headers('alice', '123456'),
                  status=403)
Пример #58
0
 def test_publicly_readable_record_allows_any_authenticated(self):
     resp = self.app.get("/buckets/test/history", headers=get_user_headers("jack:"))
     entries = resp.json["data"]
     assert len(entries) == 1
     assert "system.Authenticated" in entries[0]["target"]["permissions"]["read"]
     assert entries[0]["resource_name"] == "record"
Пример #59
0
 def test_cannot_patch_unknown_account(self):
     self.app.patch_json('/accounts/bob', {'data': {'password': '******'}},
                         headers=get_user_headers('alice', '123456'),
                         status=403)
Пример #60
0
 def __init__(self, *args, **kwargs):
     super(BaseWebTest, self).__init__(*args, **kwargs)
     self.headers.update(get_user_headers('mat'))