def test_decrypt_cookie(self):
"""Test that the cookie decrypt function works."""
testreq = get_request_with_fernet()
# Generate cookie is tested separately, it can be used for testing the
# rest of the functions without mockups
cookie, testreq.cookies["MTD_SESSION"] = generate_cookie(testreq)
self.assertEqual(cookie, decrypt_cookie(testreq))
def test_session_check_invtoken(self):
"""Test session check raise 401 on a stale cookie."""
req = get_request_with_fernet()
_, req.cookies["MTD_SESSION"] = generate_cookie(req)
req.app["Crypt"] = fernet.Fernet(fernet.Fernet.generate_key())
with self.assertRaises(web.HTTPUnauthorized):
_check_csrf(req)
async def test_logout_works(self):
"""Test that logout revokes all tokens."""
request = get_request_with_fernet()
request.app["Crypt"] = self.client.app["Crypt"]
cookie, cookiestring = generate_cookie(request)
self.client.app["Session"] = {cookie["id"]: {"access_token": "mock_token_value"}}
response = await self.client.get("/logout", cookies={"MTD_SESSION": cookiestring})
self.assertEqual(response.status, 404)
self.assertEqual(self.client.app["Session"], {})
self.assertEqual(self.client.app["Cookies"], set())
def test_check_csrf_no_referer(self):
"""Test check_csrf when no Referer header is present."""
with unittest.mock.patch(
"metadata_backend.api.middlewares.aai_config",
new={"redirect": "http://localhost:5430"},
):
testreq = get_request_with_fernet()
cookie, _ = generate_cookie(testreq)
cookie = add_csrf_to_cookie(cookie, testreq)
encrypt_cookie(cookie, testreq)
self.assertTrue(_check_csrf(testreq))
def test_check_csrf_idp_skip(self):
"""Test check_csrf when skipping referer from auth endpoint."""
with unittest.mock.patch(
"metadata_backend.api.middlewares.aai_config",
new={"auth_referer": "http://idp:3000"},
):
testreq = get_request_with_fernet()
cookie, _ = generate_cookie(testreq)
cookie = add_csrf_to_cookie(cookie, testreq)
encrypt_cookie(cookie, testreq)
testreq.headers["Referer"] = "http://idp:3000"
self.assertTrue(_check_csrf(testreq))
def test_check_csrf_incorrect_referer(self):
"""Test check_csrf when Referer header is incorrect."""
with unittest.mock.patch(
"metadata_backend.api.middlewares.aai_config",
new={"redirect": "http://localhost:3000"},
):
testreq = get_request_with_fernet()
cookie, _ = generate_cookie(testreq)
cookie = add_csrf_to_cookie(cookie, testreq)
encrypt_cookie(cookie, testreq)
testreq.headers["Referer"] = "http://notlocaclhost:8080"
with self.assertRaises(web.HTTPForbidden):
_check_csrf(testreq)
def test_generate_cookie(self):
"""Test that the cookie generation works."""
testreq = get_request_with_fernet()
self.assertTrue(generate_cookie(testreq) is not None)
async def setUpAsync(self):
"""Configure default values for testing and other modules.
This patches used modules and sets default return values for their
methods. Also sets up reusable test variables for different test
methods.
"""
self.test_ega_string = "EGA123456"
self.query_accessionId = ("EDAG3991701442770179", )
self.page_num = 3
self.page_size = 50
self.total_objects = 150
self.metadata_json = {
"attributes": {
"centerName": "GEO",
"alias": "GSE10966",
"accession": "SRP000539"
},
"accessionId": "EDAG3991701442770179",
}
path_to_xml_file = self.TESTFILES_ROOT / "study" / "SRP000539.xml"
self.metadata_xml = path_to_xml_file.read_text()
self.accession_id = "EGA123456"
self.folder_id = "FOL12345678"
self.test_folder = {
"folderId":
self.folder_id,
"name":
"mock folder",
"description":
"test mock folder",
"published":
False,
"metadataObjects": [
{
"accessionId": "EDAG3991701442770179",
"schema": "study"
},
{
"accessionId": "EGA123456",
"schema": "sample"
},
],
"drafts": [],
}
self.user_id = "USR12345678"
self.test_user = {
"userId": self.user_id,
"name": "tester",
"drafts": [],
"folders": ["FOL12345678"],
}
class_parser = "metadata_backend.api.handlers.XMLToJSONParser"
class_operator = "metadata_backend.api.handlers.Operator"
class_xmloperator = "metadata_backend.api.handlers.XMLOperator"
class_folderoperator = "metadata_backend.api.handlers.FolderOperator"
class_useroperator = "metadata_backend.api.handlers.UserOperator"
operator_config = {
"read_metadata_object.side_effect":
self.fake_operator_read_metadata_object,
"query_metadata_database.side_effect":
self.fake_operator_query_metadata_object,
"create_metadata_object.side_effect":
self.fake_operator_create_metadata_object,
"delete_metadata_object.side_effect":
self.fake_operator_delete_metadata_object,
"update_metadata_object.side_effect":
self.fake_operator_update_metadata_object,
"replace_metadata_object.side_effect":
self.fake_operator_replace_metadata_object,
}
xmloperator_config = {
"read_metadata_object.side_effect":
self.fake_xmloperator_read_metadata_object,
"create_metadata_object.side_effect":
self.fake_xmloperator_create_metadata_object,
"replace_metadata_object.side_effect":
self.fake_xmloperator_replace_metadata_object,
}
folderoperator_config = {
"create_folder.side_effect":
self.fake_folderoperator_create_folder,
"read_folder.side_effect":
self.fake_folderoperator_read_folder,
"delete_folder.side_effect":
self.fake_folderoperator_delete_folder,
"check_object_in_folder.side_effect":
self.fake_folderoperator_check_object,
"get_collection_objects.side_effect":
self.fake_folderoperator_get_collection_objects,
}
useroperator_config = {
"create_user.side_effect":
self.fake_useroperator_create_user,
"read_user.side_effect":
self.fake_useroperator_read_user,
"check_user_has_doc.side_effect":
self.fake_useroperator_user_has_folder,
}
self.patch_parser = patch(class_parser, spec=True)
self.patch_operator = patch(class_operator,
**operator_config,
spec=True)
self.patch_xmloperator = patch(class_xmloperator,
**xmloperator_config,
spec=True)
self.patch_folderoperator = patch(class_folderoperator,
**folderoperator_config,
spec=True)
self.patch_useroperator = patch(class_useroperator,
**useroperator_config,
spec=True)
self.MockedParser = self.patch_parser.start()
self.MockedOperator = self.patch_operator.start()
self.MockedXMLOperator = self.patch_xmloperator.start()
self.MockedFolderOperator = self.patch_folderoperator.start()
self.MockedUserOperator = self.patch_useroperator.start()
# Set up authentication
request = get_request_with_fernet()
request.app["Crypt"] = self.client.app["Crypt"]
cookie, cookiestring = generate_cookie(request)
self.client.app["Session"] = {
cookie["id"]: {
"access_token": "mock_token_value",
"user_info": {}
}
}
self.client._session.cookie_jar.update_cookies(
{"MTD_SESSION": cookiestring})
