def test_originAddedToListWhenTenantUpdated(self): tenantWithDifferentAllowedOrigin = copy.deepcopy( TestHelperSuperClass.tenantWithNoAuthProviders) tenantWithDifferentAllowedOrigin["JWTCollectionAllowedOriginList"] = [ "http://h.com", "hyyp://i.com" ] tenantJSON = self.createTenantForTesting( tenantWithDifferentAllowedOrigin) updatedTenantJSON = copy.deepcopy(tenantJSON) updatedTenantJSON["JWTCollectionAllowedOriginList"].append( "http://addedinchange.com") self.updateTenant(tenantDICT=updatedTenantJSON, expectedResults=[200]) requiredOriginList = uniqueCommaSeperatedListClass( TestHelperSuperClass.env["APIAPP_COMMON_ACCESSCONTROLALLOWORIGIN"] + ", http://h.com, hyyp://i.com, http://addedinchange.com").data for x in requiredOriginList: a = self.findCORSReturnVals(constants.masterTenantName, x) self.assertEqual(a.get("Access-Control-Allow-Origin"), x, msg="Failed to return an origin in options call") a = self.findCORSReturnVals(constants.masterTenantName, "http://randomOrigin") self.assertEqual(a.get("Access-Control-Allow-Origin"), None)
def test_simpleCorsCall(self): a = self.findCORSReturnVals(constants.masterTenantName, TestHelperSuperClass.httpOrigin) requiredOriginList = uniqueCommaSeperatedListClass( TestHelperSuperClass.env["APIAPP_COMMON_ACCESSCONTROLALLOWORIGIN"] ).data for x in requiredOriginList: a = self.findCORSReturnVals(constants.masterTenantName, x) self.assertEqual(a.get("Access-Control-Allow-Origin"), x) a = self.findCORSReturnVals(constants.masterTenantName, "http://h.com") self.assertEqual(a.get("Access-Control-Allow-Origin"), None) a = self.findCORSReturnVals(constants.masterTenantName, "hyyp://i.com") self.assertEqual(a.get("Access-Control-Allow-Origin"), None) a = self.findCORSReturnVals(constants.masterTenantName, "http://randomOrigin") self.assertEqual(a.get("Access-Control-Allow-Origin"), None) a = self.findCORSReturnVals(constants.masterTenantName, None) self.assertEqual(a.get("Access-Control-Allow-Origin"), None) a = self.findCORSReturnVals(constants.masterTenantName, "") self.assertEqual(a.get("Access-Control-Allow-Origin"), None)
def test_createAndAddFromListType(self): tl = ["aaa", "aaa2"] tl2 = ["bbb", "bbb2"] obj = uniqueCommaSeperatedListClass(tl) obj.addList(" ") self.assertEqual(obj.toString(),"aaa, aaa2") obj.addList(tl2) self.assertEqual(obj.toString(),"aaa, aaa2, bbb, bbb2")
def test_threeItemList(self): tl = "aaa, aaa2, aaa3" tl2 = "bbb, bbb2,bbb3" obj = uniqueCommaSeperatedListClass(tl) obj.addList(" ") self.assertEqual(obj.toString(),"aaa, aaa2, aaa3") obj.addList(tl2) self.assertEqual(obj.toString(),"aaa, aaa2, aaa3, bbb, bbb2, bbb3")
def test_itemsAreUnique(self): tl = "aaa" tl2 = "aaa" obj = uniqueCommaSeperatedListClass(tl) obj.addList(" ") self.assertEqual(obj.toString(),"aaa") obj.addList(tl2) self.assertEqual(obj.toString(),"aaa")
def test_singleItemList(self): tl = "aaa" tl2 = "bbb" obj = uniqueCommaSeperatedListClass(tl) obj.addList(" ") self.assertEqual(obj.toString(),"aaa") obj.addList(tl2) self.assertEqual(obj.toString(),"aaa, bbb")
def test_twoTenantsCall(self): tenantWithDifferentAllowedOrigin = copy.deepcopy( TestHelperSuperClass.tenantWithNoAuthProviders) tenantWithDifferentAllowedOrigin["JWTCollectionAllowedOriginList"] = [ "http://h.com", "hyyp://i.com" ] tenantJSON = self.createTenantForTesting( tenantWithDifferentAllowedOrigin) #We should not need to call allow auth to have the origin added to list #Getting auth providers for a tennant should cause it's allowed origin entries to be included in cors corsPreflight_helpers #result = self.testClient.get( # self.loginAPIPrefix + '/' + tenantWithDifferentAllowedOrigin["Name"] + '/authproviders', # #headers={"Origin": httpOrigin} # headers=None #aet auth prov should not require an origin header #) #self.assertEqual(result.status_code, 200) requiredOriginList = uniqueCommaSeperatedListClass( TestHelperSuperClass.env["APIAPP_COMMON_ACCESSCONTROLALLOWORIGIN"] + ", http://h.com, hyyp://i.com").data for x in requiredOriginList: a = self.findCORSReturnVals(constants.masterTenantName, x) self.assertEqual(a.get("Access-Control-Allow-Origin"), x, msg="Failed to return an origin in options call") a = self.findCORSReturnVals(constants.masterTenantName, "http://randomOrigin") self.assertEqual(a.get("Access-Control-Allow-Origin"), None) a = self.findCORSReturnVals(constants.masterTenantName, None) self.assertEqual(a.get("Access-Control-Allow-Origin"), None) a = self.findCORSReturnVals(constants.masterTenantName, "") self.assertEqual(a.get("Access-Control-Allow-Origin"), None)
def test_addSingleItemCommaFails(self): tl = "aaa, aaa2, aaa3" obj = uniqueCommaSeperatedListClass(tl) with self.assertRaises(Exception) as context: obj.addItem("ffff,ggggg") #items can have commas self.checkGotRightExceptionType(context,Exception)
def test_addSingleItem(self): tl = "aaa, aaa2, aaa3" obj = uniqueCommaSeperatedListClass(tl) obj.addItem("ffff ggggg") #items can have commas self.assertEqual(obj.toString(),"aaa, aaa2, aaa3, ffff ggggg")
def test_emptyList(self): tl = " " obj = uniqueCommaSeperatedListClass(tl) self.assertEqual(obj.toString(),"")
def test_combineTwoEmptyLists(self): tl = " " obj = uniqueCommaSeperatedListClass(tl) obj.addList(" ") self.assertEqual(obj.toString(),"")
def init(self, env, serverStartTime, testingMode=False): ##self.setupLogging() Comment in when debugging self.TicketManager = ticketManager.ticketManagerClass(appObj=self) self.ApiKeyManager = apiKeyManager.apiKeyManagerClass(appObj=self) authProviders_resetStaticData() self.scheduler = BackgroundScheduler(timezone="UTC") self.defaultUserGUID = str(uuid.uuid4()) if testingMode: self.defaultUserGUID = conDefaultUserGUID self.testingDefaultPersonGUID = conTestingDefaultPersonGUID super(appObjClass, self).init(env, serverStartTime, testingMode, serverinfoapiprefix='public/info') #This app always needs a JWT key if self.APIAPP_JWTSECRET is None: print("ERROR - APIAPP_JWTSECRET should always be set") raise invalidConfigurationException self.APIAPP_MASTERPASSWORDFORPASSHASH = readFromEnviroment( env, 'APIAPP_MASTERPASSWORDFORPASSHASH', None, None).strip() self.APIAPP_DEFAULTHOMEADMINUSERNAME = readFromEnviroment( env, 'APIAPP_DEFAULTHOMEADMINUSERNAME', 'Admin', None).strip() self.APIAPP_DEFAULTHOMEADMINPASSWORD = readFromEnviroment( env, 'APIAPP_DEFAULTHOMEADMINPASSWORD', None, None).strip() #no default must be read in self.APIAPP_JWT_TOKEN_TIMEOUT = int( readFromEnviroment(env, 'APIAPP_JWT_TOKEN_TIMEOUT', 60 * 10, None)) #default to 10 minutes self.APIAPP_REFRESH_TOKEN_TIMEOUT = int( readFromEnviroment(env, 'APIAPP_REFRESH_TOKEN_TIMEOUT', 60 * 60 * 2, None)) #default to 2 hours self.APIAPP_REFRESH_SESSION_TIMEOUT = int( readFromEnviroment(env, 'APIAPP_REFRESH_SESSION_TIMEOUT', 60 * 60 * 12, None)) #default to 12 hours autoconfigraw = readFromEnviroment(env=env, envVarName='APIAPP_AUTOCONFIG', defaultValue='', acceptableValues=None, nullValueAllowed=False).strip() if autoconfigraw == '': self.APIAPP_AUTOCONFIG = None else: try: self.APIAPP_AUTOCONFIG = json.loads(autoconfigraw) except: print("ERROR - APIAPP_AUTOCONFIG is not valid json") raise invalidConfigurationException if self.APIAPP_REFRESH_TOKEN_TIMEOUT < self.APIAPP_JWT_TOKEN_TIMEOUT: print( "ERROR - APIAPP_REFRESH_TOKEN_TIMEOUT should never be less than APIAPP_JWT_TOKEN_TIMEOUT" ) raise invalidConfigurationException if self.APIAPP_REFRESH_SESSION_TIMEOUT < self.APIAPP_REFRESH_TOKEN_TIMEOUT: print( "ERROR - APIAPP_REFRESH_SESSION_TIMEOUT should never be less than APIAPP_REFRESH_SESSION_TIMEOUT" ) raise invalidConfigurationException self.APIAPP_DEFAULTMASTERTENANTJWTCOLLECTIONALLOWEDORIGINFIELD = readFromEnviroment( env, 'APIAPP_DEFAULTMASTERTENANTJWTCOLLECTIONALLOWEDORIGINFIELD', 'http://localhost', None) # add to the baseapp default so allowed origns are in this list and extra vals self.accessControlAllowOriginObj = uniqueCommaSeperatedListClass( self.APIAPP_DEFAULTMASTERTENANTJWTCOLLECTIONALLOWEDORIGINFIELD + ", " + self.accessControlAllowOriginObj.toString()) # print('uniqueCommaSeperatedListClass:', self.accessControlAllowOriginObj.toString()) print('APIAPP_JWT_TOKEN_TIMEOUT:' + str(self.APIAPP_JWT_TOKEN_TIMEOUT) + ' seconds') print('APIAPP_REFRESH_TOKEN_TIMEOUT:' + str(self.APIAPP_REFRESH_TOKEN_TIMEOUT) + ' seconds') print('APIAPP_REFRESH_SESSION_TIMEOUT:' + str(self.APIAPP_REFRESH_SESSION_TIMEOUT) + ' seconds') objectStoreConfigJSON = readFromEnviroment(env, 'APIAPP_OBJECTSTORECONFIG', '{}', None) objectStoreConfigDict = None try: if objectStoreConfigJSON != '{}': objectStoreConfigDict = json.loads(objectStoreConfigJSON) except Exception as err: print(err) # for the repr print(str(err)) # for just the message print(err.args ) # the arguments that the exception has been called with. raise (InvalidObjectStoreConfigInvalidJSONException) self.APIAPP_OBJECTSTOREDETAILLOGGING = readFromEnviroment( env=env, envVarName='APIAPP_OBJECTSTOREDETAILLOGGING', defaultValue='N', acceptableValues=['Y', 'N'], nullValueAllowed=True).strip() if (self.APIAPP_OBJECTSTOREDETAILLOGGING == 'Y'): print( "APIAPP_OBJECTSTOREDETAILLOGGING set to Y - statement logging enabled" ) fns = {'getCurDateTime': self.getCurDateTime} self.objectStore = createObjectStoreInstance( objectStoreConfigDict, fns, detailLogging=(self.APIAPP_OBJECTSTOREDETAILLOGGING == 'Y')) def dbChangingFn(storeConnection): if GetTenant(masterTenantName, storeConnection, appObj=self) is None: print("********No master tenant found - creating********") def someFn(connectionContext): CreateMasterTenant(self, testingMode, storeConnection) storeConnection.executeInsideTransaction(someFn) self.objectStore.executeInsideConnectionContext(dbChangingFn) self.gateway = getGatewayInterface(env, self) self.refreshTokenManager = RefreshTokenManager(self) self.scheduler.start() # Load origins from tenants def dbfn(storeConnection): for curTenant in storeConnection.getAllRowsForObjectType( "tenants", None, None, ""): print("Loading allowed origins for " + curTenant[0]["Name"] + ":" + str(curTenant[0]["JWTCollectionAllowedOriginList"])) appObj.accessControlAllowOriginObj.addList( curTenant[0]["JWTCollectionAllowedOriginList"]) ##return storeConnection.getPaginatedResult("tenants", paginatedParamValues, outputFN) self.objectStore.executeInsideConnectionContext(dbfn) if self.APIAPP_AUTOCONFIG != None: autoConfigRunner = autoConfig.AutoConfigRunner( self.APIAPP_AUTOCONFIG) def configRunnerFn(storeConnection): autoConfigRunner.run(self, storeConnection) self.objectStore.executeInsideTransaction(configRunnerFn) tenantOnAppInit(self)