def test_app_inactive(self):
"""App 被禁用
"""
app_secret = "secret"
app = App(user=self.current_user,
name="fortest", app_secret=app_secret)
self.db.add(app)
self.db.commit()
app_id = str(str(app.app_id))
resp = self.api_post("/app_token", body={
"app_id": app_id,
"app_secret": app_secret,
})
body = get_body_json(resp)
refresh_token = body["data"]["refresh_token"]
del app
app = self.db.query(App).filter_by(app_id=app_id).first()
app.is_active = False
self.db.commit()
resp = self.api_post("/app_token/refresh", body={
"app_id": app_id,
"refresh_token": refresh_token,
})
body = get_body_json(resp)
self.assertEqual(resp.code, 400)
validate_default_error(body)
self.assertEqual(body["status"], "app-inactive")
def test_many_apps(self):
"""有 App
"""
app_total = 12
for i in range(app_total):
app = App(user=self.current_user,
name="testapp" + str(i),
app_secret="secret")
self.db.add(app)
user = User(username="******", password="******")
self.db.add(user)
self.db.add(App(user=user, name="anotherapp", app_secret="secret"))
self.db.commit()
self.assertEqual(self.db.query(App).count(), app_total + 1)
resp = self.api_get("/app")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
self.assertEqual(len(body["data"]), app_total)
self.assertEqual(
sorted([item["name"] for item in body["data"]]),
sorted(["testapp" + str(i) for i in range(app_total)]))
def test_delete_success(self):
"""删除成功
"""
username = "******"
password = "******"
user = User(username=username, password=password)
self.db.add(user)
self.db.commit()
app_total = 12
for i in range(app_total):
app = App(user=user, name="testapp" + str(i), app_secret="secret")
self.db.add(app)
self.db.add(
App(user=self.current_user, name="anotherapp",
app_secret="secret"))
self.db.commit()
self.assertEqual(self.db.query(App).count(), app_total + 1)
resp = self.api_delete(f"/user/{user.uuid}")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
del user
self.assertEqual(self.db.query(App).count(), 1)
user = self.db.query(User).filter_by(username=username).first()
self.assertIsNone(user)
def test_update_success(self):
"""更新成功
"""
app = App(user=self.current_user, name="app", app_secret="secret")
self.db.add(app)
self.db.commit()
app_id = str(app.app_id)
app_secret = "secret:new"
request_body = {
"name": app.name + ":new",
"app_secret": app_secret,
"summary": "add summary",
"description": "add description",
"is_active": False,
}
self.assertEqual(app.is_active, True)
resp = self.api_post(f"/app/{app_id}", body=request_body)
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
del app
app = self.db.query(App).filter_by(app_id=app_id).one()
self.assertEqual(app.validate_secret(app_secret), True)
self.assertEqual(app.name, request_body["name"])
self.assertEqual(app.summary, request_body["summary"])
self.assertEqual(app.description, request_body["description"])
self.assertEqual(app.is_active, request_body["is_active"])
def test_name_exist(self):
"""App 名称存在
"""
app1 = App(user=self.current_user, name="app1", app_secret="secret")
self.db.add(app1)
app2 = App(user=self.current_user, name="app2", app_secret="secret")
self.db.add(app2)
self.db.commit()
resp = self.api_post(f"/app/{app1.app_id}", body={"name": app2.name})
body = get_body_json(resp)
self.assertEqual(resp.code, 400)
validate_default_error(body)
self.assertEqual(body["status"], "name-exist")
def run(self):
db = dbc.session()
admin = db.query(User).filter_by(
username=settings.ADMIN_USERNAME).first()
if not admin:
logging.error("can not find admin account (%s)",
settings.ADMIN_USERNAME)
return
app_name = "adminapp"
app_secret = randomstring(32)
app = db.query(App).filter(
and_(App.user_id == admin.id, App.name == app_name)).first()
if app:
app.set_secret(app_secret)
else:
app = App(user=admin, name=app_name, app_secret=app_secret)
db.add(app)
db.commit()
print(f"Update admin app success:\n"
f"username={admin.username}\n"
f"user_id={admin.uuid}\n"
f"app_id={app.app_id}\n"
f"app_secret={app_secret}")
def test_refresh_token_success(self):
"""刷新成功
"""
app_secret = "secret"
app = App(user=self.current_user,
name="fortest", app_secret=app_secret)
self.db.add(app)
self.db.commit()
app_id = str(str(app.app_id))
resp = self.api_post("/app_token", body={
"app_id": app_id,
"app_secret": app_secret,
})
body = get_body_json(resp)
refresh_token = body["data"]["refresh_token"]
resp = self.api_post("/app_token/refresh", body={
"app_id": app_id,
"refresh_token": refresh_token,
})
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
spec = self.rs.post_token_refresh.op_spec["responses"]["200"]["schema"]
api.validate_object(spec, body)
data = body["data"]
payload = decode_token(data["access_token"])
self.assertEqual(payload["uid"], str(self.current_user.uuid))
def test_session_is_expired(self):
"""会话过期
"""
app_secret = "secret"
app = App(user=self.current_user,
name="fortest", app_secret=app_secret)
self.db.add(app)
self.db.commit()
app_id = str(str(app.app_id))
resp = self.api_post("/app_token", body={
"app_id": app_id,
"app_secret": app_secret,
})
body = get_body_json(resp)
refresh_token = body["data"]["refresh_token"]
session = self.db.query(AppSession).filter_by(
refresh_token=refresh_token).first()
session.expires_in = datetime.datetime.utcnow()
self.db.commit()
resp = self.api_post("/app_token/refresh", body={
"app_id": app_id,
"refresh_token": refresh_token,
})
body = get_body_json(resp)
self.assertEqual(resp.code, 400)
validate_default_error(body)
self.assertEqual(body["status"], "is-expired")
def test_view_success(self):
"""查看成功
"""
app = App(user=self.current_user,
name="app",
app_secret="secret",
summary="summary",
description="description")
self.db.add(app)
self.db.commit()
resp = self.api_get(f"/app/{app.app_id}")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
spec = self.rs.get_app_id.op_spec["responses"]["200"]["schema"]
api.validate_object(spec, body)
data = body["data"]
self.assertEqual(data["app_id"], str(app.app_id))
self.assertEqual(data["name"], app.name)
self.assertEqual(data["summary"], app.summary)
self.assertEqual(data["description"], app.description)
self.assertEqual(data["is_active"], app.is_active)
def test_app_inactive(self):
"""App 被禁用
"""
app_secret = "secret"
app = App(user=self.current_user,
name="fortest", app_secret=app_secret)
app.is_active = False
self.db.add(app)
self.db.commit()
resp = self.api_post("/app_token", body={
"app_id": str(app.app_id),
"app_secret": app_secret,
})
body = get_body_json(resp)
self.assertEqual(resp.code, 400)
validate_default_error(body)
self.assertEqual(body["status"], "app-inactive")
def test_name_exist(self):
"""App 名称已经存在
"""
app = App(user=self.current_user, name="fortest", app_secret="secret")
self.db.add(app)
self.db.commit()
resp = self.api_post("/app", body={"name": app.name})
body = get_body_json(resp)
self.assertEqual(resp.code, 400)
validate_default_error(body)
self.assertEqual(body["status"], "name-exist")
def test_delete_success(self):
"""删除成功
"""
user = User(username="******", password="******")
self.db.add(user)
app1 = App(user=user, name="app1", app_secret="secret")
self.db.add(app1)
app2 = App(user=self.current_user, name="app2", app_secret="secret")
self.db.add(app2)
self.db.commit()
app2_id = str(app2.app_id)
resp = self.api_delete(f"/app/{app2_id}")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
del app2
self.assertEqual(self.db.query(App).count(), 1)
app = self.db.query(App).filter_by(app_id=app2_id).first()
self.assertIsNone(app)
def test_not_my_app(self):
"""不是我的 App
"""
user = User(username="******", password="******")
self.db.add(user)
self.db.commit()
app = App(user=user, name="app", app_secret="secret")
self.db.add(app)
self.db.commit()
resp = self.api_delete(f"/app/{app.app_id}")
self.validate_not_found(resp)
def test_app_secret_invalid(self):
"""app_secret 错误
"""
app = App(user=self.current_user, name="fortest", app_secret="secret")
self.db.add(app)
self.db.commit()
resp = self.api_post("/app_token", body={
"app_id": str(app.app_id),
"app_secret": "wrong",
})
body = get_body_json(resp)
self.assertEqual(resp.code, 400)
validate_default_error(body)
self.assertEqual(body["status"], "incorrect-app-id-or-secret")
def test_refresh_token_invalid(self):
"""无效的 refresh token
"""
app = App(user=self.current_user, name="fortest", app_secret="secret")
self.db.add(app)
self.db.commit()
for token in [None, "", "notexist"]:
resp = self.api_post("/app_token/refresh", body={
"app_id": str(app.app_id),
"refresh_token": token,
})
body = get_body_json(resp)
self.assertEqual(resp.code, 400)
validate_default_error(body)
self.assertEqual(body["status"], "invalid-refresh-token")
def post(self):
"""创建 App
"""
body = self.get_body_json()
name = body["name"]
if self.db.query(App).filter(
and_(App.name == name,
App.user_id == self.current_user.id)).first():
self.fail("name-exist")
return
app = App(user=self.current_user,
name=name,
app_secret=body["app_secret"],
summary=body.get("summary"),
description=body.get("description"),
is_active=body.get("is_active"))
self.db.add(app)
self.db.commit()
self.success(id=str(app.app_id))
