示例#1
0
 def test_random_is_not_authenticated(self):
     # check that doesn't exists some random tokens
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token=utils.random_hash())[0])
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token=utils.random_hash())[0])
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token=utils.random_hash())[0])
     # check that doesn't exists simplest tokens
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token='1')[0])
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token='11')[0])
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token='111')[0])
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token='asd')[0])
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token='qwe')[0])
     self.assertFalse(
         perm_controller.is_authenticated(session=self.session,
                                          token='qwerty')[0])
示例#2
0
文件: env.py 项目: bryazginnn/niffler
def get_test_env():
    return {
        'user': {
            'name': 'test_user1_{}'.format(utils.random_hash(7)),
        },
        'token': {
            'code': 'test_token1_{}'.format(utils.random_hash(7))
        },
        'user2': {
            'name': 'test_user2_{}'.format(utils.random_hash(7)),
        },
        'token2': {
            'code': 'test_token2_{}'.format(utils.random_hash(7))
        },
        'user3': {
            'name': 'test_user3_{}'.format(utils.random_hash(7)),
        },
        'token3': {
            'code': 'test_token3_{}'.format(utils.random_hash(7))
        },
        'group': {
            'name': 'test_group_{}'.format(utils.random_hash(7)),
        },
        'file': {
            'uri': 'test/test_file_{}.ext'.format(utils.random_hash(7)),
        },
        'file_content': 'some text for test file'
    }
示例#3
0
class TestFileController(StandartNifflerControllerTest):
    controller = file_controller
    uri = '{}/{}'.format(random_hash(), random_hash())

    def get_register_kwobj(self, session):
        return {
            'uri': self.uri,
            'owner_id': self.get_test_user().id,
            'groups': [self.get_test_group()]
        }

    def get_remove_kwobj(self, session):
        return {'uri': self.uri}

    def test_remove_not_existing(self):
        self.base_test_remove_ctl(self.session)

    def test_adding_and_removing(self):
        self.base_test_adding_and_removing_ctl(self.session)
示例#4
0
class TestUserController(StandartNifflerControllerTest):
    controller = user_controller
    name = '{}'.format(random_hash())

    def get_register_kwobj(self, session):
        return {'name': self.name, 'groups': [self.get_test_group()]}

    def get_remove_kwobj(self, session):
        return {'name': self.name}

    def test_remove_not_existing(self):
        self.base_test_remove_ctl(self.session)

    def test_adding_and_removing(self):
        self.base_test_adding_and_removing_ctl(self.session)
示例#5
0
class TestTokenController(StandartNifflerControllerTest):
    controller = token_controller
    code = '{}'.format(random_hash())

    def get_register_kwobj(self, session):
        return {'code': self.code, 'user_id': self.get_test_user().id}

    def get_remove_kwobj(self, session):
        return {'code': self.code}

    def test_remove_not_existing(self):
        self.base_test_remove_ctl(self.session)

    def test_adding_and_removing(self):
        self.base_test_adding_and_removing_ctl(self.session)
示例#6
0
 def test_nginx_private_user_case(self):
     file_name = 'test_{}'.format(utils.random_hash())
     uri = '/{}'.format(file_name)
     url = TestNginx.get_real_url(uri)
     headers = {'Authorization': self.test_token.code}
     headers2 = {'Authorization': self.test_token2.code}
     headers3 = {'Authorization': self.test_token3.code}
     data = b'some text'
     data2 = b'some text2'
     # getting not existing file
     self.assert_url(url=url,
                     headers=headers,
                     method='GET',
                     res_http_code=403)  # Forbidden
     # putting file
     self.assert_url(url=url,
                     headers=headers,
                     method='PUT',
                     data=data,
                     res_http_code=201)  # Created
     # getting existing file + check body
     result = self.assert_url(url=url,
                              headers=headers,
                              method='GET',
                              res_http_code=200)  # OK
     self.assertEqual(result.read(), data)
     # others users
     self.assert_url(url=url,
                     headers=headers2,
                     method='GET',
                     res_http_code=403)  # Forbidden
     self.assert_url(url=url,
                     headers=headers3,
                     method='GET',
                     res_http_code=403)  # Forbidden
     # patch - add access to group
     self.assert_url(url=url + '?group=' + self.test_group.name,
                     headers=headers,
                     method='PATCH',
                     res_http_code=200)  # OK
     # others users
     self.assert_url(url=url,
                     headers=headers2,
                     method='GET',
                     res_http_code=200)  # OK
     self.assert_url(url=url,
                     headers=headers3,
                     method='GET',
                     res_http_code=403)  # Forbidden
     # re-putting file
     self.assert_url(url=url,
                     headers=headers,
                     method='PUT',
                     data=data2,
                     res_http_code=204)  # No Content
     # getting new file + check that body has been changed
     result = self.assert_url(url=url,
                              headers=headers,
                              method='GET',
                              res_http_code=200)  # OK
     self.assertEqual(result.read(), data2)
     # delete existing file
     self.assert_url(url=url,
                     headers=headers,
                     method='DELETE',
                     res_http_code=204)  # No Content
     # delete not existing file
     self.assert_url(url=url,
                     headers=headers,
                     method='DELETE',
                     res_http_code=403)  # Forbidden
示例#7
0
    def test_authenticate_GET_PUT_DELETE_others(self):
        uri = utils.random_hash()
        token = self.test_token.code
        token2 = self.test_token2.code
        token3 = self.test_token3.code
        token4 = utils.random_hash()
        self.check_authenticate(code=403,
                                uri=uri,
                                token=token,
                                method='DELETE')
        self.check_authenticate(code=403, uri=uri, token=token, method='GET')
        self.check_authenticate(code=403, uri=uri, token=token, method='PATCH')
        self.check_authenticate(code=200, uri=uri, token=token, method='PUT')
        self.check_authenticate(code=200, uri=uri, token=token, method='PATCH')
        self.check_authenticate(code=200, uri=uri, token=token, method='GET')
        self.check_authenticate(code=403, uri=uri, token=token, method='MOVE')
        self.check_authenticate(code=403, uri=uri, token=token, method='POST')
        self.check_authenticate(code=200,
                                uri=uri,
                                token=token,
                                method='DELETE')
        self.check_authenticate(code=403,
                                uri=uri,
                                token=token,
                                method='DELETE')

        self.check_authenticate(code=403,
                                uri=uri,
                                token=token2,
                                method='DELETE')
        self.check_authenticate(code=403, uri=uri, token=token2, method='GET')
        self.check_authenticate(code=403,
                                uri=uri,
                                token=token2,
                                method='PATCH')
        self.check_authenticate(code=200, uri=uri, token=token2, method='PUT')
        self.check_authenticate(code=200,
                                uri=uri,
                                token=token2,
                                method='PATCH')
        self.check_authenticate(code=200, uri=uri, token=token2, method='GET')
        self.check_authenticate(code=403, uri=uri, token=token2, method='MOVE')
        self.check_authenticate(code=403, uri=uri, token=token2, method='POST')
        self.check_authenticate(code=200,
                                uri=uri,
                                token=token2,
                                method='DELETE')
        self.check_authenticate(code=403,
                                uri=uri,
                                token=token2,
                                method='DELETE')

        self.check_authenticate(code=403,
                                uri=uri,
                                token=token3,
                                method='DELETE')
        self.check_authenticate(code=403, uri=uri, token=token3, method='GET')
        self.check_authenticate(code=403,
                                uri=uri,
                                token=token3,
                                method='PATCH')
        self.check_authenticate(code=200, uri=uri, token=token3, method='PUT')
        self.check_authenticate(code=200,
                                uri=uri,
                                token=token3,
                                method='PATCH')
        self.check_authenticate(code=200, uri=uri, token=token3, method='GET')
        self.check_authenticate(code=403, uri=uri, token=token3, method='MOVE')
        self.check_authenticate(code=403, uri=uri, token=token3, method='POST')
        self.check_authenticate(code=200,
                                uri=uri,
                                token=token3,
                                method='DELETE')
        self.check_authenticate(code=403,
                                uri=uri,
                                token=token3,
                                method='DELETE')

        self.check_authenticate(code=401,
                                uri=uri,
                                token=token4,
                                method='DELETE')
        self.check_authenticate(code=401, uri=uri, token=token4, method='GET')
        self.check_authenticate(code=401,
                                uri=uri,
                                token=token4,
                                method='PATCH')
        self.check_authenticate(code=401, uri=uri, token=token4, method='PUT')
        self.check_authenticate(code=401, uri=uri, token=token4, method='MOVE')
        self.check_authenticate(code=401, uri=uri, token=token4, method='POST')