def test_api_view_should_call_sheet_calculate_with_transaction(
self, mock_get_object, mock_transaction
):
mock_sheet = mock_get_object.return_value
mock_sheet.owner = self.user
mock_sheet.allow_json_api_access = True
transaction = Mock()
def wrapper(view):
def inner(*_, **__):
view(*_, **__)
return inner
mock_transaction.commit_manually = wrapper
self.request.method = 'POST'
self.request.POST['api_key'] = mock_sheet.api_key = 'key'
mock_sheet.unjsonify_worksheet.return_value = Worksheet()
response = calculate_and_get_json_for_api(self.request, self.user.username, self.sheet.id)
self.assertEquals(
mock_sheet.calculate.call_args_list,
[((), {})]
)
self.assertCalledOnce(mock_transaction.commit)
def test_api_view_should_return_errors_and_no_values_if_unjsonify_worksheet_result_has_errors(self, mock_get_object):
mock_sheet = mock_get_object.return_value
mock_sheet.owner = self.user
worksheet = Worksheet()
worksheet[1, 3].formula = '=string'
worksheet[1, 3].value = 'test value'
worksheet._usercode_error = {
"message": "I am an error message",
"line": 2
}
mock_sheet.unjsonify_worksheet.side_effect = lambda: worksheet
mock_sheet.allow_json_api_access = True
self.request.method = 'POST'
self.request.POST['api_key'] = mock_sheet.api_key = 'key'
expected_json = {
"usercode_error" : {
"message": "I am an error message",
"line": "2"
}
}
actual = calculate_and_get_json_for_api(self.request, self.user.username, self.sheet.id)
self.assertFalse(mock_sheet.save.called)
self.assertTrue(isinstance(actual, HttpResponse))
self.assertEquals(actual.content, json.dumps(expected_json))
def test_api_view_403s_if_api_access_allowed_but_incorrect_api_key_provided(self):
self.sheet.allow_json_api_access = True
self.sheet.save()
self.request.method = 'POST'
self.request.POST = {'api_key': 'an incorrect key'}
actual = calculate_and_get_json_for_api(self.request, self.sheet.owner.username, self.sheet.id)
self.assertTrue(isinstance(actual, HttpResponseForbidden))
def test_api_view_works_if_correct_api_key_provided_and_access_allowed(self):
self.sheet.allow_json_api_access = True
self.sheet.api_key = 'sekrit'
self.sheet.save()
self.request.method = 'POST'
self.request.POST = {'api_key': 'sekrit'}
actual = calculate_and_get_json_for_api(self.request, self.sheet.owner.username, self.sheet.id)
self.assertTrue(json.loads(actual.content), {'name': self.sheet.name})
def test_api_view_rolls_back_and_reraises_if_get_object_raises_with_uncommitted_changes(
self, mock_get_object_or_404
):
try:
# django.test.TestCase replaces the transaction management functions with nops,
# which is generally useful but breaks this test, as we're checking that the
# exception we raise isn't masked by one in the leave_transaction_management
# saying that there was a pending commit/rollback when the view returned.
restore_transaction_methods()
transaction.commit()
expected_exception = Exception("Expected exception")
def set_dirty_and_raise_exception(*args, **kwargs):
transaction.set_dirty()
raise expected_exception
mock_get_object_or_404.side_effect = set_dirty_and_raise_exception
try:
calculate_and_get_json_for_api(self.request, self.user.username, self.sheet.id)
except Exception, e:
self.assertEquals(e, expected_exception)
else:
def test_api_view_ignores_old_private_key_things(self):
otp = OneTimePad(user=self.user)
otp.save()
otp.creation_time = datetime.today() - timedelta(36000)
otp.save()
guid = otp.guid
self.request.method = 'POST'
self.request.POST = {pk_name: guid}
actual = calculate_and_get_json_for_api(
self.request,
self.sheet.owner.username,
self.sheet.id)
self.assertTrue(isinstance(actual, HttpResponseForbidden))
def test_api_view_erm_checks_private_key_using_correct_filter(
self, mock_Otp):
mock_Otp.objects.filter.return_value = []
guid = self.sheet.create_private_key()
self.request.method = 'POST'
self.request.POST = {pk_name: guid}
actual = calculate_and_get_json_for_api(
self.request,
self.sheet.owner.username,
self.sheet.id)
self.assertCalledOnce(
mock_Otp.objects.filter,
user=self.sheet.owner, guid=guid)
def test_api_view_commits_transaction_even_on_sheet_calculate_exception(
self, mock_get_object, mock_transaction
):
mock_sheet = mock_get_object.return_value
mock_sheet.calculate = self.die
mock_sheet.owner = self.user
mock_sheet.allow_json_api_access = True
self.request.method = 'POST'
self.request.POST['api_key'] = mock_sheet.api_key = 'key'
actual = calculate_and_get_json_for_api(
self.request, self.user.username, self.sheet.id)
self.assertCalledOnce(mock_transaction.commit)
self.assertTrue(isinstance(actual, HttpResponse))
self.assertEquals(actual.content, 'should not be called')
def test_api_view_adds_access_control_header(
self, mock_get_object
):
calculation_result = Worksheet()
calculation_result[1, 3].formula = '=string'
calculation_result[1, 3].value = 'test value'
calculation_result[2, 5].formula = '=int'
calculation_result[2, 5].value = 6
mock_sheet = mock_get_object.return_value
mock_sheet.owner = self.user
mock_sheet.unjsonify_worksheet.side_effect = lambda: calculation_result
mock_sheet.name = 'mock sheet'
mock_sheet.allow_json_api_access = True
self.request.method = 'POST'
self.request.POST['api_key'] = mock_sheet.api_key = 'key'
actual = calculate_and_get_json_for_api(self.request, self.user.username, self.sheet.id)
self.assertEquals(actual['Access-Control-Allow-Origin'], '*')
def test_api_view_should_handle_cell_formula_overrides_from_GET(self, mock_get_object):
mock_sheet = mock_get_object.return_value = Sheet()
mock_sheet.owner = self.user
worksheet = Worksheet()
worksheet[1, 1].formula = 'initial-formula1'
worksheet[2, 1].formula = '222'
worksheet[3, 1].formula = '=B1+111'
mock_sheet.jsonify_worksheet(worksheet)
mock_sheet.name = 'mysheet'
mock_sheet.allow_json_api_access = True
mock_sheet.api_key = 'key'
mock_sheet.save = self.die
self.request.GET = {
u'1,1':u'overriddenformula',
u'D1':u'=B1+222',
'api_key': 'key'
}
self.request.method = 'GET'
response = calculate_and_get_json_for_api(self.request, self.user.username, self.sheet.id)
self.assertTrue(isinstance(response, HttpResponse))
expected_json = {
'name': 'mysheet',
'1' : {
'1': 'overriddenformula',
},
'2': {
'1': 222,
},
'3': {
'1': 333,
},
'4': {
'1': 444,
},
}
self.assertEquals(json.loads(response.content), expected_json)
def test_api_view_works_if_correct_private_key_provided(self):
self.request.method = 'POST'
self.request.POST = {pk_name: self.sheet.create_private_key()}
actual = calculate_and_get_json_for_api(self.request, self.sheet.owner.username, self.sheet.id)
self.assertTrue(json.loads(actual.content), {'name': self.sheet.name})
def test_api_view_returns_403_if_incorrect_private_key_provided(self):
self.request.method = 'POST'
self.request.POST = {pk_name: 'an incorrect key'}
actual = calculate_and_get_json_for_api(self.request, self.sheet.owner.username, self.sheet.id)
self.assertTrue(isinstance(actual, HttpResponseForbidden))
def test_api_view_returns_403_if_neither_private_nor_api_keys_provided(self):
actual = calculate_and_get_json_for_api(self.request, self.sheet.owner.username, self.sheet.id)
self.assertTrue(isinstance(actual, HttpResponseForbidden))
def test_api_view_should_return_404_if_sheet_owner_does_not_match_username_from_url(self):
#standard security test
self.sheet.allow_json_api_access = False
self.sheet.save()
self.request.user = User()
self.assertRaises(Http404, lambda: calculate_and_get_json_for_api(self.request, 'some_random_user', self.sheet.id))
