def test_can_set_cookie_on_authentication(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', fullname='Test', id='1')
user.first_login = True
with patch.object(AuthenticateHandler, 'authenticate') as auth_mock:
result = gen.Future()
result.set_result(user)
auth_mock.return_value = result
try:
response = yield self.anonymous_fetch('/authenticate',
method='POST',
body=dumps({
'provider':
'GooglePlus',
'access_token':
'VALID-TOKEN',
}))
except HTTPError, e:
response = e.response
expect(response.code).to_equal(200)
expect(loads(response.body)['first_login']).to_be_true()
expect(loads(response.body)['authenticated']).to_be_true()
expect('HOLMES_AUTH_TOKEN' in response.headers.get(
'Set-Cookie')).to_equal(True)
def test_can_update_by_user(self):
user = UserFactory.create()
key = KeyFactory.create(name='some.random')
pref = UsersViolationsPrefsFactory.create(user=user,
key=key,
is_active=True)
data = [{
'key': pref.key.name,
'is_active': False
}, {
'key': 'blah',
'is_active': False
}]
UsersViolationsPrefs.update_by_user(self.db, user, data)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(1)
expect(prefs[0].key.name).to_equal(key.name)
expect(prefs[0].user).to_equal(user)
expect(prefs[0].is_active).to_equal(False)
def test_get_auth_token__success(db, api_client):
password = faker.password()
user = UserFactory.build()
user.set_password(password)
user.save()
with pytest.raises(Token.DoesNotExist):
Token.objects.get(user_id=user.id)
# first create
response = api_client.post(
reverse('auth-token'),
data={
'username': user.username,
'password': password
}
)
token = Token.objects.get(user_id=user.id)
assert response.status_code == 200
assert response.data['token'] == token.key
# get exists
response = api_client.post(
reverse('auth-token'),
data={
'username': user.username,
'password': password
}
)
assert response.status_code == 200
assert response.data['token'] == token.key
def test_can_authenticate_existent_user(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**')
with patch.object(AuthenticateHandler,
'authenticate_on_google') as auth_mock:
result = gen.Future()
result.set_result({
'email': '*****@*****.**',
'fullname': 'Test',
'id': '12345'
})
auth_mock.return_value = result
try:
response = yield self.anonymous_fetch('/authenticate',
method='POST',
body=dumps({
'provider':
'GooglePlus',
'access_token':
'VALID-TOKEN',
}))
except HTTPError, e:
response = e.response
expect(response.code).to_equal(200)
expect(loads(response.body)['first_login']).to_be_false()
expect(loads(response.body)['authenticated']).to_be_true()
expect(user).not_to_be_null()
def test_can_save_prefs(self):
user = UserFactory.create(is_superuser=True)
key1 = KeyFactory.create(name='some.random.1')
key2 = KeyFactory.create(name='some.random.2')
UsersViolationsPrefsFactory.create(user=user, key=key1, is_active=True)
UsersViolationsPrefsFactory.create(user=user, key=key2, is_active=False)
loaded_prefs = UsersViolationsPrefs.get_prefs(self.db, user)
expect(loaded_prefs).to_length(2)
expect(loaded_prefs).to_be_like({
'some.random.1': True,
'some.random.2': False
})
yield self.authenticated_fetch(
'/users/violations-prefs/',
user_email=user.email,
method='POST',
body=dumps([
{'key': 'some.random.1', 'is_active': False},
{'key': 'some.random.2', 'is_active': True},
])
)
loaded_prefs = UsersViolationsPrefs.get_prefs(self.db, user)
expect(loaded_prefs).to_length(2)
expect(loaded_prefs).to_be_like({
'some.random.1': False,
'some.random.2': True
})
def test_can_save_prefs_as_superuser(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
domain = DomainFactory.create(name='globo.com')
key = KeyFactory.create(name='some.random')
DomainsViolationsPrefsFactory.create(domain=domain, key=key, value=100)
loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
self.db, domain.name)
expect(loaded_prefs).to_length(1)
expect(loaded_prefs[0]).to_be_like({
'value': 100,
'key': 'some.random'
})
yield self.authenticated_fetch('/domains/%s/violations-prefs/' %
domain.name,
user_email=user.email,
method='POST',
body=dumps([
{
'key': 'some.random',
'value': 10
},
]))
loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
self.db, domain.name)
expect(loaded_prefs).to_length(1)
expect(loaded_prefs[0]).to_be_like({'value': 10, 'key': 'some.random'})
def test_cant_save_prefs_as_normal_user(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=False)
domain = DomainFactory.create(name='globo.com')
key = KeyFactory.create(name='some.random')
DomainsViolationsPrefsFactory.create(domain=domain, key=key, value=100)
loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
self.db, domain.name)
expect(loaded_prefs).to_length(1)
expect(loaded_prefs[0]).to_be_like({
'value': 100,
'key': 'some.random'
})
try:
yield self.authenticated_fetch('/domains/%s/violations-prefs/' %
domain.name,
user_email=user.email,
method='POST',
body=dumps([
{
'key': 'some.random',
'value': 10
},
]))
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(401)
expect(e.response.reason).to_be_like('Unauthorized')
def test_can_convert_user_to_dict(self):
user = UserFactory.create()
user_dict = user.to_dict()
expect(user_dict['fullname']).to_equal(user.fullname)
expect(user_dict['email']).to_equal(user.email)
expect(user_dict['is_superuser']).to_equal(user.is_superuser)
expect(user_dict['last_login']).to_equal(user.last_login)
def test_can_verify_authenticated_request_as_superuser(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
response = yield self.authenticated_fetch('/authenticate',
user_email=user.email)
expect(response.code).to_equal(200)
response_body = loads(response.body)
expect(response_body['authenticated']).to_be_true()
expect(response_body['isSuperUser']).to_be_true()
def test_can_get_user_by_email(self):
self.db.query(User).delete()
user = UserFactory.create()
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
invalid_user = User.by_email('*****@*****.**', self.db)
expect(invalid_user).to_be_null()
def test_can_get_user_locale(self):
user = UserFactory.create(locale='pt_BR')
response = yield self.authenticated_fetch('/users/locale/',
user_email=user.email)
expect(response.code).to_equal(200)
locale_data = loads(response.body)
expect(locale_data.get('locale')).to_equal('pt_BR')
def test_can_create_user(self):
user = UserFactory.create()
expect(str(user)).to_be_like('%s' % user.email)
expect(user.id).not_to_be_null()
expect(user.fullname).to_equal('Marcelo Jorge Vieira')
expect(user.email).to_equal('*****@*****.**')
expect(user.is_superuser).to_equal(True)
last_login = datetime(2013, 12, 11, 10, 9, 8)
expect(user.last_login).to_be_like(last_login)
def test_can_update_locale(self):
user = UserFactory.create(locale='es_ES')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('es_ES')
User.update_locale(self.db, user, 'pt_BR')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('pt_BR')
def test_can_set_cookie_on_authentication(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', fullname='Test', id='1')
user.first_login = True
with patch.object(AuthenticateHandler, 'authenticate') as auth_mock:
result = gen.Future()
result.set_result(user)
auth_mock.return_value = result
try:
response = yield self.anonymous_fetch(
'/authenticate', method='POST', body=dumps({
'provider': 'GooglePlus',
'access_token': 'VALID-TOKEN',
})
)
except HTTPError, e:
response = e.response
expect(response.code).to_equal(200)
expect(loads(response.body)['first_login']).to_be_true()
expect(loads(response.body)['authenticated']).to_be_true()
expect('HOLMES_AUTH_TOKEN' in response.headers.get('Set-Cookie')).to_equal(True)
def test_can_get_prefs(self):
user = UserFactory.create()
key1 = KeyFactory.create()
key2 = KeyFactory.create()
UsersViolationsPrefs.insert_pref(self.db, user, key1, True)
UsersViolationsPrefs.insert_pref(self.db, user, key2, False)
data = UsersViolationsPrefs.get_prefs(self.db, user)
expect(data).to_length(2)
expect(data).to_be_like({key1.name: True, key2.name: False})
def test_can_get_user_locale(self):
user = UserFactory.create(locale='pt_BR')
response = yield self.authenticated_fetch(
'/users/locale/',
user_email=user.email
)
expect(response.code).to_equal(200)
locale_data = loads(response.body)
expect(locale_data.get('locale')).to_equal('pt_BR')
def test_authenticate(db):
user = UserFactory.build()
password = faker.password()
user.set_password(password)
user.save()
assert authenticate(username=user.username, password=password) == user
assert authenticate(username=user.username) == None
assert authenticate(password=password) == None
assert authenticate(username=faker.user_name(), password=password) == None
assert authenticate(username=user.email, password=password) == user
assert authenticate(username=user.email) == None
assert authenticate(username=faker.email(), password=password) == None
def test_can_get_prefs(self):
user = UserFactory.create()
key1 = KeyFactory.create()
key2 = KeyFactory.create()
UsersViolationsPrefs.insert_pref(self.db, user, key1, True)
UsersViolationsPrefs.insert_pref(self.db, user, key2, False)
data = UsersViolationsPrefs.get_prefs(self.db, user)
expect(data).to_length(2)
expect(data).to_be_like(
{key1.name: True, key2.name: False}
)
def test_can_get_prefs(self):
user = UserFactory.create()
key1 = KeyFactory.create(name='some.random.1')
key2 = KeyFactory.create(name='some.random.2')
UsersViolationsPrefsFactory.create(user=user, key=key1, is_active=True)
UsersViolationsPrefsFactory.create(user=user, key=key2, is_active=False)
self.server.application.violation_definitions = {
'some.random.1': {
'title': 'some random 1',
'category': 'SEO',
'generic_description': 'my some random 1'
},
'some.random.2': {
'title': 'some random 2',
'category': 'HTTP',
'generic_description': 'my some random 2'
}
}
response = yield self.authenticated_fetch(
'/users/violations-prefs/',
user_email=user.email
)
expect(response.code).to_equal(200)
prefs = loads(response.body)
expect(prefs).to_length(2)
expect(prefs[0]).to_length(5)
expect(prefs[1]).to_length(5)
expect(prefs).to_be_like([{
'category': 'SEO',
'is_active': True,
'name': 'some random 1',
'key': u'some.random.1',
'description': u'my some random 1'
}, {
'category': 'HTTP',
'is_active': False,
'name': 'some random 2',
'key': u'some.random.2',
'description': u'my some random 2'
}])
def test_can_insert_prefs(self):
user = UserFactory.create()
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(0)
items = []
for x in range(3):
name = 'key-test-%d' % x
KeyFactory.create(name=name)
items.append(name)
UsersViolationsPrefs.insert_prefs(self.db, user, items)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(3)
def test_cant_delete_nonexistent_limiter_as_superuser(self):
self.db.query(Limiter).delete()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
try:
yield self.authenticated_fetch('/limiters/1',
user_email=user.email,
method='DELETE')
except HTTPError, e:
expected = {'reason': 'Not Found', 'description': 'Not Found'}
expect(e).not_to_be_null()
expect(e.code).to_equal(404)
expect(e.response.reason).to_equal('Not Found')
expect(loads(e.response.body)).to_equal(expected)
def test_cant_save_limiters_with_empty_values_as_superuser(self):
self.db.query(Limiter).delete()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
try:
yield self.authenticated_fetch('/limiters',
user_email=user.email,
method='POST',
body='{}')
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(400)
expect(e.response.body).to_equal(
'{"reason":"Not url or value","description":"Not url or value"}'
)
def test_cant_save_limiters_as_normal_user(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=False)
try:
yield self.authenticated_fetch('/limiters',
user_email=user.email,
method='POST',
body=dumps({
'url': 'http://globo.com/',
'maxValue': 10
}))
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(401)
expect(e.response.reason).to_be_like('Unauthorized')
def test_can_insert_prefs(self):
user = UserFactory.create()
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(0)
items = []
for x in range(3):
name = 'key-test-%d' % x
KeyFactory.create(name=name)
items.append(name)
UsersViolationsPrefs.insert_prefs(self.db, user, items)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(3)
def test_user_can_sign_in_and_sign_out(self, service):
cases = (UserFactory.ROLE_ADMIN, UserFactory.ROLE_USER)
with app.test_client() as client:
for case in cases:
user = UserFactory.get_user(role=case)
service.return_value = user
# step 1 log in
r_in = client.get('/sign_in', follow_redirects=True)
self.assertIn(bytes(user.full_name, 'utf8'), r_in.data)
self.assertIn(b'Sign out', r_in.data)
# step 2 log out
r_out = client.get('/sign_out', follow_redirects=True)
self.assertNotIn(bytes(user.full_name, 'utf8'), r_out.data)
self.assertIn(b'Sign in', r_out.data)
def test_can_update_by_user_with_no_data(self):
user = UserFactory.create()
key = KeyFactory.create(name='some.random')
UsersViolationsPrefsFactory.create(user=user, key=key, is_active=True)
data = []
UsersViolationsPrefs.update_by_user(self.db, user, data)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(1)
expect(prefs[0].key.name).to_equal(key.name)
expect(prefs[0].user).to_equal(user)
expect(prefs[0].is_active).to_equal(True)
def test_can_update_by_user_with_no_data(self):
user = UserFactory.create()
key = KeyFactory.create(name='some.random')
UsersViolationsPrefsFactory.create(user=user, key=key, is_active=True)
data = []
UsersViolationsPrefs.update_by_user(self.db, user, data)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(1)
expect(prefs[0].key.name).to_equal(key.name)
expect(prefs[0].user).to_equal(user)
expect(prefs[0].is_active).to_equal(True)
def test_cant_delete_limiter_as_normal_user(self):
self.db.query(Limiter).delete()
limiter = LimiterFactory.create()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=False)
loaded_limiter = Limiter.by_id(limiter.id, self.db)
expect(loaded_limiter).not_to_be_null()
try:
yield self.authenticated_fetch('/limiters/%d' % limiter.id,
user_email=user.email,
method='DELETE')
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(401)
expect(e.response.reason).to_be_like('Unauthorized')
def test_can_delete_limiter_as_superuser(self):
self.db.query(Limiter).delete()
limiter = LimiterFactory.create()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
loaded_limiter = Limiter.by_id(limiter.id, self.db)
expect(loaded_limiter).not_to_be_null()
response = yield self.authenticated_fetch('/limiters/%d' % limiter.id,
user_email=user.email,
method='DELETE')
expect(response.code).to_equal(204)
expect(response.body).to_length(0)
loaded_limiter = Limiter.by_id(limiter.id, self.db)
expect(loaded_limiter).to_be_null()
def test_cant_delete_limiter_with_empty_values_as_superuser(self):
self.db.query(Limiter).delete()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
try:
yield self.authenticated_fetch('/limiters',
user_email=user.email,
method='DELETE')
except HTTPError, e:
expected = {
'reason': 'Invalid data',
'description': 'Invalid data'
}
expect(e).not_to_be_null()
expect(e.code).to_equal(400)
expect(e.response.reason).to_equal('Bad Request')
expect(loads(e.response.body)).to_equal(expected)
def test_can_save_limiters_as_superuser(self):
self.db.query(Limiter).delete()
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
response = yield self.authenticated_fetch('/limiters',
user_email=user.email,
method='POST',
body=dumps({
'url':
'http://globo.com/',
'maxValue': 10
}))
expect(response).not_to_be_null()
expect(response.code).to_equal(200)
loaded_limiter = Limiter.by_url('http://globo.com/', self.db)
expect(loaded_limiter).not_to_be_null()
def test_can_save_prefs_as_normal_user(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=False)
try:
yield self.authenticated_fetch(
'/domains/blah.com/violations-prefs/',
method='POST',
user_email=user.email,
body=dumps([
{
'key': 'some.random',
'value': 10
},
]))
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(401)
expect(e.response.reason).to_be_like('Unauthorized')
expect(e.response.body).to_be_like('Unauthorized')
def test_can_save_user_locale(self):
user = UserFactory.create(locale='pt_BR')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('pt_BR')
response = yield self.authenticated_fetch('/users/locale/',
user_email=user.email,
method='POST',
body=dumps(
{'locale': 'es_ES'}))
expect(response.code).to_equal(200)
expect(loads(response.body)).to_equal('OK')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('es_ES')
def test_can_insert_pref(self):
user = UserFactory.create()
key1 = KeyFactory.create()
key2 = KeyFactory.create()
UsersViolationsPrefs.insert_pref(self.db, user, key1, True)
UsersViolationsPrefs.insert_pref(self.db, user, key2, False)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(2)
expect(prefs[0].key).to_equal(key1)
expect(prefs[0].user).to_equal(user)
expect(prefs[0].is_active).to_equal(True)
expect(prefs[1].key).to_equal(key2)
expect(prefs[1].user).to_equal(user)
expect(prefs[1].is_active).to_equal(False)
def test_can_insert_pref(self):
user = UserFactory.create()
key1 = KeyFactory.create()
key2 = KeyFactory.create()
UsersViolationsPrefs.insert_pref(self.db, user, key1, True)
UsersViolationsPrefs.insert_pref(self.db, user, key2, False)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(2)
expect(prefs[0].key).to_equal(key1)
expect(prefs[0].user).to_equal(user)
expect(prefs[0].is_active).to_equal(True)
expect(prefs[1].key).to_equal(key2)
expect(prefs[1].user).to_equal(user)
expect(prefs[1].is_active).to_equal(False)
def test_can_delete_prefs(self):
user = UserFactory.create()
pref1 = UsersViolationsPrefsFactory.create(user=user)
pref2 = UsersViolationsPrefsFactory.create(user=user)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(2)
items = [pref1.key.name]
UsersViolationsPrefs.delete_prefs(self.db, user, items)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(1)
expect(prefs[0].key.name).to_equal(pref2.key.name)
expect(prefs[0].user).to_equal(pref2.user)
expect(prefs[0].is_active).to_equal(True)
def test_can_save_prefs_for_invalid_domain_as_superuser(self):
self.db.query(User).delete()
user = UserFactory(email='*****@*****.**', is_superuser=True)
try:
yield self.authenticated_fetch(
'/domains/blah.com/violations-prefs/',
method='POST',
user_email=user.email,
body=dumps([
{
'key': 'some.random',
'value': 10
},
]))
except HTTPError, e:
expect(e).not_to_be_null()
expect(e.code).to_equal(404)
expect(e.response.reason).to_equal('Domain blah.com not found')
def test_can_save_user_locale(self):
user = UserFactory.create(locale='pt_BR')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('pt_BR')
response = yield self.authenticated_fetch(
'/users/locale/',
user_email=user.email,
method='POST',
body=dumps({'locale': 'es_ES'})
)
expect(response.code).to_equal(200)
expect(loads(response.body)).to_equal('OK')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('es_ES')
def test_can_update_by_user(self):
user = UserFactory.create()
key = KeyFactory.create(name='some.random')
pref = UsersViolationsPrefsFactory.create(user=user, key=key, is_active=True)
data = [
{'key': pref.key.name, 'is_active': False},
{'key': 'blah', 'is_active': False}
]
UsersViolationsPrefs.update_by_user(self.db, user, data)
prefs = self.db.query(UsersViolationsPrefs).all()
expect(prefs).to_length(1)
expect(prefs[0].key.name).to_equal(key.name)
expect(prefs[0].user).to_equal(user)
expect(prefs[0].is_active).to_equal(False)