5 |
5 |
import os
|
6 |
6 |
import time
|
7 |
7 |
import urllib.parse
|
|
8 |
from functools import partial
|
8 |
9 |
from unittest import mock
|
9 |
10 |
|
10 |
11 |
import pytest
|
... | ... | |
12 |
13 |
from quixote import get_publisher
|
13 |
14 |
|
14 |
15 |
from wcs import fields, qommon
|
|
16 |
from wcs.api_access import ApiAccess
|
15 |
17 |
from wcs.api_utils import sign_url
|
16 |
18 |
from wcs.categories import Category
|
17 |
19 |
from wcs.data_sources import NamedDataSource
|
... | ... | |
66 |
68 |
return user
|
67 |
69 |
|
68 |
70 |
|
|
71 |
def _post_url(url, app, auth, access, user, **kwargs):
|
|
72 |
if auth == 'http-basic':
|
|
73 |
app.set_authorization(('Basic', ('test', '12345')))
|
|
74 |
return app.post(url, **kwargs)
|
|
75 |
else:
|
|
76 |
return app.post(
|
|
77 |
sign_uri(url, user=user, orig=access.access_identifier, key=access.access_key), **kwargs
|
|
78 |
)
|
|
79 |
|
|
80 |
|
|
81 |
def _post_json_url(url, app, auth, access, user, **kwargs):
|
|
82 |
if auth == 'http-basic':
|
|
83 |
app.set_authorization(('Basic', ('test', '12345')))
|
|
84 |
return app.post_json(url, **kwargs)
|
|
85 |
else:
|
|
86 |
return app.post_json(
|
|
87 |
sign_uri(url, user=user, orig=access.access_identifier, key=access.access_key), **kwargs
|
|
88 |
)
|
|
89 |
|
|
90 |
|
|
91 |
@pytest.fixture
|
|
92 |
def access(pub):
|
|
93 |
ApiAccess.wipe()
|
|
94 |
access = ApiAccess()
|
|
95 |
access.name = 'test'
|
|
96 |
access.access_identifier = 'test'
|
|
97 |
access.access_key = '12345'
|
|
98 |
access.store()
|
|
99 |
return access
|
|
100 |
|
|
101 |
|
69 |
102 |
def test_formdef_list(pub):
|
70 |
103 |
pub.role_class.wipe()
|
71 |
104 |
role = pub.role_class(name='Foo bar')
|
... | ... | |
481 |
514 |
assert resp.json['err_class'] == 'Invalid request'
|
482 |
515 |
|
483 |
516 |
|
484 |
|
def test_formdef_submit(pub, local_user):
|
|
517 |
@pytest.mark.parametrize('auth', ['signature', 'http-basic'])
|
|
518 |
def test_formdef_submit(pub, local_user, access, auth):
|
485 |
519 |
pub.role_class.wipe()
|
486 |
520 |
role = pub.role_class(name='test')
|
487 |
521 |
role.store()
|
... | ... | |
492 |
526 |
formdef = FormDef()
|
493 |
527 |
formdef.name = 'test'
|
494 |
528 |
formdef.fields = [fields.StringField(id='0', label='foobar')]
|
|
529 |
formdef.backoffice_submission_roles = [role.id]
|
495 |
530 |
formdef.store()
|
496 |
531 |
data_class = formdef.data_class()
|
497 |
532 |
|
498 |
|
resp = get_app(pub).post_json('/api/formdefs/test/submit', {'data': {}}, status=403)
|
499 |
|
assert resp.json['err'] == 1
|
500 |
|
assert resp.json['err_desc'] == 'unsigned API call'
|
|
533 |
app = get_app(pub)
|
|
534 |
post_url = partial(_post_url, app=app, auth=auth, access=access, user=local_user)
|
|
535 |
post_json_url = partial(_post_json_url, app=app, auth=auth, access=access, user=local_user)
|
501 |
536 |
|
502 |
|
def url():
|
503 |
|
signed_url = sign_url(
|
504 |
|
'http://example.net/api/formdefs/test/submit'
|
505 |
|
+ '?format=json&orig=coucou&email=%s' % urllib.parse.quote(local_user.email),
|
506 |
|
'1234',
|
507 |
|
)
|
508 |
|
return signed_url[len('http://example.net') :]
|
|
537 |
if auth == 'http-basic':
|
|
538 |
resp = post_json_url('/api/formdefs/test/submit', params={'data': {}}, status=403)
|
|
539 |
access.roles = [role]
|
|
540 |
access.store()
|
509 |
541 |
|
510 |
|
resp = get_app(pub).post_json(url(), {'data': {}})
|
|
542 |
resp = post_json_url('/api/formdefs/test/submit', params={'data': {}})
|
511 |
543 |
assert resp.json['err'] == 0
|
512 |
544 |
assert resp.json['data']['url'] == ('http://example.net/test/%s/' % resp.json['data']['id'])
|
513 |
545 |
assert resp.json['data']['backoffice_url'] == (
|
... | ... | |
515 |
547 |
)
|
516 |
548 |
assert resp.json['data']['api_url'] == ('http://example.net/api/forms/test/%s/' % resp.json['data']['id'])
|
517 |
549 |
assert data_class.get(resp.json['data']['id']).status == 'wf-new'
|
518 |
|
assert data_class.get(resp.json['data']['id']).user_id == str(local_user.id)
|
|
550 |
if auth == 'signature':
|
|
551 |
assert data_class.get(resp.json['data']['id']).user_id == str(local_user.id)
|
|
552 |
else:
|
|
553 |
assert data_class.get(resp.json['data']['id']).user_id is None
|
519 |
554 |
assert data_class.get(resp.json['data']['id']).tracking_code is None
|
520 |
555 |
|
521 |
556 |
local_user2 = get_publisher().user_class()
|
522 |
557 |
local_user2.name = 'Test'
|
523 |
558 |
local_user2.email = 'foo@localhost'
|
524 |
559 |
local_user2.store()
|
525 |
|
resp = get_app(pub).post_json(url(), {'data': {}, 'user': {'NameID': [], 'email': local_user2.email}})
|
|
560 |
resp = post_json_url(
|
|
561 |
'/api/formdefs/test/submit', params={'data': {}, 'user': {'NameID': [], 'email': local_user2.email}}
|
|
562 |
)
|
526 |
563 |
assert data_class.get(resp.json['data']['id']).user.email == local_user2.email
|
527 |
564 |
|
528 |
|
resp = get_app(pub).post(
|
529 |
|
url(), json.dumps({'data': {}}), status=400
|
|
565 |
resp = post_url(
|
|
566 |
'/api/formdefs/test/submit', params=json.dumps({'data': {}}), status=400
|
530 |
567 |
) # missing Content-Type: application/json header
|
531 |
568 |
assert resp.json['err_desc'] == 'expected JSON but missing appropriate content-type'
|
532 |
569 |
|
533 |
570 |
# check qualified content type are recognized
|
534 |
|
resp = get_app(pub).post(url(), json.dumps({'data': {}}), content_type='application/json; charset=utf-8')
|
|
571 |
resp = post_url(
|
|
572 |
'/api/formdefs/test/submit',
|
|
573 |
params=json.dumps({'data': {}}),
|
|
574 |
content_type='application/json; charset=utf-8',
|
|
575 |
)
|
535 |
576 |
assert resp.json['data']['url']
|
536 |
577 |
|
537 |
578 |
formdef.disabled = True
|
538 |
579 |
formdef.store()
|
539 |
|
resp = get_app(pub).post_json(url(), {'data': {}}, status=403)
|
|
580 |
resp = post_json_url('/api/formdefs/test/submit', params={'data': {}}, status=403)
|
540 |
581 |
assert resp.json['err'] == 1
|
541 |
582 |
assert resp.json['err_desc'] == 'disabled form'
|
542 |
583 |
|
543 |
584 |
formdef.disabled = False
|
|
585 |
formdef.backoffice_submission_roles = []
|
544 |
586 |
formdef.store()
|
545 |
|
resp = get_app(pub).post_json(url(), {'meta': {'backoffice-submission': True}, 'data': {}}, status=403)
|
|
587 |
resp = post_json_url(
|
|
588 |
'/api/formdefs/test/submit', params={'meta': {'backoffice-submission': True}, 'data': {}}, status=403
|
|
589 |
)
|
546 |
590 |
formdef.backoffice_submission_roles = ['xx']
|
547 |
591 |
formdef.store()
|
548 |
|
resp = get_app(pub).post_json(url(), {'meta': {'backoffice-submission': True}, 'data': {}}, status=403)
|
|
592 |
resp = post_json_url(
|
|
593 |
'/api/formdefs/test/submit', params={'meta': {'backoffice-submission': True}, 'data': {}}, status=403
|
|
594 |
)
|
549 |
595 |
formdef.backoffice_submission_roles = [role.id]
|
550 |
596 |
formdef.store()
|
551 |
|
resp = get_app(pub).post_json(url(), {'meta': {'backoffice-submission': True}, 'data': {}})
|
|
597 |
if auth == 'http-basic':
|
|
598 |
access.roles = [role]
|
|
599 |
access.store()
|
|
600 |
resp = post_json_url(
|
|
601 |
'/api/formdefs/test/submit', params={'meta': {'backoffice-submission': True}, 'data': {}}
|
|
602 |
)
|
552 |
603 |
assert data_class.get(resp.json['data']['id']).status == 'wf-new'
|
553 |
604 |
assert data_class.get(resp.json['data']['id']).backoffice_submission is True
|
554 |
605 |
assert data_class.get(resp.json['data']['id']).user_id is None
|
555 |
|
assert data_class.get(resp.json['data']['id']).submission_agent_id == str(local_user.id)
|
|
606 |
if auth == 'signature':
|
|
607 |
assert data_class.get(resp.json['data']['id']).submission_agent_id == str(local_user.id)
|
|
608 |
else:
|
|
609 |
assert data_class.get(resp.json['data']['id']).submission_agent_id is None
|
556 |
610 |
|
557 |
611 |
formdef.enable_tracking_codes = True
|
558 |
612 |
formdef.store()
|
559 |
|
resp = get_app(pub).post_json(url(), {'data': {}})
|
|
613 |
resp = post_json_url('/api/formdefs/test/submit', params={'data': {}})
|
560 |
614 |
assert data_class.get(resp.json['data']['id']).tracking_code
|
561 |
615 |
|
562 |
|
resp = get_app(pub).post_json(url(), {'meta': {'draft': True}, 'data': {}})
|
|
616 |
resp = post_json_url('/api/formdefs/test/submit', params={'meta': {'draft': True}, 'data': {}})
|
563 |
617 |
assert data_class.get(resp.json['data']['id']).status == 'draft'
|
564 |
618 |
|
565 |
|
resp = get_app(pub).post_json(
|
566 |
|
url(),
|
567 |
|
{
|
|
619 |
resp = post_json_url(
|
|
620 |
'/api/formdefs/test/submit',
|
|
621 |
params={
|
568 |
622 |
'meta': {'backoffice-submission': True},
|
569 |
623 |
'data': {},
|
570 |
624 |
'context': {'channel': 'mail', 'comments': 'blah'},
|
... | ... | |
642 |
696 |
formdef.store()
|
643 |
697 |
data_class = formdef.data_class()
|
644 |
698 |
|
645 |
|
resp = get_app(pub).post_json('/api/formdefs/test/submit', {'data': {}}, status=403)
|
646 |
|
assert resp.json['err'] == 1
|
647 |
|
assert resp.json['err_desc'] == 'unsigned API call'
|
648 |
|
|
649 |
699 |
signed_url = sign_url(
|
650 |
700 |
'http://example.net/api/formdefs/test/submit'
|
651 |
701 |
+ '?format=json&orig=coucou&email=%s' % urllib.parse.quote(local_user.email),
|