49 |
49 |
# {"err_desc": "missing \"message\" in JSON payload"}
|
50 |
50 |
resp = app.post_json(url, {}, status=500)
|
51 |
51 |
assert resp.json['err_desc'] == 'missing "message" in JSON payload'
|
|
52 |
|
|
53 |
def test_access_http_auth(setup):
|
|
54 |
app, oxyd = setup
|
|
55 |
username = 'apiuser'
|
|
56 |
password = '12345'
|
|
57 |
api = ApiUser.objects.create(username=username,
|
|
58 |
fullname='Api User',
|
|
59 |
description='api',
|
|
60 |
keytype='SIGN',
|
|
61 |
key=password)
|
|
62 |
obj_type = ContentType.objects.get_for_model(OxydSMSGateway)
|
|
63 |
|
|
64 |
AccessRight.objects.create(codename='can_send_messages',
|
|
65 |
apiuser=api,
|
|
66 |
resource_type=obj_type,
|
|
67 |
resource_pk=oxyd.pk,
|
|
68 |
)
|
|
69 |
app.authorization = ('Basic', (username, password))
|
|
70 |
resp = app.post_json(reverse('oxyd-send', kwargs={'slug': oxyd.slug}), {},
|
|
71 |
status=500)
|
|
72 |
assert resp.json['err_desc'] == 'missing "message" in JSON payload'
|
|
73 |
|
|
74 |
def test_access_apikey(setup):
|
|
75 |
app, oxyd = setup
|
|
76 |
password = 'apiuser_12345'
|
|
77 |
api = ApiUser.objects.create(username='apiuser',
|
|
78 |
fullname='Api User',
|
|
79 |
description='api',
|
|
80 |
keytype='API',
|
|
81 |
key=password)
|
|
82 |
obj_type = ContentType.objects.get_for_model(OxydSMSGateway)
|
|
83 |
|
|
84 |
AccessRight.objects.create(codename='can_send_messages',
|
|
85 |
apiuser=api,
|
|
86 |
resource_type=obj_type,
|
|
87 |
resource_pk=oxyd.pk,
|
|
88 |
)
|
|
89 |
params = {'message': 'test'}
|
|
90 |
url = (reverse('oxyd-send', kwargs={'slug': oxyd.slug}))
|
|
91 |
resp = app.post_json(url + '?apikey=' + password , params, status=500)
|
|
92 |
assert resp.json['err_desc'] == 'missing "from" in JSON payload'
|
|
93 |
resp = app.post_json(url + '?raise=1&apikey=' + password[:3] , params, status=403)
|
|
94 |
|
|
95 |
def test_access_apiuser_with_no_key(setup):
|
|
96 |
app, oxyd = setup
|
|
97 |
api = ApiUser.objects.create(username='apiuser',
|
|
98 |
fullname='Api User',
|
|
99 |
description='api')
|
|
100 |
obj_type = ContentType.objects.get_for_model(OxydSMSGateway)
|
|
101 |
|
|
102 |
AccessRight.objects.create(codename='can_send_messages',
|
|
103 |
apiuser=api,
|
|
104 |
resource_type=obj_type,
|
|
105 |
resource_pk=oxyd.pk,
|
|
106 |
)
|
|
107 |
params = {'message': 'test', 'from': 'test api'}
|
|
108 |
resp = app.post_json(reverse('oxyd-send', kwargs={'slug': oxyd.slug}),
|
|
109 |
params, status=500)
|
|
110 |
assert resp.json['err_desc'] == 'missing "to" in JSON payload'
|
|
111 |
|
|
112 |
def test_access_apiuser_with_ip_restriction(setup):
|
|
113 |
app, oxyd = setup
|
|
114 |
authorized_ip = '176.31.123.109'
|
|
115 |
api = ApiUser.objects.create(username='apiuser',
|
|
116 |
fullname='Api User',
|
|
117 |
description='api',
|
|
118 |
ipsource=authorized_ip
|
|
119 |
)
|
|
120 |
obj_type = ContentType.objects.get_for_model(OxydSMSGateway)
|
|
121 |
|
|
122 |
AccessRight.objects.create(codename='can_send_messages',
|
|
123 |
apiuser=api,
|
|
124 |
resource_type=obj_type,
|
|
125 |
resource_pk=oxyd.pk,
|
|
126 |
)
|
|
127 |
resp = app.post_json(reverse('oxyd-send', kwargs={'slug': oxyd.slug}) + '?raise=1',
|
|
128 |
{}, extra_environ=[('REMOTE_ADDR', '127.0.0.1')],
|
|
129 |
status=403)
|
|
130 |
|
|
131 |
resp = app.post_json(reverse('oxyd-send', kwargs={'slug': oxyd.slug}),
|
|
132 |
{}, extra_environ=[('REMOTE_ADDR', authorized_ip)],
|
|
133 |
status=500)
|
|
134 |
assert resp.json['err_desc'] == 'missing "message" in JSON payload'
|
52 |
|
-
|