10 |
10 |
import time
|
11 |
11 |
|
12 |
12 |
from quixote import cleanup, get_publisher
|
|
13 |
from wcs.qommon.http_request import HTTPRequest
|
13 |
14 |
from wcs.qommon.form import PicklableUpload
|
14 |
15 |
from wcs.users import User
|
15 |
16 |
from wcs.roles import Role
|
... | ... | |
19 |
20 |
from wcs import fields
|
20 |
21 |
from wcs.api import sign_url
|
21 |
22 |
|
22 |
|
from utilities import get_app, create_temporary_pub
|
|
23 |
from utilities import get_app, create_temporary_pub, clean_temporary_pub
|
23 |
24 |
|
24 |
|
pub, req, app_dir = None, None, None
|
|
25 |
def pytest_generate_tests(metafunc):
|
|
26 |
if 'pub' in metafunc.fixturenames:
|
|
27 |
metafunc.parametrize('pub', ['pickle', 'sql'], indirect=True)
|
25 |
28 |
|
|
29 |
@pytest.fixture
|
|
30 |
def pub(request):
|
|
31 |
pub = create_temporary_pub(sql_mode=(request.param == 'sql'))
|
26 |
32 |
|
27 |
|
def setup_module(module):
|
28 |
|
cleanup()
|
29 |
|
|
30 |
|
global pub, req, app_dir
|
31 |
|
pub = create_temporary_pub()
|
|
33 |
req = HTTPRequest(None, {'SCRIPT_NAME': '/', 'SERVER_NAME': 'example.net'})
|
|
34 |
pub.set_app_dir(req)
|
|
35 |
pub.cfg['identification'] = {'methods': ['password']}
|
32 |
36 |
pub.cfg['language'] = {'language': 'en'}
|
33 |
37 |
pub.write_cfg()
|
34 |
38 |
|
... | ... | |
37 |
41 |
coucou = 1234
|
38 |
42 |
''')
|
39 |
43 |
|
|
44 |
return pub
|
|
45 |
|
40 |
46 |
def teardown_module(module):
|
41 |
|
global pub
|
42 |
|
shutil.rmtree(pub.APP_DIR)
|
|
47 |
clean_temporary_pub()
|
43 |
48 |
|
44 |
49 |
|
45 |
50 |
@pytest.fixture
|
46 |
51 |
def local_user():
|
47 |
|
User.wipe()
|
48 |
|
user = User()
|
|
52 |
get_publisher().user_class.wipe()
|
|
53 |
user = get_publisher().user_class()
|
49 |
54 |
user.name = 'Jean Darmette'
|
50 |
55 |
user.email = 'jean.darmette@triffouilis.fr'
|
51 |
56 |
user.store()
|
... | ... | |
66 |
71 |
hashlib.sha256).digest()))
|
67 |
72 |
return urlparse.urlunparse((scheme, netloc, path, params, query, fragment))
|
68 |
73 |
|
69 |
|
def test_user_page_redirect():
|
|
74 |
def test_user_page_redirect(pub):
|
70 |
75 |
output = get_app(pub).get('/user')
|
71 |
76 |
assert output.headers.get('location') == 'http://example.net/myspace/'
|
72 |
77 |
|
73 |
|
def test_user_page_error_when_json_and_no_user():
|
|
78 |
def test_user_page_error_when_json_and_no_user(pub):
|
74 |
79 |
output = get_app(pub).get('/api/user/?format=json', status=403)
|
75 |
80 |
assert output.json['err_desc'] == 'no user specified'
|
76 |
81 |
|
77 |
|
def test_get_user_from_api_query_string_error_missing_orig():
|
|
82 |
def test_get_user_from_api_query_string_error_missing_orig(pub):
|
78 |
83 |
output = get_app(pub).get('/api/user/?format=json&signature=xxx', status=403)
|
79 |
84 |
assert output.json['err_desc'] == 'missing/multiple orig field'
|
80 |
85 |
|
81 |
|
def test_get_user_from_api_query_string_error_invalid_orig():
|
|
86 |
def test_get_user_from_api_query_string_error_invalid_orig(pub):
|
82 |
87 |
output = get_app(pub).get('/api/user/?format=json&orig=coin&signature=xxx', status=403)
|
83 |
88 |
assert output.json['err_desc'] == 'invalid orig'
|
84 |
89 |
|
85 |
|
def test_get_user_from_api_query_string_error_missing_algo():
|
|
90 |
def test_get_user_from_api_query_string_error_missing_algo(pub):
|
86 |
91 |
output = get_app(pub).get('/api/user/?format=json&orig=coucou&signature=xxx', status=403)
|
87 |
92 |
assert output.json['err_desc'] == 'missing/multiple algo field'
|
88 |
93 |
|
89 |
|
def test_get_user_from_api_query_string_error_invalid_algo():
|
|
94 |
def test_get_user_from_api_query_string_error_invalid_algo(pub):
|
90 |
95 |
output = get_app(pub).get('/api/user/?format=json&orig=coucou&signature=xxx&algo=coin', status=403)
|
91 |
96 |
assert output.json['err_desc'] == 'invalid algo'
|
92 |
97 |
|
93 |
|
def test_get_user_from_api_query_string_error_invalid_signature():
|
|
98 |
def test_get_user_from_api_query_string_error_invalid_signature(pub):
|
94 |
99 |
output = get_app(pub).get('/api/user/?format=json&orig=coucou&signature=xxx&algo=sha1', status=403)
|
95 |
100 |
assert output.json['err_desc'] == 'invalid signature'
|
96 |
101 |
|
97 |
|
def test_get_user_from_api_query_string_error_missing_timestamp():
|
|
102 |
def test_get_user_from_api_query_string_error_missing_timestamp(pub):
|
98 |
103 |
signature = urllib.quote(
|
99 |
104 |
base64.b64encode(
|
100 |
105 |
hmac.new('1234',
|
... | ... | |
103 |
108 |
output = get_app(pub).get('/api/user/?format=json&orig=coucou&algo=sha1&signature=%s' % signature, status=403)
|
104 |
109 |
assert output.json['err_desc'] == 'missing/multiple timestamp field'
|
105 |
110 |
|
106 |
|
def test_get_user_from_api_query_string_error_missing_email():
|
|
111 |
def test_get_user_from_api_query_string_error_missing_email(pub):
|
107 |
112 |
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
108 |
113 |
query = 'format=json&orig=coucou&algo=sha1×tamp=' + timestamp
|
109 |
114 |
signature = urllib.quote(
|
... | ... | |
114 |
119 |
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403)
|
115 |
120 |
assert output.json['err_desc'] == 'no user specified'
|
116 |
121 |
|
117 |
|
def test_get_user_from_api_query_string_error_unknown_nameid():
|
|
122 |
def test_get_user_from_api_query_string_error_unknown_nameid(pub):
|
118 |
123 |
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
119 |
124 |
query = 'format=json&orig=coucou&algo=sha1&NameID=xxx×tamp=' + timestamp
|
120 |
125 |
signature = urllib.quote(
|
... | ... | |
125 |
130 |
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403)
|
126 |
131 |
assert output.json['err_desc'] == 'unknown NameID'
|
127 |
132 |
|
128 |
|
def test_get_user_from_api_query_string_error_missing_email_valid_endpoint():
|
|
133 |
def test_get_user_from_api_query_string_error_missing_email_valid_endpoint(pub):
|
129 |
134 |
# check it's ok to sign an URL without specifiying an user if the endpoint
|
130 |
135 |
# works fine without user.
|
131 |
136 |
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
... | ... | |
140 |
145 |
output = get_app(pub).get('/json?%s&signature=%s' % (query, signature))
|
141 |
146 |
assert output.json == []
|
142 |
147 |
|
143 |
|
def test_get_user_from_api_query_string_error_unknown_nameid_valid_endpoint():
|
|
148 |
def test_get_user_from_api_query_string_error_unknown_nameid_valid_endpoint(pub):
|
144 |
149 |
# check the categories and forms endpoints accept an unknown NameID
|
145 |
150 |
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
146 |
151 |
query = 'format=json&NameID=xxx&orig=coucou&algo=sha1×tamp=' + timestamp
|
... | ... | |
154 |
159 |
output = get_app(pub).get('/json?%s&signature=%s' % (query, signature))
|
155 |
160 |
assert output.json == []
|
156 |
161 |
|
157 |
|
def test_get_user_from_api_query_string_error_success_sha1(local_user):
|
|
162 |
def test_get_user_from_api_query_string_error_success_sha1(pub, local_user):
|
158 |
163 |
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
159 |
164 |
query = 'format=json&orig=coucou&algo=sha1&email=' + urllib.quote(local_user.email) + '×tamp=' + timestamp
|
160 |
165 |
signature = urllib.quote(
|
... | ... | |
165 |
170 |
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature))
|
166 |
171 |
assert output.json['user_display_name'] == u'Jean Darmette'
|
167 |
172 |
|
168 |
|
def test_get_user_from_api_query_string_error_invalid_signature_algo_mismatch(local_user):
|
|
173 |
def test_get_user_from_api_query_string_error_invalid_signature_algo_mismatch(pub, local_user):
|
169 |
174 |
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
170 |
175 |
query = 'format=json&orig=coucou&algo=sha256&email=' + urllib.quote(local_user.email) + '×tamp=' + timestamp
|
171 |
176 |
signature = urllib.quote(
|
... | ... | |
176 |
181 |
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403)
|
177 |
182 |
assert output.json['err_desc'] == 'invalid signature'
|
178 |
183 |
|
179 |
|
def test_get_user_from_api_query_string_error_success_sha256(local_user):
|
|
184 |
def test_get_user_from_api_query_string_error_success_sha256(pub, local_user):
|
180 |
185 |
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
181 |
186 |
query = 'format=json&orig=coucou&algo=sha256&email=' + urllib.quote(local_user.email) + '×tamp=' + timestamp
|
182 |
187 |
signature = urllib.quote(
|
... | ... | |
187 |
192 |
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature))
|
188 |
193 |
assert output.json['user_display_name'] == u'Jean Darmette'
|
189 |
194 |
|
190 |
|
def test_sign_url(local_user):
|
|
195 |
def test_sign_url(pub, local_user):
|
191 |
196 |
signed_url = sign_url(
|
192 |
197 |
'http://example.net/api/user/?format=json&orig=coucou&email=%s' % urllib.quote(local_user.email),
|
193 |
198 |
'1234'
|
... | ... | |
203 |
208 |
url = signed_url[len('http://example.net'):]
|
204 |
209 |
output = get_app(pub).get(url, status=403)
|
205 |
210 |
|
206 |
|
def test_get_user(local_user):
|
|
211 |
def test_get_user(pub, local_user):
|
207 |
212 |
Role.wipe()
|
208 |
213 |
role = Role(name='Foo bar')
|
209 |
214 |
role.store()
|
... | ... | |
219 |
224 |
assert [x['name'] for x in output.json['user_roles']] == ['Foo bar']
|
220 |
225 |
assert [x['slug'] for x in output.json['user_roles']] == ['foo-bar']
|
221 |
226 |
|
222 |
|
def test_get_user_compat_endpoint(local_user):
|
|
227 |
def test_get_user_compat_endpoint(pub, local_user):
|
223 |
228 |
signed_url = sign_url(
|
224 |
229 |
'http://example.net/user?format=json&orig=coucou&email=%s' % urllib.quote(local_user.email),
|
225 |
230 |
'1234'
|
... | ... | |
228 |
233 |
output = get_app(pub).get(url)
|
229 |
234 |
assert output.json['user_display_name'] == u'Jean Darmette'
|
230 |
235 |
|
231 |
|
def test_formdef_list():
|
|
236 |
def test_formdef_list(pub):
|
232 |
237 |
Role.wipe()
|
233 |
238 |
role = Role(name='Foo bar')
|
234 |
239 |
role.id = '14'
|
... | ... | |
258 |
263 |
assert resp1.json[0]['functions']['_receiver']['role']['slug'] == role.slug
|
259 |
264 |
assert resp1.json[0]['functions']['_receiver']['role']['name'] == role.name
|
260 |
265 |
|
261 |
|
def test_formdef_list_redirection():
|
|
266 |
def test_formdef_list_redirection(pub):
|
262 |
267 |
FormDef.wipe()
|
263 |
268 |
formdef = FormDef()
|
264 |
269 |
formdef.name = 'test'
|
... | ... | |
273 |
278 |
assert resp1.json[0]['count'] == 0
|
274 |
279 |
assert resp1.json[0]['redirection'] == True
|
275 |
280 |
|
276 |
|
def test_formdef_schema():
|
|
281 |
def test_formdef_schema(pub):
|
277 |
282 |
FormDef.wipe()
|
278 |
283 |
formdef = FormDef()
|
279 |
284 |
formdef.name = 'test'
|
... | ... | |
287 |
292 |
assert resp.json['fields'][0]['label'] == 'foobar'
|
288 |
293 |
assert resp.json['fields'][0]['type'] == 'string'
|
289 |
294 |
|
290 |
|
def test_formdef_submit(local_user):
|
|
295 |
def test_formdef_submit(pub, local_user):
|
291 |
296 |
Role.wipe()
|
292 |
297 |
role = Role(name='test')
|
293 |
298 |
role.store()
|
... | ... | |
311 |
316 |
resp = get_app(pub).post_json(url, {'data': {}})
|
312 |
317 |
assert resp.json['err'] == 0
|
313 |
318 |
assert data_class.get(resp.json['data']['id']).status == 'wf-new'
|
314 |
|
assert data_class.get(resp.json['data']['id']).user_id == local_user.id
|
|
319 |
assert data_class.get(resp.json['data']['id']).user_id == str(local_user.id)
|
315 |
320 |
assert data_class.get(resp.json['data']['id']).tracking_code is None
|
316 |
321 |
|
317 |
322 |
formdef.disabled = True
|
... | ... | |
350 |
355 |
|
351 |
356 |
data_class.wipe()
|
352 |
357 |
|
353 |
|
def test_categories():
|
|
358 |
def test_categories(pub):
|
354 |
359 |
FormDef.wipe()
|
355 |
360 |
Category.wipe()
|
356 |
361 |
category = Category()
|
... | ... | |
364 |
369 |
formdef = FormDef()
|
365 |
370 |
formdef.name = 'test'
|
366 |
371 |
formdef.category_id = category.id
|
|
372 |
formdef.fields = []
|
367 |
373 |
formdef.store()
|
368 |
374 |
|
369 |
375 |
resp = get_app(pub).get('/api/categories/')
|
... | ... | |
373 |
379 |
assert resp.json['data'][0]['url'] == 'http://example.net/category/'
|
374 |
380 |
assert resp.json['data'][0]['description'] == 'hello world'
|
375 |
381 |
|
376 |
|
def test_categories_formdefs():
|
377 |
|
test_categories()
|
|
382 |
def test_categories_formdefs(pub):
|
|
383 |
test_categories(pub)
|
378 |
384 |
|
379 |
385 |
formdef2 = FormDef()
|
380 |
386 |
formdef2.name = 'other test'
|
381 |
387 |
formdef2.category_id = None
|
|
388 |
formdef2.fields = []
|
382 |
389 |
formdef2.store()
|
383 |
390 |
|
384 |
391 |
resp = get_app(pub).get('/api/categories/category/formdefs/')
|
... | ... | |
391 |
398 |
assert resp.json[0]['redirection'] == False
|
392 |
399 |
|
393 |
400 |
|
394 |
|
def test_formdata(local_user):
|
|
401 |
def test_formdata(pub, local_user):
|
395 |
402 |
NamedDataSource.wipe()
|
396 |
403 |
data_source = NamedDataSource(name='foobar')
|
397 |
404 |
data_source.data_source = {'type': 'formula',
|
... | ... | |
463 |
470 |
assert resp.json['fields']['item_raw'] == '1'
|
464 |
471 |
assert resp.json['fields']['item_structured'] == {'id': '1', 'text': 'foo', 'more': 'XXX'}
|
465 |
472 |
|
466 |
|
def test_user_forms(local_user):
|
|
473 |
def test_user_forms(pub, local_user):
|
467 |
474 |
FormDef.wipe()
|
468 |
475 |
formdef = FormDef()
|
469 |
476 |
formdef.name = 'test'
|
... | ... | |
492 |
499 |
resp = get_app(pub).get(sign_uri('/api/user/forms?full=on', user=local_user))
|
493 |
500 |
assert resp.json[0]['fields']['foobar'] == 'foo@localhost'
|
494 |
501 |
|
495 |
|
def test_user_drafts(local_user):
|
|
502 |
def test_user_drafts(pub, local_user):
|
496 |
503 |
FormDef.wipe()
|
497 |
504 |
formdef = FormDef()
|
498 |
505 |
formdef.name = 'test'
|
... | ... | |
526 |
533 |
assert resp.json[0]['fields']['foobar'] == 'foo@localhost'
|
527 |
534 |
assert 'file' not in resp.json[0]['fields'] # no file export in full lists
|
528 |
535 |
|
529 |
|
def test_api_list_formdata(local_user):
|
|
536 |
def test_api_list_formdata(pub, local_user):
|
530 |
537 |
Role.wipe()
|
531 |
538 |
role = Role(name='test')
|
532 |
539 |
role.store()
|
... | ... | |
605 |
612 |
resp = get_app(pub).get(sign_uri('/api/forms/test/list?filter=all', user=local_user))
|
606 |
613 |
assert len(resp.json) == 30
|
607 |
614 |
|
608 |
|
def test_roles(local_user):
|
|
615 |
def test_roles(pub, local_user):
|
609 |
616 |
Role.wipe()
|
610 |
617 |
role = Role(name='Hello World')
|
611 |
618 |
role.emails = ['toto@example.com', 'zozo@example.com']
|
... | ... | |
629 |
636 |
assert resp.json['data'][0]['emails_to_members'] == False
|
630 |
637 |
assert resp.json['data'][0]['details'] == 'kouign amann'
|
631 |
638 |
|
632 |
|
def test_users(local_user):
|
|
639 |
def test_users(pub, local_user):
|
633 |
640 |
resp = get_app(pub).get('/api/users/', status=403)
|
634 |
641 |
|
635 |
642 |
resp = get_app(pub).get(sign_uri('/api/users/'))
|
636 |
|
-
|