194 lines
7.2 KiB
Python
194 lines
7.2 KiB
Python
# authentic2 - versatile identity manager
|
|
# Copyright (C) 2010-2019 Entr'ouvert
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from urllib.parse import urlparse
|
|
|
|
import pytest
|
|
from django.urls import reverse
|
|
|
|
from authentic2.a2_rbac.models import Role
|
|
from authentic2.models import APIClient
|
|
|
|
from .utils import login
|
|
|
|
|
|
class TestAuthorization:
|
|
@pytest.fixture
|
|
def app(self, app, user):
|
|
login(app, user)
|
|
return app
|
|
|
|
@pytest.fixture
|
|
def api_client(self, db):
|
|
return APIClient.objects.create(
|
|
name='foo', description='foo-description', identifier='foo-description', password='foo-password'
|
|
)
|
|
|
|
class Mixin:
|
|
status_code = -1
|
|
|
|
def test_list(self, app):
|
|
app.get(reverse('a2-manager-api-clients'), status=self.status_code)
|
|
|
|
def test_add(self, app):
|
|
app.get(reverse('a2-manager-api-client-add'), status=self.status_code)
|
|
|
|
def test_detail(self, app, api_client):
|
|
app.get(
|
|
reverse('a2-manager-api-client-detail', kwargs={'pk': api_client.pk}), status=self.status_code
|
|
)
|
|
|
|
def test_edit(self, app, api_client):
|
|
app.get(
|
|
reverse('a2-manager-api-client-edit', kwargs={'pk': api_client.pk}), status=self.status_code
|
|
)
|
|
|
|
def test_delete(self, app, api_client):
|
|
app.get(
|
|
reverse('a2-manager-api-client-delete', kwargs={'pk': api_client.pk}), status=self.status_code
|
|
)
|
|
|
|
class TestAuthorization(Mixin):
|
|
status_code = 403
|
|
|
|
@pytest.fixture
|
|
def user(self, simple_user):
|
|
return simple_user
|
|
|
|
class TestAuthorizationAdmin(Mixin):
|
|
status_code = 200
|
|
|
|
@pytest.fixture
|
|
def user(self, simple_user):
|
|
simple_user.roles.add(Role.objects.get(ou__isnull=True, slug='_a2-manager-of-api-clients'))
|
|
return simple_user
|
|
|
|
|
|
def test_list_empty(superuser, app):
|
|
resp = login(app, superuser, 'a2-manager-api-clients')
|
|
assert 'There are no API client defined.' in resp.text
|
|
|
|
|
|
def test_list_add_button(superuser, app):
|
|
resp = login(app, superuser, 'a2-manager-api-clients')
|
|
anchor = resp.pyquery('span.actions a[href="%s"]' % reverse('a2-manager-api-client-add'))
|
|
assert anchor.text() == 'Add new API client'
|
|
|
|
|
|
def test_list_show_objects(superuser, app):
|
|
api_client = APIClient.objects.create(
|
|
name='foo', description='foo-description', identifier='foo-description', password='foo-password'
|
|
)
|
|
url = '/manage/api-clients/%s/' % api_client.pk
|
|
resp = login(app, superuser, 'a2-manager-api-clients')
|
|
anchor = resp.pyquery('div.content ul.objects-list a[href="%s"]' % url)
|
|
assert anchor.text() == 'foo (foo-description)'
|
|
|
|
|
|
def test_add(superuser, app):
|
|
assert APIClient.objects.count() == 0
|
|
role_1 = Role.objects.create(name='role-1')
|
|
role_2 = Role.objects.create(name='role-2')
|
|
resp = login(app, superuser, 'a2-manager-api-client-add')
|
|
form = resp.form
|
|
# password is prefilled
|
|
assert form.get('password').value
|
|
form.set('name', 'api-client-name')
|
|
form.set('description', 'api-client-description')
|
|
form.set('identifier', 'api-client-identifier')
|
|
form.set('password', 'api-client-password')
|
|
form['apiclient_roles'].force_value([role_1.id, role_2.id])
|
|
response = form.submit().follow()
|
|
assert APIClient.objects.count() == 1
|
|
api_client = APIClient.objects.get(name='api-client-name')
|
|
assert set(api_client.apiclient_roles.all()) == {role_1, role_2}
|
|
assert urlparse(response.request.url).path == api_client.get_absolute_url()
|
|
|
|
|
|
def test_add_description_non_mandatory(superuser, app):
|
|
assert APIClient.objects.count() == 0
|
|
role_1 = Role.objects.create(name='role-1')
|
|
role_2 = Role.objects.create(name='role-2')
|
|
resp = login(app, superuser, 'a2-manager-api-client-add')
|
|
form = resp.form
|
|
form.set('name', 'api-client-name')
|
|
form.set('identifier', 'api-client-identifier')
|
|
form.set('password', 'api-client-password')
|
|
form['apiclient_roles'].force_value([role_1.id, role_2.id])
|
|
response = form.submit().follow()
|
|
assert APIClient.objects.count() == 1
|
|
api_client = APIClient.objects.get(name='api-client-name')
|
|
assert set(api_client.apiclient_roles.all()) == {role_1, role_2}
|
|
assert urlparse(response.request.url).path == api_client.get_absolute_url()
|
|
|
|
|
|
def test_detail(superuser, app):
|
|
role_1 = Role.objects.create(name='role-1')
|
|
role_2 = Role.objects.create(name='role-2')
|
|
api_client = APIClient.objects.create(
|
|
name='foo',
|
|
description='foo-description',
|
|
identifier='foo-identifier',
|
|
password='foo-password',
|
|
restrict_to_anonymised_data=True,
|
|
)
|
|
api_client.apiclient_roles.add(role_1, role_2)
|
|
resp = login(app, superuser, api_client.get_absolute_url())
|
|
assert 'identifier : foo-identifier' in resp.text
|
|
assert 'password : foo-password' in resp.text
|
|
assert 'foo-description' in resp.text
|
|
assert 'Restricted to anonymised data' in resp.text
|
|
assert 'role-1' in resp.text
|
|
assert 'role-2' in resp.text
|
|
|
|
edit_button = resp.pyquery(
|
|
'span.actions a[href="%s"]' % reverse('a2-manager-api-client-edit', kwargs={'pk': api_client.pk})
|
|
)
|
|
assert edit_button
|
|
assert edit_button.text() == 'Edit'
|
|
delete_button = resp.pyquery(
|
|
'span.actions a[href="%s"]' % reverse('a2-manager-api-client-delete', kwargs={'pk': api_client.pk})
|
|
)
|
|
assert delete_button
|
|
assert delete_button.text() == 'Delete'
|
|
|
|
|
|
def test_edit(superuser, app):
|
|
api_client = APIClient.objects.create(
|
|
name='foo', description='foo-description', identifier='foo-identifier', password='foo-password'
|
|
)
|
|
assert APIClient.objects.count() == 1
|
|
resp = login(app, superuser, 'a2-manager-api-client-edit', kwargs={'pk': api_client.pk})
|
|
form = resp.form
|
|
assert form.get('password').value == 'foo-password'
|
|
resp.form.set('password', 'easy')
|
|
response = form.submit().follow()
|
|
assert urlparse(response.request.url).path == api_client.get_absolute_url()
|
|
assert APIClient.objects.count() == 1
|
|
api_client = APIClient.objects.get(password='easy')
|
|
assert api_client.identifier == 'foo-identifier'
|
|
|
|
|
|
def test_delete(superuser, app):
|
|
api_client = APIClient.objects.create(
|
|
name='foo', description='foo-description', identifier='foo-identifier', password='foo-password'
|
|
)
|
|
assert APIClient.objects.count() == 1
|
|
resp = login(app, superuser, 'a2-manager-api-client-delete', kwargs={'pk': api_client.pk})
|
|
response = resp.form.submit().follow()
|
|
assert urlparse(response.request.url).path == reverse('a2-manager-api-clients')
|
|
assert APIClient.objects.count() == 0
|