164 lines
5.5 KiB
Python
164 lines
5.5 KiB
Python
# w.c.s. - web application for online forms
|
|
# Copyright (C) 2005-2020 Entr'ouvert
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
import pytest
|
|
from utilities import clean_temporary_pub, create_temporary_pub, get_app, login
|
|
|
|
from wcs.api_access import ApiAccess
|
|
from wcs.qommon.http_request import HTTPRequest
|
|
|
|
from .test_all import create_superuser
|
|
|
|
|
|
def pytest_generate_tests(metafunc):
|
|
if 'pub' in metafunc.fixturenames:
|
|
metafunc.parametrize('pub', ['pickle', 'sql', 'pickle-templates'], indirect=True)
|
|
|
|
|
|
@pytest.fixture
|
|
def pub(request):
|
|
pub = create_temporary_pub(
|
|
sql_mode=bool('sql' in request.param), templates_mode=bool('templates' in request.param)
|
|
)
|
|
|
|
req = HTTPRequest(None, {'SCRIPT_NAME': '/', 'SERVER_NAME': 'example.net'})
|
|
pub.set_app_dir(req)
|
|
pub.cfg['identification'] = {'methods': ['password']}
|
|
pub.cfg['language'] = {'language': 'en'}
|
|
pub.write_cfg()
|
|
|
|
return pub
|
|
|
|
|
|
def teardown_module(module):
|
|
clean_temporary_pub()
|
|
|
|
|
|
@pytest.fixture
|
|
def api_access():
|
|
ApiAccess.wipe()
|
|
obj = ApiAccess()
|
|
obj.name = 'Jhon'
|
|
obj.description = 'API key for Jhon'
|
|
obj.access_identifier = 'jhon'
|
|
obj.access_key = '12345'
|
|
obj.store()
|
|
return obj
|
|
|
|
|
|
def test_api_access_new(pub):
|
|
create_superuser(pub)
|
|
ApiAccess.wipe()
|
|
app = login(get_app(pub))
|
|
|
|
# go to the page and cancel
|
|
resp = app.get('/backoffice/settings/api-access/')
|
|
resp = resp.click('New API access')
|
|
resp = resp.forms[0].submit('cancel')
|
|
assert resp.location == 'http://example.net/backoffice/settings/api-access/'
|
|
|
|
# go to the page and add an API access
|
|
resp = app.get('/backoffice/settings/api-access/')
|
|
resp = resp.click('New API access')
|
|
resp.form['name'] = 'a new API access'
|
|
resp.form['description'] = 'description'
|
|
resp.form['access_identifier'] = 'new_access'
|
|
assert len(resp.form['access_key'].value) == 36
|
|
resp = resp.form.submit('submit')
|
|
assert resp.location == 'http://example.net/backoffice/settings/api-access/'
|
|
resp = resp.follow()
|
|
assert 'a new API access' in resp.text
|
|
resp = resp.click('a new API access')
|
|
assert 'API access - a new API access' in resp.text
|
|
|
|
# check name unicity
|
|
resp = app.get('/backoffice/settings/api-access/new')
|
|
resp.form['name'] = 'a new API access'
|
|
resp.form['access_identifier'] = 'changed'
|
|
resp = resp.form.submit('submit')
|
|
assert resp.html.find('div', {'class': 'error'}).text == 'This name is already used.'
|
|
|
|
# check access_identifier unicity
|
|
resp.form['name'] = 'new one'
|
|
resp.form['access_identifier'] = 'new_access'
|
|
resp = resp.form.submit('submit')
|
|
assert resp.html.find('div', {'class': 'error'}).text == 'This value is already used.'
|
|
|
|
|
|
def test_api_access_view(pub, api_access):
|
|
create_superuser(pub)
|
|
|
|
app = login(get_app(pub))
|
|
resp = app.get('/backoffice/settings/api-access/%s/' % api_access.id)
|
|
assert '12345' in resp.text
|
|
|
|
resp = app.get('/backoffice/settings/api-access/wrong-id/', status=404)
|
|
|
|
|
|
def test_api_access_edit(pub, api_access):
|
|
create_superuser(pub)
|
|
|
|
app = login(get_app(pub))
|
|
|
|
resp = app.get('/backoffice/settings/api-access/1/')
|
|
resp = resp.click(href='edit')
|
|
assert resp.form['name'].value == 'Jhon'
|
|
resp = resp.form.submit('cancel')
|
|
assert resp.location == 'http://example.net/backoffice/settings/api-access/1/'
|
|
resp = resp.follow()
|
|
resp = resp.click(href='edit')
|
|
resp.form['name'] = 'Smith Robert'
|
|
resp.form['description'] = 'bla bla bla'
|
|
resp.form['access_identifier'] = 'smith2'
|
|
resp.form['access_key'] = '5678'
|
|
resp = resp.form.submit('submit')
|
|
assert resp.location == 'http://example.net/backoffice/settings/api-access/1/'
|
|
resp = resp.follow()
|
|
|
|
api_access = ApiAccess.get('1')
|
|
assert api_access.name == 'Smith Robert'
|
|
assert api_access.description == 'bla bla bla'
|
|
assert api_access.access_identifier == 'smith2'
|
|
assert api_access.access_key == '5678'
|
|
|
|
# check name unicity
|
|
resp = app.get('/backoffice/settings/api-access/new')
|
|
resp.form['name'] = 'Jhon'
|
|
resp.form['access_identifier'] = 'jhon'
|
|
resp = resp.form.submit('submit')
|
|
resp = app.get('/backoffice/settings/api-access/1/')
|
|
resp = resp.click(href='edit')
|
|
resp.form['name'] = 'Jhon'
|
|
resp = resp.form.submit('submit')
|
|
assert resp.html.find('div', {'class': 'error'}).text == 'This name is already used.'
|
|
|
|
|
|
def test_api_access_delete(pub, api_access):
|
|
create_superuser(pub)
|
|
|
|
app = login(get_app(pub))
|
|
|
|
resp = app.get('/backoffice/settings/api-access/1/')
|
|
resp = resp.click(href='delete')
|
|
resp = resp.form.submit('cancel')
|
|
assert resp.location == 'http://example.net/backoffice/settings/api-access/'
|
|
|
|
resp = app.get('/backoffice/settings/api-access/1/')
|
|
resp = resp.click(href='delete')
|
|
resp = resp.form.submit('submit')
|
|
assert resp.location == 'http://example.net/backoffice/settings/api-access/'
|
|
assert ApiAccess.count() == 0
|