entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 45 Releases Activity
wcs/tests/test_api.py

167 lines
6.1 KiB
Python
Raw Permalink Blame History

import shutil
import os
import hmac
import base64
import hashlib
import urllib
import datetime
from quixote import cleanup, get_publisher
from wcs.users import User
from wcs.formdef import FormDef
from wcs.categories import Category
from wcs import fields
from utilities import get_app, create_temporary_pub
pub, req, app_dir, user = None, None, None, None
def setup_module(module):
cleanup()
global pub, req, app_dir, user
pub = create_temporary_pub()
user = User()
user.name = 'Jean Darmette'
user.email = 'jean.darmette@triffouilis.fr'
user.store()
file(os.path.join(pub.app_dir, 'site-options.cfg'), 'w').write('''\
[api-secrets]
coucou = 1234
''')
def teardown_module(module):
global pub
shutil.rmtree(pub.APP_DIR)
def test_user_page_redirect():
output = get_app(pub).get('/user')
assert output.headers.get('location') == 'http://example.net/myspace/'
def test_user_page_error_when_json_and_no_user():
output = get_app(pub).get('/user?format=json')
assert output.body == '???'
def test_get_user_from_api_query_string_error_missing_orig():
output = get_app(pub).get('/user?format=json&signature=xxx', status=403)
assert output.json['err_desc'] == 'missing/multiple orig field'
def test_get_user_from_api_query_string_error_invalid_orig():
output = get_app(pub).get('/user?format=json&orig=coin&signature=xxx', status=403)
assert output.json['err_desc'] == 'invalid orig'
def test_get_user_from_api_query_string_error_missing_algo():
output = get_app(pub).get('/user?format=json&orig=coucou&signature=xxx', status=403)
assert output.json['err_desc'] == 'missing/multiple algo field'
def test_get_user_from_api_query_string_error_invalid_algo():
output = get_app(pub).get('/user?format=json&orig=coucou&signature=xxx&algo=coin', status=403)
assert output.json['err_desc'] == 'invalid algo'
def test_get_user_from_api_query_string_error_invalid_signature():
output = get_app(pub).get('/user?format=json&orig=coucou&signature=xxx&algo=sha1', status=403)
assert output.json['err_desc'] == 'invalid signature'
def test_get_user_from_api_query_string_error_missing_timestamp():
signature = urllib.quote(
base64.b64encode(
hmac.new('1234',
'format=json&orig=coucou&algo=sha1',
hashlib.sha1).digest()))
output = get_app(pub).get('/user?format=json&orig=coucou&algo=sha1&signature=%s' % signature, status=403)
assert output.json['err_desc'] == 'missing/multiple timestamp field'
def test_get_user_from_api_query_string_error_missing_email():
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
query = 'format=json&orig=coucou&algo=sha1&timestamp=' + timestamp
signature = urllib.quote(
base64.b64encode(
hmac.new('1234',
query,
hashlib.sha1).digest()))
output = get_app(pub).get('/user?%s&signature=%s' % (query, signature), status=403)
assert output.json['err_desc'] == 'missing email or NameID fields'
def test_get_user_from_api_query_string_error_success_sha1():
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
query = 'format=json&orig=coucou&algo=sha1&email=' + urllib.quote(user.email) + '&timestamp=' + timestamp
signature = urllib.quote(
base64.b64encode(
hmac.new('1234',
query,
hashlib.sha1).digest()))
output = get_app(pub).get('/user?%s&signature=%s' % (query, signature))
assert output.json['user_display_name'] == u'Jean Darmette'
def test_get_user_from_api_query_string_error_invalid_signature_algo_mismatch():
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
query = 'format=json&orig=coucou&algo=sha256&email=' + urllib.quote(user.email) + '&timestamp=' + timestamp
signature = urllib.quote(
base64.b64encode(
hmac.new('1234',
query,
hashlib.sha1).digest()))
output = get_app(pub).get('/user?%s&signature=%s' % (query, signature), status=403)
assert output.json['err_desc'] == 'invalid signature'
def test_get_user_from_api_query_string_error_success_sha256():
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
query = 'format=json&orig=coucou&algo=sha256&email=' + urllib.quote(user.email) + '&timestamp=' + timestamp
signature = urllib.quote(
base64.b64encode(
hmac.new('1234',
query,
hashlib.sha256).digest()))
output = get_app(pub).get('/user?%s&signature=%s' % (query, signature))
assert output.json['user_display_name'] == u'Jean Darmette'
def test_formdef_list():
FormDef.wipe()
formdef = FormDef()
formdef.name = 'test'
formdef.fields = []
formdef.store()
resp1 = get_app(pub).get('/json')
resp2 = get_app(pub).get('/', headers={'Accept': 'application/json'})
assert resp1.json == resp2.json
assert resp1.json[0]['title'] == 'test'
assert resp1.json[0]['url'] == 'http://example.net/test/'
assert resp1.json[0]['count'] == 0
def test_formdef_schema():
FormDef.wipe()
formdef = FormDef()
formdef.name = 'test'
formdef.fields = [fields.StringField(id='0', label='foobar')]
formdef.store()
resp = get_app(pub).get('/test/schema')
assert resp.json['name'] == 'test'
assert resp.json['fields'][0]['label'] == 'foobar'
assert resp.json['fields'][0]['type'] == 'string'
def test_categories():
Category.wipe()
category = Category()
category.name = 'category'
category.description = 'hello world'
category.store()
resp = get_app(pub).get('/categories', headers={'Accept': 'application/json'})
assert resp.json['data'] == [] # no advertised forms
FormDef.wipe()
formdef = FormDef()
formdef.name = 'test'
formdef.category_id = category.id
formdef.store()
resp = get_app(pub).get('/categories', headers={'Accept': 'application/json'})
assert resp.json['data'][0]['title'] == 'category'
assert resp.json['data'][0]['url'] == 'http://example.net/category/'
assert resp.json['data'][0]['description'] == 'hello world'
View Git Blame Copy Permalink