167 lines
6.1 KiB
Python
167 lines
6.1 KiB
Python
import shutil
|
|
import os
|
|
import hmac
|
|
import base64
|
|
import hashlib
|
|
import urllib
|
|
import datetime
|
|
|
|
from quixote import cleanup, get_publisher
|
|
from wcs.users import User
|
|
from wcs.formdef import FormDef
|
|
from wcs.categories import Category
|
|
from wcs import fields
|
|
|
|
from utilities import get_app, create_temporary_pub
|
|
|
|
pub, req, app_dir, user = None, None, None, None
|
|
|
|
|
|
def setup_module(module):
|
|
cleanup()
|
|
|
|
global pub, req, app_dir, user
|
|
pub = create_temporary_pub()
|
|
|
|
user = User()
|
|
user.name = 'Jean Darmette'
|
|
user.email = 'jean.darmette@triffouilis.fr'
|
|
user.store()
|
|
|
|
file(os.path.join(pub.app_dir, 'site-options.cfg'), 'w').write('''\
|
|
[api-secrets]
|
|
coucou = 1234
|
|
''')
|
|
|
|
def teardown_module(module):
|
|
global pub
|
|
shutil.rmtree(pub.APP_DIR)
|
|
|
|
def test_user_page_redirect():
|
|
output = get_app(pub).get('/user')
|
|
assert output.headers.get('location') == 'http://example.net/myspace/'
|
|
|
|
def test_user_page_error_when_json_and_no_user():
|
|
output = get_app(pub).get('/user?format=json')
|
|
assert output.body == '???'
|
|
|
|
def test_get_user_from_api_query_string_error_missing_orig():
|
|
output = get_app(pub).get('/user?format=json&signature=xxx', status=403)
|
|
assert output.json['err_desc'] == 'missing/multiple orig field'
|
|
|
|
def test_get_user_from_api_query_string_error_invalid_orig():
|
|
output = get_app(pub).get('/user?format=json&orig=coin&signature=xxx', status=403)
|
|
assert output.json['err_desc'] == 'invalid orig'
|
|
|
|
def test_get_user_from_api_query_string_error_missing_algo():
|
|
output = get_app(pub).get('/user?format=json&orig=coucou&signature=xxx', status=403)
|
|
assert output.json['err_desc'] == 'missing/multiple algo field'
|
|
|
|
def test_get_user_from_api_query_string_error_invalid_algo():
|
|
output = get_app(pub).get('/user?format=json&orig=coucou&signature=xxx&algo=coin', status=403)
|
|
assert output.json['err_desc'] == 'invalid algo'
|
|
|
|
def test_get_user_from_api_query_string_error_invalid_signature():
|
|
output = get_app(pub).get('/user?format=json&orig=coucou&signature=xxx&algo=sha1', status=403)
|
|
assert output.json['err_desc'] == 'invalid signature'
|
|
|
|
def test_get_user_from_api_query_string_error_missing_timestamp():
|
|
signature = urllib.quote(
|
|
base64.b64encode(
|
|
hmac.new('1234',
|
|
'format=json&orig=coucou&algo=sha1',
|
|
hashlib.sha1).digest()))
|
|
output = get_app(pub).get('/user?format=json&orig=coucou&algo=sha1&signature=%s' % signature, status=403)
|
|
assert output.json['err_desc'] == 'missing/multiple timestamp field'
|
|
|
|
def test_get_user_from_api_query_string_error_missing_email():
|
|
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
|
query = 'format=json&orig=coucou&algo=sha1×tamp=' + timestamp
|
|
signature = urllib.quote(
|
|
base64.b64encode(
|
|
hmac.new('1234',
|
|
query,
|
|
hashlib.sha1).digest()))
|
|
output = get_app(pub).get('/user?%s&signature=%s' % (query, signature), status=403)
|
|
assert output.json['err_desc'] == 'missing email or NameID fields'
|
|
|
|
def test_get_user_from_api_query_string_error_success_sha1():
|
|
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
|
query = 'format=json&orig=coucou&algo=sha1&email=' + urllib.quote(user.email) + '×tamp=' + timestamp
|
|
signature = urllib.quote(
|
|
base64.b64encode(
|
|
hmac.new('1234',
|
|
query,
|
|
hashlib.sha1).digest()))
|
|
output = get_app(pub).get('/user?%s&signature=%s' % (query, signature))
|
|
assert output.json['user_display_name'] == u'Jean Darmette'
|
|
|
|
def test_get_user_from_api_query_string_error_invalid_signature_algo_mismatch():
|
|
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
|
query = 'format=json&orig=coucou&algo=sha256&email=' + urllib.quote(user.email) + '×tamp=' + timestamp
|
|
signature = urllib.quote(
|
|
base64.b64encode(
|
|
hmac.new('1234',
|
|
query,
|
|
hashlib.sha1).digest()))
|
|
output = get_app(pub).get('/user?%s&signature=%s' % (query, signature), status=403)
|
|
assert output.json['err_desc'] == 'invalid signature'
|
|
|
|
def test_get_user_from_api_query_string_error_success_sha256():
|
|
timestamp = datetime.datetime.utcnow().isoformat()[:19] + 'Z'
|
|
query = 'format=json&orig=coucou&algo=sha256&email=' + urllib.quote(user.email) + '×tamp=' + timestamp
|
|
signature = urllib.quote(
|
|
base64.b64encode(
|
|
hmac.new('1234',
|
|
query,
|
|
hashlib.sha256).digest()))
|
|
output = get_app(pub).get('/user?%s&signature=%s' % (query, signature))
|
|
assert output.json['user_display_name'] == u'Jean Darmette'
|
|
|
|
def test_formdef_list():
|
|
FormDef.wipe()
|
|
formdef = FormDef()
|
|
formdef.name = 'test'
|
|
formdef.fields = []
|
|
formdef.store()
|
|
|
|
resp1 = get_app(pub).get('/json')
|
|
resp2 = get_app(pub).get('/', headers={'Accept': 'application/json'})
|
|
assert resp1.json == resp2.json
|
|
assert resp1.json[0]['title'] == 'test'
|
|
assert resp1.json[0]['url'] == 'http://example.net/test/'
|
|
assert resp1.json[0]['count'] == 0
|
|
|
|
def test_formdef_schema():
|
|
FormDef.wipe()
|
|
formdef = FormDef()
|
|
formdef.name = 'test'
|
|
formdef.fields = [fields.StringField(id='0', label='foobar')]
|
|
formdef.store()
|
|
|
|
resp = get_app(pub).get('/test/schema')
|
|
assert resp.json['name'] == 'test'
|
|
assert resp.json['fields'][0]['label'] == 'foobar'
|
|
assert resp.json['fields'][0]['type'] == 'string'
|
|
|
|
def test_categories():
|
|
Category.wipe()
|
|
category = Category()
|
|
category.name = 'category'
|
|
category.description = 'hello world'
|
|
category.store()
|
|
|
|
resp = get_app(pub).get('/categories', headers={'Accept': 'application/json'})
|
|
assert resp.json['data'] == [] # no advertised forms
|
|
|
|
FormDef.wipe()
|
|
formdef = FormDef()
|
|
formdef.name = 'test'
|
|
formdef.category_id = category.id
|
|
formdef.store()
|
|
|
|
resp = get_app(pub).get('/categories', headers={'Accept': 'application/json'})
|
|
assert resp.json['data'][0]['title'] == 'category'
|
|
assert resp.json['data'][0]['url'] == 'http://example.net/category/'
|
|
assert resp.json['data'][0]['description'] == 'hello world'
|