Codebase list python-faraday / 62d1b14 tests / test_server.py
62d1b14

Tree @62d1b14 (Download .tar.gz)

test_server.py @62d1b14raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
'''
Faraday Penetration Test IDE
Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information

'''

import unittest
import pytest

from faraday.server.models import db


def endpoint():
    return 'OK'


class BaseAPITestCase:
    ENDPOINT_ROUTE = '/'

    @pytest.fixture(autouse=True)
    def load_app(self, app, test_client):
        """Use this to avoid having to use an app argument to every
        function"""
        self.flask_app = app
        self.app = test_client

    @pytest.fixture(autouse=True)
    def load_user(self, user):
        self.user = user

    @pytest.fixture(autouse=True)
    def route_endpoint(self, app):
        app.route(self.ENDPOINT_ROUTE)(endpoint)


class TestAuthentication(BaseAPITestCase, unittest.TestCase):
    """Tests related to allow/dissallow access depending of whether
    the user is logged in or not"""

    def test_401_when_getting_an_existent_view_and_not_logged(self):
        res = self.app.get('/')
        self.assertEqual(res.status_code, 401)

    def test_401_when_getting_an_existent_view_agent_token(self):
        res = self.app.get('/', headers={'authorization': 'agent 1234'})
        self.assertEqual(res.status_code, 401)

    def test_401_when_getting_an_existent_view_user_token(self):
        res = self.app.get('/', headers={'authorization': 'token 1234'})
        self.assertEqual(res.status_code, 401)

    def test_401_when_posting_an_existent_view_and_not_logged(self):
        res = self.app.post('/', data={'data': 'data'})
        self.assertEqual(res.status_code, 401)

    def test_401_when_accessing_a_non_existent_view_and_not_logged(self):
        res = self.app.post('/dfsdfsdd', data={'data': 'data'})
        self.assertEqual(res.status_code, 401)

    def test_200_when_not_logged_but_endpoint_is_public(self):
        endpoint.is_public = True
        res = self.app.get('/')
        self.assertEqual(res.status_code, 200)
        del endpoint.is_public

    def test_401_when_logged_user_is_inactive(self):
        with self.flask_app.app_context():
            # Without this line the test breaks. Taken from
            # http://pythonhosted.org/Flask-Testing/#testing-with-sqlalchemy
            db.session.add(self.user)

            self.assertTrue(self.flask_app.user_datastore.deactivate_user(self.user))
        res = self.app.get('/')
        self.assertEqual(res.status_code, 401)

    def test_401_when_logged_user_is_deleted(self):
        with self.flask_app.app_context():
            self.flask_app.user_datastore.delete_user(self.user)
        res = self.app.get('/')
        self.assertEqual(res.status_code, 401)


class TestAuthenticationPytest(BaseAPITestCase):

    @pytest.mark.usefixtures('logged_user')
    def test_200_when_logged_in(self, test_client):
        res = test_client.get('/')
        assert res.status_code == 200


if __name__ == '__main__':
    unittest.main()