update(security_test.py): moving tests to new framework

We should be moving tests over to pytest [none]
2017-01-27 11:22:40 -05:00 · 2017-01-27 11:22:40 -05:00 · 85bcb63439
commit 85bcb63439
parent 0b51ea34b1
7 changed files with 190 additions and 107 deletions
--- a/app.py
+++ b/app.py
@ -21,10 +21,12 @@ from data import model
 from data.archivedlogs import LogArchive
 from data.billing import Billing
 from data.buildlogs import BuildLogs
+from data.model.user import LoginWrappedDBUser
 from data.queue import WorkQueue, BuildMetricQueueReporter
 from data.userevent import UserEventsBuilderModule
 from data.userfiles import Userfiles
 from data.users import UserAuthentication
+from path_converters import RegexConverter, RepositoryPathConverter, APIRepositoryPathConverter
 from oauth.services.github import GithubOAuthService
 from oauth.services.gitlab import GitLabOAuthService
 from oauth.loginmanager import OAuthLoginManager
@ -134,37 +136,6 @@ for handler in root_logger.handlers:
 app.request_class = RequestWithId

 # Register custom converters.
-class RegexConverter(BaseConverter):
-  """ Converter for handling custom regular expression patterns in paths. """
-  def __init__(self, url_map, regex_value):
-    super(RegexConverter, self).__init__(url_map)
-    self.regex = regex_value
-
-
-class RepositoryPathConverter(BaseConverter):
-  """ Converter for handling repository paths. Handles both library and non-library paths (if
-      configured).
-  """
-  def __init__(self, url_map):
-    super(RepositoryPathConverter, self).__init__(url_map)
-    self.weight = 200
-
-    if features.LIBRARY_SUPPORT:
-      # Allow names without namespaces.
-      self.regex = r'[^/]+(/[^/]+)?'
-    else:
-      self.regex = r'([^/]+/[^/]+)'
-
-
-class APIRepositoryPathConverter(BaseConverter):
-  """ Converter for handling repository paths. Does not handle library paths.
-  """
-  def __init__(self, url_map):
-    super(APIRepositoryPathConverter, self).__init__(url_map)
-    self.weight = 200
-    self.regex = r'([^/]+/[^/]+)'
-
-
 app.url_map.converters['regex'] = RegexConverter
 app.url_map.converters['repopath'] = RepositoryPathConverter
 app.url_map.converters['apirepopath'] = APIRepositoryPathConverter
@ -242,25 +213,5 @@ def load_user(user_uuid):
  logger.debug('User loader loading deferred user with uuid: %s', user_uuid)
  return LoginWrappedDBUser(user_uuid)

-class LoginWrappedDBUser(UserMixin):
-  def __init__(self, user_uuid, db_user=None):
-    self._uuid = user_uuid
-    self._db_user = db_user
-
-  def db_user(self):
-    if not self._db_user:
-      self._db_user = model.user.get_user_by_uuid(self._uuid)
-    return self._db_user
-
-  @property
-  def is_authenticated(self):
-    return self.db_user() is not None
-
-  @property
-  def is_active(self):
-    return self.db_user().verified
-
-  def get_id(self):
-    return unicode(self._uuid)

 get_app_url = partial(get_app_url, app.config)
--- a/data/model/user.py
+++ b/data/model/user.py
@ -2,6 +2,7 @@ import bcrypt
 import logging
 import json
 import uuid
+from flask.ext.login import UserMixin

 from peewee import JOIN_LEFT_OUTER, IntegrityError, fn
 from uuid import uuid4
@ -841,3 +842,25 @@ def get_federated_logins(user_ids, service_name):
          .join(LoginService)
          .where(FederatedLogin.user << user_ids,
                 LoginService.name == service_name))
+
+
+class LoginWrappedDBUser(UserMixin):
+  def __init__(self, user_uuid, db_user=None):
+    self._uuid = user_uuid
+    self._db_user = db_user
+
+  def db_user(self):
+    if not self._db_user:
+      self._db_user = get_user_by_uuid(self._uuid)
+    return self._db_user
+
+  @property
+  def is_authenticated(self):
+    return self.db_user() is not None
+
+  @property
+  def is_active(self):
+    return self.db_user().verified
+
+  def get_id(self):
+    return unicode(self._uuid)
--- a/endpoints/api/test/conftest.py
+++ b/endpoints/api/test/conftest.py
@ -0,0 +1,86 @@
+import os
+
+import pytest
+import shutil
+from flask import Flask, jsonify
+from flask.ext.login import LoginManager
+from peewee import SqliteDatabase
+
+from app import app as application
+from data import model
+from data.database import (close_db_filter, db)
+from data.model.user import LoginWrappedDBUser
+from endpoints.api import api_bp
+from initdb import initialize_database, populate_database
+from path_converters import APIRepositoryPathConverter, RegexConverter
+
+
+@pytest.fixture()
+def app(appconfig):
+  """ Used by pytest-flask plugin to inject app by test for client See test_security by name injection of client. """
+  app = Flask(__name__)
+  login_manager = LoginManager(app)
+
+  @app.errorhandler(model.DataModelException)
+  def handle_dme(ex):
+    response = jsonify({'message': ex.message})
+    response.status_code = 400
+    return response
+
+  @login_manager.user_loader
+  def load_user(user_uuid):
+    return LoginWrappedDBUser(user_uuid)
+
+  app.url_map.converters['regex'] = RegexConverter
+  app.url_map.converters['apirepopath'] = APIRepositoryPathConverter
+  app.register_blueprint(api_bp, url_prefix='/api')
+  app.config.update(appconfig)
+  return app
+
+
+@pytest.fixture(scope="session")
+def init_db_path(tmpdir_factory):
+  """ Creates a new db and appropriate configuration. Used for parameter by name injection. """
+  sqlitedb_file = str(tmpdir_factory.mktemp("data").join("test.db"))
+  sqlitedb = 'sqlite:///{0}'.format(sqlitedb_file)
+  conf = {"TESTING": True,
+          "DEBUG": True,
+          "DB_URI": sqlitedb}
+  os.environ['TEST_DATABASE_URI'] = str(sqlitedb)
+  os.environ['DB_URI'] = str(sqlitedb)
+  db.initialize(SqliteDatabase(sqlitedb_file))
+  application.config.update(conf)
+  application.config.update({"DB_URI": sqlitedb})
+  initialize_database()
+  populate_database()
+  close_db_filter(None)
+  return str(sqlitedb_file)
+
+
+@pytest.fixture()
+def database_uri(monkeypatch, init_db_path, sqlitedb_file):
+  """ Creates the db uri. Used for parameter by name injection. """
+  shutil.copy2(init_db_path, sqlitedb_file)
+  db.initialize(SqliteDatabase(sqlitedb_file))
+  db_path = 'sqlite:///{0}'.format(sqlitedb_file)
+  monkeypatch.setenv("DB_URI", db_path)
+  return db_path
+
+
+@pytest.fixture()
+def sqlitedb_file(tmpdir):
+  """ Makes file for db. Used for parameter by name injection. """
+  test_db_file = tmpdir.mkdir("quaydb").join("test.db")
+  return str(test_db_file)
+
+
+@pytest.fixture()
+def appconfig(database_uri):
+  """ Makes conf with database_uri. Used for parameter by name injection """
+  conf = {
+    "TESTING": True,
+    "DEBUG": True,
+    "DB_URI": database_uri,
+    "SECRET_KEY": 'superdupersecret!!!1',
+  }
+  return conf
--- a/endpoints/api/test/test_security.py
+++ b/endpoints/api/test/test_security.py
@ -0,0 +1,43 @@
+import datetime
+
+import pytest
+
+from data import model
+from endpoints.api import api
+from endpoints.api.superuser import SuperUserRepositoryBuildLogs, SuperUserRepositoryBuildResource
+from endpoints.api.superuser import SuperUserRepositoryBuildStatus
+
+
+def client_with_identity(auth_username, client):
+  with client.session_transaction() as sess:
+    if auth_username:
+      if auth_username is not None:
+        loaded = model.user.get_user(auth_username)
+        sess['user_id'] = loaded.uuid
+        sess['login_time'] = datetime.datetime.now()
+  return client
+
+
+@pytest.mark.parametrize('resource,identity,expected', [
+  (SuperUserRepositoryBuildLogs, None, 401),
+  (SuperUserRepositoryBuildLogs, 'freshuser', 403),
+  (SuperUserRepositoryBuildLogs, 'reader', 403),
+  (SuperUserRepositoryBuildLogs, 'devtable', 400),
+
+  (SuperUserRepositoryBuildStatus, None, 401),
+  (SuperUserRepositoryBuildStatus, 'freshuser', 403),
+  (SuperUserRepositoryBuildStatus, 'reader', 403),
+  (SuperUserRepositoryBuildStatus, 'devtable', 400),
+
+  (SuperUserRepositoryBuildResource, None, 401),
+  (SuperUserRepositoryBuildResource, 'freshuser', 403),
+  (SuperUserRepositoryBuildResource, 'reader', 403),
+  (SuperUserRepositoryBuildResource, 'devtable', 404),
+])
+def test_super_user_build_endpoints(resource, identity, expected, client):
+  cl = client_with_identity(identity, client)
+  final_url = api.url_for(resource, build_uuid='1234')
+  rv = cl.open(final_url)
+  msg = '%s %s: %s expected: %s' % ('GET', final_url, rv.status_code, expected)
+  assert rv.status_code == expected, msg
+
--- a/path_converters.py
+++ b/path_converters.py
@ -0,0 +1,34 @@
+from werkzeug.routing import BaseConverter
+
+import features
+
+
+class APIRepositoryPathConverter(BaseConverter):
+  """ Converter for handling repository paths. Does not handle library paths.
+  """
+  def __init__(self, url_map):
+    super(APIRepositoryPathConverter, self).__init__(url_map)
+    self.weight = 200
+    self.regex = r'([^/]+/[^/]+)'
+
+
+class RepositoryPathConverter(BaseConverter):
+  """ Converter for handling repository paths. Handles both library and non-library paths (if
+      configured).
+  """
+  def __init__(self, url_map):
+    super(RepositoryPathConverter, self).__init__(url_map)
+    self.weight = 200
+
+    if features.LIBRARY_SUPPORT:
+      # Allow names without namespaces.
+      self.regex = r'[^/]+(/[^/]+)?'
+    else:
+      self.regex = r'([^/]+/[^/]+)'
+
+
+class RegexConverter(BaseConverter):
+  """ Converter for handling custom regular expression patterns in paths. """
+  def __init__(self, url_map, regex_value):
+    super(RegexConverter, self).__init__(url_map)
+    self.regex = regex_value
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@ -4351,60 +4351,6 @@ class TestSuperUserMessage(ApiTestCase):
      self._run_test('DELETE', 204, 'devtable', None)


-class TestSuperUserRepositoryBuildLogs(ApiTestCase):
-  def setUp(self):
-    ApiTestCase.setUp(self)
-    self._set_url(SuperUserRepositoryBuildLogs, build_uuid='1234')
-
-  def test_get_anonymous(self):
-    self._run_test('GET', 401, None, None)
-
-  def test_get_freshuser(self):
-    self._run_test('GET', 403, 'freshuser', None)
-
-  def test_get_reader(self):
-    self._run_test('GET', 403, 'reader', None)
-
-  def test_get_devtable(self):
-    self._run_test('GET', 400, 'devtable', None)
-
-
-class TestSuperUserRepositoryBuildStatus(ApiTestCase):
-  def setUp(self):
-    ApiTestCase.setUp(self)
-    self._set_url(SuperUserRepositoryBuildStatus, build_uuid='1234')
-
-  def test_get_anonymous(self):
-    self._run_test('GET', 401, None, None)
-
-  def test_get_freshuser(self):
-    self._run_test('GET', 403, 'freshuser', None)
-
-  def test_get_reader(self):
-    self._run_test('GET', 403, 'reader', None)
-
-  def test_get_devtable(self):
-    self._run_test('GET', 400, 'devtable', None)
-
-
-class TestSuperUserRepositoryBuildResource(ApiTestCase):
-  def setUp(self):
-    ApiTestCase.setUp(self)
-    self._set_url(SuperUserRepositoryBuildResource, build_uuid='1234')
-
-  def test_get_anonymous(self):
-    self._run_test('GET', 401, None, None)
-
-  def test_get_freshuser(self):
-    self._run_test('GET', 403, 'freshuser', None)
-
-  def test_get_reader(self):
-    self._run_test('GET', 403, 'reader', None)
-
-  def test_get_devtable(self):
-    self._run_test('GET', 404, 'devtable', None)
-
-
 class TestUserInvoiceFieldList(ApiTestCase):
  def setUp(self):
    ApiTestCase.setUp(self)
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -1104,7 +1104,7 @@ class TestCreateOrganization(ApiTestCase):
                                       email='testorg@example.com'),
                             expected_code=201)

-    self.assertEquals('"Created"', data)
+    self.assertEquals('"Created"', data.strip())

    # Ensure the org was created.
    organization = model.organization.get_organization('neworg')
@ -1145,7 +1145,7 @@ class TestCreateOrganization(ApiTestCase):
                             headers=dict(Authorization='Bearer ' + token.access_token),
                             expected_code=201)

-    self.assertEquals('"Created"', data)
+    self.assertEquals('"Created"', data.strip())


 class TestGetOrganization(ApiTestCase):