Fully migrate API security tests into the pytest test suite

Also adds an additional test that ensures that at least one security test exists for every (api endpoint, http method) pair.

test/fixtures.py

@@ -7,6 +7,7 @@ import shutil
 from flask import Flask, jsonify
 from flask_login import LoginManager
 from flask_principal import identity_loaded, Permission, Identity, identity_changed, Principal
+from flask_mail import Mail
 from peewee import SqliteDatabase, savepoint, InternalError
 
 from app import app as application
@@ -14,6 +15,7 @@ from auth.permissions import on_identity_loaded
 from data import model
 from data.database import close_db_filter, db, configure
 from data.model.user import LoginWrappedDBUser
+from data.userfiles import Userfiles
 from endpoints.api import api_bp
 from endpoints.appr import appr_bp
 from endpoints.web import web
@@ -124,6 +126,9 @@ def appconfig(database_uri):
     "DATA_MODEL_CACHE_CONFIG": {
       'engine': 'inmemory',
     },
+    "USERFILES_PATH": "userfiles/",
+    "MAIL_SERVER": "",
+    "MAIL_DEFAULT_SENDER": 'support@quay.io',
   }
   return conf
 
@@ -192,4 +197,8 @@ def app(appconfig, initialized_db):
   app.register_blueprint(webhooks, url_prefix='/webhooks')
 
   app.config.update(appconfig)
+
+  Userfiles(app)
+  Mail(app)
+
   return app

test/testconfig.py

@@ -42,6 +42,7 @@ class TestConfig(DefaultConfig):
   BUILDLOGS_OPTIONS = ['devtable', 'building', 'deadbeef-dead-beef-dead-beefdeadbeef', False]
 
   USERFILES_LOCATION = 'local_us'
+  USERFILES_PATH= "userfiles/"
 
   FEATURE_SUPER_USERS = True
   FEATURE_BILLING = True