Add verb security tests and fix small issues

2017-03-22 18:29:53 -04:00 · 2017-03-22 18:29:53 -04:00 · df1e7f90e0
commit df1e7f90e0
parent d5fa2ad0c0
4 changed files with 206 additions and 4 deletions
--- a/test/test_verbs_endpoint_security.py
+++ b/test/test_verbs_endpoint_security.py
@ -0,0 +1,100 @@
+import unittest
+
+import endpoints.decorated # Register the various exceptions via decorators.
+
+from app import app
+from endpoints.verbs import verbs
+from initdb import setup_database_for_testing, finished_database_for_testing
+from test.specs import build_verbs_specs
+
+app.register_blueprint(verbs, url_prefix='/c1')
+
+NO_ACCESS_USER = 'freshuser'
+READ_ACCESS_USER = 'reader'
+ADMIN_ACCESS_USER = 'devtable'
+CREATOR_ACCESS_USER = 'creator'
+
+
+class EndpointTestCase(unittest.TestCase):
+  def setUp(self):
+    setup_database_for_testing(self)
+
+  def tearDown(self):
+    finished_database_for_testing(self)
+
+
+class _SpecTestBuilder(type):
+  @staticmethod
+  def _test_generator(url, test_spec, attrs):
+    def test(self):
+      with app.test_client() as c:
+        headers = {}
+
+        if attrs['auth_username']:
+          headers['Authorization'] = test_spec.gen_basic_auth(attrs['auth_username'], 'password')
+
+        expected_status = getattr(test_spec, attrs['result_attr'])
+
+        rv = c.open(url, headers=headers, method=test_spec.method_name)
+        msg = '%s %s: got %s, expected: %s (auth: %s | headers %s)' % (test_spec.method_name,
+          test_spec.index_name, rv.status_code, expected_status, attrs['auth_username'],
+          headers)
+
+        self.assertEqual(rv.status_code, expected_status, msg)
+
+    return test
+
+
+  def __new__(cls, name, bases, attrs):
+    with app.test_request_context() as ctx:
+      specs = attrs['spec_func']()
+      for test_spec in specs:
+        test_name = '%s_%s_%s_%s_%s' % (test_spec.index_name, test_spec.method_name,
+                                        test_spec.repo_name, attrs['auth_username'] or 'anon',
+                                        attrs['result_attr'])
+        test_name = test_name.replace('/', '_').replace('-', '_')
+
+        test_name = 'test_' + test_name.lower().replace('verbs.', 'verbs_')
+        url = test_spec.get_url()
+        attrs[test_name] = _SpecTestBuilder._test_generator(url, test_spec, attrs)
+
+    return type(name, bases, attrs)
+
+
+class TestAnonymousAccess(EndpointTestCase):
+  __metaclass__ = _SpecTestBuilder
+  spec_func = build_verbs_specs
+  result_attr = 'anon_code'
+  auth_username = None
+
+
+class TestNoAccess(EndpointTestCase):
+  __metaclass__ = _SpecTestBuilder
+  spec_func = build_verbs_specs
+  result_attr = 'no_access_code'
+  auth_username = NO_ACCESS_USER
+
+
+class TestReadAccess(EndpointTestCase):
+  __metaclass__ = _SpecTestBuilder
+  spec_func = build_verbs_specs
+  result_attr = 'read_code'
+  auth_username = READ_ACCESS_USER
+
+
+class TestCreatorAccess(EndpointTestCase):
+  __metaclass__ = _SpecTestBuilder
+  spec_func = build_verbs_specs
+  result_attr = 'creator_code'
+  auth_username = CREATOR_ACCESS_USER
+
+
+class TestAdminAccess(EndpointTestCase):
+  __metaclass__ = _SpecTestBuilder
+  spec_func = build_verbs_specs
+  result_attr = 'admin_code'
+  auth_username = ADMIN_ACCESS_USER
+
+
+if __name__ == '__main__':
+  unittest.main()