import unittest import json from flask import url_for from uuid import uuid4 from collections import OrderedDict import endpoints.api from app import app from data import model from initdb import wipe_database, initialize_database, populate_database PUBLIC_REPO = 'public/publicrepo' PRIVATE_REPO = 'devtable/complex' ORG = 'devtableorg' ORG_REPO = ORG + '/orgrepo' ORG_OWNERS = 'owners' ORG_READERS = 'readers' ORG_OWNER = 'devtable' FAKE_IMAGE_ID = uuid4() FAKE_TAG_NAME = uuid4() FAKE_USERNAME = uuid4() FAKE_TEAMNAME = uuid4() FAKE_TOKEN = uuid4() def open_kwargs(method='GET', json_object=None): kwargs = { 'method': method, } if json_object is not None: kwargs['data'] = json.dumps(json_object) kwargs['content_type'] = 'application/json' elif method == 'POST' or method == 'PUT': kwargs['data'] = json.dumps({ 'fake': 'json', 'data': 'here', }) kwargs['content_type'] = 'application/json' return kwargs with app.test_request_context() as ctx: ANON_SPEC = OrderedDict([ (url_for('welcome'), (200, open_kwargs())), (url_for('plans_list'), (200, open_kwargs())), (url_for('get_logged_in_user'), (200, open_kwargs())), (url_for('change_user_details'), (401, open_kwargs('PUT'))), (url_for('create_user_api'), (400, open_kwargs('POST'))), (url_for('signin_api'), (400, open_kwargs('POST'))), (url_for('logout'), (401, open_kwargs('POST'))), (url_for('send_recovery'), (400, open_kwargs('POST'))), (url_for('get_matching_users', prefix='dev'), (401, open_kwargs())), (url_for('get_matching_entities', prefix='dev'), (401, open_kwargs())), (url_for('get_organization', orgname=ORG), (401, open_kwargs())), (url_for('get_organization_private_allowed', orgname=ORG), (401, open_kwargs())), (url_for('update_organization_team', orgname=ORG, teamname=ORG_OWNERS), (401, open_kwargs('PUT'))), (url_for('delete_organization_team', orgname=ORG, teamname=ORG_OWNERS), (401, open_kwargs('DELETE'))), (url_for('get_organization_team_members', orgname=ORG, teamname=ORG_OWNERS), (401, open_kwargs())), (url_for('update_organization_team_member', orgname=ORG, teamname=ORG_OWNERS, membername=ORG_OWNER), (401, open_kwargs('PUT'))), (url_for('delete_organization_team_member', orgname=ORG, teamname=ORG_OWNERS, membername=ORG_OWNER), (401, open_kwargs('DELETE'))), (url_for('create_repo_api'), (401, open_kwargs('POST'))), (url_for('match_repos_api'), (200, open_kwargs())), (url_for('list_repos_api'), (200, open_kwargs())), (url_for('update_repo_api', repository=PUBLIC_REPO), (401, open_kwargs('PUT'))), (url_for('update_repo_api', repository=ORG_REPO), (401, open_kwargs('PUT'))), (url_for('update_repo_api', repository=PRIVATE_REPO), (401, open_kwargs('PUT'))), (url_for('change_repo_visibility_api', repository=PUBLIC_REPO), (401, open_kwargs('POST'))), (url_for('change_repo_visibility_api', repository=ORG_REPO), (401, open_kwargs('POST'))), (url_for('change_repo_visibility_api', repository=PRIVATE_REPO), (401, open_kwargs('POST'))), (url_for('delete_repository', repository=PUBLIC_REPO), (401, open_kwargs('DELETE'))), (url_for('delete_repository', repository=ORG_REPO), (401, open_kwargs('DELETE'))), (url_for('delete_repository', repository=PRIVATE_REPO), (401, open_kwargs('DELETE'))), (url_for('get_repo_api', repository=PUBLIC_REPO),(200, open_kwargs())), (url_for('get_repo_api', repository=ORG_REPO), (403, open_kwargs())), (url_for('get_repo_api', repository=PRIVATE_REPO), (403, open_kwargs())), (url_for('get_repo_builds', repository=PUBLIC_REPO), (401, open_kwargs())), (url_for('get_repo_builds', repository=ORG_REPO), (401, open_kwargs())), (url_for('get_repo_builds', repository=PRIVATE_REPO), (401, open_kwargs())), (url_for('get_filedrop_url'), (401, open_kwargs('POST'))), (url_for('request_repo_build', repository=PUBLIC_REPO), (401, open_kwargs('POST'))), (url_for('request_repo_build', repository=ORG_REPO), (401, open_kwargs('POST'))), (url_for('request_repo_build', repository=PRIVATE_REPO), (401, open_kwargs('POST'))), (url_for('list_repository_images', repository=PUBLIC_REPO), (200, open_kwargs())), (url_for('list_repository_images', repository=ORG_REPO), (403, open_kwargs())), (url_for('list_repository_images', repository=PRIVATE_REPO), (403, open_kwargs())), (url_for('get_image', repository=PUBLIC_REPO, image_id=FAKE_IMAGE_ID), (404, open_kwargs())), (url_for('get_image', repository=ORG_REPO, image_id=FAKE_IMAGE_ID), (403, open_kwargs())), (url_for('get_image', repository=PRIVATE_REPO, image_id=FAKE_IMAGE_ID), (403, open_kwargs())), (url_for('get_image_changes', repository=PUBLIC_REPO, image_id=FAKE_IMAGE_ID), (404, open_kwargs())), (url_for('get_image_changes', repository=ORG_REPO, image_id=FAKE_IMAGE_ID), (403, open_kwargs())), (url_for('get_image_changes', repository=PRIVATE_REPO, image_id=FAKE_IMAGE_ID), (403, open_kwargs())), (url_for('list_tag_images', repository=PUBLIC_REPO, tag=FAKE_TAG_NAME), (404, open_kwargs())), (url_for('list_tag_images', repository=ORG_REPO, tag=FAKE_TAG_NAME), (403, open_kwargs())), (url_for('list_tag_images', repository=PRIVATE_REPO, tag=FAKE_TAG_NAME), (403, open_kwargs())), (url_for('list_repo_team_permissions', repository=PUBLIC_REPO), (401, open_kwargs())), (url_for('list_repo_team_permissions', repository=ORG_REPO), (401, open_kwargs())), (url_for('list_repo_team_permissions', repository=PRIVATE_REPO), (401, open_kwargs())), (url_for('list_repo_user_permissions', repository=PUBLIC_REPO), (401, open_kwargs())), (url_for('list_repo_user_permissions', repository=ORG_REPO), (401, open_kwargs())), (url_for('list_repo_user_permissions', repository=PRIVATE_REPO), (401, open_kwargs())), (url_for('get_user_permissions', repository=PUBLIC_REPO, username=FAKE_USERNAME), (401, open_kwargs())), (url_for('get_user_permissions', repository=ORG_REPO, username=FAKE_USERNAME), (401, open_kwargs())), (url_for('get_user_permissions', repository=PRIVATE_REPO, username=FAKE_USERNAME), (401, open_kwargs())), (url_for('get_team_permissions', repository=PUBLIC_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs())), (url_for('get_team_permissions', repository=ORG_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs())), (url_for('get_team_permissions', repository=PRIVATE_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs())), (url_for('change_user_permissions', repository=PUBLIC_REPO, username=FAKE_USERNAME), (401, open_kwargs('PUT'))), (url_for('change_user_permissions', repository=ORG_REPO, username=FAKE_USERNAME), (401, open_kwargs('PUT'))), (url_for('change_user_permissions', repository=PRIVATE_REPO, username=FAKE_USERNAME), (401, open_kwargs('PUT'))), (url_for('change_team_permissions', repository=PUBLIC_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))), (url_for('change_team_permissions', repository=ORG_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))), (url_for('change_team_permissions', repository=PRIVATE_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))), (url_for('delete_user_permissions', repository=PUBLIC_REPO, username=FAKE_USERNAME), (401, open_kwargs('DELETE'))), (url_for('delete_user_permissions', repository=ORG_REPO, username=FAKE_USERNAME), (401, open_kwargs('DELETE'))), (url_for('delete_user_permissions', repository=PRIVATE_REPO, username=FAKE_USERNAME), (401, open_kwargs('DELETE'))), (url_for('delete_team_permissions', repository=PUBLIC_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))), (url_for('delete_team_permissions', repository=ORG_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))), (url_for('delete_team_permissions', repository=PRIVATE_REPO, teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))), (url_for('list_repo_tokens', repository=PUBLIC_REPO), (401, open_kwargs())), (url_for('list_repo_tokens', repository=ORG_REPO), (401, open_kwargs())), (url_for('list_repo_tokens', repository=PRIVATE_REPO), (401, open_kwargs())), (url_for('get_tokens', repository=PUBLIC_REPO, code=FAKE_TOKEN), (401, open_kwargs())), (url_for('get_tokens', repository=ORG_REPO, code=FAKE_TOKEN), (401, open_kwargs())), (url_for('get_tokens', repository=PRIVATE_REPO, code=FAKE_TOKEN), (401, open_kwargs())), (url_for('create_token', repository=PUBLIC_REPO), (401, open_kwargs('POST'))), (url_for('create_token', repository=ORG_REPO), (401, open_kwargs('POST'))), (url_for('create_token', repository=PRIVATE_REPO), (401, open_kwargs('POST'))), (url_for('change_token', repository=PUBLIC_REPO, code=FAKE_TOKEN), (401, open_kwargs('PUT'))), (url_for('change_token', repository=ORG_REPO, code=FAKE_TOKEN), (401, open_kwargs('PUT'))), (url_for('change_token', repository=PRIVATE_REPO, code=FAKE_TOKEN), (401, open_kwargs('PUT'))), (url_for('delete_token', repository=PUBLIC_REPO, code=FAKE_TOKEN), (401, open_kwargs('DELETE'))), (url_for('delete_token', repository=ORG_REPO, code=FAKE_TOKEN), (401, open_kwargs('DELETE'))), (url_for('delete_token', repository=PRIVATE_REPO, code=FAKE_TOKEN), (401, open_kwargs('DELETE'))), (url_for('subscribe_api'), (401, open_kwargs('PUT'))), (url_for('subscribe_org_api', orgname=ORG), (401, open_kwargs('PUT'))), (url_for('get_subscription'), (401, open_kwargs())), (url_for('get_org_subscription', orgname=ORG), (401, open_kwargs())), ]) class ApiTestCase(unittest.TestCase): def setUp(self): wipe_database() initialize_database() populate_database() self.client = app.test_client() def signin(self, username, password): args = { 'username': username, 'password': password, } return self.client.post('/signin', data=json.dumps(args), follow_redirects=True) def signout(self): return self.client.get('/signout', follow_redirects=True) class TestAnonymousAccess(ApiTestCase): def test_anonymous_public_access(self): for url, (expected_status, open_kwargs) in ANON_SPEC.items(): rv = self.client.open(url, **open_kwargs) msg = '%s %s: %s expected: %s' % (open_kwargs['method'], url, rv.status_code, expected_status) self.assertEqual(rv.status_code, expected_status, msg) if __name__ == '__main__': unittest.main()