|
1099.1.16
by William Grant
ivle.webapp.base.test: |
1 |
import urllib |
2 |
||
|
1796.1.2
by William Grant
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST. |
3 |
from nose.tools import assert_equal |
4 |
||
5 |
from ivle.webapp.base.rest import (JSONRESTView, read_operation, |
|
6 |
require_permission, write_operation) |
|
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
7 |
from ivle.webapp.errors import BadRequest, MethodNotAllowed, Unauthorized |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
8 |
from ivle.webapp.testing import FakeUser, FakeRequest |
9 |
||
|
1099.1.26
by William Grant
ivle.webapp.base.views#JSONRESTView: Check that methods are available before |
10 |
class JSONRESTViewTestWithoutPUT(JSONRESTView): |
11 |
'''A small JSON REST view for testing purposes, without a PUT method.'''
|
|
|
1544
by Matt Giuca
Added an argument 'config' to every single get_permissions method throughout the program. All calls to get_permissions pass a config. This is to allow per-site policy configurations on permissions. |
12 |
def get_permissions(self, user, config): |
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
13 |
if user.login == u'fakeuser': |
14 |
return set(['view', 'edit']) |
|
15 |
if user.login == u'otheruser': |
|
16 |
return set(['view']) |
|
17 |
return set() |
|
18 |
||
19 |
@require_permission('view') |
|
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
20 |
def GET(self, req): |
21 |
return {'method': 'get'} |
|
22 |
||
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
23 |
@require_permission('edit') |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
24 |
def PATCH(self, req, data): |
25 |
return {'method': 'patch', |
|
26 |
'result': data['result'], 'test': data['test']} |
|
27 |
||
|
1796.1.2
by William Grant
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST. |
28 |
@write_operation('view') |
|
1099.1.28
by William Grant
ivle.webapp.base.views#JSONRESTView: Named operations now take the request. |
29 |
def do_stuff(self, req, what): |
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
30 |
return {'result': 'Did %s!' % what} |
31 |
||
|
1796.1.2
by William Grant
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST. |
32 |
@read_operation('edit') |
|
1099.1.28
by William Grant
ivle.webapp.base.views#JSONRESTView: Named operations now take the request. |
33 |
def say_something(self, req, thing='nothing'): |
|
1099.1.27
by William Grant
ivle.webapp.base.views#JSONRESTView: Add support for argument defaults in |
34 |
return {'result': 'Said %s!' % thing} |
35 |
||
|
1796.1.2
by William Grant
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST. |
36 |
@write_operation('edit') |
|
1099.1.52
by William Grant
ivle.webapp.base.rest#RESTView: Remove broken old render() - it should be |
37 |
def do_say_something(self, req, what, thing='nothing'): |
38 |
return {'result': 'Said %s and %s!' % (what, thing)} |
|
39 |
||
|
1796.1.2
by William Grant
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST. |
40 |
@read_operation('view') |
|
1099.1.28
by William Grant
ivle.webapp.base.views#JSONRESTView: Named operations now take the request. |
41 |
def get_req_method(self, req): |
42 |
return {'method': req.method} |
|
43 |
||
|
1099.1.26
by William Grant
ivle.webapp.base.views#JSONRESTView: Check that methods are available before |
44 |
class JSONRESTViewTest(JSONRESTViewTestWithoutPUT): |
45 |
'''A small JSON REST view for testing purposes.'''
|
|
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
46 |
@require_permission('edit') |
|
1099.1.26
by William Grant
ivle.webapp.base.views#JSONRESTView: Check that methods are available before |
47 |
def PUT(self, req, data): |
48 |
return {'method': 'put', |
|
49 |
'result': data['result'], 'test': data['test']} |
|
50 |
||
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
51 |
class TestJSONRESTView: |
52 |
def testGET(self): |
|
53 |
req = FakeRequest() |
|
|
1500
by William Grant
Unbreak existing tests. |
54 |
view = JSONRESTViewTest(req, None) |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
55 |
view.render(req) |
56 |
assert req.content_type == 'application/json' |
|
57 |
assert req.response_body == '{"method": "get"}\n' |
|
58 |
||
59 |
def testPUT(self): |
|
60 |
req = FakeRequest() |
|
61 |
req.method = 'PUT' |
|
62 |
req.request_body = '{"test": "FAI\\uA746ED", "result": 1}' |
|
|
1500
by William Grant
Unbreak existing tests. |
63 |
view = JSONRESTViewTest(req, None) |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
64 |
view.render(req) |
65 |
assert req.content_type == 'application/json' |
|
66 |
assert req.response_body == \ |
|
67 |
'{"test": "FAI\\ua746ED", "method": "put", "result": 1}\n' |
|
68 |
||
69 |
def testPATCH(self): |
|
70 |
req = FakeRequest() |
|
71 |
req.method = 'PATCH' |
|
72 |
req.request_body = '{"test": "FAI\\uA746ED", "result": 1}' |
|
|
1500
by William Grant
Unbreak existing tests. |
73 |
view = JSONRESTViewTest(req, None) |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
74 |
view.render(req) |
75 |
assert req.content_type == 'application/json' |
|
76 |
assert req.response_body == \ |
|
77 |
'{"test": "FAI\\ua746ED", "method": "patch", "result": 1}\n' |
|
78 |
||
79 |
def testEmulatedPATCH(self): |
|
80 |
req = FakeRequest() |
|
81 |
req.method = 'PUT' |
|
82 |
req.headers_in['X-IVLE-Patch-Semantics'] = 'yes' |
|
83 |
req.request_body = '{"test": "FAI\\uA746ED", "result": 1}' |
|
|
1500
by William Grant
Unbreak existing tests. |
84 |
view = JSONRESTViewTest(req, None) |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
85 |
view.render(req) |
86 |
assert req.content_type == 'application/json' |
|
87 |
assert req.response_body == \ |
|
88 |
'{"test": "FAI\\ua746ED", "method": "patch", "result": 1}\n' |
|
89 |
||
90 |
def testInvalidMethod(self): |
|
91 |
req = FakeRequest() |
|
92 |
req.method = 'FAKEANDBOGUS' |
|
|
1500
by William Grant
Unbreak existing tests. |
93 |
view = JSONRESTViewTest(req, None) |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
94 |
try: |
95 |
view.render(req) |
|
|
1099.1.26
by William Grant
ivle.webapp.base.views#JSONRESTView: Check that methods are available before |
96 |
except MethodNotAllowed, e: |
97 |
assert e.allowed == ['GET', 'PUT', 'PATCH', 'POST'] |
|
98 |
else: |
|
99 |
raise AssertionError("did not raise MethodNotAllowed") |
|
100 |
||
101 |
def testNoPUTMethod(self): |
|
102 |
req = FakeRequest() |
|
103 |
req.method = 'PUT' |
|
|
1500
by William Grant
Unbreak existing tests. |
104 |
view = JSONRESTViewTestWithoutPUT(req, None) |
|
1099.1.26
by William Grant
ivle.webapp.base.views#JSONRESTView: Check that methods are available before |
105 |
try: |
106 |
view.render(req) |
|
107 |
except MethodNotAllowed, e: |
|
108 |
assert e.allowed == ['GET', 'PATCH', 'POST'] |
|
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
109 |
else: |
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
110 |
raise AssertionError("did not raise MethodNotAllowed") |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
111 |
|
112 |
def testInvalidMethodWithPATCHEmulation(self): |
|
113 |
req = FakeRequest() |
|
114 |
req.method = 'FAKEANDBOGUS' |
|
115 |
req.headers_in['X-IVLE-Patch-Semantics'] = 'yes' |
|
|
1500
by William Grant
Unbreak existing tests. |
116 |
view = JSONRESTViewTest(req, None) |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
117 |
try: |
118 |
view.render(req) |
|
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
119 |
except MethodNotAllowed: |
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
120 |
pass
|
121 |
else: |
|
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
122 |
raise AssertionError("did not raise MethodNotAllowed") |
123 |
||
124 |
def testNamedOperation(self): |
|
125 |
req = FakeRequest() |
|
126 |
req.method = 'POST' |
|
127 |
req.request_body = urllib.urlencode({'ivle.op': 'do_stuff', |
|
128 |
'what': 'blah'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
129 |
view = JSONRESTViewTest(req, None) |
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
130 |
view.render(req) |
131 |
assert req.content_type == 'application/json' |
|
132 |
assert req.response_body == '{"result": "Did blah!"}\n' |
|
133 |
||
134 |
def testPOSTWithoutName(self): |
|
135 |
req = FakeRequest() |
|
136 |
req.method = 'POST' |
|
137 |
req.request_body = urllib.urlencode({'what': 'blah'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
138 |
view = JSONRESTViewTest(req, None) |
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
139 |
try: |
140 |
view.render(req) |
|
141 |
except BadRequest, e: |
|
142 |
assert e.message == 'No named operation specified.' |
|
143 |
else: |
|
144 |
raise AssertionError("did not raise BadRequest") |
|
145 |
||
146 |
def testNonexistentNamedOperation(self): |
|
147 |
req = FakeRequest() |
|
148 |
req.method = 'POST' |
|
149 |
req.request_body = urllib.urlencode({'ivle.op': 'enoent'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
150 |
view = JSONRESTViewTest(req, None) |
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
151 |
try: |
152 |
view.render(req) |
|
153 |
except BadRequest, e: |
|
154 |
assert e.message == 'Invalid named operation.' |
|
155 |
else: |
|
156 |
raise AssertionError("did not raise BadRequest") |
|
157 |
||
158 |
def testDisallowedNamedOperation(self): |
|
159 |
req = FakeRequest() |
|
160 |
req.method = 'POST' |
|
161 |
req.request_body = urllib.urlencode({'ivle.op': 'GET'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
162 |
view = JSONRESTViewTest(req, None) |
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
163 |
try: |
164 |
view.render(req) |
|
165 |
except BadRequest, e: |
|
166 |
assert e.message == 'Invalid named operation.' |
|
167 |
else: |
|
168 |
raise AssertionError("did not raise BadRequest") |
|
169 |
||
170 |
def testNamedOperationWithMissingArgs(self): |
|
171 |
req = FakeRequest() |
|
172 |
req.method = 'POST' |
|
173 |
req.request_body = urllib.urlencode({'ivle.op': 'do_stuff', |
|
174 |
'nothing': 'wrong'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
175 |
view = JSONRESTViewTest(req, None) |
|
1099.1.16
by William Grant
ivle.webapp.base.test: |
176 |
try: |
177 |
view.render(req) |
|
178 |
except BadRequest, e: |
|
179 |
assert e.message == 'Missing arguments: what' |
|
180 |
else: |
|
|
1099.1.8
by William Grant
ivle.webapp.testing: Add, with fake request and user. |
181 |
raise AssertionError("did not raise BadRequest") |
|
1099.1.27
by William Grant
ivle.webapp.base.views#JSONRESTView: Add support for argument defaults in |
182 |
|
183 |
def testNamedOperationWithExtraArgs(self): |
|
184 |
req = FakeRequest() |
|
185 |
req.method = 'POST' |
|
186 |
req.request_body = urllib.urlencode({'ivle.op': 'do_stuff', |
|
187 |
'what': 'blah', |
|
188 |
'toomany': 'args'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
189 |
view = JSONRESTViewTest(req, None) |
|
1099.1.27
by William Grant
ivle.webapp.base.views#JSONRESTView: Add support for argument defaults in |
190 |
try: |
191 |
view.render(req) |
|
192 |
except BadRequest, e: |
|
193 |
assert e.message == 'Extra arguments: toomany' |
|
194 |
else: |
|
195 |
raise AssertionError("did not raise BadRequest") |
|
196 |
||
197 |
def testNamedOperationWithDefaultArgs(self): |
|
198 |
req = FakeRequest() |
|
199 |
req.method = 'POST' |
|
200 |
req.request_body = urllib.urlencode({'ivle.op': 'say_something'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
201 |
view = JSONRESTViewTest(req, None) |
|
1099.1.27
by William Grant
ivle.webapp.base.views#JSONRESTView: Add support for argument defaults in |
202 |
view.render(req) |
203 |
assert req.content_type == 'application/json' |
|
204 |
assert req.response_body == '{"result": "Said nothing!"}\n' |
|
205 |
||
206 |
def testNamedOperationWithOverriddenDefaultArgs(self): |
|
207 |
req = FakeRequest() |
|
208 |
req.method = 'POST' |
|
209 |
req.request_body = urllib.urlencode({'ivle.op': 'say_something', |
|
210 |
'thing': 'something'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
211 |
view = JSONRESTViewTest(req, None) |
|
1099.1.27
by William Grant
ivle.webapp.base.views#JSONRESTView: Add support for argument defaults in |
212 |
view.render(req) |
213 |
assert req.content_type == 'application/json' |
|
214 |
assert req.response_body == '{"result": "Said something!"}\n' |
|
|
1099.1.28
by William Grant
ivle.webapp.base.views#JSONRESTView: Named operations now take the request. |
215 |
|
|
1099.1.52
by William Grant
ivle.webapp.base.rest#RESTView: Remove broken old render() - it should be |
216 |
def testNamedOperationWithDefaultAndMissingArgs(self): |
217 |
req = FakeRequest() |
|
218 |
req.method = 'POST' |
|
219 |
req.request_body = urllib.urlencode({'ivle.op': 'do_say_something', |
|
220 |
'thing': 'something'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
221 |
view = JSONRESTViewTest(req, None) |
|
1099.1.52
by William Grant
ivle.webapp.base.rest#RESTView: Remove broken old render() - it should be |
222 |
try: |
223 |
view.render(req) |
|
224 |
except BadRequest, e: |
|
225 |
assert e.message == 'Missing arguments: what' |
|
226 |
else: |
|
227 |
raise AssertionError("did not raise BadRequest") |
|
228 |
||
|
1099.1.28
by William Grant
ivle.webapp.base.views#JSONRESTView: Named operations now take the request. |
229 |
def testNamedOperationUsingRequest(self): |
230 |
req = FakeRequest() |
|
231 |
req.method = 'POST' |
|
232 |
req.request_body = urllib.urlencode({'ivle.op': 'get_req_method'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
233 |
view = JSONRESTViewTest(req, None) |
|
1099.1.28
by William Grant
ivle.webapp.base.views#JSONRESTView: Named operations now take the request. |
234 |
view.render(req) |
235 |
assert req.content_type == 'application/json' |
|
236 |
assert req.response_body == '{"method": "POST"}\n' |
|
|
1099.1.53
by William Grant
ivle.webapp.base.rest#JSONRESTView: Check for bad JSON input, rather than |
237 |
|
|
1796.1.2
by William Grant
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST. |
238 |
def testGETNamedOperation(self): |
239 |
req = FakeRequest() |
|
240 |
req.method = 'GET' |
|
|
1796.1.3
by William Grant
Use req.unparsed_uri instead of req.uri -- req.uri doesn't contain the query string. |
241 |
req.unparsed_uri = '/?' + urllib.urlencode( |
242 |
{'ivle.op': 'say_something'}) |
|
|
1796.1.2
by William Grant
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST. |
243 |
view = JSONRESTViewTest(req, None) |
244 |
view.render(req) |
|
245 |
assert req.content_type == 'application/json' |
|
246 |
assert req.response_body == '{"result": "Said nothing!"}\n' |
|
247 |
||
248 |
def testGETNamedOperationDoesNotFindWriteOperation(self): |
|
249 |
req = FakeRequest() |
|
250 |
req.method = 'GET' |
|
|
1796.1.3
by William Grant
Use req.unparsed_uri instead of req.uri -- req.uri doesn't contain the query string. |
251 |
req.unparsed_uri = '/?' + urllib.urlencode( |
|
1796.1.2
by William Grant
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST. |
252 |
{'ivle.op': 'do_stuff', 'what': 'something'}) |
253 |
view = JSONRESTViewTest(req, None) |
|
254 |
try: |
|
255 |
view.render(req) |
|
256 |
except BadRequest, e: |
|
257 |
assert e.message == 'POST required for write operation.' |
|
258 |
else: |
|
259 |
raise AssertionError("did not raise BadRequest") |
|
260 |
||
|
1099.1.53
by William Grant
ivle.webapp.base.rest#JSONRESTView: Check for bad JSON input, rather than |
261 |
def testInvalidPOSTData(self): |
262 |
req = FakeRequest() |
|
263 |
req.method = 'POST' |
|
264 |
req.request_body = 'I am invalid&&&&' |
|
|
1500
by William Grant
Unbreak existing tests. |
265 |
view = JSONRESTViewTest(req, None) |
|
1099.1.53
by William Grant
ivle.webapp.base.rest#JSONRESTView: Check for bad JSON input, rather than |
266 |
try: |
267 |
view.render(req) |
|
268 |
except BadRequest, e: |
|
269 |
print e.message |
|
270 |
assert e.message == 'No named operation specified.' |
|
271 |
else: |
|
272 |
raise AssertionError("did not raise BadRequest") |
|
273 |
||
274 |
def testInvalidPATCHData(self): |
|
275 |
req = FakeRequest() |
|
276 |
req.method = 'PATCH' |
|
277 |
req.request_body = 'I am invalid' |
|
|
1500
by William Grant
Unbreak existing tests. |
278 |
view = JSONRESTViewTest(req, None) |
|
1099.1.53
by William Grant
ivle.webapp.base.rest#JSONRESTView: Check for bad JSON input, rather than |
279 |
try: |
280 |
view.render(req) |
|
281 |
except BadRequest, e: |
|
282 |
assert e.message == 'Invalid JSON data' |
|
283 |
else: |
|
284 |
raise AssertionError("did not raise BadRequest") |
|
285 |
||
286 |
def testInvalidPUTData(self): |
|
287 |
req = FakeRequest() |
|
288 |
req.method = 'PUT' |
|
289 |
req.request_body = 'I am invalid' |
|
|
1500
by William Grant
Unbreak existing tests. |
290 |
view = JSONRESTViewTest(req, None) |
|
1099.1.53
by William Grant
ivle.webapp.base.rest#JSONRESTView: Check for bad JSON input, rather than |
291 |
try: |
292 |
view.render(req) |
|
293 |
except BadRequest, e: |
|
294 |
assert e.message == 'Invalid JSON data' |
|
295 |
else: |
|
296 |
raise AssertionError("did not raise BadRequest") |
|
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
297 |
|
298 |
class TestJSONRESTSecurity: |
|
299 |
def testGoodMethod(self): |
|
300 |
req = FakeRequest() |
|
301 |
req.user.login = u'otheruser' |
|
302 |
req.method = 'GET' |
|
|
1500
by William Grant
Unbreak existing tests. |
303 |
view = JSONRESTViewTest(req, None) |
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
304 |
view.render(req) |
305 |
assert req.content_type == 'application/json' |
|
306 |
assert req.response_body == '{"method": "get"}\n' |
|
307 |
||
308 |
def testBadMethod(self): |
|
309 |
req = FakeRequest() |
|
310 |
req.user.login = u'otheruser' |
|
311 |
req.method = 'PUT' |
|
|
1500
by William Grant
Unbreak existing tests. |
312 |
view = JSONRESTViewTest(req, None) |
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
313 |
try: |
314 |
view.render(req) |
|
315 |
except Unauthorized, e: |
|
316 |
pass
|
|
317 |
else: |
|
318 |
raise AssertionError("did not raise Unauthorized") |
|
319 |
||
320 |
def testGoodNamedOperation(self): |
|
321 |
req = FakeRequest() |
|
322 |
req.user.login = u'otheruser' |
|
323 |
req.method = 'POST' |
|
324 |
req.request_body = urllib.urlencode({'ivle.op': 'do_stuff', |
|
325 |
'what': 'blah'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
326 |
view = JSONRESTViewTest(req, None) |
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
327 |
view.render(req) |
328 |
assert req.content_type == 'application/json' |
|
329 |
assert req.response_body == '{"result": "Did blah!"}\n' |
|
330 |
||
331 |
def testBadNamedOperation(self): |
|
332 |
req = FakeRequest() |
|
333 |
req.user.login = u'otheruser' |
|
334 |
req.method = 'POST' |
|
335 |
req.request_body = urllib.urlencode({'ivle.op': 'say_something'}) |
|
|
1500
by William Grant
Unbreak existing tests. |
336 |
view = JSONRESTViewTest(req, None) |
|
1099.1.112
by William Grant
Implement authorization in JSON REST views. Add security declarations to |
337 |
try: |
338 |
view.render(req) |
|
339 |
except Unauthorized, e: |
|
340 |
pass
|
|
341 |
else: |
|
342 |
raise AssertionError("did not raise Unauthorized") |
|
343 |