← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/base/test/test_rest.py

  • Committer: William Grant
  • Date: 2009-02-23 23:47:02 UTC
  • mfrom: (1099.1.211 new-dispatch)
  • Revision ID: grantw@unimelb.edu.au-20090223234702-db4b1llly46ignwo
Merge from lp:~ivle-dev/ivle/new-dispatch.

Pretty much everything changes. Reread the setup docs. Backup your databases.
Every file is now in a different installed location, the configuration system
is rewritten, the dispatch system is rewritten, URLs are different, the
database is different, worksheets and exercises are no longer on the
filesystem, we use a templating engine, jail service protocols are rewritten,
we don't repeat ourselves, we have authorization rewritten, phpBB is gone,
and probably lots of other things that I cannot remember.

This is certainly the biggest commit I have ever made, and hopefully
the largest I ever will.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/webapp/base/test/test_rest.py
 
1
import urllib
 
2
 
 
3
from ivle.webapp.base.rest import (JSONRESTView, named_operation,
 
4
                                   require_permission)
 
5
from ivle.webapp.errors import BadRequest, MethodNotAllowed, Unauthorized
 
6
from ivle.webapp.testing import FakeUser, FakeRequest
 
7
 
 
8
class JSONRESTViewTestWithoutPUT(JSONRESTView):
 
9
    '''A small JSON REST view for testing purposes, without a PUT method.'''
 
10
    def get_permissions(self, user):
 
11
        if user.login == u'fakeuser':
 
12
            return set(['view', 'edit'])
 
13
        if user.login == u'otheruser':
 
14
            return set(['view'])
 
15
        return set()
 
16
 
 
17
    @require_permission('view')
 
18
    def GET(self, req):
 
19
        return {'method': 'get'}
 
20
 
 
21
    @require_permission('edit')
 
22
    def PATCH(self, req, data):
 
23
        return {'method': 'patch',
 
24
                'result': data['result'], 'test': data['test']}
 
25
 
 
26
    @named_operation('view')
 
27
    def do_stuff(self, req, what):
 
28
        return {'result': 'Did %s!' % what}
 
29
 
 
30
    @named_operation('edit')
 
31
    def say_something(self, req, thing='nothing'):
 
32
        return {'result': 'Said %s!' % thing}
 
33
 
 
34
    @named_operation('edit')
 
35
    def do_say_something(self, req, what, thing='nothing'):
 
36
        return {'result': 'Said %s and %s!' % (what, thing)}
 
37
 
 
38
    @named_operation('view')
 
39
    def get_req_method(self, req):
 
40
        return {'method': req.method}
 
41
 
 
42
class JSONRESTViewTest(JSONRESTViewTestWithoutPUT):
 
43
    '''A small JSON REST view for testing purposes.'''
 
44
    @require_permission('edit')
 
45
    def PUT(self, req, data):
 
46
        return {'method': 'put',
 
47
                'result': data['result'], 'test': data['test']}
 
48
 
 
49
class TestJSONRESTView:
 
50
    def testGET(self):
 
51
        req = FakeRequest()
 
52
        view = JSONRESTViewTest(req)
 
53
        view.render(req)
 
54
        assert req.content_type == 'application/json'
 
55
        assert req.response_body == '{"method": "get"}\n'
 
56
 
 
57
    def testPUT(self):
 
58
        req = FakeRequest()
 
59
        req.method = 'PUT'
 
60
        req.request_body = '{"test": "FAI\\uA746ED", "result": 1}'
 
61
        view = JSONRESTViewTest(req)
 
62
        view.render(req)
 
63
        assert req.content_type == 'application/json'
 
64
        assert req.response_body == \
 
65
                '{"test": "FAI\\ua746ED", "method": "put", "result": 1}\n'
 
66
 
 
67
    def testPATCH(self):
 
68
        req = FakeRequest()
 
69
        req.method = 'PATCH'
 
70
        req.request_body = '{"test": "FAI\\uA746ED", "result": 1}'
 
71
        view = JSONRESTViewTest(req)
 
72
        view.render(req)
 
73
        assert req.content_type == 'application/json'
 
74
        assert req.response_body == \
 
75
                '{"test": "FAI\\ua746ED", "method": "patch", "result": 1}\n'
 
76
 
 
77
    def testEmulatedPATCH(self):
 
78
        req = FakeRequest()
 
79
        req.method = 'PUT'
 
80
        req.headers_in['X-IVLE-Patch-Semantics'] = 'yes'
 
81
        req.request_body = '{"test": "FAI\\uA746ED", "result": 1}'
 
82
        view = JSONRESTViewTest(req)
 
83
        view.render(req)
 
84
        assert req.content_type == 'application/json'
 
85
        assert req.response_body == \
 
86
                '{"test": "FAI\\ua746ED", "method": "patch", "result": 1}\n'
 
87
 
 
88
    def testInvalidMethod(self):
 
89
        req = FakeRequest()
 
90
        req.method = 'FAKEANDBOGUS'
 
91
        view = JSONRESTViewTest(req)
 
92
        try:
 
93
            view.render(req)
 
94
        except MethodNotAllowed, e:
 
95
            assert e.allowed == ['GET', 'PUT', 'PATCH', 'POST']
 
96
        else:
 
97
            raise AssertionError("did not raise MethodNotAllowed")
 
98
 
 
99
    def testNoPUTMethod(self):
 
100
        req = FakeRequest()
 
101
        req.method = 'PUT'
 
102
        view = JSONRESTViewTestWithoutPUT(req)
 
103
        try:
 
104
            view.render(req)
 
105
        except MethodNotAllowed, e:
 
106
            assert e.allowed == ['GET', 'PATCH', 'POST']
 
107
        else:
 
108
            raise AssertionError("did not raise MethodNotAllowed")
 
109
 
 
110
    def testInvalidMethodWithPATCHEmulation(self):
 
111
        req = FakeRequest()
 
112
        req.method = 'FAKEANDBOGUS'
 
113
        req.headers_in['X-IVLE-Patch-Semantics'] = 'yes'
 
114
        view = JSONRESTViewTest(req)
 
115
        try:
 
116
            view.render(req)
 
117
        except MethodNotAllowed:
 
118
            pass
 
119
        else:
 
120
            raise AssertionError("did not raise MethodNotAllowed")
 
121
 
 
122
    def testNamedOperation(self):
 
123
        req = FakeRequest()
 
124
        req.method = 'POST'
 
125
        req.request_body = urllib.urlencode({'ivle.op': 'do_stuff',
 
126
                                             'what': 'blah'})
 
127
        view = JSONRESTViewTest(req)
 
128
        view.render(req)
 
129
        assert req.content_type == 'application/json'
 
130
        assert req.response_body == '{"result": "Did blah!"}\n'
 
131
 
 
132
    def testPOSTWithoutName(self):
 
133
        req = FakeRequest()
 
134
        req.method = 'POST'
 
135
        req.request_body = urllib.urlencode({'what': 'blah'})
 
136
        view = JSONRESTViewTest(req)
 
137
        try:
 
138
            view.render(req)
 
139
        except BadRequest, e:
 
140
            assert e.message == 'No named operation specified.'
 
141
        else:
 
142
            raise AssertionError("did not raise BadRequest")
 
143
 
 
144
    def testNonexistentNamedOperation(self):
 
145
        req = FakeRequest()
 
146
        req.method = 'POST'
 
147
        req.request_body = urllib.urlencode({'ivle.op': 'enoent'})
 
148
        view = JSONRESTViewTest(req)
 
149
        try:
 
150
            view.render(req)
 
151
        except BadRequest, e:
 
152
            assert e.message == 'Invalid named operation.'
 
153
        else:
 
154
            raise AssertionError("did not raise BadRequest")
 
155
 
 
156
    def testDisallowedNamedOperation(self):
 
157
        req = FakeRequest()
 
158
        req.method = 'POST'
 
159
        req.request_body = urllib.urlencode({'ivle.op': 'GET'})
 
160
        view = JSONRESTViewTest(req)
 
161
        try:
 
162
            view.render(req)
 
163
        except BadRequest, e:
 
164
            assert e.message == 'Invalid named operation.'
 
165
        else:
 
166
            raise AssertionError("did not raise BadRequest")
 
167
 
 
168
    def testNamedOperationWithMissingArgs(self):
 
169
        req = FakeRequest()
 
170
        req.method = 'POST'
 
171
        req.request_body = urllib.urlencode({'ivle.op': 'do_stuff',
 
172
                                             'nothing': 'wrong'})
 
173
        view = JSONRESTViewTest(req)
 
174
        try:
 
175
            view.render(req)
 
176
        except BadRequest, e:
 
177
            assert e.message == 'Missing arguments: what'
 
178
        else:
 
179
            raise AssertionError("did not raise BadRequest")
 
180
 
 
181
    def testNamedOperationWithExtraArgs(self):
 
182
        req = FakeRequest()
 
183
        req.method = 'POST'
 
184
        req.request_body = urllib.urlencode({'ivle.op': 'do_stuff',
 
185
                                             'what': 'blah',
 
186
                                             'toomany': 'args'})
 
187
        view = JSONRESTViewTest(req)
 
188
        try:
 
189
            view.render(req)
 
190
        except BadRequest, e:
 
191
            assert e.message == 'Extra arguments: toomany'
 
192
        else:
 
193
            raise AssertionError("did not raise BadRequest")
 
194
 
 
195
    def testNamedOperationWithDefaultArgs(self):
 
196
        req = FakeRequest()
 
197
        req.method = 'POST'
 
198
        req.request_body = urllib.urlencode({'ivle.op': 'say_something'})
 
199
        view = JSONRESTViewTest(req)
 
200
        view.render(req)
 
201
        assert req.content_type == 'application/json'
 
202
        assert req.response_body == '{"result": "Said nothing!"}\n'
 
203
 
 
204
    def testNamedOperationWithOverriddenDefaultArgs(self):
 
205
        req = FakeRequest()
 
206
        req.method = 'POST'
 
207
        req.request_body = urllib.urlencode({'ivle.op': 'say_something',
 
208
                                             'thing': 'something'})
 
209
        view = JSONRESTViewTest(req)
 
210
        view.render(req)
 
211
        assert req.content_type == 'application/json'
 
212
        assert req.response_body == '{"result": "Said something!"}\n'
 
213
 
 
214
    def testNamedOperationWithDefaultAndMissingArgs(self):
 
215
        req = FakeRequest()
 
216
        req.method = 'POST'
 
217
        req.request_body = urllib.urlencode({'ivle.op': 'do_say_something',
 
218
                                             'thing': 'something'})
 
219
        view = JSONRESTViewTest(req)
 
220
        try:
 
221
            view.render(req)
 
222
        except BadRequest, e:
 
223
            assert e.message == 'Missing arguments: what'
 
224
        else:
 
225
            raise AssertionError("did not raise BadRequest")
 
226
 
 
227
    def testNamedOperationUsingRequest(self):
 
228
        req = FakeRequest()
 
229
        req.method = 'POST'
 
230
        req.request_body = urllib.urlencode({'ivle.op': 'get_req_method'})
 
231
        view = JSONRESTViewTest(req)
 
232
        view.render(req)
 
233
        assert req.content_type == 'application/json'
 
234
        assert req.response_body == '{"method": "POST"}\n'
 
235
 
 
236
    def testInvalidPOSTData(self):
 
237
        req = FakeRequest()
 
238
        req.method = 'POST'
 
239
        req.request_body = 'I am invalid&&&&'
 
240
        view = JSONRESTViewTest(req)
 
241
        try:
 
242
            view.render(req)
 
243
        except BadRequest, e:
 
244
            print e.message
 
245
            assert e.message == 'No named operation specified.'
 
246
        else:
 
247
            raise AssertionError("did not raise BadRequest")
 
248
 
 
249
    def testInvalidPATCHData(self):
 
250
        req = FakeRequest()
 
251
        req.method = 'PATCH'
 
252
        req.request_body = 'I am invalid'
 
253
        view = JSONRESTViewTest(req)
 
254
        try:
 
255
            view.render(req)
 
256
        except BadRequest, e:
 
257
            assert e.message == 'Invalid JSON data'
 
258
        else:
 
259
            raise AssertionError("did not raise BadRequest")
 
260
 
 
261
    def testInvalidPUTData(self):
 
262
        req = FakeRequest()
 
263
        req.method = 'PUT'
 
264
        req.request_body = 'I am invalid'
 
265
        view = JSONRESTViewTest(req)
 
266
        try:
 
267
            view.render(req)
 
268
        except BadRequest, e:
 
269
            assert e.message == 'Invalid JSON data'
 
270
        else:
 
271
            raise AssertionError("did not raise BadRequest")
 
272
 
 
273
class TestJSONRESTSecurity:
 
274
    def testGoodMethod(self):
 
275
        req = FakeRequest()
 
276
        req.user.login = u'otheruser'
 
277
        req.method = 'GET'
 
278
        view = JSONRESTViewTest(req)
 
279
        view.render(req)
 
280
        assert req.content_type == 'application/json'
 
281
        assert req.response_body == '{"method": "get"}\n'
 
282
 
 
283
    def testBadMethod(self):
 
284
        req = FakeRequest()
 
285
        req.user.login = u'otheruser'
 
286
        req.method = 'PUT'
 
287
        view = JSONRESTViewTest(req)
 
288
        try:
 
289
            view.render(req)
 
290
        except Unauthorized, e:
 
291
            pass
 
292
        else:
 
293
            raise AssertionError("did not raise Unauthorized")
 
294
 
 
295
    def testGoodNamedOperation(self):
 
296
        req = FakeRequest()
 
297
        req.user.login = u'otheruser'
 
298
        req.method = 'POST'
 
299
        req.request_body = urllib.urlencode({'ivle.op': 'do_stuff',
 
300
                                             'what': 'blah'})
 
301
        view = JSONRESTViewTest(req)
 
302
        view.render(req)
 
303
        assert req.content_type == 'application/json'
 
304
        assert req.response_body == '{"result": "Did blah!"}\n'
 
305
 
 
306
    def testBadNamedOperation(self):
 
307
        req = FakeRequest()
 
308
        req.user.login = u'otheruser'
 
309
        req.method = 'POST'
 
310
        req.request_body = urllib.urlencode({'ivle.op': 'say_something'})
 
311
        view = JSONRESTViewTest(req)
 
312
        try:
 
313
            view.render(req)
 
314
        except Unauthorized, e:
 
315
            pass
 
316
        else:
 
317
            raise AssertionError("did not raise Unauthorized")
 
318