test_token_api.py
6.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# -*- coding: utf8 -*-
# This file is part of PyBossa.
#
# Copyright (C) 2013 SF Isle of Man Limited
#
# PyBossa is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# PyBossa is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with PyBossa. If not, see <http://www.gnu.org/licenses/>.
import json
from default import with_context
from nose.tools import assert_equal, assert_raises
from test_api import TestAPI
from pybossa.api.token import TokenAPI
from werkzeug.exceptions import MethodNotAllowed
from factories import UserFactory
class TestTokenAPI(TestAPI):
@with_context
def test_not_allowed_methods(self):
"""Test POST, DELETE, PUT methods are not allowed for resource token"""
token_api_instance = TokenAPI()
post_response = self.app.post('/api/token')
assert post_response.status_code == 405, post_response.status_code
assert_raises(MethodNotAllowed, token_api_instance.post)
delete_response = self.app.delete('/api/token')
assert delete_response.status_code == 405, delete_response.status_code
assert_raises(MethodNotAllowed, token_api_instance.delete)
put_response = self.app.put('/api/token')
assert put_response.status_code == 405, put_response.status_code
assert_raises(MethodNotAllowed, token_api_instance.put)
@with_context
def test_get_all_tokens_anonymous_user(self):
"""Test anonymous users are unauthorized to request their tokens"""
# Anonymoues users should be unauthorized, no matter which kind of token are requesting
res = self.app.get('/api/token')
err = json.loads(res.data)
assert res.status_code == 401, err
assert err['status'] == 'failed', err
assert err['status_code'] == 401, err
assert err['exception_cls'] == 'Unauthorized', err
assert err['target'] == 'token', err
@with_context
def test_get_specific_token_anonymous_user(self):
"""Test anonymous users are unauthorized to request any of their tokens"""
res = self.app.get('/api/token/twitter')
err = json.loads(res.data)
assert res.status_code == 401, err
assert err['status'] == 'failed', err
assert err['status_code'] == 401, err
assert err['exception_cls'] == 'Unauthorized', err
assert err['target'] == 'token', err
@with_context
def test_get_all_tokens_authenticated_user(self):
"""Test authenticated user is able to retrieve all his tokens"""
user = UserFactory.create_batch(2)[1]
user.info = create_tokens_for(user)
res = self.app.get('api/token?api_key=' + user.api_key)
data = json.loads(res.data)
for provider in TokenAPI.oauth_providers:
token_name = '%s_token' % provider
assert data.get(token_name) is not None, data
@with_context
def test_get_all_existing_tokens_authenticated_user(self):
"""Test if a user lacks one of the valid tokens, it won't be retrieved"""
user = UserFactory.create_batch(2)[1]
user.info = create_tokens_for(user)
del user.info['google_token']
res = self.app.get('api/token?api_key=' + user.api_key)
data = json.loads(res.data)
assert data.get('twitter_token') is not None, data
assert data.get('facebook_token') is not None, data
assert data.get('google_token') is None, data
@with_context
def test_get_existing_token_authenticated_user(self):
"""Test authenticated user retrieves a given existing token"""
user = UserFactory.create_batch(2)[1]
user.info = create_tokens_for(user)
# If the token exists, it should be retrieved
res = self.app.get('/api/token/twitter?api_key=' + user.api_key)
data = json.loads(res.data)
assert data.get('twitter_token') is not None, data
assert data.get('twitter_token')['oauth_token'] == 'token-for-%s' % user.name
assert data.get('twitter_token')['oauth_token_secret'] == 'secret-for-%s' % user.name
# And no other tokens should
assert data.get('facebook_token') is None, data
@with_context
def test_get_non_existing_token_authenticated_user(self):
"""Test authenticated user cannot get non-existing tokens"""
user_no_tokens = UserFactory.create_batch(2)[1]
res = self.app.get('/api/token/twitter?api_key=' + user_no_tokens.api_key)
error = json.loads(res.data)
assert res.status_code == 404, error
assert error['status'] == 'failed', error
assert error['action'] == 'GET', error
assert error['target'] == 'token', error
assert error['exception_cls'] == 'NotFound', error
@with_context
def test_get_non_valid_token(self):
"""Test authenticated user cannot get non-valid tokens"""
user = UserFactory.create_batch(2)[1]
res = self.app.get('/api/token/non-valid?api_key=' + user.api_key)
error = json.loads(res.data)
assert res.status_code == 404, error
assert error['status'] == 'failed', error
assert error['action'] == 'GET', error
assert error['target'] == 'token', error
assert error['exception_cls'] == 'NotFound', error
def create_tokens_for(user):
info = {}
twitter_token = {'oauth_token': 'token-for-%s' % user.name,
'oauth_token_secret': 'secret-for-%s' % user.name}
facebook_token = {'oauth_token': 'facebook_token'}
google_token = {'oauth_token': 'google_token'}
info['twitter_token'] = twitter_token
info['facebook_token'] = facebook_token
info['google_token'] = google_token
return info