tests/app/authentication/test_authentication.py

from client.authentication import create_jwt_token
from flask import json, url_for

from app.dao.api_key_dao import get_unsigned_secret


def test_should_not_allow_request_with_no_token(notify_api):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            response = client.get(url_for('status.show_status'))
            assert response.status_code == 401
            data = json.loads(response.get_data())
            assert data['error'] == 'Unauthorized, authentication token must be provided'


def test_should_not_allow_request_with_incorrect_header(notify_api):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            response = client.get(url_for('status.show_status'),
                                  headers={'Authorization': 'Basic 1234'})
            assert response.status_code == 401
            data = json.loads(response.get_data())
            assert data['error'] == 'Unauthorized, authentication bearer scheme must be used'


def test_should_not_allow_request_with_incorrect_token(notify_api):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            response = client.get(url_for('status.show_status'),
                                  headers={'Authorization': 'Bearer 1234'})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data['error'] == 'Invalid token: signature'


def test_should_not_allow_incorrect_path(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = create_jwt_token(request_method="GET",
                                     request_path="/bad",
                                     secret=get_unsigned_secret(sample_api_key.service_id),
                                     client_id=sample_api_key.service_id)
            response = client.get(url_for('status.show_status'),
                                  headers={'Authorization': "Bearer {}".format(token)})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data['error'] == 'Invalid token: request'


def test_should_not_allow_incorrect_method(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = __create_post_token(sample_api_key.service_id, {})
            response = client.get(url_for('status.show_status'),
                                  headers={'Authorization': "Bearer {}".format(token)})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data['error'] == 'Invalid token: request'


def test_should_not_allow_invalid_secret(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = create_jwt_token(request_method="POST", request_path="/", secret="not-so-secret",
                                     client_id=sample_api_key.service_id)
            response = client.get(url_for('status.show_status'),
                                  headers={'Authorization': "Bearer {}".format(token)})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data['error'] == 'Invalid token: signature'


def test_should_allow_valid_token(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = __create_get_token(sample_api_key.service_id)
            response = client.get(url_for('status.show_status'),
                                  headers={'Authorization': 'Bearer {}'.format(token)})
            assert response.status_code == 200


JSON_BODY = json.dumps({
    "key1": "value1",
    "key2": "value2",
    "key3": "value3"
})


def test_should_allow_valid_token_with_post_body(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = __create_post_token(sample_api_key.service_id, JSON_BODY)
            response = client.post(url_for('status.show_status'),
                                   data=JSON_BODY,
                                   headers={'Authorization': 'Bearer {}'.format(token)})
            assert response.status_code == 200


def test_should_not_allow_valid_token_with_invalid_post_body(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = __create_post_token(sample_api_key.service_id, JSON_BODY)
            response = client.post(url_for('status.show_status'),
                                   data="spurious",
                                   headers={'Authorization': 'Bearer {}'.format(token)})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data['error'] == 'Invalid token: payload'


def __create_get_token(service_id):
    return create_jwt_token(request_method="GET",
                            request_path=url_for('status.show_status'),
                            secret=get_unsigned_secret(service_id),
                            client_id=service_id)


def __create_post_token(service_id, request_body):
    return create_jwt_token(
        request_method="POST",
        request_path=url_for('status.show_status'),
        secret=get_unsigned_secret(service_id),
        client_id=service_id,
        request_body=request_body
    )
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`from client.authentication import create_jwt_token`
Added authorization headers for all requests 2016-01-15 16:22:03 +00:00			`from flask import json, url_for`

Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`from app.dao.api_key_dao import get_unsigned_secret`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00

			`def test_should_not_allow_request_with_no_token(notify_api):`
			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
			`response = client.get(url_for('status.show_status'))`
			`assert response.status_code == 401`
			`data = json.loads(response.get_data())`
			`assert data['error'] == 'Unauthorized, authentication token must be provided'`


			`def test_should_not_allow_request_with_incorrect_header(notify_api):`
			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
			`response = client.get(url_for('status.show_status'),`
			`headers={'Authorization': 'Basic 1234'})`
			`assert response.status_code == 401`
			`data = json.loads(response.get_data())`
			`assert data['error'] == 'Unauthorized, authentication bearer scheme must be used'`


			`def test_should_not_allow_request_with_incorrect_token(notify_api):`
			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
			`response = client.get(url_for('status.show_status'),`
			`headers={'Authorization': 'Bearer 1234'})`
			`assert response.status_code == 403`
			`data = json.loads(response.get_data())`
			`assert data['error'] == 'Invalid token: signature'`


Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`def test_should_not_allow_incorrect_path(notify_api, notify_db, notify_db_session, sample_api_key):`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
Added authorization headers for all requests 2016-01-15 16:22:03 +00:00			`token = create_jwt_token(request_method="GET",`
			`request_path="/bad",`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`secret=get_unsigned_secret(sample_api_key.service_id),`
			`client_id=sample_api_key.service_id)`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`response = client.get(url_for('status.show_status'),`
			`headers={'Authorization': "Bearer {}".format(token)})`
			`assert response.status_code == 403`
			`data = json.loads(response.get_data())`
			`assert data['error'] == 'Invalid token: request'`


Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`def test_should_not_allow_incorrect_method(notify_api, notify_db, notify_db_session, sample_api_key):`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`token = __create_post_token(sample_api_key.service_id, {})`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`response = client.get(url_for('status.show_status'),`
			`headers={'Authorization': "Bearer {}".format(token)})`
			`assert response.status_code == 403`
			`data = json.loads(response.get_data())`
			`assert data['error'] == 'Invalid token: request'`


Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`def test_should_not_allow_invalid_secret(notify_api, notify_db, notify_db_session, sample_api_key):`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
			`token = create_jwt_token(request_method="POST", request_path="/", secret="not-so-secret",`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`client_id=sample_api_key.service_id)`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`response = client.get(url_for('status.show_status'),`
			`headers={'Authorization': "Bearer {}".format(token)})`
			`assert response.status_code == 403`
			`data = json.loads(response.get_data())`
			`assert data['error'] == 'Invalid token: signature'`


Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`def test_should_allow_valid_token(notify_api, notify_db, notify_db_session, sample_api_key):`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`token = __create_get_token(sample_api_key.service_id)`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`response = client.get(url_for('status.show_status'),`
			`headers={'Authorization': 'Bearer {}'.format(token)})`
			`assert response.status_code == 200`


Added authorization headers for all requests 2016-01-15 16:22:03 +00:00			`JSON_BODY = json.dumps({`
			`"key1": "value1",`
			`"key2": "value2",`
			`"key3": "value3"`
			`})`


Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`def test_should_allow_valid_token_with_post_body(notify_api, notify_db, notify_db_session, sample_api_key):`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`token = __create_post_token(sample_api_key.service_id, JSON_BODY)`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`response = client.post(url_for('status.show_status'),`
Added authorization headers for all requests 2016-01-15 16:22:03 +00:00			`data=JSON_BODY,`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`headers={'Authorization': 'Bearer {}'.format(token)})`
			`assert response.status_code == 200`


Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`def test_should_not_allow_valid_token_with_invalid_post_body(notify_api, notify_db, notify_db_session, sample_api_key):`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`with notify_api.test_request_context():`
			`with notify_api.test_client() as client:`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`token = __create_post_token(sample_api_key.service_id, JSON_BODY)`
Added the before_request so that all calls must have a valid token. Next is to get all the rest tests to pass again. 2016-01-14 17:45:30 +00:00			`response = client.post(url_for('status.show_status'),`
			`data="spurious",`
			`headers={'Authorization': 'Bearer {}'.format(token)})`
			`assert response.status_code == 403`
			`data = json.loads(response.get_data())`
			`assert data['error'] == 'Invalid token: payload'`
Added authorization headers for all requests 2016-01-15 16:22:03 +00:00

			`def __create_get_token(service_id):`
			`return create_jwt_token(request_method="GET",`
			`request_path=url_for('status.show_status'),`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`secret=get_unsigned_secret(service_id),`
Added authorization headers for all requests 2016-01-15 16:22:03 +00:00			`client_id=service_id)`


			`def __create_post_token(service_id, request_body):`
			`return create_jwt_token(`
			`request_method="POST",`
			`request_path=url_for('status.show_status'),`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`secret=get_unsigned_secret(service_id),`
Added authorization headers for all requests 2016-01-15 16:22:03 +00:00			`client_id=service_id,`
			`request_body=request_body`
			`)`