2020-01-02 05:33:51 +01:00
|
|
|
import pytest
|
|
|
|
|
|
|
|
from moulinette import MoulinetteError
|
|
|
|
|
|
|
|
|
|
|
|
class TestAuthAPI:
|
2021-06-13 18:51:13 +02:00
|
|
|
def login(self, webapi, csrf=False, profile=None, status=200, password=None):
|
|
|
|
if password is None:
|
|
|
|
password = "dummy"
|
|
|
|
|
2021-06-14 17:23:41 +02:00
|
|
|
data = {"credentials": password}
|
2021-07-09 20:42:11 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
if profile:
|
|
|
|
data["profile"] = profile
|
|
|
|
|
|
|
|
return webapi.post(
|
|
|
|
"/login",
|
|
|
|
data,
|
|
|
|
status=status,
|
|
|
|
headers=None if csrf else {"X-Requested-With": ""},
|
|
|
|
)
|
|
|
|
|
|
|
|
def test_request_no_auth_needed(self, moulinette_webapi):
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/none", status=200).text
|
|
|
|
== '"some_data_from_none"'
|
|
|
|
)
|
|
|
|
|
|
|
|
def test_request_no_auth_needed_subcategories(self, moulinette_webapi):
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/subcat/none", status=200).text
|
|
|
|
== '"some_data_from_subcat_none"'
|
|
|
|
)
|
|
|
|
|
|
|
|
def test_request_with_auth_but_not_logged(self, moulinette_webapi):
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/default", status=401).text
|
|
|
|
== "Authentication required"
|
|
|
|
)
|
|
|
|
|
|
|
|
def test_request_with_auth_subcategories_but_not_logged(self, moulinette_webapi):
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/subcat/default", status=401).text
|
|
|
|
== "Authentication required"
|
|
|
|
)
|
|
|
|
|
|
|
|
def test_request_not_logged_only_api(self, moulinette_webapi):
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/only-api", status=401).text
|
|
|
|
== "Authentication required"
|
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_request_only_api(self, moulinette_webapi):
|
|
|
|
self.login(moulinette_webapi)
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/only-api", status=200).text
|
|
|
|
== '"some_data_from_only_api"'
|
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_request_not_logged_only_cli(self, moulinette_webapi):
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/only-cli", status=200).text
|
|
|
|
== '"some_data_from_only_cli"'
|
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login(self, moulinette_webapi):
|
|
|
|
assert self.login(moulinette_webapi).text == "Logged in"
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2021-12-22 19:22:49 +01:00
|
|
|
assert "moulitest" in moulinette_webapi.cookies
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login_bad_password(self, moulinette_webapi):
|
2020-01-02 16:41:21 +01:00
|
|
|
assert (
|
|
|
|
self.login(moulinette_webapi, password="Bad Password", status=401).text
|
2021-08-27 19:48:04 +02:00
|
|
|
== "invalid_password"
|
2020-01-02 16:41:21 +01:00
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2021-12-22 19:22:49 +01:00
|
|
|
assert "moulitest" not in moulinette_webapi.cookies
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login_csrf_attempt(self, moulinette_webapi):
|
|
|
|
# C.f.
|
|
|
|
# https://security.stackexchange.com/a/58308
|
|
|
|
# https://stackoverflow.com/a/22533680
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 16:41:21 +01:00
|
|
|
assert (
|
|
|
|
"CSRF protection"
|
|
|
|
in self.login(moulinette_webapi, csrf=True, status=403).text
|
|
|
|
)
|
2022-01-19 23:14:17 +01:00
|
|
|
assert not any(c.name == "moulitest" for c in moulinette_webapi.cookiejar)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login_then_legit_request_without_cookies(self, moulinette_webapi):
|
|
|
|
self.login(moulinette_webapi)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
moulinette_webapi.cookiejar.clear()
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
moulinette_webapi.get("/test-auth/default", status=401)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login_then_legit_request(self, moulinette_webapi):
|
|
|
|
self.login(moulinette_webapi)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2021-12-22 19:22:49 +01:00
|
|
|
assert "moulitest" in moulinette_webapi.cookies
|
2021-07-09 20:42:11 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/default", status=200).text
|
|
|
|
== '"some_data_from_default"'
|
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/subcat/default", status=200).text
|
|
|
|
== '"some_data_from_subcat_default"'
|
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login_then_logout(self, moulinette_webapi):
|
|
|
|
self.login(moulinette_webapi)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
moulinette_webapi.get("/logout", status=200)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/default", status=401).text
|
|
|
|
== "Authentication required"
|
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login_other_profile(self, moulinette_webapi):
|
|
|
|
self.login(moulinette_webapi, profile="yoloswag", password="yoloswag")
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2021-12-22 19:22:49 +01:00
|
|
|
assert "moulitest" in moulinette_webapi.cookies
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login_wrong_profile(self, moulinette_webapi):
|
|
|
|
self.login(moulinette_webapi)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/other-profile", status=401).text
|
|
|
|
== "Authentication required"
|
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
moulinette_webapi.get("/logout", status=200)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
self.login(moulinette_webapi, profile="yoloswag", password="yoloswag")
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/default", status=401).text
|
|
|
|
== "Authentication required"
|
|
|
|
)
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-08 17:08:59 +01:00
|
|
|
def test_request_with_arg(self, moulinette_webapi, capsys):
|
|
|
|
self.login(moulinette_webapi)
|
|
|
|
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/with_arg/yoloswag", status=200).text
|
|
|
|
== '"yoloswag"'
|
|
|
|
)
|
|
|
|
|
|
|
|
def test_request_arg_with_extra(self, moulinette_webapi, caplog, mocker):
|
|
|
|
self.login(moulinette_webapi)
|
|
|
|
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get(
|
|
|
|
"/test-auth/with_extra_str_only/YoLoSwAg", status=200
|
|
|
|
).text
|
|
|
|
== '"YoLoSwAg"'
|
|
|
|
)
|
|
|
|
|
|
|
|
error = "error_message"
|
|
|
|
mocker.patch("moulinette.Moulinette18n.n", return_value=error)
|
|
|
|
|
|
|
|
moulinette_webapi.get("/test-auth/with_extra_str_only/12345", status=400)
|
|
|
|
|
|
|
|
assert any("doesn't match pattern" in message for message in caplog.messages)
|
|
|
|
|
|
|
|
def test_request_arg_with_type(self, moulinette_webapi, caplog, mocker):
|
|
|
|
self.login(moulinette_webapi)
|
|
|
|
|
|
|
|
assert (
|
|
|
|
moulinette_webapi.get("/test-auth/with_type_int/12345", status=200).text
|
|
|
|
== "12345"
|
|
|
|
)
|
|
|
|
|
|
|
|
error = "error_message"
|
|
|
|
mocker.patch("moulinette.Moulinette18n.g", return_value=error)
|
|
|
|
moulinette_webapi.get("/test-auth/with_type_int/yoloswag", status=400)
|
|
|
|
|
2021-01-26 21:19:26 +01:00
|
|
|
def test_request_arg_without_action(self, moulinette_webapi, caplog, mocker):
|
|
|
|
self.login(moulinette_webapi)
|
2023-09-27 20:23:11 +02:00
|
|
|
moulinette_webapi.get("/test-auth", status=405)
|
2021-01-26 21:19:26 +01:00
|
|
|
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
class TestAuthCLI:
|
|
|
|
def test_login(self, moulinette_cli, capsys, mocker):
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="dummy")
|
2020-01-02 16:41:21 +01:00
|
|
|
moulinette_cli.run(["testauth", "default"], output_as="plain")
|
2020-01-02 05:33:51 +01:00
|
|
|
message = capsys.readouterr()
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
assert "some_data_from_default" in message.out
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-05-01 14:00:10 +02:00
|
|
|
moulinette_cli.run(["testauth", "default"], output_as="plain")
|
2020-01-02 05:33:51 +01:00
|
|
|
message = capsys.readouterr()
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
assert "some_data_from_default" in message.out
|
2019-08-23 02:37:57 +02:00
|
|
|
|
2020-01-02 05:33:51 +01:00
|
|
|
def test_login_bad_password(self, moulinette_cli, capsys, mocker):
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="Bad Password")
|
2020-01-02 05:33:51 +01:00
|
|
|
with pytest.raises(MoulinetteError):
|
2020-05-01 14:00:10 +02:00
|
|
|
moulinette_cli.run(["testauth", "default"], output_as="plain")
|
2020-01-02 05:33:51 +01:00
|
|
|
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="Bad Password")
|
2020-01-02 05:33:51 +01:00
|
|
|
with pytest.raises(MoulinetteError):
|
2020-01-02 16:41:21 +01:00
|
|
|
moulinette_cli.run(["testauth", "default"], output_as="plain")
|
2020-01-02 05:33:51 +01:00
|
|
|
|
|
|
|
def test_login_wrong_profile(self, moulinette_cli, mocker):
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="dummy")
|
2020-01-02 05:33:51 +01:00
|
|
|
with pytest.raises(MoulinetteError) as exception:
|
2020-01-02 16:41:21 +01:00
|
|
|
moulinette_cli.run(["testauth", "other-profile"], output_as="none")
|
2020-01-02 05:33:51 +01:00
|
|
|
|
2021-08-27 19:45:07 +02:00
|
|
|
assert "invalid_password" in str(exception)
|
2020-01-02 05:33:51 +01:00
|
|
|
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="yoloswag")
|
2020-01-02 05:33:51 +01:00
|
|
|
with pytest.raises(MoulinetteError) as exception:
|
2020-05-01 14:00:10 +02:00
|
|
|
moulinette_cli.run(["testauth", "default"], output_as="none")
|
2020-01-02 05:33:51 +01:00
|
|
|
|
2021-08-27 19:45:07 +02:00
|
|
|
assert "invalid_password" in str(exception)
|
2020-01-02 05:33:51 +01:00
|
|
|
|
|
|
|
def test_request_no_auth_needed(self, capsys, moulinette_cli):
|
2020-01-02 16:41:21 +01:00
|
|
|
moulinette_cli.run(["testauth", "none"], output_as="plain")
|
2020-01-02 05:33:51 +01:00
|
|
|
message = capsys.readouterr()
|
|
|
|
|
|
|
|
assert "some_data_from_none" in message.out
|
|
|
|
|
|
|
|
def test_request_not_logged_only_api(self, capsys, moulinette_cli):
|
2020-01-02 16:41:21 +01:00
|
|
|
moulinette_cli.run(["testauth", "only-api"], output_as="plain")
|
2020-01-02 05:33:51 +01:00
|
|
|
message = capsys.readouterr()
|
|
|
|
|
|
|
|
assert "some_data_from_only_api" in message.out
|
|
|
|
|
|
|
|
def test_request_only_cli(self, capsys, moulinette_cli, mocker):
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="dummy")
|
2020-01-02 16:41:21 +01:00
|
|
|
moulinette_cli.run(["testauth", "only-cli"], output_as="plain")
|
2020-01-02 05:33:51 +01:00
|
|
|
|
|
|
|
message = capsys.readouterr()
|
|
|
|
|
|
|
|
assert "some_data_from_only_cli" in message.out
|
|
|
|
|
|
|
|
def test_request_not_logged_only_cli(self, capsys, moulinette_cli, mocker):
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt")
|
2020-01-02 05:33:51 +01:00
|
|
|
with pytest.raises(MoulinetteError) as exception:
|
2020-01-02 16:41:21 +01:00
|
|
|
moulinette_cli.run(["testauth", "only-cli"], output_as="plain")
|
2020-01-02 05:33:51 +01:00
|
|
|
|
|
|
|
message = capsys.readouterr()
|
|
|
|
assert "some_data_from_only_cli" not in message.out
|
|
|
|
|
2021-08-27 19:45:07 +02:00
|
|
|
assert "invalid_password" in str(exception)
|
2020-01-08 17:05:34 +01:00
|
|
|
|
2020-01-08 17:08:59 +01:00
|
|
|
def test_request_with_arg(self, moulinette_cli, capsys, mocker):
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="dummy")
|
2020-01-08 17:08:59 +01:00
|
|
|
moulinette_cli.run(["testauth", "with_arg", "yoloswag"], output_as="plain")
|
|
|
|
message = capsys.readouterr()
|
|
|
|
|
|
|
|
assert "yoloswag" in message.out
|
|
|
|
|
|
|
|
def test_request_arg_with_extra(self, moulinette_cli, capsys, mocker):
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="dummy")
|
2020-01-08 17:08:59 +01:00
|
|
|
moulinette_cli.run(
|
|
|
|
["testauth", "with_extra_str_only", "YoLoSwAg"], output_as="plain"
|
|
|
|
)
|
|
|
|
message = capsys.readouterr()
|
|
|
|
|
|
|
|
assert "YoLoSwAg" in message.out
|
|
|
|
|
|
|
|
error = "error_message"
|
|
|
|
mocker.patch("moulinette.Moulinette18n.n", return_value=error)
|
|
|
|
with pytest.raises(MoulinetteError):
|
|
|
|
moulinette_cli.run(
|
|
|
|
["testauth", "with_extra_str_only", "12345"], output_as="plain"
|
|
|
|
)
|
|
|
|
|
|
|
|
message = capsys.readouterr()
|
|
|
|
assert "doesn't match pattern" in message.err
|
|
|
|
|
|
|
|
def test_request_arg_with_type(self, moulinette_cli, capsys, mocker):
|
2021-08-23 10:44:28 +02:00
|
|
|
mocker.patch("os.isatty", return_value=True)
|
2021-09-23 21:23:39 +02:00
|
|
|
mocker.patch("prompt_toolkit.prompt", return_value="dummy")
|
2020-01-08 17:08:59 +01:00
|
|
|
moulinette_cli.run(["testauth", "with_type_int", "12345"], output_as="plain")
|
|
|
|
message = capsys.readouterr()
|
|
|
|
|
|
|
|
assert "12345" in message.out
|
|
|
|
|
2021-01-25 18:51:51 +01:00
|
|
|
with pytest.raises(SystemExit):
|
2020-01-08 17:08:59 +01:00
|
|
|
moulinette_cli.run(
|
|
|
|
["testauth", "with_type_int", "yoloswag"], output_as="plain"
|
|
|
|
)
|
|
|
|
|
|
|
|
message = capsys.readouterr()
|
|
|
|
assert "invalid int value" in message.err
|
2021-01-26 21:19:26 +01:00
|
|
|
|
|
|
|
def test_request_arg_without_action(self, moulinette_cli, capsys, mocker):
|
|
|
|
with pytest.raises(SystemExit):
|
|
|
|
moulinette_cli.run(["testauth"], output_as="plain")
|
|
|
|
|
|
|
|
message = capsys.readouterr()
|
|
|
|
|
|
|
|
assert "error: the following arguments are required:" in message.err
|