YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

Rewrite auth tests in a more clean way, now using webtest to run the API

Browse source
This commit is contained in:
Alexandre Aubin 2019-11-19 21:06:55 +01:00
parent 9fda7f4716
commit 53ab4709d1
4 changed files with 41 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
moulinette/authenticators/dummy.py
View file

@ -17,7 +17,7 @@ class Authenticator(BaseAuthenticator):
vendor = 'dummy'
def __init__(self, name, vendor, parameters, extra):
logger.debug("initialize authenticator '%s")
logger.debug("initialize authenticator dummy")
super(Authenticator, self).__init__(name)
def authenticate(self, password):

28
test/conftest.py
View file

@ -1,7 +1,5 @@
"""Pytest fixtures for testing."""
from multiprocessing import Process
import time
import json
import os
import shutil
@ -121,19 +119,25 @@ def moulinette(tmp_path_factory):
return moulinette
@pytest.fixture(scope='session')
@pytest.fixture
def moulinette_webapi(moulinette):
namespace = "moulitest"
from webtest import TestApp
from webtest.app import CookiePolicy
api_thread = Process(target=moulinette.api,
args=([namespace],),
kwargs={"host": "localhost", "port": 12342, "use_websocket": False})
api_thread.start()
time.sleep(0.5)
assert api_thread.is_alive()
yield "http://localhost:12342"
api_thread.terminate()
# Dirty hack needed, otherwise cookies ain't reused between request .. not
# sure why :|
def return_true(self, cookie, request):
return True
CookiePolicy.return_ok_secure = return_true
moulinette_webapi = moulinette.core.init_interface(
'api',
kwargs={'routes': {}, 'use_websocket': False},
actionsmap={'namespaces': ["moulitest"], 'use_cache': True}
)
return TestApp(moulinette_webapi._app)
@pytest.fixture

70
test/test_auth.py
View file

@ -1,46 +1,36 @@
import os
import requests
def login(webapi, cookies=None, csrf=False, profile=None):
def login(webapi, csrf=False, profile=None, status=200):
data = {"password": "Yoloswag"}
if profile:
data["profile"] = profile
return requests.post(webapi + "/login",
cookies=cookies,
data=data,
headers=None if csrf else {"X-Requested-With": ""})
return webapi.post("/login", data,
status=status,
headers=None if csrf else {"X-Requested-With": ""})
def test_request_no_auth_needed(moulinette_webapi):
r = requests.get(moulinette_webapi + "/test-auth/none")
assert r.status_code == 200
assert r.text == '"some_data_from_none"'
assert moulinette_webapi.get("/test-auth/none", status=200).text == '"some_data_from_none"'
def test_request_with_auth_but_not_logged(moulinette_webapi):
r = requests.get(moulinette_webapi + "/test-auth/default")
assert r.status_code == 401
assert r.text == "Authentication required"
assert moulinette_webapi.get("/test-auth/default", status=401).text == "Authentication required"
def test_login(moulinette_webapi):
r = login(moulinette_webapi)
assert login(moulinette_webapi).text == "Logged in"
assert r.status_code == 200
assert r.text == "Logged in"
assert "session.id" in r.cookies
assert "session.tokens" in r.cookies
assert "session.id" in moulinette_webapi.cookies
assert "session.tokens" in moulinette_webapi.cookies
cache_session_default = os.environ['MOULINETTE_CACHE_DIR'] + "/session/default/"
assert r.cookies["session.id"] + ".asc" in os.listdir(cache_session_default)
assert moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(cache_session_default)
def test_login_csrf_attempt(moulinette_webapi):
@ -49,51 +39,37 @@ def test_login_csrf_attempt(moulinette_webapi):
# https://security.stackexchange.com/a/58308
# https://stackoverflow.com/a/22533680
r = login(moulinette_webapi, csrf=True)
assert r.status_code == 403
assert "session.id" not in r.cookies
assert "session.tokens" not in r.cookies
assert "CSRF protection" in r.text
assert "CSRF protection" in login(moulinette_webapi, csrf=True, status=403).text
assert not any(c.name == "session.id" for c in moulinette_webapi.cookiejar)
assert not any(c.name == "session.tokens" for c in moulinette_webapi.cookiejar)
def test_login_then_legit_request_without_cookies(moulinette_webapi):
login(moulinette_webapi)
r = requests.get(moulinette_webapi + "/test-auth/default")
moulinette_webapi.cookiejar.clear()
assert r.status_code == 401
assert r.text == "Authentication required"
moulinette_webapi.get("/test-auth/default", status=401)
def test_login_then_legit_request(moulinette_webapi):
r_login = login(moulinette_webapi)
login(moulinette_webapi)
r = requests.get(moulinette_webapi + "/test-auth/default",
cookies={"session.id": r_login.cookies["session.id"],
"session.tokens": r_login.cookies["session.tokens"], })
#for cookie in moulinette_webapi.cookiejar:
# cookie.domain = "localhost"
assert r.status_code == 200
assert r.text == '"some_data_from_default"'
assert moulinette_webapi.get("/test-auth/default", status=200).text == '"some_data_from_default"'
def test_login_then_logout(moulinette_webapi):
r_login = login(moulinette_webapi)
login(moulinette_webapi)
r = requests.get(moulinette_webapi + "/logout",
cookies={"session.id": r_login.cookies["session.id"],
"session.tokens": r_login.cookies["session.tokens"], })
moulinette_webapi.get("/logout", status=200)
assert r.status_code == 200
cache_session_default = os.environ['MOULINETTE_CACHE_DIR'] + "/session/default/"
assert not r_login.cookies["session.id"] + ".asc" in os.listdir(cache_session_default)
assert not moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(cache_session_default)
r = requests.get(moulinette_webapi + "/test-auth/default",
cookies={"session.id": r_login.cookies["session.id"],
"session.tokens": r_login.cookies["session.tokens"], })
assert r.status_code == 401
assert r.text == "Authentication required"
assert moulinette_webapi.get("/test-auth/default", status=401).text == "Authentication required"

1
tox.ini
View file

@ -18,6 +18,7 @@ deps =
toml >= 0.10, < 0.11
gevent-websocket
bottle >= 0.12
WebTest >= 2.0, < 2.1
commands =
pytest {posargs}