PageRenderTime 39ms CodeModel.GetById 8ms RepoModel.GetById 0ms app.codeStats 0ms

/tests/test_handlers.py

https://bitbucket.org/angryshortone/grump-o-nado
Python | 418 lines | 394 code | 10 blank | 14 comment | 0 complexity | f16b393353be9112cf5784249b03a9c6 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception 
    

  1. # This Source Code Form is subject to the terms of the Mozilla Public
    2. 

  2. # License, v. 2.0. If a copy of the MPL was not distributed with this
    3. 

  3. # file, You can obtain one at http://mozilla.org/MPL/2.0/.
    4. 

  4. """Unit tests for the handlers"""
    5. 

  5. import json
    6. 

  6. from datetime import datetime
    7. 

  7. from datetime import timedelta as tdelta
    8. 

  8. 

  9. import jwt
    10. 

  10. from sqlalchemy import create_engine
    11. 

  11. from sqlalchemy.orm import sessionmaker
    12. 

  12. from tornado import testing, escape
    13. 

  13. from tornado.web import Application
    14. 

  14. from tornado_sqlalchemy import make_session_factory
    15. 

  15. 

  16. from grumponado.app import assign_handlers
    17. 

  17. from grumponado.models import Users, BASE, Tokens
    18. 

  18. 

  19. PW = b'password'
    20. 

  20. PW_HASH = b'$2b$04$eA9hGoyi5xAp0SKE49RW2eMpOA69u0ObcmQoV/M82UtzHlDydjHwy'
    21. 

  21. 

  22. 

  23. class HandlerTests(testing.AsyncHTTPTestCase):
    24. 

  24.     """Base class for the setup and tear down of handler tests. It defines the
    25. 

  25.     basic setup for the database and also provides the tear down method
    26. 

  26.     """
    27. 

  27.     db = 'postgres://localhost:5432/py_unit_test'
    28. 

  28.     engine = create_engine(db)
    29. 

  29. 

  30.     def setUp(self):
    31. 

  31.         """Set up for the database"""
    32. 

  32.         super(HandlerTests, self).setUp()
    33. 

  33.         BASE.metadata.create_all(self.engine)
    34. 

  34. 

  35.     def tearDown(self):
    36. 

  36.         """Tear down for the database"""
    37. 

  37.         super(HandlerTests, self).tearDown()
    38. 

  38.         BASE.metadata.drop_all(self.engine)
    39. 

  39. 

  40.     def get_app(self):
    41. 

  41.         """Get the tornado app to run the tests. This is a default
    42. 

  42.         configuration
    43. 

  43.         """
    44. 

  44.         routes = assign_handlers('tests')
    45. 

  45.         session_factory = make_session_factory(self.db)
    46. 

  46.         return Application(routes,
    47. 

  47.                            session_factory=session_factory,
    48. 

  48.                            cookie_secret='pytest',
    49. 

  49.                            hashing_salt='pysalt')
    50. 

  50. 

  51. 

  52. class UserHandlerPreps(HandlerTests):
    53. 

  53.     """Setup different users"""
    54. 

  54.     def setUp(self):
    55. 

  55.         """Database set up with a default user. Base class is overwritten"""
    56. 

  56.         super(UserHandlerPreps, self).setUp()
    57. 

  57.         session = sessionmaker()
    58. 

  58.         session.configure(bind=self.engine)
    59. 

  59.         users_sammy = Users(
    60. 

  60.             user='sammy',
    61. 

  61.             email='sammy@gmx.net',
    62. 

  62.             password=PW_HASH,
    63. 

  63.             avatar=''
    64. 

  64.         )
    65. 

  65.         users_notsammy = Users(
    66. 

  66.             user='notsammy',
    67. 

  67.             email='notsammy@gmx.net',
    68. 

  68.             password=PW_HASH,
    69. 

  69.             avatar=''
    70. 

  70.         )
    71. 

  71.         dbsession = session()
    72. 

  72.         try:
    73. 

  73.             dbsession.add(users_notsammy)
    74. 

  74.             dbsession.commit()
    75. 

  75.             dbsession.add(users_sammy)
    76. 

  76.             dbsession.commit()
    77. 

  77.             token = Tokens(users_notsammy.id, 'yay', 'nope', 'nope')
    78. 

  78.             delta = datetime.utcnow() - tdelta(days=15)
    79. 

  79.             token2 = Tokens(users_notsammy.id, 'yay2', 'nope', 'nope', delta)
    80. 

  80.             token2.last_refresh = delta
    81. 

  81.             dbsession.add(token)
    82. 

  82.             dbsession.commit()
    83. 

  83.             dbsession.add(token2)
    84. 

  84.             dbsession.commit()
    85. 

  85.         finally:
    86. 

  86.             dbsession.close()
    87. 

  87. 

  88.     def get_app(self):
    89. 

  89.         """Create an app for testing"""
    90. 

  90.         routes = assign_handlers('tests')
    91. 

  91.         session_factory = make_session_factory(self.db)
    92. 

  92.         return Application(routes,
    93. 

  93.                            session_factory=session_factory,
    94. 

  94.                            cookie_secret='pytest',
    95. 

  95.                            login_url='/404',
    96. 

  96.                            hashing_salt='pysalt')
    97. 

  97. 

  98. 

  99. class TestMainHandlers(HandlerTests):
    100. 

  100.     """Tests for the main entry point"""
    101. 

  101.     def test_get_main(self):
    102. 

  102.         """Get the base route, without a trailing slash"""
    103. 

  103.         response = self.fetch('/tests')
    104. 

  104.         self.assertEqual(response.code, 200)
    105. 

  105. 

  106.     def test_get_main_trailing_slash(self):
    107. 

  107.         """Get the base route, without a trailing slash"""
    108. 

  108.         response = self.fetch('/tests/')
    109. 

  109.         self.assertEqual(response.code, 200)
    110. 

  110. 

  111. 

  112. class TestUserHandlers(HandlerTests):
    113. 

  113.     """The user handler tests to test the creation, deletion and update of
    114. 

  114.     users.
    115. 

  115.     """
    116. 

  116.     def setUp(self):
    117. 

  117.         """Database set up with a default user. Base class is overwritten"""
    118. 

  118.         super(TestUserHandlers, self).setUp()
    119. 

  119.         session = sessionmaker()
    120. 

  120.         session.configure(bind=self.engine)
    121. 

  121.         user = Users(
    122. 

  122.             user='notsammy',
    123. 

  123.             email='notsammy@gmx.net',
    124. 

  124.             password=PW,
    125. 

  125.             avatar=''
    126. 

  126.         )
    127. 

  127.         dbsession = session()
    128. 

  128.         try:
    129. 

  129.             dbsession.add(user)
    130. 

  130.             dbsession.commit()
    131. 

  131.         finally:
    132. 

  132.             dbsession.close()
    133. 

  133. 

  134.     def test_user_get_inexistent_user(self):
    135. 

  135.         """Get the infos of a particular user, that does not exist"""
    136. 

  136.         response = self.fetch('/tests/users/sammy')
    137. 

  137.         self.assertEqual(response.code, 404)
    138. 

  138. 

  139.     def test_user_get_user(self):
    140. 

  140.         """Get the infos of a particular user, that does exist"""
    141. 

  141.         response = self.fetch('/tests/users/notsammy')
    142. 

  142.         self.assertEqual(response.code, 200)
    143. 

  143. 

  144.     def test_user_create_validation(self):
    145. 

  145.         """Test the validation when creating a user"""
    146. 

  146.         response = self.fetch('/tests/users/', method='POST', body='{}')
    147. 

  147.         self.assertEqual(response.code, 400)
    148. 

  148. 

  149.     def test_user_create_not_json(self):
    150. 

  150.         """Test if the validation fails if the supplied data is not json"""
    151. 

  151.         response = self.fetch('/tests/users/', method='POST', body='_')
    152. 

  152.         self.assertEqual(response.code, 400)
    153. 

  153. 

  154.     def test_user_create_user_exists(self):
    155. 

  155.         """Test handling if someone tries to create a user, that already
    156. 

  156.         exists
    157. 

  157.         """
    158. 

  158.         test_user = {'name': 'sammy',
    159. 

  159.                      'email': 'sammy@domain.tld',
    160. 

  160.                      'password': '12345678abcd'}
    161. 

  161.         self.fetch('/tests/users/', method='POST', body=json.dumps(test_user))
    162. 

  162.         response = self.fetch('/tests/users/',
    163. 

  163.                               method='POST',
    164. 

  164.                               body=json.dumps(test_user))
    165. 

  165.         self.assertEqual(response.code, 400)
    166. 

  166. 

  167.     def test_user_create_type_error(self):
    168. 

  168.         """Test exception handling, when the supplied data are of the wrong
    169. 

  169.         type
    170. 

  170.         """
    171. 

  171.         test_user = {'name': 102,
    172. 

  172.                      'email': 'samm2y@domain.tld',
    173. 

  173.                      'password': '12345678abcd'}
    174. 

  174.         response = self.fetch('/tests/users/', method='POST', body=json.dumps(test_user))
    175. 

  175.         self.assertEqual(response.code, 400)
    176. 

  176. 

  177. 

  178. class TestLoginLogoutHandlers(UserHandlerPreps):
    179. 

  179.     """Login and logout tests"""
    180. 

  180.     def test_login_login_errors(self):
    181. 

  181.         """Login with an error, missing user or email"""
    182. 

  182.         body = json.dumps({'email': 'notsammy@gmx.net'})
    183. 

  183.         response = self.fetch('/tests/login', method='POST', body=body)
    184. 

  184.         self.assertEqual(response.code, 400)
    185. 

  185.         body2 = json.dumps({'password': 'password'})
    186. 

  186.         response2 = self.fetch('/tests/login', method='POST', body=body2)
    187. 

  187.         self.assertEqual(response2.code, 400)
    188. 

  188.         body3 = json.dumps({'password': None})
    189. 

  189.         response3 = self.fetch('/tests/login', method='POST', body=body3)
    190. 

  190.         self.assertEqual(response3.code, 400)
    191. 

  191. 

  192.     def test_login_format_errors(self):
    193. 

  193.         """Test login with a format error"""
    194. 

  194.         body = "{'email': 'notsammy@gmx.net'})2"
    195. 

  195.         response = self.fetch('/tests/login', method='POST', body=body)
    196. 

  196.         self.assertEqual(400, response.code)
    197. 

  197. 

  198.     def test_login_wrong_password(self):
    199. 

  199.         """Test login with a wrong password"""
    200. 

  200.         body = json.dumps({'email': 'notsammy@gmx.net',
    201. 

  201.                            'password': 'password2'})
    202. 

  202.         response = self.fetch('/tests/login', method='POST', body=body)
    203. 

  203.         self.assertEqual(400, response.code)
    204. 

  204.         body = response.body.decode('utf-8')
    205. 

  205.         self.assertTrue('2004' in body)
    206. 

  206. 

  207.     def test_login_wrong_name(self):
    208. 

  208.         """Test login with a wrong name"""
    209. 

  209.         body = json.dumps({'email': 'notsammy@gmx.net2',
    210. 

  210.                            'password': 'password'})
    211. 

  211.         response = self.fetch('/tests/login', method='POST', body=body)
    212. 

  212.         self.assertEqual(400, response.code)
    213. 

  213.         body = response.body.decode('utf-8')
    214. 

  214.         self.assertTrue('2004' in body)
    215. 

  215. 

  216.     def test_login_success(self):
    217. 

  217.         """Test the successfull login"""
    218. 

  218.         body = json.dumps({'email': 'notsammy@gmx.net',
    219. 

  219.                            'password': 'password'})
    220. 

  220.         response = self.fetch('/tests/login', method='POST', body=body)
    221. 

  221.         body = response.body.decode('utf-8')
    222. 

  222.         self.assertEqual(200, response.code)
    223. 

  223.         self.assertTrue('5002' in body)
    224. 

  224.         self.assertTrue('user_name' in body)
    225. 

  225. 

  226.     def test_logout(self):
    227. 

  227.         """Test to logout users"""
    228. 

  228.         token = jwt.encode({
    229. 

  229.             'sub': 0,
    230. 

  230.             'name': 'notsammy',
    231. 

  231.             'iat': datetime.utcnow().timestamp(),
    232. 

  232.             'exp': datetime.utcnow().timestamp() + 86000,
    233. 

  233.             'refresh': 'yay'
    234. 

  234.         }, key='pytest', algorithm='HS256').decode('utf-8')
    235. 

  235.         response = self.fetch('/tests/logout', method='GET', headers={'Authorization': 'Bearer ' + token})
    236. 

  236.         self.assertEqual(200, response.code)
    237. 

  237.         decoded_body = response.body.decode('utf-8')
    238. 

  238.         found = '5001' in decoded_body
    239. 

  239.         self.assertTrue(found)
    240. 

  240. 

  241.     def test_refresh_valid_jwt(self):
    242. 

  242.         """Test the refresh with a valid token"""
    243. 

  243.         token = jwt.encode({
    244. 

  244.             'sub': 0,
    245. 

  245.             'name': 'notsammy',
    246. 

  246.             'iat': datetime.utcnow().timestamp(),
    247. 

  247.             'exp': datetime.utcnow().timestamp() + 86000,
    248. 

  248.             'refresh': 'yay'
    249. 

  249.         }, key='pytest', algorithm='HS256').decode('utf-8')
    250. 

  250.         response = self.fetch('/tests/me', method='GET', headers={'Authorization': 'Bearer ' + token})
    251. 

  251.         body = escape.json_decode(response.body.decode('utf-8'))
    252. 

  252.         self.assertIsNotNone(body['auth'])
    253. 

  253.         self.assertEqual(body['auth'].split('.')[0], 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9')
    254. 

  254. 

  255.     def test_refresh_old_jwt(self):
    256. 

  256.         """Test the refresh with an expired token"""
    257. 

  257.         token = jwt.encode({
    258. 

  258.             'sub': 0,
    259. 

  259.             'name': 'notsammy',
    260. 

  260.             'iat': datetime.utcnow().timestamp(),
    261. 

  261.             'exp': datetime.utcnow().timestamp() - 86000,
    262. 

  262.             'refresh': 'yay'
    263. 

  263.         }, key='pytest', algorithm='HS256').decode('utf-8')
    264. 

  264.         response = self.fetch('/tests/me', method='GET', headers={'Authorization': 'Bearer ' + token})
    265. 

  265.         body = escape.json_decode(response.body.decode('utf-8'))
    266. 

  266.         self.assertIsNotNone(body['auth'])
    267. 

  267.         self.assertEqual(body['auth'].split('.')[0], 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9')
    268. 

  268. 

  269.     def test_refresh_old_refresh(self):
    270. 

  270.         """Test the refresh with an expired token"""
    271. 

  271.         token = jwt.encode({
    272. 

  272.             'sub': 0,
    273. 

  273.             'name': 'notsammy',
    274. 

  274.             'iat': datetime.utcnow().timestamp(),
    275. 

  275.             'exp': datetime.utcnow().timestamp() - 86000,
    276. 

  276.             'refresh': 'yay2'
    277. 

  277.         }, key='pytest', algorithm='HS256').decode('utf-8')
    278. 

  278.         response = self.fetch('/tests/me', method='GET', headers={'Authorization': 'Bearer ' + token})
    279. 

  279.         self.assertEqual(response.code, 404)
    280. 

  280. 

  281.     def test_missing_inexisting_user(self):
    282. 

  282.         """Test the refresh with an expired token"""
    283. 

  283.         token = jwt.encode({
    284. 

  284.             'sub': 0,
    285. 

  285.             'name': 'nope',
    286. 

  286.             'iat': datetime.utcnow().timestamp(),
    287. 

  287.             'exp': datetime.utcnow().timestamp() + 86000,
    288. 

  288.             'refresh': 'yay'
    289. 

  289.         }, key='pytest', algorithm='HS256').decode('utf-8')
    290. 

  290.         response = self.fetch('/tests/me', method='GET', headers={'Authorization': 'Bearer ' + token})
    291. 

  291.         self.assertEqual(response.code, 401)
    292. 

  292. 

  293.     def test_missing_refresh(self):
    294. 

  294.         """Test the refresh with an expired token"""
    295. 

  295.         token = jwt.encode({
    296. 

  296.             'sub': 0,
    297. 

  297.             'name': 'notsammy',
    298. 

  298.             'iat': datetime.utcnow().timestamp(),
    299. 

  299.             'exp': datetime.utcnow().timestamp() - 86000,
    300. 

  300.         }, key='pytest', algorithm='HS256').decode('utf-8')
    301. 

  301.         response = self.fetch('/tests/me', method='GET', headers={'Authorization': 'Bearer ' + token})
    302. 

  302.         self.assertEqual(response.code, 404)
    303. 

  303. 

  304.     def test_malicious_token(self):
    305. 

  305.         """Test the refresh with an expired token"""
    306. 

  306.         response = self.fetch('/tests/me', method='GET', headers={'Authorization': 'Bearer ' + 'aaX'})
    307. 

  307.         self.assertEqual(response.code, 404)
    308. 

  308. 

  309. 

  310. class TestRating(UserHandlerPreps):
    311. 

  311.     """Rating tests"""
    312. 

  312.     jwt_token = jwt.encode({
    313. 

  313.         'sub': 1,
    314. 

  314.         'name': 'sammy',
    315. 

  315.         'iat': datetime.utcnow().timestamp(),
    316. 

  316.         'exp': datetime.utcnow().timestamp() + 86000,
    317. 

  317.         'refresh': 'yay'
    318. 

  318.     }, key='pytest', algorithm='HS256').decode('utf-8')
    319. 

  319. 

  320.     def get_app(self):
    321. 

  321.         """Create an app for testing"""
    322. 

  322.         routes = assign_handlers('tests')
    323. 

  323.         session_factory = make_session_factory(self.db)
    324. 

  324.         return Application(routes,
    325. 

  325.                            session_factory=session_factory,
    326. 

  326.                            cookie_secret='pytest',
    327. 

  327.                            login_url='/404',
    328. 

  328.                            hashing_salt='pysalt')
    329. 

  329. 

  330.     def test_increase_ratings(self):
    331. 

  331.         """Test of increasing ratings"""
    332. 

  332.         responses_community = []
    333. 

  333.         responses_self = []
    334. 

  334. 

  335.         for _ in range(5):
    336. 

  336.             responses_community.append(self.fetch('/tests/users/sammy', method='PUT', body='action=increase',
    337. 

  337.                                                   headers={'Authorization': 'Bearer ' + self.jwt_token,
    338. 

  338.                                                            'Content-Type': 'application/x-www-form-urlencoded'}))
    339. 

  339.             responses_self.append(self.fetch('/tests/users/notsammy', method='PUT', body='action=increase',
    340. 

  340.                                              headers={'Authorization': 'Bearer ' + self.jwt_token,
    341. 

  341.                                                       'Content-Type': 'application/x-www-form-urlencoded'}))
    342. 

  342. 

  343.         response_bodies_community = [escape.json_decode(i.body.decode('utf-8')) for i in responses_community]
    344. 

  344.         response_bodies_self = [escape.json_decode(i.body.decode('utf-8')) for i in responses_self]
    345. 

  345. 

  346.         try:
    347. 

  347.             ratings_community = [i['result']['community_rating'] for i in response_bodies_community]
    348. 

  348.             ratings_self = [i['result']['self_rating'] for i in response_bodies_self]
    349. 

  349.         except KeyError:
    350. 

  350.             raise KeyError
    351. 

  351.         self.assertGreater(ratings_community[4], ratings_community[3])
    352. 

  352.         self.assertGreater(ratings_self[4], ratings_self[3])
    353. 

  353. 

  354.     def test_decrease_ratings(self):
    355. 

  355.         """Test of decreasing ratings"""
    356. 

  356.         responses_community = []
    357. 

  357.         responses_self = []
    358. 

  358.         action = 'action=increase'
    359. 

  359.         for i in range(5):
    360. 

  360.             if i > 3:
    361. 

  361.                 action = 'action=decrease'
    362. 

  362.             responses_community.append(self.fetch('/tests/users/sammy', method='PUT', body=action,
    363. 

  363.                                                   headers={'Authorization': 'Bearer ' + self.jwt_token,
    364. 

  364.                                                            'Content-Type': 'application/x-www-form-urlencoded'}))
    365. 

  365.             responses_self.append(self.fetch('/tests/users/notsammy', method='PUT', body=action,
    366. 

  366.                                              headers={'Authorization': 'Bearer ' + self.jwt_token,
    367. 

  367.                                                       'Content-Type': 'application/x-www-form-urlencoded'}))
    368. 

  368. 

  369.         response_bodies_community = [escape.json_decode(i.body.decode('utf-8')) for i in responses_community]
    370. 

  370.         response_bodies_self = [escape.json_decode(i.body.decode('utf-8')) for i in responses_self]
    371. 

  371. 

  372.         try:
    373. 

  373.             ratings_community = [i['result']['community_rating'] for i in response_bodies_community]
    374. 

  374.             ratings_self = [i['result']['self_rating'] for i in response_bodies_self]
    375. 

  375.         except KeyError:
    376. 

  376.             raise KeyError
    377. 

  377.         self.assertLess(ratings_community[4], ratings_community[3])
    378. 

  378.         self.assertLess(ratings_self[4], ratings_self[3])
    379. 

  379. 

  380.     def test_missing_arguments(self):
    381. 

  381.         """Test of missing arguments when ratings"""
    382. 

  382.         responses = self.fetch('/tests/users/notsammy', method='PUT', body=b'',
    383. 

  383.                                headers={'Authorization': 'Bearer ' + self.jwt_token,
    384. 

  384.                                         'Content-Type': 'application/x-www-form-urlencoded'})
    385. 

  385.         self.assertEqual(responses.code, 403)
    386. 

  386. 

  387. 

  388. class TestUserProfileHandler(UserHandlerPreps):
    389. 

  389.     """Profile tests"""
    390. 

  390.     jwt_token = jwt.encode({
    391. 

  391.         'sub': 1,
    392. 

  392.         'name': 'sammy',
    393. 

  393.         'iat': datetime.utcnow().timestamp(),
    394. 

  394.         'exp': datetime.utcnow().timestamp() + 86000,
    395. 

  395.         'refresh': 'yay'
    396. 

  396.     }, key='pytest', algorithm='HS256').decode('utf-8')
    397. 

  397. 

  398.     def get_app(self):
    399. 

  399.         """Create an app for testing"""
    400. 

  400.         routes = assign_handlers('tests')
    401. 

  401.         session_factory = make_session_factory(self.db)
    402. 

  402.         return Application(routes,
    403. 

  403.                            session_factory=session_factory,
    404. 

  404.                            cookie_secret='pytest',
    405. 

  405.                            login_url='/404',
    406. 

  406.                            hashing_salt='pysalt')
    407. 

  407. 

  408.     def test_delete_user(self):
    409. 

  409.         """Test for the deletion of users"""
    410. 

  410.         response_before_delete = self.fetch('/tests/users/sammy')
    411. 

  411.         self.assertEqual(response_before_delete.code, 200)
    412. 

  412.         responses_delete = self.fetch('/tests/me', method='DELETE',
    413. 

  413.                                       headers={'Authorization': 'Bearer ' + self.jwt_token,
    414. 

  414.                                                'Content-Type': 'application/x-www-form-urlencoded'})
    415. 

  415.         body = escape.json_decode(responses_delete.body.decode('utf-8'))
    416. 

  416.         self.assertEqual(body['code'], 5006)
    417. 

  417.         response_after_delete = self.fetch('/tests/users/sammy')
    418. 

  418.         self.assertEqual(response_after_delete.code, 404)
    419. 

  419.