pillar/tests/test_api/test_blender_id_subclient.py

# -*- encoding: utf-8 -*-

import json
from urllib.parse import urljoin

import responses
from bson import ObjectId
from flask import g
from pillar.tests import (AbstractPillarTest, TEST_EMAIL_ADDRESS,
                          TEST_SUBCLIENT_TOKEN, TEST_EMAIL_USER, TEST_FULL_NAME)
from pillar.tests import common_test_data as ctd


class BlenderIdSubclientTest(AbstractPillarTest):
    @responses.activate
    def test_store_scst_new_user(self):
        self._common_user_test(201)

    @responses.activate
    def test_store_scst_new_user_without_full_name(self):

        responses.add(responses.POST,
                      urljoin(self.app.config['BLENDER_ID_ENDPOINT'], 'u/validate_token'),
                      json={'status': 'success',
                            'user': {'email': TEST_EMAIL_ADDRESS,
                                     'full_name': None,
                                     'id': ctd.BLENDER_ID_TEST_USERID},
                            'token_expires': 'Mon, 1 Jan 2218 01:02:03 GMT'},
                      status=200)

        self._common_user_test(201,
                               expected_full_name=TEST_EMAIL_USER,
                               mock_happy_blender_id=False)

    @responses.activate
    def test_store_scst_existing_user(self):
        # Make sure the user exists in our database.
        from pillar.api.utils.authentication import create_new_user
        with self.app.test_request_context():
            create_new_user(TEST_EMAIL_ADDRESS, 'apekoppie', ctd.BLENDER_ID_TEST_USERID)

        self._common_user_test(200, expected_full_name='apekoppie')

    @responses.activate
    def test_store_multiple_tokens(self):
        scst1 = '%s-1' % TEST_SUBCLIENT_TOKEN
        scst2 = '%s-2' % TEST_SUBCLIENT_TOKEN
        db_user1 = self._common_user_test(201, scst=scst1)
        db_user2 = self._common_user_test(200, scst=scst2)
        self.assertEqual(db_user1['_id'], db_user2['_id'])

        # Now there should be two tokens.
        with self.app.test_request_context():
            tokens = self.app.data.driver.db['tokens']
            self.assertIsNotNone(tokens.find_one({'user': db_user1['_id'], 'token': scst1}))
            self.assertIsNotNone(tokens.find_one({'user': db_user1['_id'], 'token': scst2}))

        # There should still be only one auth element for blender-id in the user doc.
        self.assertEqual(1, len(db_user1['auth']))

    @responses.activate
    def test_authenticate_with_scst(self):
        # Make sure there is a user and SCST.
        db_user = self._common_user_test(201)

        # Make a call that's authenticated with the SCST
        from pillar.api.utils import authentication as auth

        subclient_id = self.app.config['BLENDER_ID_SUBCLIENT_ID']
        auth_header = self.make_header(TEST_SUBCLIENT_TOKEN, subclient_id)

        with self.app.test_request_context(headers={'Authorization': auth_header}):
            self.assertTrue(auth.validate_token())
            self.assertIsNotNone(g.current_user)
            self.assertEqual(db_user['_id'], g.current_user.user_id)

    def _common_user_test(self, expected_status_code, scst=TEST_SUBCLIENT_TOKEN,
                          expected_full_name=TEST_FULL_NAME,
                          mock_happy_blender_id=True):
        if mock_happy_blender_id:
            self.mock_blenderid_validate_happy()

        subclient_id = self.app.config['BLENDER_ID_SUBCLIENT_ID']
        resp = self.client.post('/api/blender_id/store_scst',
                                data={'user_id': ctd.BLENDER_ID_TEST_USERID,
                                      'subclient_id': subclient_id,
                                      'token': scst})
        self.assertEqual(expected_status_code, resp.status_code, resp.data)

        user_info = json.loads(resp.data)  # {'status': 'success', 'subclient_user_id': '...'}
        self.assertEqual('success', user_info['status'])

        with self.app.test_request_context():
            # Check that the user was correctly updated
            users = self.app.data.driver.db['users']
            db_user = users.find_one(ObjectId(user_info['subclient_user_id']))
            self.assertIsNotNone(db_user, 'user %r not found' % user_info['subclient_user_id'])

            self.assertEqual(TEST_EMAIL_ADDRESS, db_user['email'])
            self.assertEqual(expected_full_name, db_user['full_name'])
            # self.assertEqual(TEST_SUBCLIENT_TOKEN, db_user['auth'][0]['token'])
            self.assertEqual(str(ctd.BLENDER_ID_TEST_USERID), db_user['auth'][0]['user_id'])
            self.assertEqual('blender-id', db_user['auth'][0]['provider'])

            # Check that the token was succesfully stored.
            tokens = self.app.data.driver.db['tokens']
            db_token = tokens.find_one({'user': db_user['_id'],
                                        'token': scst})
            self.assertIsNotNone(db_token)

        return db_user
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00			`# -- encoding: utf-8 --`

			`import json`
Always use urljoin to construct Blender ID URLs 2018-09-11 17:53:23 +02:00			`from urllib.parse import urljoin`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`import responses`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00			`from bson import ObjectId`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00			`from flask import g`
Updated unittest code so that we can create 100% valid projects. This means also creating a user and groups so that the references are valid. 2016-09-08 12:03:17 +02:00			`from pillar.tests import (AbstractPillarTest, TEST_EMAIL_ADDRESS,`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`TEST_SUBCLIENT_TOKEN, TEST_EMAIL_USER, TEST_FULL_NAME)`
Updated unittest code so that we can create 100% valid projects. This means also creating a user and groups so that the references are valid. 2016-09-08 12:03:17 +02:00			`from pillar.tests import common_test_data as ctd`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00

			`class BlenderIdSubclientTest(AbstractPillarTest):`
			`@responses.activate`
			`def test_store_scst_new_user(self):`
			`self._common_user_test(201)`

When creating user from BlenderID, full_name defaults to username. 2016-07-05 12:36:32 +02:00			`@responses.activate`
			`def test_store_scst_new_user_without_full_name(self):`

			`responses.add(responses.POST,`
Always use urljoin to construct Blender ID URLs 2018-09-11 17:53:23 +02:00			`urljoin(self.app.config['BLENDER_ID_ENDPOINT'], 'u/validate_token'),`
When creating user from BlenderID, full_name defaults to username. 2016-07-05 12:36:32 +02:00			`json={'status': 'success',`
			`'user': {'email': TEST_EMAIL_ADDRESS,`
			`'full_name': None,`
Updated unittest code so that we can create 100% valid projects. This means also creating a user and groups so that the references are valid. 2016-09-08 12:03:17 +02:00			`'id': ctd.BLENDER_ID_TEST_USERID},`
When creating user from BlenderID, full_name defaults to username. 2016-07-05 12:36:32 +02:00			`'token_expires': 'Mon, 1 Jan 2218 01:02:03 GMT'},`
			`status=200)`

			`self._common_user_test(201,`
			`expected_full_name=TEST_EMAIL_USER,`
			`mock_happy_blender_id=False)`

subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00			`@responses.activate`
			`def test_store_scst_existing_user(self):`
			`# Make sure the user exists in our database.`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`from pillar.api.utils.authentication import create_new_user`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00			`with self.app.test_request_context():`
Updated unittest code so that we can create 100% valid projects. This means also creating a user and groups so that the references are valid. 2016-09-08 12:03:17 +02:00			`create_new_user(TEST_EMAIL_ADDRESS, 'apekoppie', ctd.BLENDER_ID_TEST_USERID)`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00
Fixed unit test 2016-05-30 14:32:53 +02:00			`self._common_user_test(200, expected_full_name='apekoppie')`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00			`@responses.activate`
			`def test_store_multiple_tokens(self):`
			`scst1 = '%s-1' % TEST_SUBCLIENT_TOKEN`
			`scst2 = '%s-2' % TEST_SUBCLIENT_TOKEN`
			`db_user1 = self._common_user_test(201, scst=scst1)`
			`db_user2 = self._common_user_test(200, scst=scst2)`
			`self.assertEqual(db_user1['_id'], db_user2['_id'])`

			`# Now there should be two tokens.`
			`with self.app.test_request_context():`
			`tokens = self.app.data.driver.db['tokens']`
No longer hash auth tokens + store the token scopes This partially reverts commit c57aefd48b10ca3cabc9df162bc32efa62a6a21e. The code to check against hashed tokens remains, because existing tokens should still work. The unhashed tokens are necessary for fetching badges from Blender ID. 2018-09-11 16:11:44 +02:00			`self.assertIsNotNone(tokens.find_one({'user': db_user1['_id'], 'token': scst1}))`
			`self.assertIsNotNone(tokens.find_one({'user': db_user1['_id'], 'token': scst2}))`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00
			`# There should still be only one auth element for blender-id in the user doc.`
			`self.assertEqual(1, len(db_user1['auth']))`

			`@responses.activate`
			`def test_authenticate_with_scst(self):`
			`# Make sure there is a user and SCST.`
			`db_user = self._common_user_test(201)`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00			`# Make a call that's authenticated with the SCST`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`from pillar.api.utils import authentication as auth`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00
			`subclient_id = self.app.config['BLENDER_ID_SUBCLIENT_ID']`
			`auth_header = self.make_header(TEST_SUBCLIENT_TOKEN, subclient_id)`

			`with self.app.test_request_context(headers={'Authorization': auth_header}):`
			`self.assertTrue(auth.validate_token())`
			`self.assertIsNotNone(g.current_user)`
Unified user representation for web and API calls Both approaches now use a pillar.auth.UserClass instance. g.current_user is now always set to that instance, even for web entry points. This UserClass instance can still be keyed like the old dict, but this is for temporary compatibility and shouldn't be relied on in new or touched code. 2017-08-18 13:19:34 +02:00			`self.assertEqual(db_user['_id'], g.current_user.user_id)`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00
Fixed unit test 2016-05-30 14:32:53 +02:00			`def _common_user_test(self, expected_status_code, scst=TEST_SUBCLIENT_TOKEN,`
When creating user from BlenderID, full_name defaults to username. 2016-07-05 12:36:32 +02:00			`expected_full_name=TEST_FULL_NAME,`
			`mock_happy_blender_id=True):`
			`if mock_happy_blender_id:`
			`self.mock_blenderid_validate_happy()`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00
			`subclient_id = self.app.config['BLENDER_ID_SUBCLIENT_ID']`
Introducing Pillar Framework Refactor of pillar-server and pillar-web into a single python package. This simplifies the overall architecture of pillar applications. Special thanks @sybren and @venomgfx 2016-08-19 09:19:06 +02:00			`resp = self.client.post('/api/blender_id/store_scst',`
Updated unittest code so that we can create 100% valid projects. This means also creating a user and groups so that the references are valid. 2016-09-08 12:03:17 +02:00			`data={'user_id': ctd.BLENDER_ID_TEST_USERID,`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00			`'subclient_id': subclient_id,`
			`'token': scst})`
When creating user from BlenderID, full_name defaults to username. 2016-07-05 12:36:32 +02:00			`self.assertEqual(expected_status_code, resp.status_code, resp.data)`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00
			`user_info = json.loads(resp.data) # {'status': 'success', 'subclient_user_id': '...'}`
			`self.assertEqual('success', user_info['status'])`
Security: don't log subclient token. 2016-04-12 16:05:37 +02:00
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00			`with self.app.test_request_context():`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00			`# Check that the user was correctly updated`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00			`users = self.app.data.driver.db['users']`
			`db_user = users.find_one(ObjectId(user_info['subclient_user_id']))`
			`self.assertIsNotNone(db_user, 'user %r not found' % user_info['subclient_user_id'])`

Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00			`self.assertEqual(TEST_EMAIL_ADDRESS, db_user['email'])`
Fixed unit test 2016-05-30 14:32:53 +02:00			`self.assertEqual(expected_full_name, db_user['full_name'])`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00			`# self.assertEqual(TEST_SUBCLIENT_TOKEN, db_user['auth'][0]['token'])`
Updated unittest code so that we can create 100% valid projects. This means also creating a user and groups so that the references are valid. 2016-09-08 12:03:17 +02:00			`self.assertEqual(str(ctd.BLENDER_ID_TEST_USERID), db_user['auth'][0]['user_id'])`
subclient tokens: bugfix & return proper data. Also introduces responses, as an alternative to httpretty (it works better). 2016-04-12 15:24:50 +02:00			`self.assertEqual('blender-id', db_user['auth'][0]['provider'])`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00
			`# Check that the token was succesfully stored.`
			`tokens = self.app.data.driver.db['tokens']`
			`db_token = tokens.find_one({'user': db_user['_id'],`
No longer hash auth tokens + store the token scopes This partially reverts commit c57aefd48b10ca3cabc9df162bc32efa62a6a21e. The code to check against hashed tokens remains, because existing tokens should still work. The unhashed tokens are necessary for fetching badges from Blender ID. 2018-09-11 16:11:44 +02:00			`'token': scst})`
Unify tokens and subclient tokens SCST tokens are now stored in the 'tokens' table. This unifies old token handling and new subclient-specific tokens. Also ensures the BlenderID expiry of the token is taken into account. Removes use of httpretty, in favour of responses. 2016-04-13 15:33:54 +02:00			`self.assertIsNotNone(db_token)`

			`return db_user`