pillar/tests/test_auth.py

import unittest
import os
import base64
import httpretty
import json

BLENDER_ID_ENDPOINT = 'http://127.0.0.1:8001'  # nonexistant server, no trailing slash!
TEST_EMAIL_USER = 'koro'
TEST_EMAIL_ADDRESS = '%s@testing.blender.org' % TEST_EMAIL_USER

os.environ['BLENDER_ID_ENDPOINT'] = BLENDER_ID_ENDPOINT
os.environ['MONGO_DBNAME'] = 'unittest'
os.environ['EVE_SETTINGS'] = os.path.join(
    os.path.dirname(os.path.dirname(__file__)),
    'pillar', 'settings.py')

from application import app
from application.utils import authentication as auth

app.config['BLENDER_ID_ENDPOINT'] = BLENDER_ID_ENDPOINT


def make_header(username, password=''):
    """Returns a Basic HTTP Authentication header value."""

    return 'basic ' + base64.b64encode('%s:%s' % (username, password))


class AuthenticationTests(unittest.TestCase):
    def setUp(self):
        self.app = app.test_client()
        with app.test_request_context():
            self.delete_test_data()

    def tearDown(self):
        with app.test_request_context():
            self.delete_test_data()

    def test_make_unique_username(self):

        with app.test_request_context():
            # This user shouldn't exist yet.
            self.assertEqual(TEST_EMAIL_USER, auth.make_unique_username(TEST_EMAIL_ADDRESS))

            # Add a user, then test again.
            auth.create_new_user(TEST_EMAIL_ADDRESS, TEST_EMAIL_USER, 'test1234')
            self.assertEqual('%s1' % TEST_EMAIL_USER, auth.make_unique_username(TEST_EMAIL_ADDRESS))

    def delete_test_data(self):
        app.data.driver.db.drop_collection('users')
        app.data.driver.db.drop_collection('tokens')

    def blenderid_validate_unhappy(self):
        """Sets up HTTPretty to mock unhappy validation flow."""

        httpretty.register_uri(httpretty.POST,
                               '%s/u/validate_token' % BLENDER_ID_ENDPOINT,
                               body=json.dumps({'data': {'token': 'Token is invalid'}, 'status': 'fail'}),
                               content_type="application/json")

    def blenderid_validate_happy(self):
        """Sets up HTTPretty to mock happy validation flow."""

        httpretty.register_uri(httpretty.POST,
                               '%s/u/validate_token' % BLENDER_ID_ENDPOINT,
                               body=json.dumps({'data': {'user': {'email': TEST_EMAIL_ADDRESS, 'id': 5123}},
                                                'status': 'success'}),
                               content_type="application/json")

    @httpretty.activate
    def test_validate_token__not_logged_in(self):
        with app.test_request_context():
            self.assertFalse(auth.validate_token())

    @httpretty.activate
    def test_validate_token__unknown_token(self):
        """Test validating of invalid token, unknown both to us and Blender ID."""

        self.blenderid_validate_unhappy()
        with app.test_request_context(headers={'Authorization': make_header('unknowntoken')}):
            self.assertFalse(auth.validate_token())

    @httpretty.activate
    def test_validate_token__unknown_but_valid_token(self):
        """Test validating of valid token, unknown to us but known to Blender ID."""

        self.blenderid_validate_happy()
        with app.test_request_context(headers={'Authorization': make_header('knowntoken')}):
            self.assertTrue(auth.validate_token())
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00			`import unittest`
			`import os`
Added a few unit tests for user authentication. Far from complete, and we need a way to mock the Blender ID server, so that we can auth against a well-known, fake set of users. 2016-03-04 14:47:48 +01:00			`import base64`
Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`import httpretty`
			`import json`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00
Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`BLENDER_ID_ENDPOINT = 'http://127.0.0.1:8001' # nonexistant server, no trailing slash!`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00			`TEST_EMAIL_USER = 'koro'`
			`TEST_EMAIL_ADDRESS = '%s@testing.blender.org' % TEST_EMAIL_USER`

Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`os.environ['BLENDER_ID_ENDPOINT'] = BLENDER_ID_ENDPOINT`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00			`os.environ['MONGO_DBNAME'] = 'unittest'`
Added setup.py to allow automated testing. Also moved the tests directory to top-level, as they shouldn't be part of the pillar directory. 2016-03-23 12:01:54 +01:00			`os.environ['EVE_SETTINGS'] = os.path.join(`
			`os.path.dirname(os.path.dirname(__file__)),`
			`'pillar', 'settings.py')`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00
			`from application import app`
Fixed bug in validate_token(), it now returns the validation status. Also separated on-the-fly creation of user in our database into its own function. 2016-03-04 14:49:48 +01:00			`from application.utils import authentication as auth`
Added a few unit tests for user authentication. Far from complete, and we need a way to mock the Blender ID server, so that we can auth against a well-known, fake set of users. 2016-03-04 14:47:48 +01:00
Overriding app.config in unittest. We may need something better structured in the future to handle test configuration, but at least this gets the one test we have running. 2016-03-25 12:22:31 +01:00			`app.config['BLENDER_ID_ENDPOINT'] = BLENDER_ID_ENDPOINT`

Added a few unit tests for user authentication. Far from complete, and we need a way to mock the Blender ID server, so that we can auth against a well-known, fake set of users. 2016-03-04 14:47:48 +01:00
			`def make_header(username, password=''):`
			`"""Returns a Basic HTTP Authentication header value."""`

			`return 'basic ' + base64.b64encode('%s:%s' % (username, password))`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00

Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`class AuthenticationTests(unittest.TestCase):`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00			`def setUp(self):`
			`self.app = app.test_client()`
Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`with app.test_request_context():`
			`self.delete_test_data()`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00
			`def tearDown(self):`
Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`with app.test_request_context():`
			`self.delete_test_data()`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00
			`def test_make_unique_username(self):`

			`with app.test_request_context():`
			`# This user shouldn't exist yet.`
Fixed bug in validate_token(), it now returns the validation status. Also separated on-the-fly creation of user in our database into its own function. 2016-03-04 14:49:48 +01:00			`self.assertEqual(TEST_EMAIL_USER, auth.make_unique_username(TEST_EMAIL_ADDRESS))`
Added unit testing support + moved make_unique_username() to module level Also cleaned up make_unique_username() code to no longer be recursive, and to correctly handle numerical suffixes ≥ 10. 2016-03-04 14:08:10 +01:00
			`# Add a user, then test again.`
Fixed bug in validate_token(), it now returns the validation status. Also separated on-the-fly creation of user in our database into its own function. 2016-03-04 14:49:48 +01:00			`auth.create_new_user(TEST_EMAIL_ADDRESS, TEST_EMAIL_USER, 'test1234')`
Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`self.assertEqual('%s1' % TEST_EMAIL_USER, auth.make_unique_username(TEST_EMAIL_ADDRESS))`
Added a few unit tests for user authentication. Far from complete, and we need a way to mock the Blender ID server, so that we can auth against a well-known, fake set of users. 2016-03-04 14:47:48 +01:00
Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`def delete_test_data(self):`
			`app.data.driver.db.drop_collection('users')`
			`app.data.driver.db.drop_collection('tokens')`

			`def blenderid_validate_unhappy(self):`
			`"""Sets up HTTPretty to mock unhappy validation flow."""`

			`httpretty.register_uri(httpretty.POST,`
			`'%s/u/validate_token' % BLENDER_ID_ENDPOINT,`
			`body=json.dumps({'data': {'token': 'Token is invalid'}, 'status': 'fail'}),`
			`content_type="application/json")`

			`def blenderid_validate_happy(self):`
			`"""Sets up HTTPretty to mock happy validation flow."""`

			`httpretty.register_uri(httpretty.POST,`
			`'%s/u/validate_token' % BLENDER_ID_ENDPOINT,`
			`body=json.dumps({'data': {'user': {'email': TEST_EMAIL_ADDRESS, 'id': 5123}},`
			`'status': 'success'}),`
			`content_type="application/json")`

Moved unit test to its proper spot, and added @httpretty.activate 2016-03-04 18:43:20 +01:00			`@httpretty.activate`
			`def test_validate_token__not_logged_in(self):`
			`with app.test_request_context():`
			`self.assertFalse(auth.validate_token())`

Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`@httpretty.activate`
Added a few unit tests for user authentication. Far from complete, and we need a way to mock the Blender ID server, so that we can auth against a well-known, fake set of users. 2016-03-04 14:47:48 +01:00			`def test_validate_token__unknown_token(self):`
Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00			`"""Test validating of invalid token, unknown both to us and Blender ID."""`

			`self.blenderid_validate_unhappy()`
Added a few unit tests for user authentication. Far from complete, and we need a way to mock the Blender ID server, so that we can auth against a well-known, fake set of users. 2016-03-04 14:47:48 +01:00			`with app.test_request_context(headers={'Authorization': make_header('unknowntoken')}):`
Fixed bug in validate_token(), it now returns the validation status. Also separated on-the-fly creation of user in our database into its own function. 2016-03-04 14:49:48 +01:00			`self.assertFalse(auth.validate_token())`
Added mocking of Blender ID with HTTPretty 2016-03-04 15:19:01 +01:00
			`@httpretty.activate`
			`def test_validate_token__unknown_but_valid_token(self):`
			`"""Test validating of valid token, unknown to us but known to Blender ID."""`

			`self.blenderid_validate_happy()`
			`with app.test_request_context(headers={'Authorization': make_header('knowntoken')}):`
			`self.assertTrue(auth.validate_token())`