Modernised some unit tests

pillar/tests/__init__.py

@@ -335,7 +335,7 @@ class AbstractPillarTest(TestMinimal):
         content = '%s:%s' % (username, subclient_id)
         return b'basic ' + base64.b64encode(content.encode())
 
-    def create_standard_groups(self, additional_groups=()):
+    def create_standard_groups(self, additional_groups=()) -> dict:
         """Creates standard admin/demo/subscriber groups, plus any additional.
 
         :returns: mapping from group name to group ID

tests/test_api/test_auth.py

@@ -217,15 +217,11 @@ class UserListTests(AbstractPillarTest):
 
     def test_list_all_users_anonymous(self):
         # Listing all users should be forbidden
-        resp = self.client.get('/api/users')
+        self.get('/api/users', expected_status=403)
-        self.assertEqual(403, resp.status_code)
 
     def test_list_all_users_subscriber(self):
         # Regular access should result in only your own info.
-        resp = self.client.get('/api/users', headers={'Authorization': self.make_header('token')})
+        users = self.get('/api/users', auth_token='token').json()
-        users = json.loads(resp.data)
-
-        self.assertEqual(200, resp.status_code)
         self.assertEqual(1, users['_meta']['total'])
 
         # The 'auth' section should be removed.
@@ -234,11 +230,7 @@ class UserListTests(AbstractPillarTest):
 
     def test_list_all_users_admin(self):
         # Admin access should result in all users
-        resp = self.client.get('/api/users',
+        users = self.get('/api/users', auth_token='admin-token').json()
-                               headers={'Authorization': self.make_header('admin-token')})
-        users = json.loads(resp.data)
-
-        self.assertEqual(200, resp.status_code)
         self.assertEqual(3, users['_meta']['total'])
 
         # The 'auth' section should be removed.
@@ -246,13 +238,10 @@ class UserListTests(AbstractPillarTest):
             self.assertNotIn('auth', user_info)
 
     def test_list_all_users_admin_explicit_projection(self):
-        # Admin access should result in all users
+        """Even admins shouldn't be able to GET auth info."""
-        projection = json.dumps({'auth': 1})
-        resp = self.client.get('/api/users?projection=%s' % projection,
-                               headers={'Authorization': self.make_header('admin-token')})
-        users = json.loads(resp.data)
 
-        self.assertEqual(200, resp.status_code)
+        projection = json.dumps({'auth': 1})
+        users = self.get(f'/api/users?projection={projection}', auth_token='admin-token').json()
         self.assertEqual(3, users['_meta']['total'])
 
         # The 'auth' section should be removed.
@@ -263,8 +252,7 @@ class UserListTests(AbstractPillarTest):
         from pillar.api.utils import remove_private_keys
 
         # Getting a user should be limited to certain fields
-        resp = self.client.get('/api/users/123456789abc123456789abc')
+        resp = self.get('/api/users/123456789abc123456789abc')
-        self.assertEqual(200, resp.status_code)
 
         user_info = json.loads(resp.data)
         regular_info = remove_private_keys(user_info)
@@ -272,33 +260,21 @@ class UserListTests(AbstractPillarTest):
 
     def test_own_user_subscriber(self):
         # Regular access should result in only your own info.
-        resp = self.client.get('/api/users/123456789abc123456789abc',
+        user_info = self.get('/api/users/123456789abc123456789abc', auth_token='token').json()
-                               headers={'Authorization': self.make_header('token')})
-        user_info = json.loads(resp.data)
-
-        self.assertEqual(200, resp.status_code)
         self.assertNotIn('auth', user_info)
 
     def test_own_user_subscriber_explicit_projection(self):
         # With a custom projection requesting the auth list
         projection = json.dumps({'auth': 1})
-        resp = self.client.get(
+        user_info = self.get(f'/api/users/123456789abc123456789abc?projection={projection}',
-            '/api/users/%s?projection=%s' % ('123456789abc123456789abc', projection),
+                             auth_token='token').json()
-            headers={'Authorization': self.make_header('token')})
-        user_info = json.loads(resp.data)
-
-        self.assertEqual(200, resp.status_code)
         self.assertNotIn('auth', user_info)
 
     def test_other_user_subscriber(self):
         from pillar.api.utils import remove_private_keys
 
         # Requesting another user should be limited to full name and email.
-        resp = self.client.get('/api/users/%s' % '223456789abc123456789abc',
+        user_info = self.get('/api/users/223456789abc123456789abc', auth_token='token').json()
-                               headers={'Authorization': self.make_header('token')})
-        user_info = json.loads(resp.data)
-
-        self.assertEqual(200, resp.status_code)
         self.assertNotIn('auth', user_info)
 
         regular_info = remove_private_keys(user_info)
@@ -308,19 +284,14 @@ class UserListTests(AbstractPillarTest):
         from pillar.api.utils import remove_private_keys
 
         # PUTting a user should work, and not mess up the auth field.
-        resp = self.client.get('/api/users/123456789abc123456789abc',
+        user_info = self.get('/api/users/123456789abc123456789abc', auth_token='token').json()
-                               headers={'Authorization': self.make_header('token')})
-        user_info = json.loads(resp.data)
         self.assertNotIn('auth', user_info)
 
         put_user = remove_private_keys(user_info)
-
+        self.put('/api/users/123456789abc123456789abc',
-        resp = self.client.put('/api/users/123456789abc123456789abc',
+                 auth_token='token',
-                               headers={'Authorization': self.make_header('token'),
+                 etag=user_info['_etag'],
-                                        'Content-Type': 'application/json',
+                 json=put_user)
-                                        'If-Match': user_info['_etag']},
-                               data=json.dumps(put_user))
-        self.assertEqual(200, resp.status_code, resp.data)
 
         # Get directly from MongoDB, Eve blocks access to the auth field.
         with self.app.test_request_context():
@@ -331,9 +302,7 @@ class UserListTests(AbstractPillarTest):
     def test_put_user_restricted_fields(self):
         from pillar.api.utils import remove_private_keys
 
-        gid_admin = self.ensure_group_exists(24 * '1', 'admin')
+        group_ids = self.create_standard_groups()
-        gid_subscriber = self.ensure_group_exists(24 * '2', 'subscriber')
-        gid_demo = self.ensure_group_exists(24 * '3', 'demo')
 
         # A user should be able to change only some fields, but not all.
         user_info = self.get('/api/users/me', auth_token='token').json()
@@ -344,11 +313,11 @@ class UserListTests(AbstractPillarTest):
         put_user['username'] = 'üniék'
         put_user['email'] = 'new+email@example.com'
         put_user['roles'] = ['subscriber', 'demo', 'admin', 'service', 'flamenco_manager']
-        put_user['groups'] = [gid_admin, gid_subscriber, gid_demo]
+        put_user['groups'] = list(group_ids.keys())
         put_user['settings']['email_communications'] = 0
         put_user['service'] = {'flamenco_manager': {}}
 
-        self.put('/api/users/%(_id)s' % user_info,
+        self.put(f'/api/users/{user_info["_id"]}',
                  json=put_user,
                  auth_token='token',
                  etag=user_info['_etag'])
@@ -367,33 +336,22 @@ class UserListTests(AbstractPillarTest):
         from pillar.api.utils import remove_private_keys
 
         # PUTting the user as another user should fail.
-        resp = self.client.get('/api/users/123456789abc123456789abc',
+        user_info = self.get('/api/users/123456789abc123456789abc', auth_token='token').json()
-                               headers={'Authorization': self.make_header('token')})
-        user_info = json.loads(resp.data)
         put_user = remove_private_keys(user_info)
 
-        resp = self.client.put('/api/users/123456789abc123456789abc',
+        self.put('/api/users/123456789abc123456789abc', auth_token='other-token',
-                               headers={'Authorization': self.make_header('other-token'),
+                 json=put_user, etag=user_info['_etag'],
-                                        'Content-Type': 'application/json',
+                 expected_status=403)
-                                        'If-Match': user_info['_etag']},
-                               data=json.dumps(put_user))
-        self.assertEqual(403, resp.status_code, resp.data)
 
     def test_put_admin(self):
         from pillar.api.utils import remove_private_keys
 
         # PUTting a user should work, and not mess up the auth field.
-        resp = self.client.get('/api/users/123456789abc123456789abc',
+        user_info = self.get('/api/users/123456789abc123456789abc', auth_token='token').json()
-                               headers={'Authorization': self.make_header('token')})
-        user_info = json.loads(resp.data)
         put_user = remove_private_keys(user_info)
 
-        resp = self.client.put('/api/users/123456789abc123456789abc',
+        self.put('/api/users/123456789abc123456789abc', auth_token='admin-token',
-                               headers={'Authorization': self.make_header('admin-token'),
+                 json=put_user, etag=user_info['_etag'])
-                                        'Content-Type': 'application/json',
-                                        'If-Match': user_info['_etag']},
-                               data=json.dumps(put_user))
-        self.assertEqual(200, resp.status_code, resp.data)
 
         # Get directly from MongoDB, Eve blocks access to the auth field.
         with self.app.test_request_context():
@@ -414,28 +372,14 @@ class UserListTests(AbstractPillarTest):
             'email': TEST_EMAIL_ADDRESS,
         }
 
-        resp = self.client.post('/api/users',
+        self.post('/api/users', auth_token='token', json=post_user, expected_status=405)
-                                headers={'Authorization': self.make_header('token'),
+        self.post('/api/users', auth_token='admin-token', json=post_user, expected_status=405)
-                                         'Content-Type': 'application/json'},
-                                data=json.dumps(post_user))
-        self.assertEqual(405, resp.status_code, resp.data)
-
-        resp = self.client.post('/api/users',
-                                headers={'Authorization': self.make_header('admin-token'),
-                                         'Content-Type': 'application/json'},
-                                data=json.dumps(post_user))
-        self.assertEqual(405, resp.status_code, resp.data)
 
     def test_delete(self):
         """DELETING a user should fail for subscribers and admins alike."""
 
-        resp = self.client.delete('/api/users/323456789abc123456789abc',
+        self.delete('/api/users', auth_token='token', expected_status=405)
-                                  headers={'Authorization': self.make_header('token')})
+        self.delete('/api/users', auth_token='admin-token', expected_status=405)
-        self.assertEqual(405, resp.status_code, resp.data)
-
-        resp = self.client.delete('/api/users/323456789abc123456789abc',
-                                  headers={'Authorization': self.make_header('admin-token')})
-        self.assertEqual(405, resp.status_code, resp.data)
 
 
 class PermissionComputationTest(AbstractPillarTest):