Skip to content

Commit

Permalink
Update tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jordanmack
jordanmack committed Feb 7, 2020
1 parent 24f4b53 commit 64f68a8
Showing 1 changed file with 67 additions and 29 deletions.
96 changes: 67 additions & 29 deletions tests/test_web.py
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,58 @@
from flask import Flask
from flask_testing import LiveServerTestCase
import os
import psycopg2
import requests
import sys
import time
import unittest
import uuid

# Fix path to allow application import.
sys.path.insert(2, os.path.abspath(os.path.join(sys.path[0], "..", "www2png")))
from web import app as application
from database import connect

# Suppress logging output.
import os
import logging
logging.getLogger("werkzeug").disabled = True
os.environ["WERKZEUG_RUN_MAIN"] = "true"

def get_unverified_user_record(connection):
"""Retrieve a recent unverified user record."""
cursor = connection.cursor(cursor_factory=psycopg2.extras.DictCursor)
cursor.execute("SELECT * FROM unverified_users ORDER BY id DESC LIMIT 1")
record = cursor.fetchone()
return dict(record) if record is not None else None

def create_unverified_challenge(connection, server_url):
"""Setup a unverified challenge to be used later."""
data = {"email": f"""{uuid.uuid4()}@mailinator.com"""}
requests.post(server_url + "/api/request", data=data)
record = get_unverified_user_record(connection)
return record["challenge"]

def create_api_key(connection, server_url):
data = {"email": f"""{uuid.uuid4()}@test.com"""}
requests.post(server_url + "/api/request", data=data)
record = get_unverified_user_record(connection)
requests.get(server_url + f"""/api/activate/{record["challenge"]}""")
return record["challenge"]

class TestWeb(LiveServerTestCase):

@classmethod
def setUpClass(self):
self.connection = connect()
self.test_data = {}
self.test_data["api_key"] = None # Placeholder
self.test_data["invalid_api_key"] = str(uuid.uuid4())
self.test_data["invalid_request_id"] = str(uuid.uuid4())
self.test_data["pending_request_id"] = "ed0ccb03-0d69-425b-a1d7-e8cea3bd2420"
self.test_data["session_id"] = str(uuid.uuid4())
self.test_data["unverified_challenge"] = None # Placeholder

def create_app(self):
app = application
app.config["TESTING"] = True
Expand Down Expand Up @@ -54,61 +89,63 @@ def test_terms_of_service(self):

# This needs to be updated so it doesn't fail on dev systems with 429.
def test_api_capture(self):
response = requests.get(self.get_server_url() + "/api/capture/b813d0a3-f82f-4128-b1b6-a13957a42440?url=https%3A%2F%2Fyahoo.com")
self.test_data["api_key"] = create_api_key(self.connection, self.get_server_url())
response = requests.get(self.get_server_url() + f"""/api/capture/{self.test_data["api_key"]}?url=https%3A%2F%2Fyahoo.com%3Fsession_id%3D{self.test_data["session_id"]}""")
self.assertEqual(response.status_code, 200)
self.test_data["request_id"] = response.json()["request_id"]

def test_api_capture_invalid_key(self):
response = requests.get(self.get_server_url() + f"/api/capture/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/api/capture/{self.test_data["invalid_api_key"]}""")
self.assertEqual(response.status_code, 403)

def test_api_capture_too_fast(self):
response = requests.get(self.get_server_url() + "/api/capture/b813d0a3-f82f-4128-b1b6-a13957a42440?url=https%3A%2F%2Fyahoo.com")
response = requests.get(self.get_server_url() + f"""/api/capture/{self.test_data["api_key"]}?url=https%3A%2F%2Fyahoo.com%3Fsession_id%3D{self.test_data["session_id"]}""")
self.assertEqual(response.status_code, 429)

# This test is broken because the image file will not be present.
# def test_api_image(self):
# response = requests.get(self.get_server_url() + "/api/image/b813d0a3-f82f-4128-b1b6-a13957a42440/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
# response = requests.get(self.get_server_url() + f"""/api/image/{self.test_data["api_key"]}/{self.test_data["request_id"]}""")
# self.assertEqual(response.status_code, 200)

def test_api_image_invalid_key(self):
response = requests.get(self.get_server_url() + f"/api/image/{str(uuid.uuid4())}/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
response = requests.get(self.get_server_url() + f"""/api/image/{self.test_data["invalid_api_key"]}/{self.test_data["request_id"]}""")
self.assertEqual(response.status_code, 403)

def test_api_image_invalid_request(self):
response = requests.get(self.get_server_url() + f"/api/image/b813d0a3-f82f-4128-b1b6-a13957a42440/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/api/image/{self.test_data["api_key"]}/{self.test_data["invalid_request_id"]}""")
self.assertEqual(response.status_code, 404)

def test_api_image_not_ready(self):
response = requests.get(self.get_server_url() + "/api/image/b813d0a3-f82f-4128-b1b6-a13957a42440/ed0ccb03-0d69-425b-a1d7-e8cea3bd2420")
response = requests.get(self.get_server_url() + f"""/api/image/{self.test_data["api_key"]}/{self.test_data["pending_request_id"]}""")
self.assertEqual(response.status_code, 202)

# Needs RigidBit installation to proceed. Full validation will not be possible due to time delay.
# def test_api_proof(self):
# response = requests.get(self.get_server_url() + f"/api/proof/b813d0a3-f82f-4128-b1b6-a13957a42440/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
# response = requests.get(self.get_server_url() + f"""/api/proof/{self.test_data["api_key"]}/{self.test_data["request_id"]}""")
# self.assertEqual(response.status_code, 403)

def test_api_proof_invalid_key(self):
response = requests.get(self.get_server_url() + f"/api/proof/{str(uuid.uuid4())}/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
response = requests.get(self.get_server_url() + f"""/api/proof/{self.test_data["invalid_api_key"]}/{self.test_data["request_id"]}""")
self.assertEqual(response.status_code, 403)

def test_api_proof_invalid_request(self):
response = requests.get(self.get_server_url() + f"/api/proof/b813d0a3-f82f-4128-b1b6-a13957a42440/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/api/proof/{self.test_data["api_key"]}/{self.test_data["invalid_request_id"]}""")
self.assertEqual(response.status_code, 404)

def test_api_status(self):
response = requests.get(self.get_server_url() + f"/api/status/b813d0a3-f82f-4128-b1b6-a13957a42440/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
response = requests.get(self.get_server_url() + f"""/api/status/{self.test_data["api_key"]}/{self.test_data["request_id"]}""")
self.assertEqual(response.status_code, 200)

def test_api_status_invalid_key(self):
response = requests.get(self.get_server_url() + f"/api/status/{str(uuid.uuid4())}/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
response = requests.get(self.get_server_url() + f"""/api/status/{self.test_data["invalid_api_key"]}/{self.test_data["request_id"]}""")
self.assertEqual(response.status_code, 403)

def test_api_status_invalid_request(self):
response = requests.get(self.get_server_url() + f"/api/status/b813d0a3-f82f-4128-b1b6-a13957a42440/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/api/status/{self.test_data["api_key"]}/{self.test_data["invalid_request_id"]}""")
self.assertEqual(response.status_code, 404)

def test_api_request(self):
data = {"email": "test@test.com"}
data = {"email": f"""{uuid.uuid4()}@mailinator.com"""}
response = requests.post(self.get_server_url() + "/api/request", data=data)
self.assertEqual(response.status_code, 200)

Expand All @@ -121,28 +158,29 @@ def test_api_request_invalid_payload(self):
self.assertEqual(response.status_code, 400)

def test_api_activate(self):
response = requests.get(self.get_server_url() + f"/api/activate/8723971f-b44b-4d83-aead-634d7e6b2eac")
self.test_data["unverified_challenge"] = create_unverified_challenge(self.connection, self.get_server_url())
response = requests.get(self.get_server_url() + f"""/api/activate/{self.test_data["unverified_challenge"]}""")
self.assertEqual(response.status_code, 200)

def test_api_activate_already_used(self):
response = requests.get(self.get_server_url() + f"/api/activate/8723971f-b44b-4d83-aead-634d7e6b2eac")
response = requests.get(self.get_server_url() + f"""/api/activate/{self.test_data["unverified_challenge"]}""")
self.assertEqual(response.status_code, 404)

def test_api_activate_invalid_key(self):
response = requests.get(self.get_server_url() + f"/api/activate/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/api/activate/{self.test_data["invalid_api_key"]}""")
self.assertEqual(response.status_code, 404)

# This cannot be done publicly since it would expose the secret key.
# def test_api_upload_to_imgur(self):
# response = requests.get(self.get_server_url() + f"/api/upload-to-imgur/b813d0a3-f82f-4128-b1b6-a13957a42440/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
# response = requests.get(self.get_server_url() + f"""/api/upload-to-imgur/{self.test_data["api_key"]}/{self.test_data["request_id"]}""")
# self.assertEqual(response.status_code, 200)

def test_api_upload_to_imgur_invalid_key(self):
response = requests.get(self.get_server_url() + f"/api/upload-to-imgur/{str(uuid.uuid4())}/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
response = requests.get(self.get_server_url() + f"""/api/upload-to-imgur/{self.test_data["invalid_api_key"]}/{self.test_data["request_id"]}""")
self.assertEqual(response.status_code, 403)

def test_api_upload_to_imgur_invalid_request(self):
response = requests.get(self.get_server_url() + f"/api/upload-to-imgur/b813d0a3-f82f-4128-b1b6-a13957a42440/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/api/upload-to-imgur/{self.test_data["api_key"]}/{self.test_data["invalid_request_id"]}""")
self.assertEqual(response.status_code, 404)

# Web Routes
Expand Down Expand Up @@ -172,24 +210,24 @@ def test_web_capture_invalid_data(self):

# This test is broken because the image file will not be present.
# def test_web_image(self):
# response = requests.get(self.get_server_url() + "/web/image/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
# response = requests.get(self.get_server_url() + "/web/image/{self.test_data["request_id"]}")
# self.assertEqual(response.status_code, 200)

def test_web_image_invalid_request(self):
response = requests.get(self.get_server_url() + f"/web/image/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/web/image/{self.test_data["invalid_request_id"]}""")
self.assertEqual(response.status_code, 404)

def test_web_image_not_ready(self):
response = requests.get(self.get_server_url() + "/web/image/ed0ccb03-0d69-425b-a1d7-e8cea3bd2420")
response = requests.get(self.get_server_url() + f"""/web/image/{self.test_data["pending_request_id"]}""")
self.assertEqual(response.status_code, 404)

# Needs RigidBit installation to proceed. Full validation will not be possible due to time delay.
# def test_web_proof(self):
# response = requests.get(self.get_server_url() + "/web/proof/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
# response = requests.get(self.get_server_url() + "/web/proof/{self.test_data["request_id"]}")
# self.assertEqual(response.status_code, 200)

def test_web_proof_invalid_request(self):
response = requests.get(self.get_server_url() + f"/web/proof/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/web/proof/{self.test_data["invalid_request_id"]}""")
self.assertEqual(response.status_code, 404)

def test_web_stats(self):
Expand All @@ -202,20 +240,20 @@ def test_web_stats_invalid_auth(self):

# This cannot be done publicly since it would expose the secret key.
# def test_web_upload_to_imgur(self):
# response = requests.get(self.get_server_url() + f"/web/upload-to-imgur/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
# response = requests.get(self.get_server_url() + f"""/web/upload-to-imgur/{self.test_data["request_id"]}""")
# self.assertEqual(response.status_code, 200)

# This cannot be done publicly since it would expose the secret key.
# def test_web_upload_to_imgur_invalid_request(self):
# response = requests.get(self.get_server_url() + f"/web/upload-to-imgur/{str(uuid.uuid4())}")
# response = requests.get(self.get_server_url() + f"""/web/upload-to-imgur/{str(uuid.uuid4())}""")
# self.assertEqual(response.status_code, 404)

def test_web_view(self):
response = requests.get(self.get_server_url() + "/web/view/5f4bf25b-9bf7-4269-89a3-7d2ffd3e9605")
response = requests.get(self.get_server_url() + f"""/web/view/{self.test_data["request_id"]}""")
self.assertEqual(response.status_code, 200)

def test_web_view_invalid_request(self):
response = requests.get(self.get_server_url() + f"/web/view/{str(uuid.uuid4())}")
response = requests.get(self.get_server_url() + f"""/web/view/{self.test_data["invalid_request_id"]}""")
self.assertEqual(response.status_code, 404)


Expand Down

0 comments on commit 64f68a8

Please sign in to comment.