2021-03-06 16:21:28 +01:00
|
|
|
import pytest
|
2018-01-04 18:29:03 +01:00
|
|
|
|
2021-03-06 16:21:28 +01:00
|
|
|
from .utils import register_user, send_request as _send_request
|
2018-01-04 18:29:03 +01:00
|
|
|
|
2020-12-16 02:10:37 +01:00
|
|
|
|
2021-03-06 16:21:28 +01:00
|
|
|
@pytest.fixture(scope='module')
|
|
|
|
def expected_registration_redirect(base_url):
|
2024-07-24 21:34:30 +02:00
|
|
|
yield f'{base_url}/auth?type=register&redirect={base_url}/execute'
|
2021-03-06 16:21:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(scope='module')
|
|
|
|
def expected_login_redirect(base_url):
|
2024-07-24 21:34:30 +02:00
|
|
|
yield f'{base_url}/auth?type=login&redirect={base_url}/execute'
|
2021-03-06 16:21:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
def send_request(**kwargs):
|
|
|
|
return _send_request('shell.exec', args={'cmd': 'echo ping'}, **kwargs)
|
2018-01-04 18:29:03 +01:00
|
|
|
|
2020-12-16 02:10:37 +01:00
|
|
|
|
2021-03-06 16:21:28 +01:00
|
|
|
def test_request_with_no_registered_users(base_url, expected_registration_redirect):
|
|
|
|
"""
|
|
|
|
An /execute request performed before any user is registered should redirect to the registration page.
|
|
|
|
"""
|
|
|
|
response = send_request(authenticate=False, parse_json=False)
|
2022-10-08 15:18:26 +02:00
|
|
|
assert response.status_code == 412, (
|
|
|
|
'No users registered, but the execute endpoint returned '
|
|
|
|
f'{response.status_code}'
|
|
|
|
)
|
2020-12-16 02:10:37 +01:00
|
|
|
|
2021-02-27 15:01:25 +01:00
|
|
|
|
2021-03-06 16:21:28 +01:00
|
|
|
def test_first_user_registration(base_url):
|
|
|
|
"""
|
|
|
|
Emulate a first user registration through form and get the session_token.
|
|
|
|
"""
|
|
|
|
response = register_user()
|
2020-12-16 02:10:37 +01:00
|
|
|
|
2024-07-24 21:34:30 +02:00
|
|
|
assert response.json().get('status') == 'ok' and response.json().get(
|
|
|
|
'session_token'
|
2022-10-08 15:18:26 +02:00
|
|
|
), 'No session_token returned upon registration'
|
2020-12-16 02:10:37 +01:00
|
|
|
|
|
|
|
|
2021-03-06 16:21:28 +01:00
|
|
|
def test_unauthorized_request_with_registered_user(base_url, expected_login_redirect):
|
|
|
|
"""
|
2024-07-24 21:34:30 +02:00
|
|
|
After a first user has been registered any unauthenticated call to /execute should redirect to /auth.
|
2021-03-06 16:21:28 +01:00
|
|
|
"""
|
|
|
|
response = send_request(authenticate=False, parse_json=False)
|
2022-10-08 15:18:26 +02:00
|
|
|
assert response.status_code == 401, (
|
|
|
|
'An unauthenticated request after user registration should result in a '
|
|
|
|
f'401 error, got {response.status_code} instead'
|
|
|
|
)
|
2020-12-16 02:10:37 +01:00
|
|
|
|
2018-01-04 18:29:03 +01:00
|
|
|
|
2021-03-06 16:21:28 +01:00
|
|
|
def test_authorized_request_with_registered_user(base_url):
|
|
|
|
# A request authenticated with user/pass should succeed.
|
|
|
|
response = send_request(authenticate=True)
|
2022-10-08 15:18:26 +02:00
|
|
|
assert (
|
|
|
|
response.output.strip() == 'ping'
|
|
|
|
), 'The request did not return the expected output'
|
2018-01-04 18:29:03 +01:00
|
|
|
|
|
|
|
|
2021-03-06 16:21:28 +01:00
|
|
|
def test_request_with_wrong_credentials(base_url, expected_login_redirect):
|
|
|
|
# A request with the wrong user/pass should fail.
|
2022-10-08 15:18:26 +02:00
|
|
|
response = send_request(
|
|
|
|
authenticate=False, auth=('wrong', 'wrong'), parse_json=False
|
|
|
|
)
|
|
|
|
assert response.status_code == 401, (
|
|
|
|
'A request with wrong credentials should fail with status 401, '
|
|
|
|
f'got {response.status_code} instead'
|
|
|
|
)
|
2018-01-04 18:29:03 +01:00
|
|
|
|
|
|
|
|
2021-03-06 17:03:50 +01:00
|
|
|
if __name__ == '__main__':
|
|
|
|
pytest.main()
|
|
|
|
|
|
|
|
|
2019-07-15 16:28:44 +02:00
|
|
|
# vim:sw=4:ts=4:et:
|