Add Media-Token beside access token

Media-Token can be used only to access the content, but unable to modify user data
2023-03-27 19:07:29 +03:00 · 2023-03-27 19:07:29 +03:00 · 1f06c40c4c
commit 1f06c40c4c
parent 0a71a6c840
31 changed files with 516 additions and 762 deletions
--- a/server/flask/application/test/test_media_access.py
+++ b/server/flask/application/test/test_media_access.py
@ -0,0 +1,74 @@
+import os
+import unittest
+import unittest.mock
+import json
+from .context import create_app, default_test_config, create_test_session
+from backend.data import db
+from backend.data import dao_users
+from backend.data import dao_session
+from backend.data.data_models import Session
+from backend.data.data_models import RegisteringUser
+
+class TestMediaAccess(unittest.TestCase):
+ 
+    url_path = '/has_media_access'
+    app = create_app(default_test_config)
+    client = app.test_client()
+
+    def setUp(self):
+        with self.app.app_context():
+            db.init_db()
+    
+    def tearDown(self):
+        with self.app.app_context():
+            db.close_db()
+        os.remove("testdb")
+
+    def insert_session(self, session: Session):
+        with self.app.app_context():
+            dao_session.insert_user_session(session)
+
+    def test_no_headers_returns_unauthorized(self):
+        expected = {'message':'Missing Authorization!','code':443}
+
+        response = self.client.get(self.url_path)
+        actual_response_json = json.loads(response.data.decode())
+
+        self.assertEqual(401, response.status_code)
+        self.assertEqual(expected, actual_response_json)
+
+    def test_not_saved_access_token_headers_returns_unauthorized(self):
+        expected = {'message':'Invalid Authorization!','code':444}
+
+        response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'})
+        actual_response_json = json.loads(response.data.decode())
+
+        self.assertEqual(401, response.status_code)
+        self.assertEqual(expected, actual_response_json)
+
+    def test_expired_access_token_headers_returns_unauthorized(self):
+        session = create_test_session(user_id=2, media_token='token', access_expires_at=1, refresh_expires_at=2000)
+        self.insert_session(session)
+        expected = {'message':'Invalid Authorization!','code':444}
+        
+        response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'})
+        actual_response_json = json.loads(response.data.decode())
+        
+        self.assertEqual(401, response.status_code)
+        self.assertEqual(expected, actual_response_json)
+
+    @unittest.mock.patch('time.time', return_value=1000)
+    def test_given_valid_token_returns_access_granted(self, mock_time):
+        session = create_test_session(user_id=2, media_token='token', access_expires_at=1050, refresh_expires_at=2000)
+        self.insert_session(session)
+        expected = {'message': 'Access Granted', 'code': 220}
+
+        header = {'Media-Authorization': 'token'}
+        response = self.client.get(self.url_path, headers = header)
+
+        actual_response_json = json.loads(response.data.decode())
+        self.assertEqual(200, response.status_code)
+        self.assertEqual(expected, actual_response_json)
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)