Gergely Hegedus
1f06c40c4c
Media-Token can be used only to access the content, but unable to modify user data
74 lines
No EOL
2.8 KiB
Python
74 lines
No EOL
2.8 KiB
Python
import os
|
|
import unittest
|
|
import unittest.mock
|
|
import json
|
|
from .context import create_app, default_test_config, create_test_session
|
|
from backend.data import db
|
|
from backend.data import dao_users
|
|
from backend.data import dao_session
|
|
from backend.data.data_models import Session
|
|
from backend.data.data_models import RegisteringUser
|
|
|
|
class TestMediaAccess(unittest.TestCase):
|
|
|
|
url_path = '/has_media_access'
|
|
app = create_app(default_test_config)
|
|
client = app.test_client()
|
|
|
|
def setUp(self):
|
|
with self.app.app_context():
|
|
db.init_db()
|
|
|
|
def tearDown(self):
|
|
with self.app.app_context():
|
|
db.close_db()
|
|
os.remove("testdb")
|
|
|
|
def insert_session(self, session: Session):
|
|
with self.app.app_context():
|
|
dao_session.insert_user_session(session)
|
|
|
|
def test_no_headers_returns_unauthorized(self):
|
|
expected = {'message':'Missing Authorization!','code':443}
|
|
|
|
response = self.client.get(self.url_path)
|
|
actual_response_json = json.loads(response.data.decode())
|
|
|
|
self.assertEqual(401, response.status_code)
|
|
self.assertEqual(expected, actual_response_json)
|
|
|
|
def test_not_saved_access_token_headers_returns_unauthorized(self):
|
|
expected = {'message':'Invalid Authorization!','code':444}
|
|
|
|
response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'})
|
|
actual_response_json = json.loads(response.data.decode())
|
|
|
|
self.assertEqual(401, response.status_code)
|
|
self.assertEqual(expected, actual_response_json)
|
|
|
|
def test_expired_access_token_headers_returns_unauthorized(self):
|
|
session = create_test_session(user_id=2, media_token='token', access_expires_at=1, refresh_expires_at=2000)
|
|
self.insert_session(session)
|
|
expected = {'message':'Invalid Authorization!','code':444}
|
|
|
|
response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'})
|
|
actual_response_json = json.loads(response.data.decode())
|
|
|
|
self.assertEqual(401, response.status_code)
|
|
self.assertEqual(expected, actual_response_json)
|
|
|
|
@unittest.mock.patch('time.time', return_value=1000)
|
|
def test_given_valid_token_returns_access_granted(self, mock_time):
|
|
session = create_test_session(user_id=2, media_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
|
self.insert_session(session)
|
|
expected = {'message': 'Access Granted', 'code': 220}
|
|
|
|
header = {'Media-Authorization': 'token'}
|
|
response = self.client.get(self.url_path, headers = header)
|
|
|
|
actual_response_json = json.loads(response.data.decode())
|
|
self.assertEqual(200, response.status_code)
|
|
self.assertEqual(expected, actual_response_json)
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main(verbosity=2) |