Adding some structure for authenticated tests

This commit is contained in:
Kevin Glisson 2015-06-25 13:43:42 -07:00 committed by kevgliss
parent 37669b906c
commit 0285422654
4 changed files with 38 additions and 25 deletions

View File

@ -181,7 +181,7 @@ class Accounts(AuthenticatedResource):
@marshal_items(FIELDS) @marshal_items(FIELDS)
def put(self, account_id): def put(self, account_id):
""" """
.. http:post:: /accounts/1 .. http:put:: /accounts/1
Updates an account Updates an account

View File

@ -96,9 +96,8 @@ def login_required(f):
response.status_code = 401 response.status_code = 401
return response return response
token = request.headers.get('Authorization').split()[1]
try: try:
token = request.headers.get('Authorization').split()[1]
payload = jwt.decode(token, current_app.config['TOKEN_SECRET']) payload = jwt.decode(token, current_app.config['TOKEN_SECRET'])
except jwt.DecodeError: except jwt.DecodeError:
return dict(message='Token is invalid'), 403 return dict(message='Token is invalid'), 403

View File

@ -1,9 +1,11 @@
import pytest import pytest
from flask import current_app
from lemur import create_app from lemur import create_app
from lemur.database import db as _db
from flask.ext.sqlalchemy import SignallingSession from flask.ext.sqlalchemy import SignallingSession
from flask.ext.principal import Identity, identity_changed
from sqlalchemy import event from sqlalchemy import event
@ -45,26 +47,45 @@ def app():
ctx.pop() ctx.pop()
@pytest.yield_fixture(scope="session") @pytest.yield_fixture(scope="function")
def db(): def unauth_client(app):
_db.create_all() with app.test_client() as client:
yield client
yield _db
_db.drop_all()
@pytest.yield_fixture(scope="function") @pytest.yield_fixture(scope="function")
def session(app, db): def auth_client(app):
with app.test_client() as client:
yield client
@pytest.yield_fixture(scope="function")
def admin_client(app):
with app.test_client() as client:
yield client
@pytest.yield_fixture(scope="session")
def database(app):
app.db.create_all()
yield app.db
app.db.drop_all()
@pytest.yield_fixture(scope="function")
def session(database):
""" """
Creates a new database session with (with working transaction) Creates a new database session with (with working transaction)
for test duration. for test duration.
""" """
connection = _db.engine.connect() connection = database.engine.connect()
transaction = connection.begin() transaction = connection.begin()
options = dict(bind=connection) options = dict(bind=connection)
session = _db.create_scoped_session(options=options) session = database.create_scoped_session(options=options)
# then each time that SAVEPOINT ends, reopen it # then each time that SAVEPOINT ends, reopen it
@event.listens_for(SignallingSession, "after_transaction_end") @event.listens_for(SignallingSession, "after_transaction_end")
@ -81,7 +102,7 @@ def session(app, db):
# pushing new Flask application context for multiple-thread # pushing new Flask application context for multiple-thread
# tests to work # tests to work
_db.session = session database.session = session
yield session yield session

View File

@ -40,14 +40,7 @@ def test_unauthenticated_views(client):
assert client.delete(api.url_for(Accounts, account_id=1)).status_code == 401 assert client.delete(api.url_for(Accounts, account_id=1)).status_code == 401
assert client.patch(api.url_for(Accounts, account_id=1), {}).status_code == 405 assert client.patch(api.url_for(Accounts, account_id=1), {}).status_code == 405
assert client.get(api.url_for(AccountsList)).status_code == 401 VALID_TOKEN = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MzUyMzMzNjksInN1YiI6MSwiZXhwIjoxNTIxNTQ2OTY5fQ.1qCi0Ip7mzKbjNh0tVd3_eJOrae3rNa_9MCVdA4WtQI'
assert client.post(api.url_for(AccountsList), {}).status_code == 401
assert client.put(api.url_for(AccountsList), {}).status_code == 405
assert client.delete(api.url_for(AccountsList)).status_code == 405
assert client.patch(api.url_for(Accounts), {}).status_code == 405
assert client.get(api.url_for(CertificateAccounts, certificate_id=1)).status_code == 401 def test_auth_account_get(auth_client):
assert client.post(api.url_for(CertificateAccounts), {}).status_code == 405 assert auth_client.get(api.url_for(Accounts, account_id=1), headers={'Authorization': 'Basic ' + VALID_TOKEN}).status_code == 200
assert client.put(api.url_for(CertificateAccounts), {}).status_code == 405
assert client.delete(api.url_for(CertificateAccounts)).status_code == 405
assert client.patch(api.url_for(CertificateAccounts), {}).status_code == 405