From 75e5bdfa55476d70e1354b730bf6b6d52f5616e3 Mon Sep 17 00:00:00 2001
From: Kevin Glisson <kglisson@netflix.com>
Date: Thu, 25 Jun 2015 13:43:42 -0700
Subject: [PATCH] Adding some structure for authenticated tests

---
 lemur/accounts/views.py      |  2 +-
 lemur/auth/service.py        |  3 +--
 lemur/tests/conftest.py      | 45 ++++++++++++++++++++++++++----------
 lemur/tests/test_accounts.py | 13 +++--------
 4 files changed, 38 insertions(+), 25 deletions(-)

diff --git a/lemur/accounts/views.py b/lemur/accounts/views.py
index b3304af4..2729ec47 100644
--- a/lemur/accounts/views.py
+++ b/lemur/accounts/views.py
@@ -181,7 +181,7 @@ class Accounts(AuthenticatedResource):
     @marshal_items(FIELDS)
     def put(self, account_id):
         """
-        .. http:post:: /accounts/1
+        .. http:put:: /accounts/1
 
            Updates an account
 
diff --git a/lemur/auth/service.py b/lemur/auth/service.py
index 0675f640..facad7c4 100644
--- a/lemur/auth/service.py
+++ b/lemur/auth/service.py
@@ -96,9 +96,8 @@ def login_required(f):
             response.status_code = 401
             return response
 
-        token = request.headers.get('Authorization').split()[1]
-
         try:
+            token = request.headers.get('Authorization').split()[1]
             payload = jwt.decode(token, current_app.config['TOKEN_SECRET'])
         except jwt.DecodeError:
             return dict(message='Token is invalid'), 403
diff --git a/lemur/tests/conftest.py b/lemur/tests/conftest.py
index 135b5ca7..2d680850 100644
--- a/lemur/tests/conftest.py
+++ b/lemur/tests/conftest.py
@@ -1,9 +1,11 @@
 import pytest
 
+from flask import current_app
+
 from lemur import create_app
-from lemur.database import db as _db
 
 from flask.ext.sqlalchemy import SignallingSession
+from flask.ext.principal import Identity, identity_changed
 
 from sqlalchemy import event
 
@@ -45,26 +47,45 @@ def app():
     ctx.pop()
 
 
-@pytest.yield_fixture(scope="session")
-def db():
-    _db.create_all()
-
-    yield _db
-
-    _db.drop_all()
+@pytest.yield_fixture(scope="function")
+def unauth_client(app):
+    with app.test_client() as client:
+        yield client
 
 
 @pytest.yield_fixture(scope="function")
-def session(app, db):
+def auth_client(app):
+    with app.test_client() as client:
+        yield client
+
+
+@pytest.yield_fixture(scope="function")
+def admin_client(app):
+    with app.test_client() as client:
+        yield client
+
+
+
+@pytest.yield_fixture(scope="session")
+def database(app):
+    app.db.create_all()
+
+    yield app.db
+
+    app.db.drop_all()
+
+
+@pytest.yield_fixture(scope="function")
+def session(database):
     """
     Creates a new database session with (with working transaction)
     for test duration.
     """
-    connection = _db.engine.connect()
+    connection = database.engine.connect()
     transaction = connection.begin()
 
     options = dict(bind=connection)
-    session = _db.create_scoped_session(options=options)
+    session = database.create_scoped_session(options=options)
 
     # then each time that SAVEPOINT ends, reopen it
     @event.listens_for(SignallingSession, "after_transaction_end")
@@ -81,7 +102,7 @@ def session(app, db):
     # pushing new Flask application context for multiple-thread
     # tests to work
 
-    _db.session = session
+    database.session = session
 
     yield session
 
diff --git a/lemur/tests/test_accounts.py b/lemur/tests/test_accounts.py
index 19f5bd8d..3d1de94d 100644
--- a/lemur/tests/test_accounts.py
+++ b/lemur/tests/test_accounts.py
@@ -40,14 +40,7 @@ def test_unauthenticated_views(client):
     assert client.delete(api.url_for(Accounts, account_id=1)).status_code == 401
     assert client.patch(api.url_for(Accounts, account_id=1), {}).status_code == 405
 
-    assert client.get(api.url_for(AccountsList)).status_code == 401
-    assert client.post(api.url_for(AccountsList), {}).status_code == 401
-    assert client.put(api.url_for(AccountsList), {}).status_code == 405
-    assert client.delete(api.url_for(AccountsList)).status_code == 405
-    assert client.patch(api.url_for(Accounts), {}).status_code == 405
+VALID_TOKEN = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MzUyMzMzNjksInN1YiI6MSwiZXhwIjoxNTIxNTQ2OTY5fQ.1qCi0Ip7mzKbjNh0tVd3_eJOrae3rNa_9MCVdA4WtQI'
 
-    assert client.get(api.url_for(CertificateAccounts, certificate_id=1)).status_code == 401
-    assert client.post(api.url_for(CertificateAccounts), {}).status_code == 405
-    assert client.put(api.url_for(CertificateAccounts), {}).status_code == 405
-    assert client.delete(api.url_for(CertificateAccounts)).status_code == 405
-    assert client.patch(api.url_for(CertificateAccounts), {}).status_code == 405
+def test_auth_account_get(auth_client):
+        assert auth_client.get(api.url_for(Accounts, account_id=1), headers={'Authorization': 'Basic ' + VALID_TOKEN}).status_code == 200
\ No newline at end of file