To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch

Commit 8d9feeb7 authored by Alexander Dietmüller's avatar Alexander Dietmüller
Browse files

Backend/amivapi: Add integration tests for api connection and fix small bug

Currently amivapi crashes if `user` or `group` are not included in a the
projection for `groupmembership` -- the projection is removed until it is safe
to use it again.

Furthermore added some integration tests that are skipped if tokens are not
provided to not interfere with automated testing.
parent c236c86e
......@@ -56,14 +56,14 @@ def request_cache(key):
@request_cache('apiuser')
def get_user():
"""Return user id if the token is valid, None otherwise."""
response = api_get(
'sessions',
where={'token': g.get('token', '')},
projection={'user': 1}
)
if response:
print('Resp', response['_items'][0])
return response['_items'][0]['user']
if g.get('token') is not None:
response = api_get(
'sessions',
where={'token': g.get('token', '')},
projection={'user': 1}
)
if response:
return response['_items'][0]['user']
@request_cache('nethz')
......@@ -71,7 +71,6 @@ def get_nethz():
"""Return nethz of current user."""
if get_user() is not None:
response = api_get('users/' + get_user())
print('users/' + get_user(), response)
return response.get('nethz')
......@@ -96,7 +95,9 @@ def is_admin():
membership = api_get(
'groupmemberships',
where={'user': user_id, 'group': group_id},
projection={'_id': 1}
# This Projection currectly crashes AMIVAPI
# https://github.com/amiv-eth/amivapi/issues/206
# projection={'_id': 1}
)
return bool(membership and membership['_items'])
......
......@@ -27,6 +27,38 @@ TEST_SETTINGS = {
}
# Check command line options for API token
# This way we can conveniently skip integration tests per default,
# but still provide a convenient interface to run them
def pytest_addoption(parser):
"""Add options to get tokens from command line."""
parser.addoption("--usertoken",
action="store",
help="amivapi user token")
parser.addoption("--admintoken",
action="store",
help="amivapi pvk admin token")
@pytest.fixture
def admintoken(request):
"""Fixture to provide admin token or skip test if its not available."""
token = request.config.getoption('--admintoken')
if token is None:
pytest.skip("need api admin token to run")
return token
@pytest.fixture
def usertoken(request):
"""Fixture to provide user token or skip test if its not available."""
token = request.config.getoption('--usertoken')
if token is None:
pytest.skip("need api user token to run")
return token
class TestClient(FlaskClient):
"""Custom test client for easier json handling."""
......
"""Test api connection functions.
These tests require command line options to run.
First, aquire a amivapi token (e.g. with curl) both for a user in the
admin group and for a user not in the admin group.
Then provide them to the tests with:
> py.test --usertoken <token> --admintoken <token>
(of course, replace `<token>` with the two respective values)
The basic idea is simple: all security related functions use the g object
for their in- and outputs.
So we just put the provided token into g and see if the functions work.
"""
from flask import g
from security import get_user, get_nethz, is_admin
def test_user_found(app, usertoken):
"""Test if a user can be found with an api token."""
with app.app_context():
g.token = usertoken
assert get_user() is not None
def test_nethz_found(app, usertoken):
"""Test if a users nethz can be found with an api token."""
with app.app_context():
g.token = usertoken
assert get_nethz() is not None
def test_user_not_found(app):
"""Without token, user cannot be found."""
with app.app_context():
assert get_user() is None
def test_nethz_not_found(app):
"""Without token, users nethz cannot be found."""
with app.app_context():
assert get_nethz() is None
def test_not_admin(app):
"""Without token, user does no get admin priviledges."""
with app.app_context():
assert is_admin() is False
def test_user_not_admin(app, usertoken):
"""Test if the user does not get admin priviledges."""
with app.app_context():
g.token = usertoken
assert is_admin() is False
def test_admin(app, admintoken):
"""Test if admins get priviledges."""
with app.app_context():
g.token = admintoken
assert is_admin() is True
......@@ -98,3 +98,22 @@ But don't worry, it's very easy to set them up -- take a look at the
```bash
py.test
```
- Per default, integration tests with amivapi are skipped, since they require
valid amivapi tokens.
You can run `py.test -rs` to get a summary including skipped tests.
The api tests can be included by provide tokens for a user (*not in* the
`PVK Admins` group) and an admin (*in* the `PVK Admins` group)
```bash
# Replace <usertoken> and <admintoken> (including <>) with your tokens
py.test -rs --usertoken <usertoken> --admintoken <admintoken>
```
An easy way to aquire the tokens is `curl`:
```bash
curl -X POST -Fusername <user> -Fpassword <pass> amiv-api.ethz.ch/sessions
```
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment