dashboard/dashboard/api/api_request_handler_test.py - catapult - Git at Google

 # Copyright 2017 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 import json
 import mock
 import unittest

 import webapp2
 import webtest

 from dashboard.api import api_auth
 from dashboard.api import api_request_handler
 from dashboard.common import testing_common


 class TestApiRequestHandler(api_request_handler.ApiRequestHandler):

   def _CheckUser(self):
     return self._CheckIsInternalUser()

   def Post(self):
     return {'foo': 'response'}


 class ApiRequestHandlerTest(testing_common.TestCase):

   def setUp(self):
     super(ApiRequestHandlerTest, self).setUp()

     app = webapp2.WSGIApplication(
         [(r'/api/test', TestApiRequestHandler)])
     self.testapp = webtest.TestApp(app)

   def testPost_Authorized_PostCalled(self):
     self.SetCurrentUserOAuth(testing_common.INTERNAL_USER)
     self.SetCurrentClientIdOAuth(api_auth.OAUTH_CLIENT_ID_WHITELIST[0])
     response = self.Post('/api/test')
     self.assertEqual(
         {'foo': 'response'},
         json.loads(response.body))

   @mock.patch.object(
       api_auth,
       'Authorize',
       mock.MagicMock(side_effect=api_auth.OAuthError))
   @mock.patch.object(
       TestApiRequestHandler, 'Post')
   def testPost_Unauthorized_PostNotCalled(self, mock_post):
     response = self.Post('/api/test', status=403)
     self.assertEqual(
         {'error': 'User authentication error'},
         json.loads(response.body))
     self.assertFalse(mock_post.called)

   @mock.patch.object(api_auth, 'Authorize')
   @mock.patch.object(
       TestApiRequestHandler, 'Post',
       mock.MagicMock(side_effect=api_request_handler.BadRequestError('foo')))
   def testPost_BadRequest_400(self, _):
     self.SetCurrentUserOAuth(testing_common.INTERNAL_USER)
     self.SetCurrentClientIdOAuth(api_auth.OAUTH_CLIENT_ID_WHITELIST[0])
     response = self.Post('/api/test', status=400)
     self.assertEqual(
         {'error': 'foo'},
         json.loads(response.body))

   @mock.patch.object(
       api_auth, 'Authorize',
       mock.MagicMock(side_effect=api_auth.OAuthError))
   def testPost_OAuthError_403(self):
     response = self.Post('/api/test', status=403)
     self.assertEqual(
         {'error': 'User authentication error'},
         json.loads(response.body))

   @mock.patch.object(
       api_auth, 'Authorize',
       mock.MagicMock(side_effect=api_auth.NotLoggedInError))
   def testPost_NotLoggedInError_401(self):
     response = self.Post('/api/test', status=401)
     self.assertEqual(
         {'error': 'User not authenticated'},
         json.loads(response.body))

   def testOptions_NoOrigin_HeadersNotSet(self):
     response = self.testapp.options('/api/test')
     self.assertListEqual(
         [('Content-Length', '0'),
          ('Cache-Control', 'no-cache'),
          ('Content-Type', 'application/json; charset=utf-8')],
         response.headerlist)

   def testOptions_InvalidOrigin_HeadersNotSet(self):
     api_request_handler._ALLOWED_ORIGINS = ['foo.appspot.com']
     response = self.testapp.options(
         '/api/test', headers={'origin': 'https://bar.appspot.com'})
     self.assertListEqual(
         [('Content-Length', '0'),
          ('Cache-Control', 'no-cache'),
          ('Content-Type', 'application/json; charset=utf-8')],
         response.headerlist)

   def testPost_ValidProdOrigin_HeadersSet(self):
     api_request_handler._ALLOWED_ORIGINS = ['foo.appspot.com']
     response = self.testapp.options(
         '/api/test', headers={'origin': 'https://foo.appspot.com'})
     self.assertListEqual(
         [('Content-Length', '0'),
          ('Cache-Control', 'no-cache'),
          ('Content-Type', 'application/json; charset=utf-8'),
          ('Access-Control-Allow-Origin', 'https://foo.appspot.com'),
          ('Access-Control-Allow-Credentials', 'true'),
          ('Access-Control-Allow-Methods', 'GET,OPTIONS,POST'),
          ('Access-Control-Allow-Headers', 'Accept,Authorization,Content-Type'),
          ('Access-Control-Max-Age', '3600')],
         response.headerlist)

   def testPost_ValidDevOrigin_HeadersSet(self):
     api_request_handler._ALLOWED_ORIGINS = ['foo.appspot.com']
     response = self.testapp.options(
         '/api/test',
         headers={'origin': 'https://123jkjasdf-dot-foo.appspot.com'})
     self.assertListEqual(
         [('Content-Length', '0'),
          ('Cache-Control', 'no-cache'),
          ('Content-Type', 'application/json; charset=utf-8'),
          ('Access-Control-Allow-Origin',
           'https://123jkjasdf-dot-foo.appspot.com'),
          ('Access-Control-Allow-Credentials', 'true'),
          ('Access-Control-Allow-Methods', 'GET,OPTIONS,POST'),
          ('Access-Control-Allow-Headers', 'Accept,Authorization,Content-Type'),
          ('Access-Control-Max-Age', '3600')],
         response.headerlist)

   def testPost_InvalidOrigin_HeadersNotSet(self):
     response = self.testapp.options('/api/test')
     self.assertListEqual(
         [('Content-Length', '0'),
          ('Cache-Control', 'no-cache'),
          ('Content-Type', 'application/json; charset=utf-8')],
         response.headerlist)


 if __name__ == '__main__':
   unittest.main()
	# Copyright 2017 The Chromium Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	import json
	import mock
	import unittest

	import webapp2
	import webtest

	from dashboard.api import api_auth
	from dashboard.api import api_request_handler
	from dashboard.common import testing_common


	class TestApiRequestHandler(api_request_handler.ApiRequestHandler):

	def _CheckUser(self):
	return self._CheckIsInternalUser()

	def Post(self):
	return {'foo': 'response'}


	class ApiRequestHandlerTest(testing_common.TestCase):

	def setUp(self):
	super(ApiRequestHandlerTest, self).setUp()

	app = webapp2.WSGIApplication(
	[(r'/api/test', TestApiRequestHandler)])
	self.testapp = webtest.TestApp(app)

	def testPost_Authorized_PostCalled(self):
	self.SetCurrentUserOAuth(testing_common.INTERNAL_USER)
	self.SetCurrentClientIdOAuth(api_auth.OAUTH_CLIENT_ID_WHITELIST[0])
	response = self.Post('/api/test')
	self.assertEqual(
	{'foo': 'response'},
	json.loads(response.body))

	@mock.patch.object(
	api_auth,
	'Authorize',
	mock.MagicMock(side_effect=api_auth.OAuthError))
	@mock.patch.object(
	TestApiRequestHandler, 'Post')
	def testPost_Unauthorized_PostNotCalled(self, mock_post):
	response = self.Post('/api/test', status=403)
	self.assertEqual(
	{'error': 'User authentication error'},
	json.loads(response.body))
	self.assertFalse(mock_post.called)

	@mock.patch.object(api_auth, 'Authorize')
	@mock.patch.object(
	TestApiRequestHandler, 'Post',
	mock.MagicMock(side_effect=api_request_handler.BadRequestError('foo')))
	def testPost_BadRequest_400(self, _):
	self.SetCurrentUserOAuth(testing_common.INTERNAL_USER)
	self.SetCurrentClientIdOAuth(api_auth.OAUTH_CLIENT_ID_WHITELIST[0])
	response = self.Post('/api/test', status=400)
	self.assertEqual(
	{'error': 'foo'},
	json.loads(response.body))

	@mock.patch.object(
	api_auth, 'Authorize',
	mock.MagicMock(side_effect=api_auth.OAuthError))
	def testPost_OAuthError_403(self):
	response = self.Post('/api/test', status=403)
	self.assertEqual(
	{'error': 'User authentication error'},
	json.loads(response.body))

	@mock.patch.object(
	api_auth, 'Authorize',
	mock.MagicMock(side_effect=api_auth.NotLoggedInError))
	def testPost_NotLoggedInError_401(self):
	response = self.Post('/api/test', status=401)
	self.assertEqual(
	{'error': 'User not authenticated'},
	json.loads(response.body))

	def testOptions_NoOrigin_HeadersNotSet(self):
	response = self.testapp.options('/api/test')
	self.assertListEqual(
	[('Content-Length', '0'),
	('Cache-Control', 'no-cache'),
	('Content-Type', 'application/json; charset=utf-8')],
	response.headerlist)

	def testOptions_InvalidOrigin_HeadersNotSet(self):
	api_request_handler._ALLOWED_ORIGINS = ['foo.appspot.com']
	response = self.testapp.options(
	'/api/test', headers={'origin': 'https://bar.appspot.com'})
	self.assertListEqual(
	[('Content-Length', '0'),
	('Cache-Control', 'no-cache'),
	('Content-Type', 'application/json; charset=utf-8')],
	response.headerlist)

	def testPost_ValidProdOrigin_HeadersSet(self):
	api_request_handler._ALLOWED_ORIGINS = ['foo.appspot.com']
	response = self.testapp.options(
	'/api/test', headers={'origin': 'https://foo.appspot.com'})
	self.assertListEqual(
	[('Content-Length', '0'),
	('Cache-Control', 'no-cache'),
	('Content-Type', 'application/json; charset=utf-8'),
	('Access-Control-Allow-Origin', 'https://foo.appspot.com'),
	('Access-Control-Allow-Credentials', 'true'),
	('Access-Control-Allow-Methods', 'GET,OPTIONS,POST'),
	('Access-Control-Allow-Headers', 'Accept,Authorization,Content-Type'),
	('Access-Control-Max-Age', '3600')],
	response.headerlist)

	def testPost_ValidDevOrigin_HeadersSet(self):
	api_request_handler._ALLOWED_ORIGINS = ['foo.appspot.com']
	response = self.testapp.options(
	'/api/test',
	headers={'origin': 'https://123jkjasdf-dot-foo.appspot.com'})
	self.assertListEqual(
	[('Content-Length', '0'),
	('Cache-Control', 'no-cache'),
	('Content-Type', 'application/json; charset=utf-8'),
	('Access-Control-Allow-Origin',
	'https://123jkjasdf-dot-foo.appspot.com'),
	('Access-Control-Allow-Credentials', 'true'),
	('Access-Control-Allow-Methods', 'GET,OPTIONS,POST'),
	('Access-Control-Allow-Headers', 'Accept,Authorization,Content-Type'),
	('Access-Control-Max-Age', '3600')],
	response.headerlist)

	def testPost_InvalidOrigin_HeadersNotSet(self):
	response = self.testapp.options('/api/test')
	self.assertListEqual(
	[('Content-Length', '0'),
	('Cache-Control', 'no-cache'),
	('Content-Type', 'application/json; charset=utf-8')],
	response.headerlist)


	if __name__ == '__main__':
	unittest.main()