OLD | NEW |
(Empty) | |
| 1 # Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is govered by a BSD-style |
| 3 # license that can be found in the LICENSE file or at |
| 4 # https://developers.google.com/open-source/licenses/bsd |
| 5 |
| 6 """Unit tests for jsonfeed module.""" |
| 7 |
| 8 import httplib |
| 9 import logging |
| 10 import unittest |
| 11 |
| 12 from google.appengine.api import app_identity |
| 13 |
| 14 from framework import jsonfeed |
| 15 from framework import servlet |
| 16 from framework import xsrf |
| 17 from services import service_manager |
| 18 from testing import testing_helpers |
| 19 |
| 20 |
| 21 class JsonFeedTest(unittest.TestCase): |
| 22 |
| 23 def setUp(self): |
| 24 self.cnxn = 'fake cnxn' |
| 25 |
| 26 def testGet(self): |
| 27 """Tests handling of GET requests.""" |
| 28 feed = TestableJsonFeed() |
| 29 |
| 30 # all expected args are present + a bonus arg that should be ignored |
| 31 feed.mr = testing_helpers.MakeMonorailRequest( |
| 32 path='/foo/bar/wee?sna=foo', method='POST', |
| 33 params={'a': '123', 'z': 'zebra'}) |
| 34 self.assertRaises(servlet.AlreadySentResponseException, feed.get) |
| 35 |
| 36 self.assertEqual(True, feed.handle_request_called) |
| 37 self.assertEqual(1, len(feed.json_data)) |
| 38 |
| 39 def testPost(self): |
| 40 """Tests handling of POST requests.""" |
| 41 feed = TestableJsonFeed() |
| 42 feed.mr = testing_helpers.MakeMonorailRequest( |
| 43 path='/foo/bar/wee?sna=foo', method='POST', |
| 44 params={'a': '123', 'z': 'zebra'}) |
| 45 |
| 46 self.assertRaises(servlet.AlreadySentResponseException, feed.post) |
| 47 |
| 48 self.assertEqual(True, feed.handle_request_called) |
| 49 self.assertEqual(1, len(feed.json_data)) |
| 50 |
| 51 def testSecurityTokenChecked_BadToken(self): |
| 52 feed = TestableJsonFeed() |
| 53 feed.mr = testing_helpers.MakeMonorailRequest( |
| 54 user_info={'user_id': 555}) |
| 55 # Note that feed.mr has no token set. |
| 56 self.assertRaises(xsrf.TokenIncorrect, feed.get) |
| 57 self.assertRaises(xsrf.TokenIncorrect, feed.post) |
| 58 |
| 59 feed.mr.token = 'bad token' |
| 60 self.assertRaises(xsrf.TokenIncorrect, feed.get) |
| 61 self.assertRaises(xsrf.TokenIncorrect, feed.post) |
| 62 |
| 63 def testSecurityTokenChecked_HandlerDoesNotNeedToken(self): |
| 64 feed = TestableJsonFeed() |
| 65 feed.mr = testing_helpers.MakeMonorailRequest( |
| 66 user_info={'user_id': 555}) |
| 67 # Note that feed.mr has no token set. |
| 68 feed.CHECK_SECURITY_TOKEN = False |
| 69 self.assertRaises(servlet.AlreadySentResponseException, feed.get) |
| 70 self.assertRaises(servlet.AlreadySentResponseException, feed.post) |
| 71 |
| 72 def testSecurityTokenChecked_AnonUserDoesNotNeedToken(self): |
| 73 feed = TestableJsonFeed() |
| 74 feed.mr = testing_helpers.MakeMonorailRequest() |
| 75 # Note that feed.mr has no token set, but also no auth.user_id. |
| 76 self.assertRaises(servlet.AlreadySentResponseException, feed.get) |
| 77 self.assertRaises(servlet.AlreadySentResponseException, feed.post) |
| 78 |
| 79 def testSameAppOnly_ExternallyAccessible(self): |
| 80 feed = TestableJsonFeed() |
| 81 feed.mr = testing_helpers.MakeMonorailRequest() |
| 82 # Note that request has no X-Appengine-Inbound-Appid set. |
| 83 self.assertRaises(servlet.AlreadySentResponseException, feed.get) |
| 84 self.assertRaises(servlet.AlreadySentResponseException, feed.post) |
| 85 |
| 86 def testSameAppOnly_InternalOnlyCalledFromSameApp(self): |
| 87 feed = TestableJsonFeed() |
| 88 feed.CHECK_SAME_APP = True |
| 89 feed.mr = testing_helpers.MakeMonorailRequest() |
| 90 app_id = app_identity.get_application_id() |
| 91 feed.mr.request.headers['X-Appengine-Inbound-Appid'] = app_id |
| 92 self.assertRaises(servlet.AlreadySentResponseException, feed.get) |
| 93 self.assertRaises(servlet.AlreadySentResponseException, feed.post) |
| 94 |
| 95 def testSameAppOnly_InternalOnlyCalledExternally(self): |
| 96 feed = TestableJsonFeed() |
| 97 feed.CHECK_SAME_APP = True |
| 98 feed.mr = testing_helpers.MakeMonorailRequest() |
| 99 # Note that request has no X-Appengine-Inbound-Appid set. |
| 100 self.assertIsNone(feed.get()) |
| 101 self.assertFalse(feed.handle_request_called) |
| 102 self.assertEqual(httplib.FORBIDDEN, feed.response.status) |
| 103 self.assertIsNone(feed.post()) |
| 104 self.assertFalse(feed.handle_request_called) |
| 105 self.assertEqual(httplib.FORBIDDEN, feed.response.status) |
| 106 |
| 107 def testSameAppOnly_InternalOnlyCalledFromWrongApp(self): |
| 108 feed = TestableJsonFeed() |
| 109 feed.CHECK_SAME_APP = True |
| 110 feed.mr = testing_helpers.MakeMonorailRequest() |
| 111 feed.mr.request.headers['X-Appengine-Inbound-Appid'] = 'wrong' |
| 112 self.assertIsNone(feed.get()) |
| 113 self.assertFalse(feed.handle_request_called) |
| 114 self.assertEqual(httplib.FORBIDDEN, feed.response.status) |
| 115 self.assertIsNone(feed.post()) |
| 116 self.assertFalse(feed.handle_request_called) |
| 117 self.assertEqual(httplib.FORBIDDEN, feed.response.status) |
| 118 |
| 119 |
| 120 class TestableJsonFeed(jsonfeed.JsonFeed): |
| 121 |
| 122 def __init__(self, request=None): |
| 123 response = testing_helpers.Blank() |
| 124 super(TestableJsonFeed, self).__init__( |
| 125 request or 'req', response, services=service_manager.Services()) |
| 126 |
| 127 self.response_data = None |
| 128 self.handle_request_called = False |
| 129 self.json_data = None |
| 130 |
| 131 def HandleRequest(self, mr): |
| 132 self.handle_request_called = True |
| 133 return {'a': mr.GetParam('a')} |
| 134 |
| 135 # The output chain is hard to double so we pass on that phase, |
| 136 # but save the response data for inspection |
| 137 def _RenderJsonResponse(self, json_data): |
| 138 self.json_data = json_data |
| 139 |
| 140 |
| 141 if __name__ == '__main__': |
| 142 unittest.main() |
OLD | NEW |