chromium-dashboard/api/token_refresh_api_test.py

# Copyright 2020 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License")
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import testing_config  # Must be imported before the module under test.

import flask
from flask import session
from unittest import mock
import werkzeug.exceptions  # Flask HTTP stuff.

from api import token_refresh_api
from framework import xsrf

test_app = flask.Flask(__name__)
test_app.secret_key = 'testing secret'


class TokenRefreshAPITest(testing_config.CustomTestCase):

  def setUp(self):
    self.handler = token_refresh_api.TokenRefreshAPI()
    self.request_path = '/api/v0/currentuser/token'

  @mock.patch('framework.xsrf.validate_token')
  def test_validate_token(self, mock_xsrf_validate_token):
    """This handler validates tokens with a a longer timeout."""
    self.handler.validate_token('test token', 'user@example.com')
    mock_xsrf_validate_token.assert_called_once_with(
        'test token', 'user@example.com',
        timeout=xsrf.REFRESH_TOKEN_TIMEOUT_SEC)

  def test_do_get(self):
    """This handler does not respond to GET requests."""
    with test_app.test_request_context(self.request_path):
      with self.assertRaises(NotImplementedError):
        self.handler.do_get()

  def test_post__anon(self):
    """We reject token requests from signed out users."""
    testing_config.sign_out()
    params = {}
    with test_app.test_request_context(self.request_path, json=params):
      with self.assertRaises(werkzeug.exceptions.Forbidden):
        self.handler.post()

  def test_post__missing(self):
    """We reject token requests that do not include a previous token."""
    testing_config.sign_in('user@example.com', 111)
    params = {}
    with test_app.test_request_context(self.request_path, json=params):
      with self.assertRaises(werkzeug.exceptions.BadRequest):
        self.handler.post()

  @mock.patch('api.token_refresh_api.TokenRefreshAPI.validate_token')
  def test_post__bad(self, mock_validate_token):
    """We reject token requests that have a bad token."""
    testing_config.sign_in('user@example.com', 111)
    mock_validate_token.side_effect = xsrf.TokenIncorrect()
    params = {'token': 'bad'}
    with test_app.test_request_context(self.request_path, json=params):
      with self.assertRaises(werkzeug.exceptions.BadRequest):
        self.handler.post()
    mock_validate_token.assert_called_once()

  def test_do_post__OK(self):
    """If the request is accepted, we return a new token."""
    params = {'token': 'checked in base class'}
    with test_app.test_request_context(self.request_path, json=params):
      session.clear()
      testing_config.sign_in('user@example.com', 111)
      actual = self.handler.do_post()

      self.assertIn('signed_user_info', session)
      self.assertIn('token', actual)
      self.assertIn('token_expires_sec', actual)
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00			`# Copyright 2020 Google Inc.`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License")`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`import testing_config # Must be imported before the module under test.`

			`import flask`
Refresh user session when refreshing XSRF token. (#1804) * Refresh user session when refreshing XSRF token. * Refresh the user session on each page navigation, and fix a bug in XSRF refresh. 2022-03-26 02:46:40 +03:00			`from flask import session`
In py3 code, replace the separate mock lib with unittest.mock. (#1665) 2022-01-11 19:20:40 +03:00			`from unittest import mock`
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00			`import werkzeug.exceptions # Flask HTTP stuff.`

			`from api import token_refresh_api`
			`from framework import xsrf`

Move routing configuration to main.py. (#1552) * Move routing configuration to main.py. * inline_file works so we dont need this directive * rebased * Removed __future__s 2021-09-23 23:01:43 +03:00			`test_app = flask.Flask(__name__)`
Refresh user session when refreshing XSRF token. (#1804) * Refresh user session when refreshing XSRF token. * Refresh the user session on each page navigation, and fix a bug in XSRF refresh. 2022-03-26 02:46:40 +03:00			`test_app.secret_key = 'testing secret'`
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00

20210618 gae ndb to cloud ndb (#1365) * Added Cloud NDB to requirements * google-cloud-core 1.7.0 requires google-auth<2.0dev,>=1.24.0, but you'll have google-auth 1.20.1 which is incompatible. * Running DataStore Emulator on port 15606 and setting environment variable for the same * Replaced GAE NDB imports with Cloud NDB imports * Solved Error: No Context for Ramcache * Solved No NDB Context Error for Cloud NDB * Fixed Error No object QueryOptions * Removed clear_datstore flag * Fixed to_dict() method * Added explicit call to method for stashing values while editing a feature * Using Cloud NDB in testbed * Updated README with JRE instructions and setting the DJANGO_SETTTINGS_MODULE environment variable for django.setup * Added Env Variable for datastore emulator * Migrated accounts_api_test.py * Migrated approvals_api_test.py * Migrated Comments.py and Cues_api_test.py * Migrated Features.py * Migrated metricsdata_test.py * Migrated stars_api_test.py * Fixed Deprecation warning for query options * Migrated token_refresh_api_test.py * Migrated basehandlers_test.py * Migrated permissions_test.py * Migrated ramcache_test.py * Migrated secrets_test.py * Migrated xsrf_test.py * Migrated fetchmetrics_test.py * Migrated models_test.py * Migrated notifier_test.py * Migrated processes_test.py * Migrated featuredetail_test.py * Migrated featurelist_test.py * Migrated guide_test.py * Migrated intentpreview_test.py * Migrated samples_test.py * Removed some unused stubs * Set the consistency of datastore emulator to be 1 * Resetting the database emulator before running the tests * Added npm targets for starting and stopping emulator * Updated README and Developer Docs * Removed unused imports * Made NDB calls DRY 2021-06-29 05:05:04 +03:00			`class TokenRefreshAPITest(testing_config.CustomTestCase):`
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00
			`def setUp(self):`
			`self.handler = token_refresh_api.TokenRefreshAPI()`
			`self.request_path = '/api/v0/currentuser/token'`

			`@mock.patch('framework.xsrf.validate_token')`
			`def test_validate_token(self, mock_xsrf_validate_token):`
			`"""This handler validates tokens with a a longer timeout."""`
			`self.handler.validate_token('test token', 'user@example.com')`
			`mock_xsrf_validate_token.assert_called_once_with(`
			`'test token', 'user@example.com',`
			`timeout=xsrf.REFRESH_TOKEN_TIMEOUT_SEC)`

			`def test_do_get(self):`
			`"""This handler does not respond to GET requests."""`
Move routing configuration to main.py. (#1552) * Move routing configuration to main.py. * inline_file works so we dont need this directive * rebased * Removed __future__s 2021-09-23 23:01:43 +03:00			`with test_app.test_request_context(self.request_path):`
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00			`with self.assertRaises(NotImplementedError):`
			`self.handler.do_get()`

			`def test_post__anon(self):`
			`"""We reject token requests from signed out users."""`
			`testing_config.sign_out()`
			`params = {}`
Move routing configuration to main.py. (#1552) * Move routing configuration to main.py. * inline_file works so we dont need this directive * rebased * Removed __future__s 2021-09-23 23:01:43 +03:00			`with test_app.test_request_context(self.request_path, json=params):`
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00			`with self.assertRaises(werkzeug.exceptions.Forbidden):`
			`self.handler.post()`

			`def test_post__missing(self):`
			`"""We reject token requests that do not include a previous token."""`
			`testing_config.sign_in('user@example.com', 111)`
			`params = {}`
Move routing configuration to main.py. (#1552) * Move routing configuration to main.py. * inline_file works so we dont need this directive * rebased * Removed __future__s 2021-09-23 23:01:43 +03:00			`with test_app.test_request_context(self.request_path, json=params):`
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00			`with self.assertRaises(werkzeug.exceptions.BadRequest):`
			`self.handler.post()`

			`@mock.patch('api.token_refresh_api.TokenRefreshAPI.validate_token')`
			`def test_post__bad(self, mock_validate_token):`
			`"""We reject token requests that have a bad token."""`
			`testing_config.sign_in('user@example.com', 111)`
			`mock_validate_token.side_effect = xsrf.TokenIncorrect()`
			`params = {'token': 'bad'}`
Move routing configuration to main.py. (#1552) * Move routing configuration to main.py. * inline_file works so we dont need this directive * rebased * Removed __future__s 2021-09-23 23:01:43 +03:00			`with test_app.test_request_context(self.request_path, json=params):`
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00			`with self.assertRaises(werkzeug.exceptions.BadRequest):`
			`self.handler.post()`
			`mock_validate_token.assert_called_once()`

			`def test_do_post__OK(self):`
			`"""If the request is accepted, we return a new token."""`
			`params = {'token': 'checked in base class'}`
Move routing configuration to main.py. (#1552) * Move routing configuration to main.py. * inline_file works so we dont need this directive * rebased * Removed __future__s 2021-09-23 23:01:43 +03:00			`with test_app.test_request_context(self.request_path, json=params):`
Refresh user session when refreshing XSRF token. (#1804) * Refresh user session when refreshing XSRF token. * Refresh the user session on each page navigation, and fix a bug in XSRF refresh. 2022-03-26 02:46:40 +03:00			`session.clear()`
			`testing_config.sign_in('user@example.com', 111)`
Implement XSRF token refresh handler. (#1287) * Implement XSRF token refresh handler. * Add unit test for new API handler 2021-04-26 22:48:53 +03:00			`actual = self.handler.do_post()`
Refresh user session when refreshing XSRF token. (#1804) * Refresh user session when refreshing XSRF token. * Refresh the user session on each page navigation, and fix a bug in XSRF refresh. 2022-03-26 02:46:40 +03:00
			`self.assertIn('signed_user_info', session)`
			`self.assertIn('token', actual)`
			`self.assertIn('token_expires_sec', actual)`