From 9043c0ab9aaea52a2419ec22b66606ef444f1a1c Mon Sep 17 00:00:00 2001
From: rohitsakala <rohitsakala@gmail.com>
Date: Mon, 20 Feb 2017 13:25:05 +0530
Subject: Add unit tests to token based authentication

Projects has been choosen as an helper to test token success,invalid and
unauthorized

JIRA: FUNCTEST-739

Change-Id: Iecc68821f5cc85630c17e54144723cc6f5e21ded
Signed-off-by: rohitsakala <rohitsakala@gmail.com>
---
 .../testapi/opnfv_testapi/resources/handlers.py    |   4 +-
 .../opnfv_testapi/tests/unit/fake_pymongo.py       |   1 +
 .../testapi/opnfv_testapi/tests/unit/test_token.py | 118 +++++++++++++++++++++
 3 files changed, 121 insertions(+), 2 deletions(-)
 create mode 100644 utils/test/testapi/opnfv_testapi/tests/unit/test_token.py

(limited to 'utils/test')

diff --git a/utils/test/testapi/opnfv_testapi/resources/handlers.py b/utils/test/testapi/opnfv_testapi/resources/handlers.py
index 63e2e8bdb..8255b526a 100644
--- a/utils/test/testapi/opnfv_testapi/resources/handlers.py
+++ b/utils/test/testapi/opnfv_testapi/resources/handlers.py
@@ -81,12 +81,12 @@ class GenericApiHandler(web.RequestHandler):
                 try:
                     token = self.request.headers['X-Auth-Token']
                 except KeyError:
-                    raise web.HTTPError(web.HTTP_UNAUTHORIZED,
+                    raise web.HTTPError(constants.HTTP_UNAUTHORIZED,
                                         "No Authentication Header.")
                 query = {'access_token': token}
                 check = yield self._eval_db_find_one(query, 'tokens')
                 if not check:
-                    raise web.HTTPError(web.HTTP_FORBIDDEN,
+                    raise web.HTTPError(constants.HTTP_FORBIDDEN,
                                         "Invalid Token.")
             ret = yield gen.coroutine(method)(self, *args, **kwargs)
             raise gen.Return(ret)
diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/fake_pymongo.py b/utils/test/testapi/opnfv_testapi/tests/unit/fake_pymongo.py
index 3c4fd01a3..ef74a0857 100644
--- a/utils/test/testapi/opnfv_testapi/tests/unit/fake_pymongo.py
+++ b/utils/test/testapi/opnfv_testapi/tests/unit/fake_pymongo.py
@@ -242,3 +242,4 @@ projects = MemDb('projects')
 testcases = MemDb('testcases')
 results = MemDb('results')
 scenarios = MemDb('scenarios')
+tokens = MemDb('tokens')
diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/test_token.py b/utils/test/testapi/opnfv_testapi/tests/unit/test_token.py
new file mode 100644
index 000000000..19b9e3e07
--- /dev/null
+++ b/utils/test/testapi/opnfv_testapi/tests/unit/test_token.py
@@ -0,0 +1,118 @@
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+import unittest
+
+from tornado import web
+
+import fake_pymongo
+from opnfv_testapi.common import constants
+from opnfv_testapi.resources import project_models
+from opnfv_testapi.router import url_mappings
+import test_base as base
+
+
+class TestToken(base.TestBase):
+    def get_app(self):
+        return web.Application(
+            url_mappings.mappings,
+            db=fake_pymongo,
+            debug=True,
+            auth=True
+        )
+
+
+class TestTokenCreateProject(TestToken):
+    def setUp(self):
+        super(TestTokenCreateProject, self).setUp()
+        self.req_d = project_models.ProjectCreateRequest('vping')
+        fake_pymongo.tokens.insert({"access_token": "12345"})
+        self.basePath = '/api/v1/projects'
+
+    def test_projectCreateTokenInvalid(self):
+        self.headers['X-Auth-Token'] = '1234'
+        code, body = self.create_d()
+        self.assertEqual(code, constants.HTTP_FORBIDDEN)
+        self.assertIn('Invalid Token.', body)
+
+    def test_projectCreateTokenUnauthorized(self):
+        self.headers.pop('X-Auth-Token')
+        code, body = self.create_d()
+        self.assertEqual(code, constants.HTTP_UNAUTHORIZED)
+        self.assertIn('No Authentication Header.', body)
+
+    def test_projectCreateTokenSuccess(self):
+        self.headers['X-Auth-Token'] = '12345'
+        code, body = self.create_d()
+        self.assertEqual(code, constants.HTTP_OK)
+
+
+class TestTokenDeleteProject(TestToken):
+    def setUp(self):
+        super(TestTokenDeleteProject, self).setUp()
+        self.req_d = project_models.ProjectCreateRequest('vping')
+        fake_pymongo.tokens.insert({"access_token": "12345"})
+        self.basePath = '/api/v1/projects'
+
+    def test_projectDeleteTokenIvalid(self):
+        self.headers['X-Auth-Token'] = '12345'
+        self.create_d()
+        self.headers['X-Auth-Token'] = '1234'
+        code, body = self.delete(self.req_d.name)
+        self.assertEqual(code, constants.HTTP_FORBIDDEN)
+        self.assertIn('Invalid Token.', body)
+
+    def test_projectDeleteTokenUnauthorized(self):
+        self.headers['X-Auth-Token'] = '12345'
+        self.create_d()
+        self.headers.pop('X-Auth-Token')
+        code, body = self.delete(self.req_d.name)
+        self.assertEqual(code, constants.HTTP_UNAUTHORIZED)
+        self.assertIn('No Authentication Header.', body)
+
+    def test_projectDeleteTokenSuccess(self):
+        self.headers['X-Auth-Token'] = '12345'
+        self.create_d()
+        code, body = self.delete(self.req_d.name)
+        self.assertEqual(code, constants.HTTP_OK)
+
+
+class TestTokenUpdateProject(TestToken):
+    def setUp(self):
+        super(TestTokenUpdateProject, self).setUp()
+        self.req_d = project_models.ProjectCreateRequest('vping')
+        fake_pymongo.tokens.insert({"access_token": "12345"})
+        self.basePath = '/api/v1/projects'
+
+    def test_projectUpdateTokenIvalid(self):
+        self.headers['X-Auth-Token'] = '12345'
+        self.create_d()
+        code, body = self.get(self.req_d.name)
+        self.headers['X-Auth-Token'] = '1234'
+        req = project_models.ProjectUpdateRequest('newName', 'new description')
+        code, body = self.update(req, self.req_d.name)
+        self.assertEqual(code, constants.HTTP_FORBIDDEN)
+        self.assertIn('Invalid Token.', body)
+
+    def test_projectUpdateTokenUnauthorized(self):
+        self.headers['X-Auth-Token'] = '12345'
+        self.create_d()
+        code, body = self.get(self.req_d.name)
+        self.headers.pop('X-Auth-Token')
+        req = project_models.ProjectUpdateRequest('newName', 'new description')
+        code, body = self.update(req, self.req_d.name)
+        self.assertEqual(code, constants.HTTP_UNAUTHORIZED)
+        self.assertIn('No Authentication Header.', body)
+
+    def test_projectUpdateTokenSuccess(self):
+        self.headers['X-Auth-Token'] = '12345'
+        self.create_d()
+        code, body = self.get(self.req_d.name)
+        req = project_models.ProjectUpdateRequest('newName', 'new description')
+        code, body = self.update(req, self.req_d.name)
+        self.assertEqual(code, constants.HTTP_OK)
+
+if __name__ == '__main__':
+    unittest.main()
-- 
cgit 1.2.3-korg