Added some blackbox tests

This commit is contained in:
Pünkösd Marcell 2020-11-29 21:13:19 +01:00
parent d058886d6c
commit bf96347bf7
4 changed files with 186 additions and 21 deletions

View File

@ -1,2 +1,3 @@
pytest pytest
bandit bandit
beautifulsoup4

View File

@ -3,3 +3,4 @@ os.environ['CAFF_PREVIEWER_ENDPOINT'] = ''
os.environ['MINIO_ENDPOINT'] = '' os.environ['MINIO_ENDPOINT'] = ''
os.environ['MINIO_ACCESS_KEY'] = '' os.environ['MINIO_ACCESS_KEY'] = ''
os.environ['MINIO_SECRET_KEY'] = '' os.environ['MINIO_SECRET_KEY'] = ''
os.environ['SECURITY_PASSWORD_SALT'] = 'test'

View File

@ -1,20 +0,0 @@
import pytest
import app
@pytest.fixture
def client():
app.app.config['TESTING'] = True
with app.app.test_client() as client:
yield client
def test_login_required(client):
r = client.get('/content/caff/1')
assert r.status_code == 302
# TODO Test eache endpoint with an anonymus, registered and admin user

183
src/tests/test_blackbox.py Normal file
View File

@ -0,0 +1,183 @@
import pytest
from bs4 import BeautifulSoup
from utils import user_datastore
from models import db
import app
@pytest.fixture
def anonymous_client():
app.app.config['TESTING'] = True
with app.app.test_client() as client:
with app.app.app_context():
db.drop_all()
db.create_all()
yield client
@pytest.fixture
def logged_in_client():
app.app.config['TESTING'] = True
with app.app.test_client() as client:
with app.app.app_context():
db.drop_all()
db.create_all()
user = user_datastore.create_user(email="test", password="test")
user.name = 'test'
r = client.get('/login')
soup = BeautifulSoup(r.data.decode(), 'html.parser')
for input_tag in soup.find_all('input'):
if input_tag['name'] == 'csrf_token':
csrf_token = input_tag['value']
r = client.post('/login', data=dict(
email='test',
password='test',
csrf_token=csrf_token
), follow_redirects=True)
assert r.status_code == 200
yield client
@pytest.fixture
def admin_client():
app.app.config['TESTING'] = True
with app.app.test_client() as client:
with app.app.app_context():
db.drop_all()
db.create_all()
user_datastore.create_role(name='administrator')
user = user_datastore.create_user(email="test", password="test", roles=['administrator'])
user.name = 'test'
r = client.get('/login')
soup = BeautifulSoup(r.data.decode(), 'html.parser')
for input_tag in soup.find_all('input'):
if input_tag['name'] == 'csrf_token':
csrf_token = input_tag['value']
r = client.post('/login', data=dict(
email='test',
password='test',
csrf_token=csrf_token
), follow_redirects=True)
assert r.status_code == 200
yield client
#
# The actual tests
#
# Syntax:
# test_{username}_{type of test}_{subject of test}(...)
# username: admin, user, anonymous
#
# Some simple ux tests first
#
def test_admin_have_admin_button_homepage(admin_client):
r = admin_client.get('/')
assert r.status_code == 200
soup = BeautifulSoup(r.data.decode(), 'html.parser')
menu_items = soup.body.nav.div.div.find_all('li')
have_button = False
for item in menu_items:
if item.a.string == 'Administrate':
have_button = True
assert have_button
def test_user_not_have_admin_button_homepage(logged_in_client):
r = logged_in_client.get('/')
assert r.status_code == 200
soup = BeautifulSoup(r.data.decode(), 'html.parser')
menu_items = soup.body.nav.div.div.find_all('li')
have_button = False
for item in menu_items:
if item.a.string == 'Administrate':
have_button = True
assert not have_button
def test_anonymous_not_have_admin_button_homepage(anonymous_client):
r = anonymous_client.get('/')
assert r.status_code == 200
soup = BeautifulSoup(r.data.decode(), 'html.parser')
menu_items = soup.body.nav.div.div.find_all('li')
have_button = False
for item in menu_items:
if item.a.string == 'Administrate':
have_button = True
assert not have_button
def test_anonymous_have_to_login_protected_pages(anonymous_client):
r = anonymous_client.get('/upload')
assert r.status_code == 200
soup = BeautifulSoup(r.data.decode(), 'html.parser')
assert 'Log in' == soup.find_all('p')[0].a.string
def test_anonymous_get_login_required_redirect(anonymous_client):
for path in ['/content/caff/1', '/profile']:
r = anonymous_client.get(path)
assert r.status_code == 302
def test_anonymous_post_login_required_redirect(anonymous_client):
for path in ['/upload', '/item/1']:
r = anonymous_client.post(path)
assert r.status_code == 302
def test_logged_in_ok(logged_in_client):
r = logged_in_client.get('/profile')
assert r.status_code == 200
#
# Admin pages
#
def test_admin_access_admin(admin_client):
for path in ['/admin/', '/admin/user/', '/admin/comment/', '/admin/item/', '/admin/purchase/']:
r = admin_client.get(path)
assert r.status_code == 200
def test_user_access_admin(logged_in_client):
for path in ['/admin/', '/admin/user/', '/admin/comment/', '/admin/item/', '/admin/purchase/']:
r = logged_in_client.get(path)
assert r.status_code == 401
def test_anonymus_access_admin(anonymous_client):
for path in ['/admin/', '/admin/user/', '/admin/comment/', '/admin/item/', '/admin/purchase/']:
r = anonymous_client.get(path)
assert r.status_code == 401