blob: 0a569e2cff70a39adfb8070e7f8546151219ef25 [file] [log] [blame]
Copybara854996b2021-09-07 19:36:02 +00001# Copyright 2016 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file or at
4# https://developers.google.com/open-source/licenses/bsd
5
6"""Unit tests for jsonfeed module."""
7from __future__ import print_function
8from __future__ import division
9from __future__ import absolute_import
10
11import httplib
12import logging
13import unittest
14
15from google.appengine.api import app_identity
16
17from framework import jsonfeed
18from framework import servlet
19from framework import xsrf
20from services import service_manager
21from testing import testing_helpers
22
23
24class JsonFeedTest(unittest.TestCase):
25
26 def setUp(self):
27 self.cnxn = 'fake cnxn'
28
29 def testGet(self):
30 """Tests handling of GET requests."""
31 feed = TestableJsonFeed()
32
33 # all expected args are present + a bonus arg that should be ignored
34 feed.mr = testing_helpers.MakeMonorailRequest(
35 path='/foo/bar/wee?sna=foo', method='POST',
36 params={'a': '123', 'z': 'zebra'})
37 feed.get()
38
39 self.assertEqual(True, feed.handle_request_called)
40 self.assertEqual(1, len(feed.json_data))
41
42 def testPost(self):
43 """Tests handling of POST requests."""
44 feed = TestableJsonFeed()
45 feed.mr = testing_helpers.MakeMonorailRequest(
46 path='/foo/bar/wee?sna=foo', method='POST',
47 params={'a': '123', 'z': 'zebra'})
48
49 feed.post()
50
51 self.assertEqual(True, feed.handle_request_called)
52 self.assertEqual(1, len(feed.json_data))
53
54 def testSecurityTokenChecked_BadToken(self):
55 feed = TestableJsonFeed()
56 feed.mr = testing_helpers.MakeMonorailRequest(
57 user_info={'user_id': 555})
58 # Note that feed.mr has no token set.
59 self.assertRaises(xsrf.TokenIncorrect, feed.get)
60 self.assertRaises(xsrf.TokenIncorrect, feed.post)
61
62 feed.mr.token = 'bad token'
63 self.assertRaises(xsrf.TokenIncorrect, feed.get)
64 self.assertRaises(xsrf.TokenIncorrect, feed.post)
65
66 def testSecurityTokenChecked_HandlerDoesNotNeedToken(self):
67 feed = TestableJsonFeed()
68 feed.mr = testing_helpers.MakeMonorailRequest(
69 user_info={'user_id': 555})
70 # Note that feed.mr has no token set.
71 feed.CHECK_SECURITY_TOKEN = False
72 feed.get()
73 feed.post()
74
75 def testSecurityTokenChecked_AnonUserDoesNotNeedToken(self):
76 feed = TestableJsonFeed()
77 feed.mr = testing_helpers.MakeMonorailRequest()
78 # Note that feed.mr has no token set, but also no auth.user_id.
79 feed.get()
80 feed.post()
81
82 def testSameAppOnly_ExternallyAccessible(self):
83 feed = TestableJsonFeed()
84 feed.mr = testing_helpers.MakeMonorailRequest()
85 # Note that request has no X-Appengine-Inbound-Appid set.
86 feed.get()
87 feed.post()
88
89 def testSameAppOnly_InternalOnlyCalledFromSameApp(self):
90 feed = TestableJsonFeed()
91 feed.CHECK_SAME_APP = True
92 feed.mr = testing_helpers.MakeMonorailRequest()
93 app_id = app_identity.get_application_id()
94 feed.mr.request.headers['X-Appengine-Inbound-Appid'] = app_id
95 feed.get()
96 feed.post()
97
98 def testSameAppOnly_InternalOnlyCalledExternally(self):
99 feed = TestableJsonFeed()
100 feed.CHECK_SAME_APP = True
101 feed.mr = testing_helpers.MakeMonorailRequest()
102 # Note that request has no X-Appengine-Inbound-Appid set.
103 self.assertIsNone(feed.get())
104 self.assertFalse(feed.handle_request_called)
105 self.assertEqual(httplib.FORBIDDEN, feed.response.status)
106 self.assertIsNone(feed.post())
107 self.assertFalse(feed.handle_request_called)
108 self.assertEqual(httplib.FORBIDDEN, feed.response.status)
109
110 def testSameAppOnly_InternalOnlyCalledFromWrongApp(self):
111 feed = TestableJsonFeed()
112 feed.CHECK_SAME_APP = True
113 feed.mr = testing_helpers.MakeMonorailRequest()
114 feed.mr.request.headers['X-Appengine-Inbound-Appid'] = 'wrong'
115 self.assertIsNone(feed.get())
116 self.assertFalse(feed.handle_request_called)
117 self.assertEqual(httplib.FORBIDDEN, feed.response.status)
118 self.assertIsNone(feed.post())
119 self.assertFalse(feed.handle_request_called)
120 self.assertEqual(httplib.FORBIDDEN, feed.response.status)
121
122
123class TestableJsonFeed(jsonfeed.JsonFeed):
124
125 def __init__(self, request=None):
126 response = testing_helpers.Blank()
127 super(TestableJsonFeed, self).__init__(
128 request or 'req', response, services=service_manager.Services())
129
130 self.response_data = None
131 self.handle_request_called = False
132 self.json_data = None
133
134 def HandleRequest(self, mr):
135 self.handle_request_called = True
136 return {'a': mr.GetParam('a')}
137
138 # The output chain is hard to double so we pass on that phase,
139 # but save the response data for inspection
140 def _RenderJsonResponse(self, json_data):
141 self.json_data = json_data