From d19886fafa9496813a7eb5743733dc00dbee5b0f Mon Sep 17 00:00:00 2001 From: spl0k Date: Wed, 1 Nov 2017 20:55:35 +0100 Subject: [PATCH] Rewritten and improved existing tests --- setup.py | 1 + tests/__init__.py | 2 - tests/api/__init__.py | 4 + tests/api/apitestbase.py | 104 ++++++ tests/api/test_system.py | 25 ++ tests/api/test_user.py | 153 ++++++++ tests/assets/subsonic-rest-api-1.8.0.xsd | 448 +++++++++++++++++++++++ tests/test_api.py | 235 ------------ 8 files changed, 735 insertions(+), 237 deletions(-) create mode 100644 tests/api/apitestbase.py create mode 100644 tests/api/test_system.py create mode 100644 tests/api/test_user.py create mode 100644 tests/assets/subsonic-rest-api-1.8.0.xsd delete mode 100644 tests/test_api.py diff --git a/setup.py b/setup.py index 4cd79a3..0f27795 100755 --- a/setup.py +++ b/setup.py @@ -35,6 +35,7 @@ setup( zip_safe=False, include_package_data=True, test_suite="tests.suite", + tests_require = [ 'lxml' ], classifiers=[ 'Development Status :: 3 - Alpha', 'Environment :: Console', diff --git a/tests/__init__.py b/tests/__init__.py index 3f3bc64..62171eb 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -13,7 +13,6 @@ import unittest import base, managers, api -from .test_api import ApiTestCase from .test_frontend import FrontendTestCase def suite(): @@ -23,7 +22,6 @@ def suite(): suite.addTest(api.suite()) suite.addTest(managers.suite()) - suite.addTest(unittest.makeSuite(ApiTestCase)) suite.addTest(unittest.makeSuite(FrontendTestCase)) return suite diff --git a/tests/api/__init__.py b/tests/api/__init__.py index 494bf16..4b7a94a 100644 --- a/tests/api/__init__.py +++ b/tests/api/__init__.py @@ -12,12 +12,16 @@ import unittest from .test_response_helper import suite as rh_suite from .test_api_setup import ApiSetupTestCase +from .test_system import SystemTestCase +from .test_user import UserTestCase def suite(): suite = unittest.TestSuite() suite.addTest(rh_suite()) suite.addTest(unittest.makeSuite(ApiSetupTestCase)) + suite.addTest(unittest.makeSuite(SystemTestCase)) + suite.addTest(unittest.makeSuite(UserTestCase)) return suite diff --git a/tests/api/apitestbase.py b/tests/api/apitestbase.py new file mode 100644 index 0000000..1b60992 --- /dev/null +++ b/tests/api/apitestbase.py @@ -0,0 +1,104 @@ +# -*- coding: utf-8 -*- +# vim:fenc=utf-8 +# +# This file is part of Supysonic. +# Supysonic is a Python implementation of the Subsonic server API. +# +# Copyright (C) 2017 Alban 'spl0k' Féron +# +# Distributed under terms of the GNU AGPLv3 license. + +import unittest + +import re +import sys + +from lxml import etree + +from supysonic.managers.user import UserManager + +from .appmock import AppMock + +path_replace_regexp = re.compile(r'/(\w+)') + +NS = '{http://subsonic.org/restapi}' + +class ApiTestBase(unittest.TestCase): + def setUp(self): + app_mock = AppMock() + self.app = app_mock.app + self.store = app_mock.store + self.client = self.app.test_client() + + sys.modules['supysonic.web'] = app_mock + import supysonic.api + + UserManager.add(self.store, 'alice', 'Alic3', 'test@example.com', True) + UserManager.add(self.store, 'bob', 'B0b', 'bob@example.com', False) + + xsd = etree.parse('tests/assets/subsonic-rest-api-1.8.0.xsd') + self.schema = etree.XMLSchema(xsd) + + def tearDown(self): + self.store.close() + to_unload = [ m for m in sys.modules if m.startswith('supysonic') ] + for m in to_unload: + del sys.modules[m] + + def _find(self, xml, path): + """ + Helper method that insert the namespace in XPath 'path' + """ + + path = path_replace_regexp.sub(r'/{}\1'.format(NS), path) + return xml.find(path) + + def _make_request(self, endpoint, args = {}, tag = None, error = None, skip_post = False): + """ + Makes both a GET and POST requests against the API, assert both get the same response. + If the user isn't provided with the 'u' and 'p' in 'args', the default 'alice' is used. + Validate the response against the Subsonic API XSD and assert it matches the expected tag or error. + + :param endpoint: request endpoint, with the '/rest/'prefix nor the '.view' suffix + :param args: dict of parameters. 'u', 'p', 'c' and 'v' are automatically added + :param tag: topmost expected element, right beneath 'subsonic-response' + :param error: if the given 'args' should produce an error at 'endpoint', this is the expected error code + :param skip_post: don't do the POST request + + :return: a 2-tuple (resp, child) if no error, where 'resp' is the full response object, 'child' a + 'lxml.etree.Element' mathching 'tag' (if any). If there's an error (when expected), only returns + the response object + """ + + if not isinstance(args, dict): + raise TypeError("'args', expecting a dict, got " + type(args).__name__) + if tag and not isinstance(tag, basestring): + raise TypeError("'tag', expecting a str, got " + type(tag).__name__) + + args.update({ 'c': 'tests', 'v': '1.8.0' }) + if 'u' not in args: + args.update({ 'u': 'alice', 'p': 'Alic3' }) + + uri = '/rest/{}.view'.format(endpoint) + rg = self.client.get(uri, query_string = args) + if not skip_post: + rp = self.client.post(uri, data = args) + self.assertEqual(rg.data, rp.data) + + xml = etree.fromstring(rg.data) + self.schema.assert_(xml) + + if 'status="ok"' in rg.data: + self.assertIsNone(error) + if tag: + self.assertEqual(xml[0].tag, NS + tag) + return rg, xml[0] + else: + self.assertEqual(len(xml), 0) + return rg, None + else: + self.assertIsNone(tag) + self.assertEqual(xml[0].tag, NS + 'error') + self.assertEqual(xml[0].get('code'), str(error)) + return rg + diff --git a/tests/api/test_system.py b/tests/api/test_system.py new file mode 100644 index 0000000..466cefc --- /dev/null +++ b/tests/api/test_system.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# vim:fenc=utf-8 +# +# This file is part of Supysonic. +# Supysonic is a Python implementation of the Subsonic server API. +# +# Copyright (C) 2017 Alban 'spl0k' Féron +# 2017 Óscar García Amor +# +# Distributed under terms of the GNU AGPLv3 license. + +from .apitestbase import ApiTestBase + +class SystemTestCase(ApiTestBase): + def test_ping(self): + self._make_request('ping') + + def test_get_license(self): + rv, child = self._make_request('getLicense', tag = 'license') + self.assertEqual(child.get('valid'), 'true') + +if __name__ == '__main__': + unittest.main() + diff --git a/tests/api/test_user.py b/tests/api/test_user.py new file mode 100644 index 0000000..e97a617 --- /dev/null +++ b/tests/api/test_user.py @@ -0,0 +1,153 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# vim:fenc=utf-8 +# +# This file is part of Supysonic. +# Supysonic is a Python implementation of the Subsonic server API. +# +# Copyright (C) 2017 Alban 'spl0k' Féron +# 2017 Óscar García Amor +# +# Distributed under terms of the GNU AGPLv3 license. + +import binascii + +from .apitestbase import ApiTestBase + +class UserTestCase(ApiTestBase): + def test_get_user(self): + # missing username + self._make_request('getUser', error = 10) + + # non-existent user + self._make_request('getUser', { 'username': 'non existent' }, error = 70) + + # self + rv, child = self._make_request('getUser', { 'username': 'alice' }, tag = 'user') + self.assertEqual(child.get('username'), 'alice') + self.assertEqual(child.get('adminRole'), 'true') + + # other + rv, child = self._make_request('getUser', { 'username': 'bob' }, tag = 'user') + self.assertEqual(child.get('username'), 'bob') + self.assertEqual(child.get('adminRole'), 'false') + + # self from non-admin + rv, child = self._make_request('getUser', { 'u': 'bob', 'p': 'B0b', 'username': 'bob' }, tag = 'user') + self.assertEqual(child.get('username'), 'bob') + self.assertEqual(child.get('adminRole'), 'false') + + # other from non-admin + self._make_request('getUser', { 'u': 'bob', 'p': 'B0b', 'username': 'alice' }, error = 50) + + def test_get_users(self): + # non-admin + self._make_request('getUsers', { 'u': 'bob', 'p': 'B0b' }, error = 50) + + # admin + rv, child = self._make_request('getUsers', tag = 'users') + self.assertEqual(len(child), 2) + self.assertIsNotNone(self._find(child, "./user[@username='alice']")) + self.assertIsNotNone(self._find(child, "./user[@username='bob']")) + + def test_create_user(self): + # non admin + self._make_request('createUser', { 'u': 'bob', 'p': 'B0b' }, error = 50) + + # missing params, testing every combination, maybe overkill + self._make_request('createUser', error = 10) + self._make_request('createUser', { 'username': 'user' }, error = 10) + self._make_request('createUser', { 'password': 'pass' }, error = 10) + self._make_request('createUser', { 'email': 'email@example.com' }, error = 10) + self._make_request('createUser', { 'username': 'user', 'password': 'pass' }, error = 10) + self._make_request('createUser', { 'username': 'user', 'email': 'email@example.com' }, error = 10) + self._make_request('createUser', { 'password': 'pass', 'email': 'email@example.com' }, error = 10) + + # duplicate + self._make_request('createUser', { 'username': 'bob', 'password': 'pass', 'email': 'me@bob.com' }, error = 0) + + # test we only got our two initial users + rv, child = self._make_request('getUsers', tag = 'users') + self.assertEqual(len(child), 2) + + # create users + self._make_request('createUser', { 'username': 'charlie', 'password': 'Ch4rl1e', 'email': 'unicorn@example.com', 'adminRole': True }, skip_post = True) + rv, child = self._make_request('getUser', { 'username': 'charlie' }, tag = 'user') + self.assertEqual(child.get('username'), 'charlie') + self.assertEqual(child.get('email'), 'unicorn@example.com') + self.assertEqual(child.get('adminRole'), 'true') + + self._make_request('createUser', { 'username': 'dave', 'password': 'Dav3', 'email': 'dave@example.com' }, skip_post = True) + rv, child = self._make_request('getUser', { 'username': 'dave' }, tag = 'user') + self.assertEqual(child.get('username'), 'dave') + self.assertEqual(child.get('email'), 'dave@example.com') + self.assertEqual(child.get('adminRole'), 'false') + + rv, child = self._make_request('getUsers', tag = 'users') + self.assertEqual(len(child), 4) + + def test_delete_user(self): + # non admin + self._make_request('deleteUser', { 'u': 'bob', 'p': 'B0b', 'username': 'alice' }, error = 50) + + # missing param + self._make_request('deleteUser', error = 10) + + # non existing + self._make_request('deleteUser', { 'username': 'charlie' }, error = 70) + + # test we still got our two initial users + rv, child = self._make_request('getUsers', tag = 'users') + self.assertEqual(len(child), 2) + + # delete user + self._make_request('deleteUser', { 'username': 'bob' }, skip_post = True) + rv, child = self._make_request('getUsers', tag = 'users') + self.assertEqual(len(child), 1) + + def test_change_password(self): + # missing parameter + self._make_request('changePassword', error = 10) + self._make_request('changePassword', { 'username': 'alice' }, error = 10) + self._make_request('changePassword', { 'password': 'newpass' }, error = 10) + + # admin change self + self._make_request('changePassword', { 'username': 'alice', 'password': 'newpass' }, skip_post = True) + self._make_request('ping', error = 40) + self._make_request('ping', { 'u': 'alice', 'p': 'newpass' }) + self._make_request('changePassword', { 'u': 'alice', 'p': 'newpass', 'username': 'alice', 'password': 'Alic3' }, skip_post = True) + + # admin change other + self._make_request('changePassword', { 'username': 'bob', 'password': 'newbob' }, skip_post = True) + self._make_request('ping', { 'u': 'bob', 'p': 'B0b' }, error = 40) + self._make_request('ping', { 'u': 'bob', 'p': 'newbob' }) + + # non-admin change self + self._make_request('changePassword', { 'u': 'bob', 'p': 'newbob', 'username': 'bob', 'password': 'B0b' }, skip_post = True) + self._make_request('ping', { 'u': 'bob', 'p': 'newbob' }, error = 40) + self._make_request('ping', { 'u': 'bob', 'p': 'B0b' }) + + # non-admin change other + self._make_request('changePassword', { 'u': 'bob', 'p': 'B0b', 'username': 'alice', 'password': 'newpass' }, skip_post = True, error = 50) + self._make_request('ping', { 'u': 'alice', 'p': 'newpass' }, error = 40) + self._make_request('ping') + + # change non existing + self._make_request('changePassword', { 'username': 'nonexsistent', 'password': 'pass' }, error = 70) + + # non ASCII chars + self._make_request('changePassword', { 'username': 'alice', 'password': 'новыйпароль' }, skip_post = True) + self._make_request('ping', { 'u': 'alice', 'p': 'новыйпароль' }) + self._make_request('changePassword', { 'username': 'alice', 'password': 'Alic3', 'u': 'alice', 'p': 'новыйпароль' }, skip_post = True) + + # non ASCII in hex encoded password + self._make_request('changePassword', { 'username': 'alice', 'password': 'enc:' + binascii.hexlify('новыйпароль') }, skip_post = True) + self._make_request('ping', { 'u': 'alice', 'p': 'новыйпароль' }) + + # new password starting with 'enc:' followed by non hex chars + self._make_request('changePassword', { 'username': 'alice', 'password': 'enc:randomstring', 'u': 'alice', 'p': 'новыйпароль' }, skip_post = True) + self._make_request('ping', { 'u': 'alice', 'p': 'enc:randomstring' }) + +if __name__ == '__main__': + unittest.main() + diff --git a/tests/assets/subsonic-rest-api-1.8.0.xsd b/tests/assets/subsonic-rest-api-1.8.0.xsd new file mode 100644 index 0000000..ba404c5 --- /dev/null +++ b/tests/assets/subsonic-rest-api-1.8.0.xsd @@ -0,0 +1,448 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/tests/test_api.py b/tests/test_api.py deleted file mode 100644 index fff2b2a..0000000 --- a/tests/test_api.py +++ /dev/null @@ -1,235 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- -# vim:fenc=utf-8 -# -# This file is part of Supysonic. -# Supysonic is a Python implementation of the Subsonic server API. -# -# Copyright (C) 2013-2017 Alban 'spl0k' Féron -# 2017 Óscar García Amor -# -# Distributed under terms of the GNU AGPLv3 license. - -from supysonic import db -from supysonic.managers.user import UserManager - -import sys -import unittest -import uuid - -# Create an empty sqlite database in memory -store = db.get_store("sqlite:") -# Read schema from file -with open('schema/sqlite.sql') as sql: - schema = sql.read() -# Create tables on memory database -for command in schema.split(';'): - store.execute(command) -# Create some users -UserManager.add(store, 'alice', 'alice', 'test@example.com', True) -UserManager.add(store, 'bob', 'bob', 'bob@example.com', False) -UserManager.add(store, 'charlie', 'charlie', 'charlie@example.com', False) - -# Create a mockup of web -from flask import Flask -app = Flask(__name__) -class web(): - app = app - store = store -sys.modules['supysonic.web'] = web() - -# Import module and set app in test mode -import supysonic.api - -class ApiTestCase(unittest.TestCase): - def setUp(self): - self.app = app.test_client() - - def test_get_license(self): - # GET user request - rv = self.app.get('/rest/getLicense.view?u=alice&p=alice&c=test') - self.assertIn('status="ok"', rv.data) - self.assertIn('license valid="true"', rv.data) - # POST user request - rv = self.app.post('/rest/getLicense.view', data=dict(u='alice', p='alice', c='test')) - self.assertIn('status="ok"', rv.data) - self.assertIn('license valid="true"', rv.data) - - def test_get_user(self): - # GET missing username - rv = self.app.get('/rest/getUser.view?u=alice&p=alice&c=test') - self.assertIn('message="Missing username"', rv.data) - # POST missing username - rv = self.app.post('/rest/getUser.view', data=dict(u='alice', p='alice', c='test')) - self.assertIn('message="Missing username"', rv.data) - # GET non-admin request for other user - rv = self.app.get('/rest/getUser.view?u=bob&p=bob&c=test&username=alice') - self.assertIn('message="Admin restricted"', rv.data) - # POST non-admin request for other user - rv = self.app.post('/rest/getUser.view', data=dict(u='bob', p='bob', c='test', username='alice')) - self.assertIn('message="Admin restricted"', rv.data) - # GET non-existent user - rv = self.app.get('/rest/getUser.view?u=alice&p=alice&c=test&username=null') - self.assertIn('message="Unknown user"', rv.data) - # POST non-existent user - rv = self.app.post('/rest/getUser.view', data=dict(u='alice', p='alice', c='test', username='null')) - self.assertIn('message="Unknown user"', rv.data) - # GET admin request - rv = self.app.get('/rest/getUser.view?u=alice&p=alice&c=test&username=alice') - self.assertIn('adminRole="true"', rv.data) - self.assertIn('username="alice"', rv.data) - # POST admin request - rv = self.app.post('/rest/getUser.view', data=dict(u='alice', p='alice', c='test', username='alice')) - self.assertIn('adminRole="true"', rv.data) - self.assertIn('username="alice"', rv.data) - # GET admin request for other user - rv = self.app.get('/rest/getUser.view?u=alice&p=alice&c=test&username=bob') - self.assertIn('username="bob"', rv.data) - self.assertIn('adminRole="false"', rv.data) - # POST admin request for other user - rv = self.app.post('/rest/getUser.view', data=dict(u='alice', p='alice', c='test', username='bob')) - self.assertIn('username="bob"', rv.data) - self.assertIn('adminRole="false"', rv.data) - # GET non-admin request - rv = self.app.get('/rest/getUser.view?u=charlie&p=charlie&c=test&username=charlie') - self.assertIn('username="charlie"', rv.data) - self.assertIn('adminRole="false"', rv.data) - # POST non-admin request - rv = self.app.post('/rest/getUser.view', data=dict(u='charlie', p='charlie', c='test', username='charlie')) - self.assertIn('username="charlie"', rv.data) - self.assertIn('adminRole="false"', rv.data) - - def test_get_users(self): - # GET admin request - rv = self.app.get('/rest/getUsers.view?u=alice&p=alice&c=test') - self.assertIn('alice', rv.data) - self.assertIn('bob', rv.data) - self.assertIn('charlie', rv.data) - # POST admin request - rv = self.app.post('/rest/getUsers.view', data=dict(u='alice', p='alice', c='test')) - self.assertIn('alice', rv.data) - self.assertIn('bob', rv.data) - self.assertIn('charlie', rv.data) - # GET non-admin request - rv = self.app.get('/rest/getUsers.view?u=bob&p=bob&c=test') - self.assertIn('message="Admin restricted"', rv.data) - # POST non-admin request - rv = self.app.post('/rest/getUsers.view', data=dict(u='bob', p='bob', c='test')) - self.assertIn('message="Admin restricted"', rv.data) - - def test_create_user(self): - # GET non-admin request - rv = self.app.get('/rest/createUser.view?u=bob&p=bob&c=test') - self.assertIn('message="Admin restricted"', rv.data) - # POST non-admin request - rv = self.app.post('/rest/createUser.view', data=dict(u='bob', p='bob', c='test')) - self.assertIn('message="Admin restricted"', rv.data) - # GET incomplete request - rv = self.app.get('/rest/createUser.view?u=alice&p=alice&c=test') - self.assertIn('message="Missing parameter"', rv.data) - # POST incomplete request - rv = self.app.post('/rest/createUser.view', data=dict(u='alice', p='alice', c='test')) - self.assertIn('message="Missing parameter"', rv.data) - # GET create user and test that user is created - rv = self.app.get('/rest/createUser.view?u=alice&p=alice&c=test&username=david&password=david&email=david%40example.com&adminRole=True') - self.assertIn('status="ok"', rv.data) - rv = self.app.get('/rest/getUser.view?u=david&p=david&c=test&username=david') - self.assertIn('username="david"', rv.data) - self.assertIn('email="david@example.com"', rv.data) - self.assertIn('adminRole="true"', rv.data) - # POST create user and test that user is created - rv = self.app.post('/rest/createUser.view', data=dict(u='alice', p='alice', c='test', username='elanor', password='elanor', email='elanor@example.com', adminRole=True)) - self.assertIn('status="ok"', rv.data) - rv = self.app.post('/rest/getUser.view', data=dict(u='elanor', p='elanor', c='test', username='elanor')) - self.assertIn('username="elanor"', rv.data) - self.assertIn('email="elanor@example.com"', rv.data) - self.assertIn('adminRole="true"', rv.data) - # GET create duplicate - rv = self.app.get('/rest/createUser.view?u=alice&p=alice&c=test&username=david&password=david&email=david%40example.com&adminRole=True') - self.assertIn('message="There is already a user with that username"', rv.data) - # POST create duplicate - rv = self.app.post('/rest/createUser.view', data=dict(u='alice', p='alice', c='test', username='elanor', password='elanor', email='elanor@example.com', adminRole=True)) - self.assertIn('message="There is already a user with that username"', rv.data) - - def test_delete_user(self): - # GET non-admin request - rv = self.app.get('/rest/deleteUser.view?u=bob&p=bob&c=test') - self.assertIn('message="Admin restricted"', rv.data) - # POST non-admin request - rv = self.app.post('/rest/deleteUser.view', data=dict(u='bob', p='bob', c='test')) - self.assertIn('message="Admin restricted"', rv.data) - # GET incomplete request - rv = self.app.get('/rest/deleteUser.view?u=alice&p=alice&c=test') - self.assertIn('message="Unknown user"', rv.data) - # POST incomplete request - rv = self.app.post('/rest/deleteUser.view', data=dict(u='alice', p='alice', c='test')) - self.assertIn('message="Unknown user"', rv.data) - # GET delete non-existent user - rv = self.app.get('/rest/deleteUser.view?u=alice&p=alice&c=test&username=nonexistent') - self.assertIn('message="Unknown user"', rv.data) - # POST delete non-existent user - rv = self.app.post('/rest/deleteUser.view', data=dict(u='alice', p='alice', c='test', username='nonexistent')) - self.assertIn('message="Unknown user"', rv.data) - # GET delete existent user - rv = self.app.get('/rest/deleteUser.view?u=alice&p=alice&c=test&username=elanor') - self.assertIn('status="ok"', rv.data) - rv = self.app.get('/rest/getUser.view?u=alice&p=alice&c=test&username=elanor') - self.assertIn('message="Unknown user"', rv.data) - # POST delete existent user - rv = self.app.post('/rest/deleteUser.view', data=dict(u='alice', p='alice', c='test', username='david')) - self.assertIn('status="ok"', rv.data) - rv = self.app.post('/rest/getUser.view', data=dict(u='alice', p='alice', c='test', username='david')) - self.assertIn('message="Unknown user"', rv.data) - - def test_change_password(self): - # GET incomplete request - rv = self.app.get('/rest/changePassword.view?u=alice&p=alice&c=test') - self.assertIn('message="Missing parameter"', rv.data) - # POST incomplete request - rv = self.app.post('/rest/changePassword.view', data=dict(u='alice', p='alice', c='test')) - self.assertIn('message="Missing parameter"', rv.data) - # GET non-admin change own password - rv = self.app.get('/rest/changePassword.view?u=bob&p=bob&c=test&username=bob&password=newpassword') - self.assertIn('status="ok"', rv.data) - # POST non-admin change own password - rv = self.app.post('/rest/changePassword.view', data=dict(u='bob', p='newpassword', c='test', username='bob', password='bob')) - self.assertIn('status="ok"', rv.data) - # GET non-admin change other user password - rv = self.app.get('/rest/changePassword.view?u=bob&p=bob&c=test&username=alice&password=newpassword') - self.assertIn('message="Admin restricted"', rv.data) - # POST non-admin change other user password - rv = self.app.post('/rest/changePassword.view', data=dict(u='bob', p='bob', c='test', username='alice', password='newpassword')) - self.assertIn('message="Admin restricted"', rv.data) - # GET admin change other user password - rv = self.app.get('/rest/changePassword.view?u=bob&p=bob&c=test&username=bob&password=newpassword') - self.assertIn('status="ok"', rv.data) - # POST admin change other user password - rv = self.app.post('/rest/changePassword.view', data=dict(u='bob', p='newpassword', c='test', username='bob', password='bob')) - self.assertIn('status="ok"', rv.data) - # GET change non-existent user password - rv = self.app.get('/rest/changePassword.view?u=alice&p=alice&c=test&username=nonexistent&password=nonexistent') - self.assertIn('message="No such user"', rv.data) - # POST change non-existent user password - rv = self.app.post('/rest/changePassword.view', data=dict(u='alice', p='alice', c='test', username='nonexistent', password='nonexistent')) - self.assertIn('message="No such user"', rv.data) - # GET non-admin change own password using extended utf-8 characters - rv = self.app.get('/rest/changePassword.view?u=bob&p=bob&c=test&username=bob&password=новыйпароль') - self.assertIn('status="ok"', rv.data) - # POST non-admin change own password using extended utf-8 characters - rv = self.app.post('/rest/changePassword.view', data=dict(u='bob', p='новыйпароль', c='test', username='bob', password='bob')) - self.assertIn('status="ok"', rv.data) - # GET non-admin change own password using extended utf-8 characters with old enc: - rv = self.app.get('/rest/changePassword.view?u=bob&p=enc:626f62&c=test&username=bob&password=новыйпароль') - self.assertIn('status="ok"', rv.data) - # POST non-admin change own password using extended utf-8 characters with old enc: - rv = self.app.post('/rest/changePassword.view', data=dict(u='bob', p='enc:d0bdd0bed0b2d18bd0b9d0bfd0b0d180d0bed0bbd18c', c='test', username='bob', password='bob')) - self.assertIn('status="ok"', rv.data) - # GET non-admin change own password using enc: in password - rv = self.app.get('/rest/changePassword.view?u=bob&p=bob&c=test&username=bob&password=enc:test') - self.assertIn('status="ok"', rv.data) - # POST non-admin change own password using enc: in password - rv = self.app.post('/rest/changePassword.view', data=dict(u='bob', p='enc:test', c='test', username='bob', password='bob')) - self.assertIn('status="ok"', rv.data) - -if __name__ == '__main__': - unittest.main()