From d48b95c902a45f25d108858b0e2a917c109bfb75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Tue, 14 Sep 2021 09:54:18 +0300 Subject: [PATCH] Improve tests to cover @csrf_exempt usage --- hc/api/tests/test_badge.py | 1 + hc/api/tests/test_create_check.py | 2 +- hc/api/tests/test_get_check.py | 4 ++++ hc/api/tests/test_get_pings.py | 2 +- hc/api/tests/test_notification_status.py | 18 +++++++++--------- hc/api/tests/test_pause.py | 11 ++++++++++- hc/api/tests/test_update_check.py | 2 +- 7 files changed, 27 insertions(+), 13 deletions(-) diff --git a/hc/api/tests/test_badge.py b/hc/api/tests/test_badge.py index a34daba2..cd2488e2 100644 --- a/hc/api/tests/test_badge.py +++ b/hc/api/tests/test_badge.py @@ -28,6 +28,7 @@ class BadgeTestCase(BaseTestCase): def test_it_returns_svg(self): r = self.client.get(self.svg_url) self.assertEqual(r["Access-Control-Allow-Origin"], "*") + self.assertIn("no-cache", r["Cache-Control"]) self.assertContains(r, "#4c1") def test_it_rejects_bad_format(self): diff --git a/hc/api/tests/test_create_check.py b/hc/api/tests/test_create_check.py index 2326c51a..0d84f7aa 100644 --- a/hc/api/tests/test_create_check.py +++ b/hc/api/tests/test_create_check.py @@ -12,7 +12,7 @@ class CreateCheckTestCase(BaseTestCase): if "api_key" not in data: data["api_key"] = "X" * 32 - r = self.client.post(self.URL, data, content_type="application/json") + r = self.csrf_client.post(self.URL, data, content_type="application/json") if expect_fragment: self.assertEqual(r.status_code, 400) self.assertIn(expect_fragment, r.json()["error"]) diff --git a/hc/api/tests/test_get_check.py b/hc/api/tests/test_get_check.py index dd2b78b5..3a60973f 100644 --- a/hc/api/tests/test_get_check.py +++ b/hc/api/tests/test_get_check.py @@ -74,6 +74,10 @@ class GetCheckTestCase(BaseTestCase): self.assertEqual(doc["channels"], str(self.c1.code)) self.assertEqual(doc["desc"], "This is description") + def test_it_rejects_post_unique_key(self): + r = self.csrf_client.post(f"/api/v1/checks/{self.a1.unique_key}") + self.assertEqual(r.status_code, 405) + def test_readonly_key_works(self): self.project.api_key_readonly = "R" * 32 self.project.save() diff --git a/hc/api/tests/test_get_pings.py b/hc/api/tests/test_get_pings.py index 8b156a6d..5cf6040c 100644 --- a/hc/api/tests/test_get_pings.py +++ b/hc/api/tests/test_get_pings.py @@ -20,7 +20,7 @@ class GetPingsTestCase(BaseTestCase): self.url = "/api/v1/checks/%s/pings/" % self.a1.code def get(self, api_key="X" * 32): - return self.client.get(self.url, HTTP_X_API_KEY=api_key) + return self.csrf_client.get(self.url, HTTP_X_API_KEY=api_key) def test_it_works(self): self.a1.ping( diff --git a/hc/api/tests/test_notification_status.py b/hc/api/tests/test_notification_status.py index bdab0d99..1c9284a1 100644 --- a/hc/api/tests/test_notification_status.py +++ b/hc/api/tests/test_notification_status.py @@ -22,7 +22,7 @@ class NotificationStatusTestCase(BaseTestCase): self.url = "/api/v1/notifications/%s/status" % self.n.code def test_it_handles_twilio_failed_status(self): - r = self.client.post(self.url, {"MessageStatus": "failed"}) + r = self.csrf_client.post(self.url, {"MessageStatus": "failed"}) self.assertEqual(r.status_code, 200) self.n.refresh_from_db() @@ -33,7 +33,7 @@ class NotificationStatusTestCase(BaseTestCase): self.assertTrue(self.channel.email_verified) def test_it_handles_twilio_undelivered_status(self): - r = self.client.post(self.url, {"MessageStatus": "undelivered"}) + r = self.csrf_client.post(self.url, {"MessageStatus": "undelivered"}) self.assertEqual(r.status_code, 200) self.n.refresh_from_db() @@ -43,7 +43,7 @@ class NotificationStatusTestCase(BaseTestCase): self.assertIn("status=undelivered", self.channel.last_error) def test_it_handles_twilio_delivered_status(self): - r = self.client.post(self.url, {"MessageStatus": "delivered"}) + r = self.csrf_client.post(self.url, {"MessageStatus": "delivered"}) self.assertEqual(r.status_code, 200) self.n.refresh_from_db() @@ -56,7 +56,7 @@ class NotificationStatusTestCase(BaseTestCase): self.n.created = self.n.created - timedelta(minutes=61) self.n.save() - r = self.client.post(self.url, {"MessageStatus": "failed"}) + r = self.csrf_client.post(self.url, {"MessageStatus": "failed"}) self.assertEqual(r.status_code, 200) # The notification should not have the error field set: @@ -66,15 +66,15 @@ class NotificationStatusTestCase(BaseTestCase): def test_it_handles_missing_notification(self): fake_code = "07c2f548-9850-4b27-af5d-6c9dc157ec02" url = f"/api/v1/notifications/{fake_code}/status" - r = self.client.post(url, {"MessageStatus": "failed"}) + r = self.csrf_client.post(url, {"MessageStatus": "failed"}) self.assertEqual(r.status_code, 200) def test_it_requires_post(self): - r = self.client.get(self.url) + r = self.csrf_client.get(self.url) self.assertEqual(r.status_code, 405) def test_it_handles_error_key(self): - r = self.client.post(self.url, {"error": "Something went wrong."}) + r = self.csrf_client.post(self.url, {"error": "Something went wrong."}) self.assertEqual(r.status_code, 200) self.n.refresh_from_db() @@ -87,7 +87,7 @@ class NotificationStatusTestCase(BaseTestCase): def test_it_handles_mark_not_verified_key(self): payload = {"error": "Received complaint.", "mark_not_verified": "1"} - r = self.client.post(self.url, payload) + r = self.csrf_client.post(self.url, payload) self.assertEqual(r.status_code, 200) self.channel.refresh_from_db() @@ -95,7 +95,7 @@ class NotificationStatusTestCase(BaseTestCase): self.assertFalse(self.channel.email_verified) def test_it_handles_twilio_call_status_failed(self): - r = self.client.post(self.url, {"CallStatus": "failed"}) + r = self.csrf_client.post(self.url, {"CallStatus": "failed"}) self.assertEqual(r.status_code, 200) self.n.refresh_from_db() diff --git a/hc/api/tests/test_pause.py b/hc/api/tests/test_pause.py index 4f7e8f58..85e980e8 100644 --- a/hc/api/tests/test_pause.py +++ b/hc/api/tests/test_pause.py @@ -1,4 +1,5 @@ from datetime import timedelta as td +import json from django.utils.timezone import now from hc.api.models import Check @@ -13,7 +14,7 @@ class PauseTestCase(BaseTestCase): self.url = f"/api/v1/checks/{self.check.code}/pause" def test_it_works(self): - r = self.client.post( + r = self.csrf_client.post( self.url, "", content_type="application/json", HTTP_X_API_KEY="X" * 32 ) @@ -23,6 +24,14 @@ class PauseTestCase(BaseTestCase): self.check.refresh_from_db() self.assertEqual(self.check.status, "paused") + def test_it_accepts_api_key_in_post_body(self): + payload = json.dumps({"api_key": "X" * 32}) + r = self.csrf_client.post(self.url, payload, content_type="application/json") + self.assertEqual(r.status_code, 200) + + self.check.refresh_from_db() + self.assertEqual(self.check.status, "paused") + def test_it_handles_options(self): r = self.client.options(self.url) self.assertEqual(r.status_code, 204) diff --git a/hc/api/tests/test_update_check.py b/hc/api/tests/test_update_check.py index a42f4c5d..d5ff4939 100644 --- a/hc/api/tests/test_update_check.py +++ b/hc/api/tests/test_update_check.py @@ -13,7 +13,7 @@ class UpdateCheckTestCase(BaseTestCase): def post(self, code, data): url = "/api/v1/checks/%s" % code - return self.client.post(url, data, content_type="application/json") + return self.csrf_client.post(url, data, content_type="application/json") def test_it_works(self): self.check.last_ping = now()