-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathtest_api.py
More file actions
132 lines (85 loc) · 3.66 KB
/
test_api.py
File metadata and controls
132 lines (85 loc) · 3.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
import hmac
import os
from unittest.mock import patch
from ninja.testing import TestClient
from manage_breast_screening.core.api import GlobalAuth, api
os.environ["NINJA_SKIP_REGISTRY"] = "yes"
client = TestClient(api)
def test_status_endpoint(monkeypatch):
monkeypatch.setenv("API_AUTH_TOKEN", "testtoken")
monkeypatch.setenv("API_ENABLED", "true")
response = client.get("/status", headers={"Authorization": "Bearer testtoken"})
assert response.status_code == 200
assert response.json() == {"status": "API is available"}
def test_status_endpoint_no_auth():
response = client.get("/status")
assert response.status_code == 401
assert response.json() == {
"detail": "Unauthorized",
}
def test_status_endpoint_api_disabled(monkeypatch):
monkeypatch.setenv("API_AUTH_TOKEN", "testtoken")
monkeypatch.setenv("API_ENABLED", "false")
response = client.get("/status", headers={"Authorization": "Bearer testtoken"})
assert response.status_code == 403
json = response.json()
assert json["title"] == "Forbidden"
assert json["status"] == 403
assert json["detail"] == "API is not available"
def test_status_wrong_auth(monkeypatch):
monkeypatch.setenv("API_AUTH_TOKEN", "testtoken")
monkeypatch.setenv("API_ENABLED", "true")
response = client.get(
"/status",
headers={"Authorization": "Bearer wrongtoken"},
)
assert response.status_code == 401
assert response.json() == {"detail": "Unauthorized"}
def test_status_empty_expected_token(monkeypatch):
monkeypatch.setenv("API_AUTH_TOKEN", "")
monkeypatch.setenv("API_ENABLED", "true")
response = client.get(
"/status",
headers={"Authorization": "Bearer testtoken"},
)
assert response.status_code == 401
assert response.json() == {"detail": "Unauthorized"}
def test_status_empty_provided_token(monkeypatch):
monkeypatch.setenv("API_AUTH_TOKEN", "testtoken")
monkeypatch.setenv("API_ENABLED", "true")
response = client.get(
"/status",
headers={"Authorization": "Bearer "},
)
assert response.status_code == 401
assert response.json() == {"detail": "Unauthorized"}
def test_status_no_token(monkeypatch):
monkeypatch.delenv("API_AUTH_TOKEN", raising=False)
monkeypatch.setenv("API_ENABLED", "true")
response = client.get("/status")
assert response.status_code == 401
assert response.json() == {"detail": "Unauthorized"}
def test_hmac_compare_digest_true(monkeypatch):
monkeypatch.setenv("API_AUTH_TOKEN", "expected-token")
auth = GlobalAuth()
with patch.object(hmac, "compare_digest", return_value=True) as mock_compare:
result = auth.authenticate(object(), "provided-token")
mock_compare.assert_called_once_with("provided-token", "expected-token")
assert result == "provided-token"
def test_hmac_compare_digest_false(monkeypatch):
monkeypatch.setenv("API_AUTH_TOKEN", "expected-token")
auth = GlobalAuth()
with patch.object(hmac, "compare_digest", return_value=False) as mock_compare:
result = auth.authenticate(object(), "provided-token")
mock_compare.assert_called_once_with("provided-token", "expected-token")
assert not result
def test_api_docs(monkeypatch):
monkeypatch.setenv("API_DOCS_ENABLED", "true")
response = client.get("/docs")
assert response.status_code == 200
assert "Manage Breast Screening API" in response.content.decode()
def test_api_docs_disabled(monkeypatch):
monkeypatch.setenv("API_DOCS_ENABLED", "false")
response = client.get("/docs")
assert response.status_code == 404
assert "API documentation is not available" in response.content.decode()