2014-03-02 19:54:50 +00:00
|
|
|
from flask import url_for
|
2016-02-29 08:39:50 +00:00
|
|
|
from flask_login import current_user
|
2017-09-03 11:28:34 +00:00
|
|
|
from funcy import project
|
2014-03-02 15:59:08 +00:00
|
|
|
from mock import patch
|
2017-09-03 11:28:34 +00:00
|
|
|
from tests import BaseTestCase, authenticated_user
|
|
|
|
|
|
2014-05-18 07:15:37 +00:00
|
|
|
from redash import models, settings
|
2014-01-31 16:50:25 +00:00
|
|
|
|
|
|
|
|
|
2015-12-01 13:44:08 +00:00
|
|
|
class AuthenticationTestMixin(object):
|
2016-01-03 14:05:29 +00:00
|
|
|
def test_returns_404_when_not_unauthenticated(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
for path in self.paths:
|
|
|
|
|
rv = self.client.get(path)
|
|
|
|
|
self.assertEquals(404, rv.status_code)
|
2014-01-31 16:50:25 +00:00
|
|
|
|
|
|
|
|
def test_returns_content_when_authenticated(self):
|
2015-12-01 13:44:08 +00:00
|
|
|
for path in self.paths:
|
|
|
|
|
rv = self.make_request('get', path, is_json=False)
|
|
|
|
|
self.assertEquals(200, rv.status_code)
|
2014-01-31 16:50:25 +00:00
|
|
|
|
|
|
|
|
|
2014-02-22 12:42:08 +00:00
|
|
|
class TestAuthentication(BaseTestCase):
|
2014-02-13 18:04:28 +00:00
|
|
|
def test_redirects_for_nonsigned_in_user(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
rv = self.client.get("/default/")
|
|
|
|
|
self.assertEquals(302, rv.status_code)
|
2014-02-13 18:04:28 +00:00
|
|
|
|
|
|
|
|
|
2016-11-28 16:55:41 +00:00
|
|
|
class PingTest(BaseTestCase):
|
2014-01-31 16:50:25 +00:00
|
|
|
def test_ping(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
rv = self.client.get('/ping')
|
|
|
|
|
self.assertEquals(200, rv.status_code)
|
|
|
|
|
self.assertEquals('PONG.', rv.data)
|
2014-01-31 16:50:25 +00:00
|
|
|
|
|
|
|
|
|
2016-01-03 14:05:29 +00:00
|
|
|
class IndexTest(BaseTestCase):
|
2014-01-31 16:50:25 +00:00
|
|
|
def setUp(self):
|
2016-01-03 14:05:29 +00:00
|
|
|
self.paths = ['/default/', '/default/dashboard/example', '/default/queries/1', '/default/admin/status']
|
2014-02-05 09:01:06 +00:00
|
|
|
super(IndexTest, self).setUp()
|
2014-01-31 16:50:25 +00:00
|
|
|
|
2016-01-03 14:05:29 +00:00
|
|
|
def test_redirect_to_login_when_not_authenticated(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
for path in self.paths:
|
|
|
|
|
rv = self.client.get(path)
|
|
|
|
|
self.assertEquals(302, rv.status_code)
|
2016-01-03 14:05:29 +00:00
|
|
|
|
|
|
|
|
def test_returns_content_when_authenticated(self):
|
|
|
|
|
for path in self.paths:
|
|
|
|
|
rv = self.make_request('get', path, org=False, is_json=False)
|
|
|
|
|
self.assertEquals(200, rv.status_code)
|
|
|
|
|
|
2014-01-31 16:50:25 +00:00
|
|
|
|
2014-03-12 11:08:19 +00:00
|
|
|
class StatusTest(BaseTestCase):
|
2015-12-01 13:44:08 +00:00
|
|
|
def test_returns_data_for_super_admin(self):
|
|
|
|
|
admin = self.factory.create_admin()
|
2016-11-29 04:30:35 +00:00
|
|
|
models.db.session.commit()
|
2016-01-03 14:05:29 +00:00
|
|
|
rv = self.make_request('get', '/status.json', org=False, user=admin, is_json=False)
|
2015-12-01 13:44:08 +00:00
|
|
|
self.assertEqual(rv.status_code, 200)
|
2014-03-12 11:08:19 +00:00
|
|
|
|
|
|
|
|
def test_returns_403_for_non_admin(self):
|
2016-01-03 14:05:29 +00:00
|
|
|
rv = self.make_request('get', '/status.json', org=False, is_json=False)
|
2015-12-01 13:44:08 +00:00
|
|
|
self.assertEqual(rv.status_code, 403)
|
2014-03-12 11:08:19 +00:00
|
|
|
|
|
|
|
|
def test_redirects_non_authenticated_user(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
rv = self.client.get('/status.json')
|
|
|
|
|
self.assertEqual(rv.status_code, 302)
|
2014-01-31 16:50:25 +00:00
|
|
|
|
|
|
|
|
|
2014-02-05 09:01:06 +00:00
|
|
|
class JobAPITest(BaseTestCase, AuthenticationTestMixin):
|
2014-01-31 16:50:25 +00:00
|
|
|
def setUp(self):
|
|
|
|
|
self.paths = []
|
2014-02-05 09:01:06 +00:00
|
|
|
super(JobAPITest, self).setUp()
|
2014-01-31 16:50:25 +00:00
|
|
|
|
|
|
|
|
|
2014-03-02 15:59:08 +00:00
|
|
|
class TestLogin(BaseTestCase):
|
2014-03-02 19:54:50 +00:00
|
|
|
def setUp(self):
|
|
|
|
|
super(TestLogin, self).setUp()
|
2018-01-02 08:48:22 +00:00
|
|
|
self.factory.org.set_setting('auth_password_login_enabled', True)
|
2014-03-02 19:54:50 +00:00
|
|
|
|
2015-12-01 13:44:08 +00:00
|
|
|
@classmethod
|
|
|
|
|
def setUpClass(cls):
|
|
|
|
|
settings.ORG_RESOLVING = "single_org"
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def tearDownClass(cls):
|
|
|
|
|
settings.ORG_RESOLVING = "multi_org"
|
|
|
|
|
|
2014-03-02 15:59:08 +00:00
|
|
|
def test_get_login_form(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
rv = self.client.get('/default/login')
|
|
|
|
|
self.assertEquals(rv.status_code, 200)
|
2014-03-02 15:59:08 +00:00
|
|
|
|
|
|
|
|
def test_submit_non_existing_user(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
with patch('redash.handlers.authentication.login_user') as login_user_mock:
|
|
|
|
|
rv = self.client.post('/default/login', data={'email': 'arik', 'password': 'password'})
|
2014-03-02 15:59:08 +00:00
|
|
|
self.assertEquals(rv.status_code, 200)
|
|
|
|
|
self.assertFalse(login_user_mock.called)
|
|
|
|
|
|
|
|
|
|
def test_submit_correct_user_and_password(self):
|
2015-12-01 13:44:08 +00:00
|
|
|
user = self.factory.user
|
2014-03-02 15:59:08 +00:00
|
|
|
user.hash_password('password')
|
2016-11-28 16:55:41 +00:00
|
|
|
|
|
|
|
|
self.db.session.add(user)
|
|
|
|
|
self.db.session.commit()
|
2014-03-02 15:59:08 +00:00
|
|
|
|
2016-11-28 10:16:32 +00:00
|
|
|
with patch('redash.handlers.authentication.login_user') as login_user_mock:
|
|
|
|
|
rv = self.client.post('/default/login', data={'email': user.email, 'password': 'password'})
|
2014-03-02 15:59:08 +00:00
|
|
|
self.assertEquals(rv.status_code, 302)
|
|
|
|
|
login_user_mock.assert_called_with(user, remember=False)
|
|
|
|
|
|
2017-10-01 22:01:55 +00:00
|
|
|
def test_submit_case_insensitive_user_and_password(self):
|
|
|
|
|
user = self.factory.user
|
|
|
|
|
user.hash_password('password')
|
|
|
|
|
|
|
|
|
|
self.db.session.add(user)
|
|
|
|
|
self.db.session.commit()
|
|
|
|
|
|
|
|
|
|
with patch('redash.handlers.authentication.login_user') as login_user_mock:
|
|
|
|
|
rv = self.client.post('/default/login', data={'email': user.email.upper(), 'password': 'password'})
|
|
|
|
|
self.assertEquals(rv.status_code, 302)
|
|
|
|
|
login_user_mock.assert_called_with(user, remember=False)
|
|
|
|
|
|
2014-03-02 15:59:08 +00:00
|
|
|
def test_submit_correct_user_and_password_and_remember_me(self):
|
2015-12-01 13:44:08 +00:00
|
|
|
user = self.factory.user
|
2014-03-02 15:59:08 +00:00
|
|
|
user.hash_password('password')
|
2016-11-28 16:55:41 +00:00
|
|
|
|
|
|
|
|
self.db.session.add(user)
|
|
|
|
|
self.db.session.commit()
|
2014-03-02 15:59:08 +00:00
|
|
|
|
2016-11-28 10:16:32 +00:00
|
|
|
with patch('redash.handlers.authentication.login_user') as login_user_mock:
|
|
|
|
|
rv = self.client.post('/default/login', data={'email': user.email, 'password': 'password', 'remember': True})
|
2014-03-02 15:59:08 +00:00
|
|
|
self.assertEquals(rv.status_code, 302)
|
|
|
|
|
login_user_mock.assert_called_with(user, remember=True)
|
|
|
|
|
|
|
|
|
|
def test_submit_correct_user_and_password_with_next(self):
|
2015-12-01 13:44:08 +00:00
|
|
|
user = self.factory.user
|
2014-03-02 15:59:08 +00:00
|
|
|
user.hash_password('password')
|
2016-11-28 16:55:41 +00:00
|
|
|
|
|
|
|
|
self.db.session.add(user)
|
|
|
|
|
self.db.session.commit()
|
2014-03-02 15:59:08 +00:00
|
|
|
|
2016-11-28 10:16:32 +00:00
|
|
|
with patch('redash.handlers.authentication.login_user') as login_user_mock:
|
|
|
|
|
rv = self.client.post('/default/login?next=/test',
|
|
|
|
|
data={'email': user.email, 'password': 'password'})
|
2014-03-02 15:59:08 +00:00
|
|
|
self.assertEquals(rv.status_code, 302)
|
|
|
|
|
self.assertEquals(rv.location, 'http://localhost/test')
|
|
|
|
|
login_user_mock.assert_called_with(user, remember=False)
|
|
|
|
|
|
|
|
|
|
def test_submit_incorrect_user(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
with patch('redash.handlers.authentication.login_user') as login_user_mock:
|
|
|
|
|
rv = self.client.post('/default/login', data={'email': 'non-existing', 'password': 'password'})
|
2014-03-02 15:59:08 +00:00
|
|
|
self.assertEquals(rv.status_code, 200)
|
|
|
|
|
self.assertFalse(login_user_mock.called)
|
|
|
|
|
|
|
|
|
|
def test_submit_incorrect_password(self):
|
2015-12-01 13:44:08 +00:00
|
|
|
user = self.factory.user
|
2014-03-02 15:59:08 +00:00
|
|
|
user.hash_password('password')
|
2016-11-28 16:55:41 +00:00
|
|
|
|
|
|
|
|
self.db.session.add(user)
|
|
|
|
|
self.db.session.commit()
|
2014-03-02 15:59:08 +00:00
|
|
|
|
2016-11-28 10:16:32 +00:00
|
|
|
with patch('redash.handlers.authentication.login_user') as login_user_mock:
|
2016-11-29 04:30:35 +00:00
|
|
|
rv = self.client.post('/default/login', data={
|
|
|
|
|
'email': user.email, 'password': 'badbadpassword'})
|
2014-03-02 15:59:08 +00:00
|
|
|
self.assertEquals(rv.status_code, 200)
|
|
|
|
|
self.assertFalse(login_user_mock.called)
|
|
|
|
|
|
2016-11-28 10:16:32 +00:00
|
|
|
def test_submit_empty_password(self):
|
2015-12-01 13:44:08 +00:00
|
|
|
user = self.factory.user
|
2014-03-02 15:59:08 +00:00
|
|
|
|
2016-11-28 10:16:32 +00:00
|
|
|
with patch('redash.handlers.authentication.login_user') as login_user_mock:
|
|
|
|
|
rv = self.client.post('/default/login', data={'email': user.email, 'password': ''})
|
2014-03-02 15:59:08 +00:00
|
|
|
self.assertEquals(rv.status_code, 200)
|
|
|
|
|
self.assertFalse(login_user_mock.called)
|
|
|
|
|
|
|
|
|
|
def test_user_already_loggedin(self):
|
2016-11-28 10:16:32 +00:00
|
|
|
with authenticated_user(self.client), patch('redash.handlers.authentication.login_user') as login_user_mock:
|
|
|
|
|
rv = self.client.get('/default/login')
|
2014-03-02 15:59:08 +00:00
|
|
|
self.assertEquals(rv.status_code, 302)
|
|
|
|
|
self.assertFalse(login_user_mock.called)
|
|
|
|
|
|
2014-03-02 16:27:05 +00:00
|
|
|
|
|
|
|
|
class TestLogout(BaseTestCase):
|
|
|
|
|
def test_logout_when_not_loggedin(self):
|
2016-11-29 04:30:35 +00:00
|
|
|
with self.app.test_client() as c:
|
|
|
|
|
rv = c.get('/default/logout')
|
|
|
|
|
self.assertEquals(rv.status_code, 302)
|
|
|
|
|
self.assertFalse(current_user.is_authenticated)
|
2014-03-02 16:27:05 +00:00
|
|
|
|
|
|
|
|
def test_logout_when_loggedin(self):
|
2016-11-29 04:30:35 +00:00
|
|
|
with self.app.test_client() as c, authenticated_user(c, user=self.factory.user):
|
|
|
|
|
rv = c.get('/default/')
|
2016-01-03 14:05:29 +00:00
|
|
|
self.assertTrue(current_user.is_authenticated)
|
2016-11-29 04:30:35 +00:00
|
|
|
rv = c.get('/default/logout')
|
2014-03-02 16:27:05 +00:00
|
|
|
self.assertEquals(rv.status_code, 302)
|
2016-01-03 14:05:29 +00:00
|
|
|
self.assertFalse(current_user.is_authenticated)
|
2016-12-07 06:38:18 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class TestQuerySnippet(BaseTestCase):
|
|
|
|
|
def test_create(self):
|
|
|
|
|
res = self.make_request(
|
|
|
|
|
'post',
|
|
|
|
|
'/api/query_snippets',
|
|
|
|
|
data={'trigger': 'x', 'description': 'y', 'snippet': 'z'},
|
|
|
|
|
user=self.factory.user)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
project(res.json, ['id', 'trigger', 'description', 'snippet']), {
|
|
|
|
|
'id': 1,
|
|
|
|
|
'trigger': 'x',
|
|
|
|
|
'description': 'y',
|
|
|
|
|
'snippet': 'z',
|
|
|
|
|
})
|
|
|
|
|
qs = models.QuerySnippet.query.one()
|
|
|
|
|
self.assertEqual(qs.trigger, 'x')
|
|
|
|
|
self.assertEqual(qs.description, 'y')
|
|
|
|
|
self.assertEqual(qs.snippet, 'z')
|
|
|
|
|
|
|
|
|
|
def test_edit(self):
|
|
|
|
|
qs = models.QuerySnippet(
|
|
|
|
|
trigger='a',
|
|
|
|
|
description='b',
|
|
|
|
|
snippet='c',
|
|
|
|
|
user=self.factory.user,
|
|
|
|
|
org=self.factory.org
|
|
|
|
|
)
|
|
|
|
|
models.db.session.add(qs)
|
|
|
|
|
models.db.session.commit()
|
|
|
|
|
res = self.make_request(
|
|
|
|
|
'post',
|
|
|
|
|
'/api/query_snippets/1',
|
|
|
|
|
data={'trigger': 'x', 'description': 'y', 'snippet': 'z'},
|
|
|
|
|
user=self.factory.user)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
project(res.json, ['id', 'trigger', 'description', 'snippet']), {
|
|
|
|
|
'id': 1,
|
|
|
|
|
'trigger': 'x',
|
|
|
|
|
'description': 'y',
|
|
|
|
|
'snippet': 'z',
|
|
|
|
|
})
|
|
|
|
|
self.assertEqual(qs.trigger, 'x')
|
|
|
|
|
self.assertEqual(qs.description, 'y')
|
|
|
|
|
self.assertEqual(qs.snippet, 'z')
|
|
|
|
|
|
|
|
|
|
def test_list(self):
|
|
|
|
|
qs = models.QuerySnippet(
|
|
|
|
|
trigger='x',
|
|
|
|
|
description='y',
|
|
|
|
|
snippet='z',
|
|
|
|
|
user=self.factory.user,
|
|
|
|
|
org=self.factory.org
|
|
|
|
|
)
|
|
|
|
|
models.db.session.add(qs)
|
|
|
|
|
models.db.session.commit()
|
|
|
|
|
res = self.make_request(
|
|
|
|
|
'get',
|
|
|
|
|
'/api/query_snippets',
|
|
|
|
|
user=self.factory.user)
|
|
|
|
|
self.assertEqual(res.status_code, 200)
|
|
|
|
|
data = res.json
|
|
|
|
|
self.assertEqual(len(data), 1)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
project(data[0], ['id', 'trigger', 'description', 'snippet']), {
|
|
|
|
|
'id': 1,
|
|
|
|
|
'trigger': 'x',
|
|
|
|
|
'description': 'y',
|
|
|
|
|
'snippet': 'z',
|
|
|
|
|
})
|
|
|
|
|
self.assertEqual(qs.trigger, 'x')
|
|
|
|
|
self.assertEqual(qs.description, 'y')
|
|
|
|
|
self.assertEqual(qs.snippet, 'z')
|
|
|
|
|
|
|
|
|
|
def test_delete(self):
|
|
|
|
|
qs = models.QuerySnippet(
|
|
|
|
|
trigger='a',
|
|
|
|
|
description='b',
|
|
|
|
|
snippet='c',
|
|
|
|
|
user=self.factory.user,
|
|
|
|
|
org=self.factory.org
|
|
|
|
|
)
|
|
|
|
|
models.db.session.add(qs)
|
|
|
|
|
models.db.session.commit()
|
|
|
|
|
self.make_request(
|
|
|
|
|
'delete',
|
|
|
|
|
'/api/query_snippets/1',
|
|
|
|
|
user=self.factory.user)
|
|
|
|
|
self.assertEqual(models.QuerySnippet.query.count(), 0)
|
