CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity
Files
48f3a157bc5c9c47401fb38ab847d6527cfd0639
pretix_cgo/src/tests/api/test_auth.py
Raphael Michel e8f3ad633a Add device security profiles (#1806)
2020-10-13 17:40:25 +02:00

92 lines
2.8 KiB
Python
Raw Blame History

import pytest
from pretix.base.models import Organizer
@pytest.mark.django_db
def test_no_auth(client):
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 401
@pytest.mark.django_db
def test_session_auth_no_teams(client, user):
client.login(email=user.email, password='dummy')
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 200
assert len(resp.data['results']) == 0
@pytest.mark.django_db
def test_session_auth_with_teams(client, user, team):
team.members.add(user)
Organizer.objects.create(name='Other dummy', slug='dummy2')
client.login(email=user.email, password='dummy')
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 200
assert len(resp.data['results']) == 1
@pytest.mark.django_db
def test_token_invalid(client):
client.credentials(HTTP_AUTHORIZATION='Token ABCDE')
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 401
@pytest.mark.django_db
def test_token_auth_valid(client, team):
Organizer.objects.create(name='Other dummy', slug='dummy2')
t = team.tokens.create(name='Foo')
client.credentials(HTTP_AUTHORIZATION='Token ' + t.token)
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 200
assert len(resp.data['results']) == 1
@pytest.mark.django_db
def test_token_auth_inactive(client, team):
Organizer.objects.create(name='Other dummy', slug='dummy2')
t = team.tokens.create(name='Foo', active=False)
client.credentials(HTTP_AUTHORIZATION='Token ' + t.token)
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 401
@pytest.mark.django_db
def test_device_invalid(client):
client.credentials(HTTP_AUTHORIZATION='Device ABCDE')
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 401
@pytest.mark.django_db
def test_device_auth_valid(client, device):
client.credentials(HTTP_AUTHORIZATION='Device ' + device.api_token)
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 200
assert len(resp.data['results']) == 1
@pytest.mark.django_db
def test_device_auth_revoked(client, device):
client.credentials(HTTP_AUTHORIZATION='Device ' + device.api_token)
device.revoked = True
device.save()
resp = client.get('/api/v1/organizers/')
assert resp.status_code == 401
assert str(resp.data['detail']) == "Device access has been revoked."
@pytest.mark.django_db
def test_device_auth_security_profile(client, device):
client.credentials(HTTP_AUTHORIZATION='Device ' + device.api_token)
device.security_profile = "pretixscan"
device.save()
resp = client.get('/api/v1/organizers/dummy/giftcards/')
assert resp.status_code == 403
device.security_profile = "pretixpos"
device.save()
resp = client.get('/api/v1/organizers/dummy/giftcards/')
assert resp.status_code == 200
View Git Blame Copy Permalink