From c0d520b218c5e53f39f827806d4ecd1445f0ecce Mon Sep 17 00:00:00 2001 From: Jacob Filik Date: Tue, 25 Jun 2024 15:38:33 +0100 Subject: [PATCH] add tests for protected routes (#14) * add tests for protected routes * add tmp dir --- .../src/xas_standards_api/crud.py | 6 +- xas-standards-api/tests/test_admin_router.py | 8 ++- xas-standards-api/tests/test_open_router.py | 10 ++- .../tests/test_protected_router.py | 64 ++++++++++++++++++- 4 files changed, 77 insertions(+), 11 deletions(-) diff --git a/xas-standards-api/src/xas_standards_api/crud.py b/xas-standards-api/src/xas_standards_api/crud.py index a83442f..faf774d 100644 --- a/xas-standards-api/src/xas_standards_api/crud.py +++ b/xas-standards-api/src/xas_standards_api/crud.py @@ -1,3 +1,4 @@ +import os import uuid from fastapi import HTTPException, Query @@ -28,8 +29,7 @@ size=Query(10, ge=1, le=100), ) - -pvc_location = "/scratch/xas-standards-pretend-pvc/" +pvc_location = os.environ.get("PVC_LOCATION", "/scratch/xas-standards-pretend-pvc/") def patch_standard_review( @@ -91,7 +91,7 @@ def get_standard(session, id) -> XASStandard: if standard: if standard.review_status != ReviewStatus.approved: - raise HTTPException(status_code=401, detail="Standard not available") + raise HTTPException(status_code=403, detail="Standard not available") return standard else: raise HTTPException(status_code=404, detail=f"No standard with id={id}") diff --git a/xas-standards-api/tests/test_admin_router.py b/xas-standards-api/tests/test_admin_router.py index b070424..cf2469e 100644 --- a/xas-standards-api/tests/test_admin_router.py +++ b/xas-standards-api/tests/test_admin_router.py @@ -2,6 +2,7 @@ from sqlmodel import Session, SQLModel, create_engine from sqlmodel.pool import StaticPool +import xas_standards_api.crud from utils import build_test_database from xas_standards_api.app import app from xas_standards_api.auth import get_current_user @@ -9,7 +10,10 @@ from xas_standards_api.models.response_models import AdminXASStandardResponse -def test_admin_read_permissions(): +def test_admin_read_permissions(tmpdir): + + xas_standards_api.crud.pvc_location = str(tmpdir) + engine = create_engine( "sqlite://", connect_args={"check_same_thread": False}, @@ -45,7 +49,7 @@ def get_admin_user(): # check cant get data from open endpoint response = client.get("/api/data/2") - assert response.status_code == 401 + assert response.status_code == 403 # now try admin user app.dependency_overrides.clear() diff --git a/xas-standards-api/tests/test_open_router.py b/xas-standards-api/tests/test_open_router.py index 315043d..381207d 100644 --- a/xas-standards-api/tests/test_open_router.py +++ b/xas-standards-api/tests/test_open_router.py @@ -2,6 +2,7 @@ from sqlmodel import Session, SQLModel, create_engine from sqlmodel.pool import StaticPool +import xas_standards_api.crud from utils import build_test_database from xas_standards_api.app import app from xas_standards_api.database import get_session @@ -11,7 +12,10 @@ ) -def test_read_metadata(): +def test_read_metadata(tmpdir): + + xas_standards_api.crud.pvc_location = str(tmpdir) + engine = create_engine( "sqlite://", connect_args={"check_same_thread": False}, @@ -63,7 +67,7 @@ def get_session_override(): # check cant get unreviewed data from open endpoint response = client.get("/api/data/2") - assert response.status_code == 401 + assert response.status_code == 403 # check cant get id that doesnt exist response = client.get("/api/data/3") @@ -73,7 +77,7 @@ def get_session_override(): assert response.status_code == 200 response = client.get("/api/standards/2") - assert response.status_code == 401 + assert response.status_code == 403 response = client.get("/api/standards/3") assert response.status_code == 404 diff --git a/xas-standards-api/tests/test_protected_router.py b/xas-standards-api/tests/test_protected_router.py index 8441c09..a5ecf2b 100644 --- a/xas-standards-api/tests/test_protected_router.py +++ b/xas-standards-api/tests/test_protected_router.py @@ -1,14 +1,21 @@ +import datetime + from fastapi.testclient import TestClient from sqlmodel import Session, SQLModel, create_engine from sqlmodel.pool import StaticPool +import xas_standards_api.crud from utils import build_test_database from xas_standards_api.app import app from xas_standards_api.auth import get_current_user from xas_standards_api.database import get_session +from xas_standards_api.models.models import XASStandard + + +def test_protected_router(tmpdir): + xas_standards_api.crud.pvc_location = str(tmpdir) -def test_read_person(): engine = create_engine( "sqlite://", connect_args={"check_same_thread": False}, @@ -54,5 +61,56 @@ def get_admin_user(): assert r["user"] == "admin" assert r["admin"] - # TODO check post of standard - # TODO check patch of standard + unique_sample_name = f"Test sample {datetime.datetime.now()}" + + formdata = { + "element_id": 1, + "edge_id": 1, + "beamline_id": 1, + "sample_name": unique_sample_name, + "sample_prep": "test", + "doi": "doi", + "citation": "citation", + "comments": "comments", + "date": str(datetime.datetime.min), + "licence": "cc_by", + "sample_comp": "H", + } + + with open("test.xdi") as fh: + xditext = fh.read() + + response = client.post( + "/api/standards", data=formdata, files={"xdi_file": xditext} + ) + + assert response.status_code == 200 + + rjson = response.json() + + xass = XASStandard.model_validate(rjson) + + assert xass.sample_name == unique_sample_name + + print(xass.id) + + # not reviewed, should fail + response = client.get(f"/api/standards/{xass.id}") + assert response.status_code == 403 + + # get and review + app.dependency_overrides.clear() + app.dependency_overrides[get_session] = get_session_override + app.dependency_overrides[get_current_user] = get_admin_user + + review_json = { + "reviewer_comments": "reviewer", + "review_status": "approved", + "standard_id": 3, + } + + response = client.patch("/api/standards", json=review_json) + assert response.status_code == 200 + + response = client.get(f"/api/standards/{xass.id}") + assert response.status_code == 200