mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 16:25:17 +00:00
tests: More detailed error captures for API calls
This commit is contained in:
parent
ffdcbcc41a
commit
128369f6f6
@ -41,7 +41,7 @@ class RevocationListResource(object):
|
|||||||
resp.body = export_crl()
|
resp.body = export_crl()
|
||||||
except:
|
except:
|
||||||
logger.debug(u"Failed to export CRL, are you sure signer is running?")
|
logger.debug(u"Failed to export CRL, are you sure signer is running?")
|
||||||
raise
|
raise falcon.HTTPInternalServerError("Failed to export CRL")
|
||||||
else:
|
else:
|
||||||
logger.debug(u"Client %s asked revocation list in unsupported format" % req.context.get("remote_addr"))
|
logger.debug(u"Client %s asked revocation list in unsupported format" % req.context.get("remote_addr"))
|
||||||
raise falcon.HTTPUnsupportedMediaType(
|
raise falcon.HTTPUnsupportedMediaType(
|
||||||
|
|||||||
@ -92,7 +92,7 @@ def test_cli_setup_authority():
|
|||||||
|
|
||||||
# Check that we can retrieve empty CRL
|
# Check that we can retrieve empty CRL
|
||||||
r = client().simulate_get("/api/revoked/")
|
r = client().simulate_get("/api/revoked/")
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
|
|
||||||
|
|
||||||
# Test command line interface
|
# Test command line interface
|
||||||
@ -185,51 +185,51 @@ def test_cli_setup_authority():
|
|||||||
|
|
||||||
# Test signed certificate API call
|
# Test signed certificate API call
|
||||||
r = client().simulate_get("/api/signed/nonexistant/")
|
r = client().simulate_get("/api/signed/nonexistant/")
|
||||||
assert r.status_code == 404
|
assert r.status_code == 404, r.text
|
||||||
|
|
||||||
r = client().simulate_get("/api/signed/test2/")
|
r = client().simulate_get("/api/signed/test2/")
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
assert r.headers.get('content-type') == "application/x-pem-file"
|
assert r.headers.get('content-type') == "application/x-pem-file"
|
||||||
|
|
||||||
r = client().simulate_get("/api/signed/test2/", headers={"Accept":"application/json"})
|
r = client().simulate_get("/api/signed/test2/", headers={"Accept":"application/json"})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
assert r.headers.get('content-type') == "application/json"
|
assert r.headers.get('content-type') == "application/json"
|
||||||
|
|
||||||
r = client().simulate_get("/api/signed/test2/", headers={"Accept":"text/plain"})
|
r = client().simulate_get("/api/signed/test2/", headers={"Accept":"text/plain"})
|
||||||
assert r.status_code == 415
|
assert r.status_code == 415, r.text
|
||||||
|
|
||||||
# Test revocations API call
|
# Test revocations API call
|
||||||
r = client().simulate_get("/api/revoked/",
|
r = client().simulate_get("/api/revoked/",
|
||||||
headers={"Accept":"application/x-pem-file"})
|
headers={"Accept":"application/x-pem-file"})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
assert r.headers.get('content-type') == "application/x-pem-file"
|
assert r.headers.get('content-type') == "application/x-pem-file"
|
||||||
|
|
||||||
r = requests.get("http://ca.example.lan/api/revoked/",
|
r = requests.get("http://ca.example.lan/api/revoked/",
|
||||||
headers={"Accept":"application/x-pem-file"})
|
headers={"Accept":"application/x-pem-file"})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
assert r.headers.get('content-type') == "application/x-pem-file"
|
assert r.headers.get('content-type') == "application/x-pem-file"
|
||||||
|
|
||||||
r = client().simulate_get("/api/revoked/")
|
r = client().simulate_get("/api/revoked/")
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
assert r.headers.get('content-type') == "application/x-pkcs7-crl"
|
assert r.headers.get('content-type') == "application/x-pkcs7-crl"
|
||||||
|
|
||||||
r = requests.get("http://ca.example.lan/api/revoked/")
|
r = requests.get("http://ca.example.lan/api/revoked/")
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
assert r.headers.get('content-type') == "application/x-pkcs7-crl"
|
assert r.headers.get('content-type') == "application/x-pkcs7-crl"
|
||||||
|
|
||||||
r = client().simulate_get("/api/revoked/",
|
r = client().simulate_get("/api/revoked/",
|
||||||
headers={"Accept":"text/plain"})
|
headers={"Accept":"text/plain"})
|
||||||
assert r.status_code == 415
|
assert r.status_code == 415, r.text
|
||||||
|
|
||||||
r = client().simulate_get("/api/revoked/", query_string="wait=true",
|
r = client().simulate_get("/api/revoked/", query_string="wait=true",
|
||||||
headers={"Accept":"application/x-pem-file"})
|
headers={"Accept":"application/x-pem-file"})
|
||||||
assert r.status_code == 303
|
assert r.status_code == 303, r.text
|
||||||
|
|
||||||
# Test attribute fetching API call
|
# Test attribute fetching API call
|
||||||
r = client().simulate_get("/api/signed/test2/attr/")
|
r = client().simulate_get("/api/signed/test2/attr/")
|
||||||
assert r.status_code == 403
|
assert r.status_code == 403, r.text
|
||||||
r = client().simulate_get("/api/signed/test2/lease/", headers={"Authorization":admintoken})
|
r = client().simulate_get("/api/signed/test2/lease/", headers={"Authorization":admintoken})
|
||||||
assert r.status_code == 404
|
assert r.status_code == 404, r.text
|
||||||
|
|
||||||
# Insert lease as if VPN gateway had submitted it
|
# Insert lease as if VPN gateway had submitted it
|
||||||
path, _, _ = authority.get_signed("test2")
|
path, _, _ = authority.get_signed("test2")
|
||||||
@ -237,92 +237,92 @@ def test_cli_setup_authority():
|
|||||||
setxattr(path, "user.lease.address", b"127.0.0.1")
|
setxattr(path, "user.lease.address", b"127.0.0.1")
|
||||||
setxattr(path, "user.lease.last_seen", b"random")
|
setxattr(path, "user.lease.last_seen", b"random")
|
||||||
r = client().simulate_get("/api/signed/test2/attr/")
|
r = client().simulate_get("/api/signed/test2/attr/")
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
|
|
||||||
# Test lease retrieval
|
# Test lease retrieval
|
||||||
r = client().simulate_get("/api/signed/test2/lease/")
|
r = client().simulate_get("/api/signed/test2/lease/")
|
||||||
assert r.status_code == 401
|
assert r.status_code == 401, r.text
|
||||||
r = client().simulate_get("/api/signed/test2/lease/", headers={"Authorization":usertoken})
|
r = client().simulate_get("/api/signed/test2/lease/", headers={"Authorization":usertoken})
|
||||||
assert r.status_code == 403
|
assert r.status_code == 403, r.text
|
||||||
r = client().simulate_get("/api/signed/test2/lease/", headers={"Authorization":admintoken})
|
r = client().simulate_get("/api/signed/test2/lease/", headers={"Authorization":admintoken})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
assert r.headers.get('content-type') == "application/json; charset=UTF-8"
|
assert r.headers.get('content-type') == "application/json; charset=UTF-8"
|
||||||
|
|
||||||
|
|
||||||
# Tags should not be visible anonymously
|
# Tags should not be visible anonymously
|
||||||
r = client().simulate_get("/api/signed/test2/tag/")
|
r = client().simulate_get("/api/signed/test2/tag/")
|
||||||
assert r.status_code == 401
|
assert r.status_code == 401, r.text
|
||||||
r = client().simulate_get("/api/signed/test2/tag/", headers={"Authorization":usertoken})
|
r = client().simulate_get("/api/signed/test2/tag/", headers={"Authorization":usertoken})
|
||||||
assert r.status_code == 403
|
assert r.status_code == 403, r.text
|
||||||
r = client().simulate_get("/api/signed/test2/tag/", headers={"Authorization":admintoken})
|
r = client().simulate_get("/api/signed/test2/tag/", headers={"Authorization":admintoken})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
|
|
||||||
# Tags can be added only by admin
|
# Tags can be added only by admin
|
||||||
r = client().simulate_post("/api/signed/test2/tag/")
|
r = client().simulate_post("/api/signed/test2/tag/")
|
||||||
assert r.status_code == 401
|
assert r.status_code == 401, r.text
|
||||||
r = client().simulate_post("/api/signed/test2/tag/",
|
r = client().simulate_post("/api/signed/test2/tag/",
|
||||||
headers={"Authorization":usertoken})
|
headers={"Authorization":usertoken})
|
||||||
assert r.status_code == 403
|
assert r.status_code == 403, r.text
|
||||||
r = client().simulate_post("/api/signed/test2/tag/",
|
r = client().simulate_post("/api/signed/test2/tag/",
|
||||||
body="key=other&value=something",
|
body="key=other&value=something",
|
||||||
headers={"content-type": "application/x-www-form-urlencoded", "Authorization":admintoken})
|
headers={"content-type": "application/x-www-form-urlencoded", "Authorization":admintoken})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
|
|
||||||
# Tags can be overwritten only by admin
|
# Tags can be overwritten only by admin
|
||||||
r = client().simulate_put("/api/signed/test2/tag/other/")
|
r = client().simulate_put("/api/signed/test2/tag/other/")
|
||||||
assert r.status_code == 401
|
assert r.status_code == 401, r.text
|
||||||
r = client().simulate_put("/api/signed/test2/tag/other/",
|
r = client().simulate_put("/api/signed/test2/tag/other/",
|
||||||
headers={"Authorization":usertoken})
|
headers={"Authorization":usertoken})
|
||||||
assert r.status_code == 403
|
assert r.status_code == 403, r.text
|
||||||
r = client().simulate_put("/api/signed/test2/tag/other/",
|
r = client().simulate_put("/api/signed/test2/tag/other/",
|
||||||
body="value=else",
|
body="value=else",
|
||||||
headers={"content-type": "application/x-www-form-urlencoded", "Authorization":admintoken})
|
headers={"content-type": "application/x-www-form-urlencoded", "Authorization":admintoken})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
|
|
||||||
# Tags can be deleted only by admin
|
# Tags can be deleted only by admin
|
||||||
r = client().simulate_delete("/api/signed/test2/tag/else/")
|
r = client().simulate_delete("/api/signed/test2/tag/else/")
|
||||||
assert r.status_code == 401
|
assert r.status_code == 401, r.text
|
||||||
r = client().simulate_delete("/api/signed/test2/tag/else/",
|
r = client().simulate_delete("/api/signed/test2/tag/else/",
|
||||||
headers={"Authorization":usertoken})
|
headers={"Authorization":usertoken})
|
||||||
assert r.status_code == 403
|
assert r.status_code == 403, r.text
|
||||||
r = client().simulate_delete("/api/signed/test2/tag/else/",
|
r = client().simulate_delete("/api/signed/test2/tag/else/",
|
||||||
headers={"content-type": "application/x-www-form-urlencoded", "Authorization":admintoken})
|
headers={"content-type": "application/x-www-form-urlencoded", "Authorization":admintoken})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
|
|
||||||
|
|
||||||
# Test revocation
|
# Test revocation
|
||||||
r = client().simulate_delete("/api/signed/test2/")
|
r = client().simulate_delete("/api/signed/test2/")
|
||||||
assert r.status_code == 401
|
assert r.status_code == 401, r.text
|
||||||
r = client().simulate_delete("/api/signed/test2/",
|
r = client().simulate_delete("/api/signed/test2/",
|
||||||
headers={"Authorization":usertoken})
|
headers={"Authorization":usertoken})
|
||||||
assert r.status_code == 403
|
assert r.status_code == 403, r.text
|
||||||
r = client().simulate_delete("/api/signed/test2/",
|
r = client().simulate_delete("/api/signed/test2/",
|
||||||
headers={"Authorization":admintoken})
|
headers={"Authorization":admintoken})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
result = runner.invoke(cli, ['revoke', 'test3'])
|
result = runner.invoke(cli, ['revoke', 'test3'])
|
||||||
assert not result.exception, result.output
|
assert not result.exception, result.output
|
||||||
|
|
||||||
|
|
||||||
# Test static
|
# Test static
|
||||||
r = client().simulate_delete("/nonexistant.html")
|
r = client().simulate_delete("/nonexistant.html")
|
||||||
assert r.status_code == 404
|
assert r.status_code == 404, r.text
|
||||||
r = client().simulate_delete("/index.html")
|
r = client().simulate_delete("/index.html")
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
|
|
||||||
# Log can be read only by admin
|
# Log can be read only by admin
|
||||||
r = client().simulate_get("/api/log/")
|
r = client().simulate_get("/api/log/")
|
||||||
assert r.status_code == 401
|
assert r.status_code == 401, r.text
|
||||||
r = client().simulate_get("/api/log/",
|
r = client().simulate_get("/api/log/",
|
||||||
headers={"Authorization":usertoken})
|
headers={"Authorization":usertoken})
|
||||||
assert r.status_code == 403
|
assert r.status_code == 403, r.text
|
||||||
r = client().simulate_get("/api/log/",
|
r = client().simulate_get("/api/log/",
|
||||||
headers={"Authorization":admintoken})
|
headers={"Authorization":admintoken})
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200, r.text
|
||||||
assert r.headers.get('content-type') == "application/json; charset=UTF-8"
|
assert r.headers.get('content-type') == "application/json; charset=UTF-8"
|
||||||
|
|
||||||
# Test token mech
|
# Test token mech
|
||||||
r = client().simulate_post("/api/token/")
|
r = client().simulate_post("/api/token/")
|
||||||
assert r.status_code == 404
|
assert r.status_code == 404, r.text
|
||||||
|
|
||||||
config.BUNDLE_FORMAT = "ovpn"
|
config.BUNDLE_FORMAT = "ovpn"
|
||||||
config.USER_ENROLLMENT_ALLOWED = True
|
config.USER_ENROLLMENT_ALLOWED = True
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user