tests: Lease and attribute API call fixes

2017-05-04 10:02:14 +00:00 · 2017-05-04 10:02:14 +00:00 · a75fb58cb5
parent 8c8a3a9930
commit a75fb58cb5
2 changed files with 19 additions and 2 deletions
--- a/certidude/api/attrib.py
+++ b/certidude/api/attrib.py
@ -15,6 +15,7 @@ class AttributeResource(object):
        Return extended attributes stored on the server.
        This not only contains tags and lease information,
        but might also contain some other sensitive information.
+        Results made available only to lease IP address.
        """
        try:
            path, buf, cert = authority.get_signed(cn)
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@ -245,6 +245,9 @@ def test_cli_setup_authority():
    r = client().simulate_delete("/api/request/test/",
        headers={"Authorization":admintoken})
    assert r.status_code == 200, r.text
+    r = client().simulate_delete("/api/request/nonexistant/",
+        headers={"Authorization":admintoken})
+    assert r.status_code == 404, r.text

    # Test request submission corner cases
    r = client().simulate_post("/api/request/",
@ -376,6 +379,8 @@ def test_cli_setup_authority():
    # Test attribute fetching API call
    r = client().simulate_get("/api/signed/test/attr/")
    assert r.status_code == 403, r.text
+    r = client().simulate_get("/api/signed/nonexistant/attr/")
+    assert r.status_code == 404, r.text
    r = client().simulate_get("/api/signed/test/lease/", headers={"Authorization":admintoken})
    assert r.status_code == 404, r.text

@ -383,9 +388,20 @@ def test_cli_setup_authority():
    r = client().simulate_post("/api/lease/",
        query_string = "client=test&address=127.0.0.1",
        headers={"Authorization":admintoken})
-    assert r.status_code == 200, r.text
+    assert r.status_code == 200, r.text # lease update ok
+    r = client().simulate_post("/api/lease/",
+        query_string = "client=test&address=127.0.0.1&serial=0",
+        headers={"Authorization":admintoken})
+    assert r.status_code == 403, r.text # invalid serial number supplied
    r = client().simulate_get("/api/signed/test/attr/")
-    assert r.status_code == 200, r.text
+    assert r.status_code == 200, r.text # read okay from own address
+    r = client().simulate_post("/api/lease/",
+        query_string = "client=test&address=1.2.3.4",
+        headers={"Authorization":admintoken})
+    assert r.status_code == 200, r.text # lease update ok
+    r = client().simulate_get("/api/signed/test/attr/")
+    assert r.status_code == 403, r.text # read failed from other address
+

    # Test lease retrieval
    r = client().simulate_get("/api/signed/test/lease/")