Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1"""Test scenario for the app urls. 

2 

3## Domain 

4 

5* Users as in `conftest`, under *players* 

6* Clean slate, see `starters`. 

7* The user table 

8 

9## Acts 

10 

11Making requests with long urls and many long request arguments. 

12We follow all the url patterns defined in `control.app`, except 

13`/login` and `logout`, because they have been dealt with in 

14`test_20_users`. 

15 

16`test_long` 

17: All users fire a long url and get a 400 (bad request) response. 

18 

19`test_static` 

20: The public user 

21 

22 * fires a bare static url and fails 

23 * fires a bare static url for a favicon and fails 

24 

25`test_staticFile` 

26: The public user 

27 

28 * fires a static url for a long file name and gets a 400 

29 * fires a static url for an existing css file but with illegal query 

30 params and fails. 

31 * fires a static url for an existing css file but with a legal but long query 

32 param and fails. 

33 * fires a static url for an existing css file with a legal and short but 

34 non-sensical query param and succeeds. 

35 * fires a static url for an existing css file and succeeds. 

36 * fires a static url for an existing favicon file and succeeds. 

37 * fires a static url for a non-existing css file and fails. 

38 * fires a static url for a non-existing favicon file and fails. 

39 

40Here is a table of tests that access a url according to a specific pattern, 

41and then vary the url-parts and query string to make it illegal. 

42 

43test | url pattern 

44--- | --- 

45`test_home` | /, /index, /index.html 

46`test_info` | /info ' 

47`test_workflow` | /workflow 

48`test_task` | /api/task/{task}/{eid} 

49`test_insert` | /api/{table}/insert 

50`test_insertDetail` | /api/{table}/{eid}/{dtable}/insert 

51`test_listOpen` | /{table}/list/{eid} 

52`test_list` | /{table}/list 

53`test_delete` | /api/{table}/delete/{eid} 

54`test_deleteDetail` | /api/{table}/{masterId}/{dtable}/delete/{eid} 

55`test_item` | /api/{table}/item/{eid} 

56`test_itemTitle` | /api/{table}/item/{eid}/title 

57`test_itemDetail` | /{table}/item/{eid}/open/{dtable}/{deid} 

58`test_itemPage` | /{table}/item/{eid} 

59`test_field` | /api/{table}/item/{eid}/field/{field} 

60 

61`test_clean` 

62: Restore the database to a clean slate, because we have made a mess of it 

63 during the previous tests. 

64""" 

65 

66import pytest 

67 

68import magic # noqa 

69from conftest import USERS 

70from helpers import forall 

71from starters import start 

72from subtest import illegalize, assertStatus 

73from example import ( 

74 COMMON_CSS, 

75 COMMONX_CSS, 

76 CONTRIB, 

77 DUMMY_ID, 

78 FAV, 

79 FAVICON, 

80 FAVICON_S, 

81 FAVICON_SX, 

82 FAVICONX, 

83 ROOT, 

84 STATIC, 

85 SUBMIT_ASSESSMENT, 

86 SYSTEM, 

87 TITLE, 

88) 

89 

90startInfo = {} 

91 

92 

93@pytest.mark.usefixtures("db") 

94def test_start(clientOffice): 

95 startInfo.update(start(clientOffice=clientOffice, users=True)) 

96 

97 

98def test_long(clients): 

99 url = "/" + "a" * 1000 

100 expect = {user: 400 for user in USERS} 

101 forall(clients, expect, assertStatus, url) 

102 

103 

104def test_static(clientPublic): 

105 assertStatus(clientPublic, STATIC, 303) 

106 assertStatus(clientPublic, f"{STATIC}/", 303) 

107 assertStatus(clientPublic, f"{STATIC}{FAV}", 303) 

108 assertStatus(clientPublic, f"{STATIC}{FAV}/", 303) 

109 

110 

111def test_staticFile(clientPublic): 

112 assertStatus(clientPublic, f"{STATIC}/" + ("a" * 200) + ".html", 400) 

113 assertStatus(clientPublic, f"{COMMON_CSS}?xxx=yyy", 400) 

114 assertStatus(clientPublic, f"{COMMON_CSS}?action=" + ("a" * 200), 400) 

115 assertStatus(clientPublic, f"{COMMON_CSS}?action=" + ("a" * 10), 200) 

116 assertStatus(clientPublic, COMMON_CSS, 200) 

117 assertStatus(clientPublic, COMMONX_CSS, 303) 

118 assertStatus(clientPublic, FAVICON, 200) 

119 assertStatus(clientPublic, FAVICONX, 303) 

120 assertStatus(clientPublic, FAVICON_S, 200) 

121 assertStatus(clientPublic, FAVICON_SX, 303) 

122 

123 

124def test_home(clients): 

125 for url in ["/", "/index", "/index.html"]: 

126 illegalize(clients, url) 

127 

128 

129def test_info(clients): 

130 illegalize(clients, "/info") 

131 illegalize(clients, "/info.tsv") 

132 

133 

134def test_workflow(clients): 

135 url = "/workflow" 

136 expect = {user: 302 if user in {SYSTEM, ROOT} else 303 for user in USERS} 

137 forall(clients, expect, assertStatus, url) 

138 illegalize(clients, url) 

139 

140 

141def test_task(clients): 

142 illegalize(clients, "/api/task/{task}/{eid}", task=SUBMIT_ASSESSMENT, eid=DUMMY_ID) 

143 

144 

145def test_insert(clients): 

146 illegalize(clients, "/api/{table}/insert", table=CONTRIB) 

147 

148 

149def test_insertDetail(clients): 

150 illegalize( 

151 clients, 

152 "/api/{table}/{eid}/{dtable}/insert", 

153 table=CONTRIB, 

154 eid=DUMMY_ID, 

155 dtable=CONTRIB, 

156 ) 

157 

158 

159def test_listOpen(clients): 

160 illegalize(clients, "/{table}/list/{eid}", table=CONTRIB, eid=DUMMY_ID) 

161 

162 

163def test_list(clients): 

164 illegalize(clients, "/{table}/list", table=CONTRIB) 

165 

166 

167def test_delete(clients): 

168 illegalize(clients, "/api/{table}/delete/{eid}", table=CONTRIB, eid=DUMMY_ID) 

169 

170 

171def test_deleteDetail(clients): 

172 illegalize( 

173 clients, 

174 "/api/{table}/{masterId}/{dtable}/delete/{eid}", 

175 table=CONTRIB, 

176 masterId=DUMMY_ID, 

177 dtable=CONTRIB, 

178 eid=DUMMY_ID, 

179 ) 

180 

181 

182def test_item(clients): 

183 illegalize(clients, "/api/{table}/item/{eid}", table=CONTRIB, eid=DUMMY_ID) 

184 

185 

186def test_itemTitle(clients): 

187 illegalize(clients, "/api/{table}/item/{eid}/title", table=CONTRIB, eid=DUMMY_ID) 

188 

189 

190def test_itemDetail(clients): 

191 illegalize( 

192 clients, 

193 "/{table}/item/{eid}/open/{dtable}/{deid}", 

194 table=CONTRIB, 

195 eid=DUMMY_ID, 

196 dtable=CONTRIB, 

197 deid=DUMMY_ID, 

198 ) 

199 

200 

201def test_itemPage(clients): 

202 illegalize(clients, "/{table}/item/{eid}", table=CONTRIB, eid=DUMMY_ID) 

203 

204 

205def test_field(clients): 

206 illegalize( 

207 clients, 

208 "/api/{table}/item/{eid}/field/{field}", 

209 table=CONTRIB, 

210 eid=DUMMY_ID, 

211 field=TITLE, 

212 )