tomekwojcik/hotpocket
1
0
Fork 0
Code Actions Releases 11 Activity

BTHLABS-58: Share Extension in Apple Apps

Browse Source
This commit is contained in:
Tomek Wójcik
2025-10-04 08:02:13 +02:00
parent 0c12f52569
commit 99e9226338
122 changed files with 5488 additions and 411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
services/backend/tests/ui/views/integrations/extension/test_authenticate.py
View File

@@ -9,11 +9,15 @@ from django.urls import reverse
import pytest
from pytest_django import asserts
from hotpocket_backend_testing.services.accounts import AuthKeysTestingService
from hotpocket_common.url import URL
@pytest.mark.django_db
def test_ok(authenticated_client: Client):
def test_ok(authenticated_client: Client,
extension_auth_source_extension,
account,
):
# When
result = authenticated_client.get(
reverse('ui.integrations.extension.authenticate'),
@@ -28,8 +32,118 @@ def test_ok(authenticated_client: Client):
assert redirect_url.raw_path == reverse('ui.integrations.extension.post_authenticate')
assert 'auth_key' in redirect_url.query
assert 'extension_auth_key' in authenticated_client.session
assert authenticated_client.session['extension_auth_key'] == redirect_url.query['auth_key'][0]
assert 'extension_source' in authenticated_client.session
assert authenticated_client.session['extension_source'] == extension_auth_source_extension
assert 'extension_session_token' in authenticated_client.session
AuthKeysTestingService().assert_created(
key=redirect_url.query['auth_key'][0],
account_uuid=account.pk,
)
@pytest.mark.parametrize(
'source_fixture_name',
['extension_auth_source_desktop', 'extension_auth_source_mobile'],
)
@pytest.mark.django_db
def test_ok_with_source(source_fixture_name,
request: pytest.FixtureRequest,
authenticated_client: Client,
extension_auth_session_token,
):
# Given
source = request.getfixturevalue(source_fixture_name)
# When
result = authenticated_client.get(
reverse(
'ui.integrations.extension.authenticate',
query=[
('source', source),
('session_token', extension_auth_session_token),
],
),
follow=False,
)
# Then
assert result.status_code == http.HTTPStatus.FOUND
assert 'Location' in result.headers
redirect_url = URL(result.headers['Location'])
assert redirect_url.raw_path == reverse('ui.integrations.extension.post_authenticate')
assert 'auth_key' in redirect_url.query
assert 'extension_source' in authenticated_client.session
assert authenticated_client.session['extension_source'] == source
assert 'extension_session_token' in authenticated_client.session
assert authenticated_client.session['extension_session_token'] == extension_auth_session_token
@pytest.mark.django_db
def test_source_without_session_token(authenticated_client: Client,
extension_auth_source_desktop,
):
# Given
with pytest.raises(AssertionError) as exception_info:
# When
_ = authenticated_client.get(
reverse(
'ui.integrations.extension.authenticate',
query=[
('source', extension_auth_source_desktop),
],
),
follow=False,
)
# Then
assert exception_info.value.args[0] == 'Session token missing'
@pytest.mark.django_db
def test_source_without_empty_session_token(authenticated_client: Client,
extension_auth_source_desktop,
):
# Given
with pytest.raises(AssertionError) as exception_info:
# When
_ = authenticated_client.get(
reverse(
'ui.integrations.extension.authenticate',
query=[
('source', extension_auth_source_desktop),
('session_token', ''),
],
),
follow=False,
)
# Then
assert exception_info.value.args[0] == 'Session token missing'
@pytest.mark.django_db
def test_unknown_source(authenticated_client: Client, extension_auth_session_token):
# Given
with pytest.raises(ValueError) as exception_info:
# When
_ = authenticated_client.get(
reverse(
'ui.integrations.extension.authenticate',
query=[
('source', 'thisisntright'),
('session_token', extension_auth_session_token),
],
),
follow=False,
)
# Then
assert exception_info.value.args[0] == 'Unknown source: `thisisntright`'
@pytest.mark.django_db

102
services/backend/tests/ui/views/integrations/extension/test_post_authenticate.py
View File

@@ -3,6 +3,7 @@
from __future__ import annotations
import http
import urllib.parse
import uuid
from django.test import Client
@@ -17,10 +18,15 @@ def auth_key():
@pytest.mark.django_db
def test_ok(authenticated_client: Client, auth_key):
def test_ok(authenticated_client: Client,
auth_key,
extension_auth_source_extension,
extension_auth_session_token,
):
# Given
session = authenticated_client.session
session['extension_auth_key'] = auth_key
session['extension_source'] = extension_auth_source_extension
session['extension_session_token'] = extension_auth_session_token
session.save()
# When
@@ -34,13 +40,95 @@ def test_ok(authenticated_client: Client, auth_key):
# Then
assert result.status_code == http.HTTPStatus.OK
assert 'extension_source' not in authenticated_client.session
assert 'extension_session_token' not in authenticated_client.session
asserts.assertTemplateUsed(
result, 'ui/integrations/extension/post_authenticate.html',
)
assert result.context[0]['app_redirect_url'] is None
@pytest.mark.parametrize(
'source_fixture_name,expected_app_redirect_url_scheme',
[
('extension_auth_source_desktop', 'hotpocket-desktop'),
('extension_auth_source_mobile', 'hotpocket-mobile'),
],
)
@pytest.mark.django_db
def test_ok_with_source(source_fixture_name,
expected_app_redirect_url_scheme,
request: pytest.FixtureRequest,
authenticated_client: Client,
auth_key,
extension_auth_session_token,
):
# Given
source = request.getfixturevalue(source_fixture_name)
session = authenticated_client.session
session['extension_source'] = source
session['extension_session_token'] = extension_auth_session_token
session.save()
# When
result = authenticated_client.get(
reverse('ui.integrations.extension.post_authenticate'),
data={
'auth_key': auth_key,
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
assert result.context[0]['app_redirect_url'] is not None
app_redirect_url = result.context[0]['app_redirect_url']
parsed_app_redirect_url = urllib.parse.urlsplit(app_redirect_url)
assert parsed_app_redirect_url.scheme == expected_app_redirect_url_scheme
assert parsed_app_redirect_url.netloc == 'post-authenticate'
assert parsed_app_redirect_url.path == '/'
parsed_app_redirect_url_query = urllib.parse.parse_qs(parsed_app_redirect_url.query)
assert parsed_app_redirect_url_query['session_token'] == [extension_auth_session_token]
assert parsed_app_redirect_url_query['auth_key'] == [auth_key]
@pytest.mark.django_db
def test_auth_key_not_in_session(authenticated_client: Client, auth_key):
def test_auth_key_not_request(authenticated_client: Client,
extension_auth_source_extension,
extension_auth_session_token,
):
# Given
session = authenticated_client.session
session['extension_source'] = extension_auth_source_extension
session['extension_session_token'] = extension_auth_session_token
session.save()
# When
result = authenticated_client.get(
reverse('ui.integrations.extension.post_authenticate'),
data={
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
@pytest.mark.django_db
def test_source_not_in_session(authenticated_client: Client,
extension_auth_session_token,
auth_key,
):
# Given
session = authenticated_client.session
session['extension_session_token'] = extension_auth_session_token
session.save()
# When
result = authenticated_client.get(
reverse('ui.integrations.extension.post_authenticate'),
@@ -54,16 +142,20 @@ def test_auth_key_not_in_session(authenticated_client: Client, auth_key):
@pytest.mark.django_db
def test_auth_key_not_request(authenticated_client: Client, auth_key):
def test_session_token_in_session(authenticated_client: Client,
extension_auth_source_extension,
auth_key,
):
# Given
session = authenticated_client.session
session['extension_auth_key'] = auth_key
session['extension_source'] = extension_auth_source_extension
session.save()
# When
result = authenticated_client.get(
reverse('ui.integrations.extension.post_authenticate'),
data={
'auth_key': auth_key,
},
)

157
services/backend/tests/ui/views/rpc/accounts/access_tokens/test_create.py
View File

@@ -3,7 +3,6 @@
from __future__ import annotations
import http
import uuid
from django.test import Client
from django.urls import reverse
@@ -15,34 +14,23 @@ from hotpocket_backend_testing.services.accounts import (
@pytest.fixture
def auth_key():
return str(uuid.uuid4())
@pytest.fixture
def call(rpc_call_factory, auth_key, safari_extension_meta):
def call(rpc_call_factory, auth_key_out, safari_extension_meta):
return rpc_call_factory(
'accounts.access_tokens.create',
[auth_key, safari_extension_meta],
[auth_key_out.key, safari_extension_meta],
)
@pytest.mark.django_db
def test_ok(authenticated_client: Client,
auth_key,
def test_ok(client: Client,
call,
safari_extension_origin,
account,
safari_extension_meta,
):
# Given
session = authenticated_client.session
session['extension_auth_key'] = auth_key
session.save()
# When
result = authenticated_client.post(
reverse('ui.rpc'),
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
@@ -63,17 +51,20 @@ def test_ok(authenticated_client: Client,
meta=safari_extension_meta,
)
assert 'extension_auth_key' not in authenticated_client.session
@pytest.mark.django_db
def test_auth_key_missing(authenticated_client: Client,
call,
safari_extension_origin,
):
def test_auth_key_not_found(null_uuid,
call,
client: Client,
safari_extension_origin,
):
# Given
call_auth_key = str(null_uuid)
call['params'][0] = call_auth_key
# When
result = authenticated_client.post(
reverse('ui.rpc'),
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
@@ -86,22 +77,87 @@ def test_auth_key_missing(authenticated_client: Client,
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Auth key missing'
assert call_result['error']['data'].startswith(
'Auth Key not found',
)
assert call_auth_key in call_result['error']['data']
@pytest.mark.django_db
def test_auth_key_mismatch(authenticated_client: Client,
def test_deleted_auth_key(deleted_auth_key_out,
call,
client: Client,
safari_extension_origin,
):
# Given
call_auth_key = deleted_auth_key_out.key
call['params'][0] = call_auth_key
# When
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': safari_extension_origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'].startswith(
'Auth Key not found',
)
assert call_auth_key in call_result['error']['data']
@pytest.mark.django_db
def test_expired_auth_key(expired_auth_key_out,
call,
client: Client,
safari_extension_origin,
):
# Given
call_auth_key = expired_auth_key_out.key
call['params'][0] = call_auth_key
# When
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': safari_extension_origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'].startswith(
'Auth Key expired',
)
assert call_auth_key in call_result['error']['data']
@pytest.mark.django_db
def test_consumed_auth_key(consumed_auth_key,
call,
client: Client,
safari_extension_origin,
):
# Given
session = authenticated_client.session
session['extension_auth_key'] = 'thisisntright'
session.save()
call_auth_key = consumed_auth_key.key
call['params'][0] = call_auth_key
# When
result = authenticated_client.post(
reverse('ui.rpc'),
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
@@ -114,28 +170,35 @@ def test_auth_key_mismatch(authenticated_client: Client,
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Auth key mismatch'
@pytest.mark.django_db
def test_inactive_account(inactive_account_client: Client, call):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
data=call,
assert call_result['error']['data'].startswith(
'Auth Key already consumed',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert call_auth_key in call_result['error']['data']
@pytest.mark.django_db
def test_anonymous(client: Client, call):
def test_inactive_account(inactive_account_auth_key,
call,
client: Client,
safari_extension_origin,
inactive_account,
):
# Given
call['params'][0] = inactive_account_auth_key.key
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': safari_extension_origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert str(inactive_account.pk) in call_result['error']['data']

58
services/backend/tests/ui/views/rpc/accounts/auth/test_check.py
View File

@@ -23,7 +23,7 @@ def test_ok_session_auth(authenticated_client: Client,
):
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -42,12 +42,17 @@ def test_session_auth_inactive_account(inactive_account_client: Client,
):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
@@ -57,7 +62,7 @@ def test_ok_access_token_auth(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
@@ -80,15 +85,20 @@ def test_access_token_auth_not_bearer(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'thisisntright {access_token_out.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
@@ -98,15 +108,20 @@ def test_access_token_auth_invalid_access_token(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'Bearer {null_uuid}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
@@ -116,15 +131,20 @@ def test_access_token_auth_deleted_access_token(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'Bearer {deleted_access_token.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
@@ -134,24 +154,34 @@ def test_access_token_auth_inactive_account(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'Bearer {inactive_account_access_token.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
def test_anonymous(client: Client, call):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False

28
services/backend/tests/ui/views/rpc/accounts/auth/test_check_access_token.py
View File

@@ -51,7 +51,7 @@ def test_ok(authenticated_client: Client,
):
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -94,7 +94,7 @@ def test_ok_with_partial_meta_update(meta_keys_to_pop,
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -122,7 +122,7 @@ def test_invalid_access_token(authenticated_client: Client,
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -145,7 +145,7 @@ def test_deleted_access_token(call_factory,
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -168,7 +168,7 @@ def test_other_account_access_token(call_factory,
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -185,21 +185,31 @@ def test_other_account_access_token(call_factory,
def test_inactive_account(inactive_account_client: Client, call):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Not authenticated'
@pytest.mark.django_db
def test_anonymous(client: Client, call):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Not authenticated'

51
services/backend/tests/ui/views/rpc/saves/test_create.py
View File

@@ -110,12 +110,12 @@ def test_ok_netloc_banned(authenticated_client: Client,
@pytest.mark.django_db
def test_ok_resuse_save(save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
def test_ok_reuse_save(save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = save_out.url
@@ -148,13 +148,13 @@ def test_ok_resuse_save(save_out,
@pytest.mark.django_db
def test_ok_resuse_association(association_out,
save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
def test_ok_reuse_association(association_out,
save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = save_out.url
@@ -263,6 +263,31 @@ def test_empty_url(authenticated_client: Client,
assert call_result['error']['data']['url'] == ['blank']
@pytest.mark.django_db
def test_invalid_url(authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = 'thisisntright'
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data']['url'] == ['invalid']
@pytest.mark.django_db
def test_inactive_account(inactive_account_client: Client, call):
# When