tomekwojcik/hotpocket
1
0
Fork 0
Code Actions Releases 11 Activity

BTHLABS-58: Share Extension in Apple Apps

Browse Source
This commit is contained in:
Tomek Wójcik
2025-10-04 08:02:13 +02:00
parent 0c12f52569
commit 99e9226338
122 changed files with 5488 additions and 411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
services/backend/tests/ui/views/rpc/accounts/access_tokens/test_create.py
View File

@@ -3,7 +3,6 @@
from __future__ import annotations
import http
import uuid
from django.test import Client
from django.urls import reverse
@@ -15,34 +14,23 @@ from hotpocket_backend_testing.services.accounts import (
@pytest.fixture
def auth_key():
return str(uuid.uuid4())
@pytest.fixture
def call(rpc_call_factory, auth_key, safari_extension_meta):
def call(rpc_call_factory, auth_key_out, safari_extension_meta):
return rpc_call_factory(
'accounts.access_tokens.create',
[auth_key, safari_extension_meta],
[auth_key_out.key, safari_extension_meta],
)
@pytest.mark.django_db
def test_ok(authenticated_client: Client,
auth_key,
def test_ok(client: Client,
call,
safari_extension_origin,
account,
safari_extension_meta,
):
# Given
session = authenticated_client.session
session['extension_auth_key'] = auth_key
session.save()
# When
result = authenticated_client.post(
reverse('ui.rpc'),
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
@@ -63,17 +51,20 @@ def test_ok(authenticated_client: Client,
meta=safari_extension_meta,
)
assert 'extension_auth_key' not in authenticated_client.session
@pytest.mark.django_db
def test_auth_key_missing(authenticated_client: Client,
call,
safari_extension_origin,
):
def test_auth_key_not_found(null_uuid,
call,
client: Client,
safari_extension_origin,
):
# Given
call_auth_key = str(null_uuid)
call['params'][0] = call_auth_key
# When
result = authenticated_client.post(
reverse('ui.rpc'),
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
@@ -86,22 +77,87 @@ def test_auth_key_missing(authenticated_client: Client,
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Auth key missing'
assert call_result['error']['data'].startswith(
'Auth Key not found',
)
assert call_auth_key in call_result['error']['data']
@pytest.mark.django_db
def test_auth_key_mismatch(authenticated_client: Client,
def test_deleted_auth_key(deleted_auth_key_out,
call,
client: Client,
safari_extension_origin,
):
# Given
call_auth_key = deleted_auth_key_out.key
call['params'][0] = call_auth_key
# When
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': safari_extension_origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'].startswith(
'Auth Key not found',
)
assert call_auth_key in call_result['error']['data']
@pytest.mark.django_db
def test_expired_auth_key(expired_auth_key_out,
call,
client: Client,
safari_extension_origin,
):
# Given
call_auth_key = expired_auth_key_out.key
call['params'][0] = call_auth_key
# When
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': safari_extension_origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'].startswith(
'Auth Key expired',
)
assert call_auth_key in call_result['error']['data']
@pytest.mark.django_db
def test_consumed_auth_key(consumed_auth_key,
call,
client: Client,
safari_extension_origin,
):
# Given
session = authenticated_client.session
session['extension_auth_key'] = 'thisisntright'
session.save()
call_auth_key = consumed_auth_key.key
call['params'][0] = call_auth_key
# When
result = authenticated_client.post(
reverse('ui.rpc'),
result = client.post(
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
@@ -114,28 +170,35 @@ def test_auth_key_mismatch(authenticated_client: Client,
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Auth key mismatch'
@pytest.mark.django_db
def test_inactive_account(inactive_account_client: Client, call):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
data=call,
assert call_result['error']['data'].startswith(
'Auth Key already consumed',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert call_auth_key in call_result['error']['data']
@pytest.mark.django_db
def test_anonymous(client: Client, call):
def test_inactive_account(inactive_account_auth_key,
call,
client: Client,
safari_extension_origin,
inactive_account,
):
# Given
call['params'][0] = inactive_account_auth_key.key
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': safari_extension_origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert str(inactive_account.pk) in call_result['error']['data']

58
services/backend/tests/ui/views/rpc/accounts/auth/test_check.py
View File

@@ -23,7 +23,7 @@ def test_ok_session_auth(authenticated_client: Client,
):
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -42,12 +42,17 @@ def test_session_auth_inactive_account(inactive_account_client: Client,
):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
@@ -57,7 +62,7 @@ def test_ok_access_token_auth(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
@@ -80,15 +85,20 @@ def test_access_token_auth_not_bearer(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'thisisntright {access_token_out.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
@@ -98,15 +108,20 @@ def test_access_token_auth_invalid_access_token(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'Bearer {null_uuid}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
@@ -116,15 +131,20 @@ def test_access_token_auth_deleted_access_token(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'Bearer {deleted_access_token.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
@@ -134,24 +154,34 @@ def test_access_token_auth_inactive_account(client: Client,
):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'Bearer {inactive_account_access_token.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False
@pytest.mark.django_db
def test_anonymous(client: Client, call):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is False

28
services/backend/tests/ui/views/rpc/accounts/auth/test_check_access_token.py
View File

@@ -51,7 +51,7 @@ def test_ok(authenticated_client: Client,
):
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -94,7 +94,7 @@ def test_ok_with_partial_meta_update(meta_keys_to_pop,
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -122,7 +122,7 @@ def test_invalid_access_token(authenticated_client: Client,
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -145,7 +145,7 @@ def test_deleted_access_token(call_factory,
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -168,7 +168,7 @@ def test_other_account_access_token(call_factory,
# When
result = authenticated_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
@@ -185,21 +185,31 @@ def test_other_account_access_token(call_factory,
def test_inactive_account(inactive_account_client: Client, call):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Not authenticated'
@pytest.mark.django_db
def test_anonymous(client: Client, call):
# When
result = client.post(
reverse('ui.rpc'),
reverse('ui.accounts.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Not authenticated'

51
services/backend/tests/ui/views/rpc/saves/test_create.py
View File

@@ -110,12 +110,12 @@ def test_ok_netloc_banned(authenticated_client: Client,
@pytest.mark.django_db
def test_ok_resuse_save(save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
def test_ok_reuse_save(save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = save_out.url
@@ -148,13 +148,13 @@ def test_ok_resuse_save(save_out,
@pytest.mark.django_db
def test_ok_resuse_association(association_out,
save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
def test_ok_reuse_association(association_out,
save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = save_out.url
@@ -263,6 +263,31 @@ def test_empty_url(authenticated_client: Client,
assert call_result['error']['data']['url'] == ['blank']
@pytest.mark.django_db
def test_invalid_url(authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = 'thisisntright'
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data']['url'] == ['invalid']
@pytest.mark.django_db
def test_inactive_account(inactive_account_client: Client, call):
# When