tomekwojcik/hotpocket
1
0
Fork 0
Code Actions Releases 16 Wiki Activity

BTHLABS-50: Safari Web extension

Browse Source 
Co-authored-by: Tomek Wójcik <labs@tomekwojcik.pl>
Co-committed-by: Tomek Wójcik <labs@tomekwojcik.pl>
This commit is contained in:
Tomek Wójcik
2025-09-08 18:11:36 +00:00
committed by Tomek Wójcik
parent ffecf780ee
commit b6d02dbe78
184 changed files with 7536 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
services/backend/tests/ui/views/rpc/__init__.py Normal file
View File

0
services/backend/tests/ui/views/rpc/accounts/__init__.py Normal file
View File

0
services/backend/tests/ui/views/rpc/accounts/access_tokens/__init__.py Normal file
View File

154
services/backend/tests/ui/views/rpc/accounts/access_tokens/test_create.py Normal file
View File

@@ -0,0 +1,154 @@
# -*- coding: utf-8 -*-
# type: ignore
from __future__ import annotations
import http
import uuid
from django.test import Client
from django.urls import reverse
import pytest
from hotpocket_backend_testing.services.accounts import (
AccessTokensTestingService,
)
@pytest.fixture
def origin():
return f'safari-web-extension://{uuid.uuid4()}'
@pytest.fixture
def auth_key():
return str(uuid.uuid4())
@pytest.fixture
def meta():
return {
'platform': 'MacIntel',
'version': '1987.10.03',
}
@pytest.fixture
def call(rpc_call_factory, auth_key, meta):
return rpc_call_factory(
'accounts.access_tokens.create',
[auth_key, meta],
)
@pytest.mark.django_db
def test_ok(authenticated_client: Client,
auth_key,
call,
origin,
account,
meta,
):
# Given
session = authenticated_client.session
session['extension_auth_key'] = auth_key
session.save()
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
AccessTokensTestingService().assert_created(
key=call_result['result'],
account_uuid=account.pk,
origin=origin,
meta=meta,
)
assert 'extension_auth_key' not in authenticated_client.session
@pytest.mark.django_db
def test_auth_key_missing(authenticated_client: Client,
call,
origin,
):
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Auth key missing'
@pytest.mark.django_db
def test_auth_key_mismatch(authenticated_client: Client,
call,
origin,
):
# Given
session = authenticated_client.session
session['extension_auth_key'] = 'thisisntright'
session.save()
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
headers={
'Origin': origin,
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data'] == 'Auth key mismatch'
@pytest.mark.django_db
def test_inactive_account(inactive_account_client: Client, call):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
data=call,
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
@pytest.mark.django_db
def test_anonymous(client: Client, call):
# When
result = client.post(
reverse('ui.rpc'),
data=call,
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN

0
services/backend/tests/ui/views/rpc/accounts/auth/__init__.py Normal file
View File

157
services/backend/tests/ui/views/rpc/accounts/auth/test_check.py Normal file
View File

@@ -0,0 +1,157 @@
# -*- coding: utf-8 -*-
# type: ignore
from __future__ import annotations
import http
from django.test import Client
from django.urls import reverse
import pytest
@pytest.fixture
def call(rpc_call_factory):
return rpc_call_factory(
'accounts.auth.check',
[],
)
@pytest.mark.django_db
def test_ok_session_auth(authenticated_client: Client,
call,
):
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is True
@pytest.mark.django_db
def test_session_auth_inactive_account(inactive_account_client: Client,
call,
):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
data=call,
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
@pytest.mark.django_db
def test_ok_access_token_auth(client: Client,
call,
access_token_out,
):
# When
result = client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
headers={
'Authorization': f'Bearer {access_token_out.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
assert call_result['result'] is True
@pytest.mark.django_db
def test_access_token_auth_not_bearer(client: Client,
call,
access_token_out,
):
# When
result = client.post(
reverse('ui.rpc'),
data=call,
headers={
'Authorization': f'thisisntright {access_token_out.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
@pytest.mark.django_db
def test_access_token_auth_invalid_access_token(client: Client,
call,
null_uuid,
):
# When
result = client.post(
reverse('ui.rpc'),
data=call,
headers={
'Authorization': f'Bearer {null_uuid}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
@pytest.mark.django_db
def test_access_token_auth_deleted_access_token(client: Client,
call,
deleted_access_token,
):
# When
result = client.post(
reverse('ui.rpc'),
data=call,
headers={
'Authorization': f'Bearer {deleted_access_token.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
@pytest.mark.django_db
def test_access_token_auth_inactive_account(client: Client,
call,
inactive_account_access_token,
):
# When
result = client.post(
reverse('ui.rpc'),
data=call,
headers={
'Authorization': f'Bearer {inactive_account_access_token.key}',
},
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
@pytest.mark.django_db
def test_anonymous(client: Client, call):
# When
result = client.post(
reverse('ui.rpc'),
data=call,
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN

0
services/backend/tests/ui/views/rpc/saves/__init__.py Normal file
View File

287
services/backend/tests/ui/views/rpc/saves/test_create.py Normal file
View File

@@ -0,0 +1,287 @@
# -*- coding: utf-8 -*-
# type: ignore
from __future__ import annotations
import http
from unittest import mock
import uuid
from django.test import Client
from django.urls import reverse
import pytest
import pytest_mock
from hotpocket_backend_testing.services.saves import (
AssociationsTestingService,
SaveProcessorTestingService,
SavesTestingService,
)
@pytest.fixture
def mock_saves_process_save_task_apply_async(mocker: pytest_mock.MockerFixture,
async_result,
) -> mock.Mock:
return SaveProcessorTestingService().mock_process_save_task_apply_async(
mocker=mocker, async_result=async_result,
)
@pytest.fixture
def call(rpc_call_factory):
return rpc_call_factory(
'saves.create',
['https://www.ziomek.dog/'],
)
@pytest.mark.django_db
def test_ok(authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
save_pk = uuid.UUID(call_result['result']['target_uuid'])
association_pk = uuid.UUID(call_result['result']['id'])
AssociationsTestingService().assert_created(
pk=association_pk,
account_uuid=account.pk,
target_uuid=save_pk,
)
SavesTestingService().assert_created(
pk=save_pk,
account_uuid=account.pk,
url=call['params'][0],
is_netloc_banned=False,
)
mock_saves_process_save_task_apply_async.assert_called_once_with(
kwargs={
'pk': save_pk,
},
)
@pytest.mark.django_db
def test_ok_netloc_banned(authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = 'https://youtube.com/'
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
save_pk = uuid.UUID(call_result['result']['target_uuid'])
SavesTestingService().assert_created(
pk=save_pk,
account_uuid=account.pk,
url=call['params'][0],
is_netloc_banned=True,
)
@pytest.mark.django_db
def test_ok_resuse_save(save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = save_out.url
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
save_pk = uuid.UUID(call_result['result']['target_uuid'])
association_pk = uuid.UUID(call_result['result']['id'])
AssociationsTestingService().assert_created(
pk=association_pk,
account_uuid=account.pk,
target_uuid=save_pk,
)
SavesTestingService().assert_reused(
pk=save_pk,
reference=save_out,
)
@pytest.mark.django_db
def test_ok_resuse_association(association_out,
save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = save_out.url
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
association_pk = uuid.UUID(call_result['result']['id'])
AssociationsTestingService().assert_reused(
pk=association_pk,
reference=association_out,
)
@pytest.mark.django_db
def test_ok_reuse_other_account_save(other_account_save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = other_account_save_out.url
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' not in call_result
save_pk = uuid.UUID(call_result['result']['target_uuid'])
association_pk = uuid.UUID(call_result['result']['id'])
AssociationsTestingService().assert_created(
pk=association_pk,
account_uuid=account.pk,
target_uuid=save_pk,
)
SavesTestingService().assert_reused(
pk=save_pk,
reference=other_account_save_out,
)
@pytest.mark.django_db
def test_ok_dont_process_reused_processed_save(processed_save_out,
authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = processed_save_out.url
# When
_ = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
mock_saves_process_save_task_apply_async.assert_not_called()
@pytest.mark.django_db
def test_empty_url(authenticated_client: Client,
call,
account,
mock_saves_process_save_task_apply_async: mock.Mock,
):
# Given
call['params'][0] = ''
# When
result = authenticated_client.post(
reverse('ui.rpc'),
data=call,
content_type='application/json',
)
# Then
assert result.status_code == http.HTTPStatus.OK
call_result = result.json()
assert 'error' in call_result
assert call_result['error']['data']['url'] == ['blank']
@pytest.mark.django_db
def test_inactive_account(inactive_account_client: Client, call):
# When
result = inactive_account_client.post(
reverse('ui.rpc'),
data=call,
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN
@pytest.mark.django_db
def test_anonymous(client: Client, call):
# When
result = client.post(
reverse('ui.rpc'),
data=call,
)
# Then
assert result.status_code == http.HTTPStatus.FORBIDDEN