BTHLABS-50: Safari Web Extension: Reloaded

Turns out, getting this thing out into the wild isn't as simple as I thought :D Co-authored-by: Tomek Wójcik <labs@tomekwojcik.pl> Co-committed-by: Tomek Wójcik <labs@tomekwojcik.pl>
2025-09-11 15:57:11 +00:00
parent 67138c7035
commit dcebccf947
15 changed files with 456 additions and 55 deletions
--- a/services/backend/tests/ui/views/rpc/accounts/auth/test_check_access_token.py
+++ b/services/backend/tests/ui/views/rpc/accounts/auth/test_check_access_token.py
@@ -0,0 +1,205 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import http
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+
+from hotpocket_backend_testing.services.accounts import (
+    AccessTokensTestingService,
+)
+
+
+@pytest.fixture
+def call_factory(request: pytest.FixtureRequest, rpc_call_factory):
+    default_access_token = request.getfixturevalue('access_token_out')
+    default_meta_update = request.getfixturevalue('safari_extension_meta')
+
+    def factory(access_token=None, meta_update=None):
+        return rpc_call_factory(
+            'accounts.auth.check_access_token',
+            [
+                (
+                    access_token.key
+                    if access_token is not None
+                    else default_access_token.key
+                ),
+                (
+                    meta_update
+                    if meta_update is not None
+                    else default_meta_update
+                ),
+            ],
+        )
+
+    return factory
+
+
+@pytest.fixture
+def call(call_factory):
+    return call_factory()
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client,
+            call,
+            access_token_out,
+            safari_extension_meta,
+            ):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.rpc'),
+        data=call,
+        content_type='application/json',
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    call_result = result.json()
+    assert 'error' not in call_result
+    assert call_result['result'] is True
+
+    AccessTokensTestingService().assert_meta_updated(
+        pk=access_token_out.pk,
+        meta_update=safari_extension_meta,
+        reference=access_token_out,
+    )
+
+
+@pytest.mark.parametrize(
+    'meta_keys_to_pop',
+    [
+        ('platform',),
+        ('version',),
+        ('platform', 'version'),
+    ],
+)
+@pytest.mark.django_db
+def test_ok_with_partial_meta_update(meta_keys_to_pop,
+                                     safari_extension_meta,
+                                     authenticated_client: Client,
+                                     call_factory,
+                                     access_token_out,
+                                     ):
+    # Given
+    meta_update = {**safari_extension_meta}
+    for meta_key_to_pop in meta_keys_to_pop:
+        meta_update.pop(meta_key_to_pop)
+
+    call = call_factory(meta_update=meta_update)
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.rpc'),
+        data=call,
+        content_type='application/json',
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    call_result = result.json()
+    assert 'error' not in call_result
+    assert call_result['result'] is True
+
+    AccessTokensTestingService().assert_meta_updated(
+        pk=access_token_out.pk,
+        meta_update=meta_update,
+        reference=access_token_out,
+    )
+
+
+@pytest.mark.django_db
+def test_invalid_access_token(authenticated_client: Client,
+                              call,
+                              ):
+    # Given
+    call['params'][0] = 'thisisntright'
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.rpc'),
+        data=call,
+        content_type='application/json',
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    call_result = result.json()
+    assert 'error' not in call_result
+    assert call_result['result'] is False
+
+
+@pytest.mark.django_db
+def test_deleted_access_token(call_factory,
+                              deleted_access_token_out,
+                              authenticated_client: Client,
+                              ):
+    # Given
+    call = call_factory(access_token=deleted_access_token_out)
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.rpc'),
+        data=call,
+        content_type='application/json',
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    call_result = result.json()
+    assert 'error' not in call_result
+    assert call_result['result'] is False
+
+
+@pytest.mark.django_db
+def test_other_account_access_token(call_factory,
+                                    other_account_access_token_out,
+                                    authenticated_client: Client,
+                                    ):
+    # Given
+    call = call_factory(access_token=other_account_access_token_out)
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.rpc'),
+        data=call,
+        content_type='application/json',
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+
+    call_result = result.json()
+    assert 'error' not in call_result
+    assert call_result['result'] is False
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client, call):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.rpc'),
+        data=call,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client, call):
+    # When
+    result = client.post(
+        reverse('ui.rpc'),
+        data=call,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN