110 lines
5.5 KiB
Python
110 lines
5.5 KiB
Python
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
|
||
|
|
import datetime
|
||
|
|
|
||
|
|
from odoo.tests import tagged
|
||
|
|
from odoo.tests.common import new_test_user
|
||
|
|
from odoo.tools import mute_logger
|
||
|
|
|
||
|
|
from .test_common import TestHttpBase
|
||
|
|
from .test_webjson import CSRF_USER_HEADERS
|
||
|
|
|
||
|
|
|
||
|
|
@tagged('post_install', '-at_install')
|
||
|
|
class TestHttpGreeting(TestHttpBase):
|
||
|
|
|
||
|
|
def test_greeting0_matrix(self):
|
||
|
|
new_test_user(self.env, 'jackoneill', context={'lang': 'en_US'})
|
||
|
|
test_matrix = [
|
||
|
|
# path, database, login, expected_code, expected_pattern
|
||
|
|
('/test_http/greeting', False, None, 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting', True, None, 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting', True, 'public', 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting', True, 'jackoneill', 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-none', False, None, 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-none', True, None, 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-none', True, 'public', 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-none', True, 'jackoneill', 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-public', False, None, 404, r"Not Found"),
|
||
|
|
('/test_http/greeting-public', True, None, 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-public', True, 'public', 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-public', True, 'jackoneill', 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-user', False, None, 404, r"Not Found"),
|
||
|
|
('/test_http/greeting-user', True, None, 303, r".*/web/login.*"),
|
||
|
|
('/test_http/greeting-user', True, 'public', 303, r".*/web/login.*"),
|
||
|
|
('/test_http/greeting-user', True, 'jackoneill', 200, r"Tek'ma'te"),
|
||
|
|
('/test_http/greeting-bearer', False, None, 404, r"Not Found"),
|
||
|
|
('/test_http/greeting-bearer', True, None, 401, r".*Unauthorized.*"),
|
||
|
|
('/test_http/greeting-bearer', True, 'public', 401, r".*Unauthorized.*"),
|
||
|
|
('/test_http/greeting-bearer', True, 'jackoneill', 200, r"Tek'ma'te"),
|
||
|
|
]
|
||
|
|
|
||
|
|
for path, withdb, login, expected_code, expected_pattern in test_matrix:
|
||
|
|
with self.subTest(path=path, withdb=withdb, login=login):
|
||
|
|
if withdb:
|
||
|
|
if login == 'public':
|
||
|
|
self.authenticate(None, None)
|
||
|
|
elif login:
|
||
|
|
self.authenticate(login, login)
|
||
|
|
res = self.db_url_open(path, allow_redirects=False, headers=CSRF_USER_HEADERS)
|
||
|
|
else:
|
||
|
|
res = self.nodb_url_open(path, allow_redirects=False)
|
||
|
|
|
||
|
|
self.assertEqual(res.status_code, expected_code)
|
||
|
|
self.assertRegex(res.text, expected_pattern)
|
||
|
|
|
||
|
|
if withdb and login:
|
||
|
|
self.logout(keep_db=False)
|
||
|
|
|
||
|
|
# create job with an apikey
|
||
|
|
joe = new_test_user(self.env, 'joe', context={'lang': 'en_US'})
|
||
|
|
joe = joe.with_user(joe)
|
||
|
|
key_expiration = datetime.datetime.now() + datetime.timedelta(days=0.5)
|
||
|
|
key = joe.env['res.users.apikeys']._generate('rpc', 'test', key_expiration)
|
||
|
|
for path, authorization, expected_code, expected_pattern in [
|
||
|
|
('/test_http/greeting-bearer', None, 401, r".*Unauthorized.*"),
|
||
|
|
('/test_http/greeting-bearer', 'invalid', 401, r".*Unauthorized.*"),
|
||
|
|
('/test_http/greeting-bearer', "Bearer invalidkey2345", 401, r".Unauthorized"),
|
||
|
|
('/test_http/greeting-bearer', f"Bearer {key}", 200, r"Tek'ma'te.*=joe"),
|
||
|
|
('/test_http/greeting-user', f"Bearer {key}", 303, r".*/web/login.*"),
|
||
|
|
]:
|
||
|
|
with self.subTest(path=path, authorization=authorization):
|
||
|
|
headers = {"Authorization": authorization} if authorization else None
|
||
|
|
res = self.db_url_open(path, headers=headers, allow_redirects=False)
|
||
|
|
|
||
|
|
self.assertRegex(res.text, expected_pattern)
|
||
|
|
self.assertEqual(res.status_code, expected_code)
|
||
|
|
self.logout()
|
||
|
|
|
||
|
|
with self.subTest("jackoneill with joe's token"):
|
||
|
|
self.authenticate("jackoneill", "jackoneill")
|
||
|
|
with mute_logger('odoo.http'):
|
||
|
|
res = self.db_url_open(
|
||
|
|
'/test_http/greeting-bearer',
|
||
|
|
headers={"Authorization": f"Bearer {key}"},
|
||
|
|
)
|
||
|
|
self.assertEqual(res.status_code, 403)
|
||
|
|
self.assertRegex(res.text, r".*does not match the used apikey")
|
||
|
|
self.logout(keep_db=False)
|
||
|
|
|
||
|
|
with self.subTest("joe with no Sec- headers"):
|
||
|
|
self.authenticate("jackoneill", "jackoneill")
|
||
|
|
with mute_logger('odoo.http'):
|
||
|
|
res = self.db_url_open('/test_http/greeting-bearer')
|
||
|
|
self.assertEqual(res.status_code, 403)
|
||
|
|
self.assertRegex(res.text, r".*Authorization.*headers")
|
||
|
|
self.logout(keep_db=False)
|
||
|
|
|
||
|
|
def test_greeting1_headers_nodb(self):
|
||
|
|
res = self.nodb_url_open('/test_http/greeting')
|
||
|
|
self.assertEqual(res.status_code, 200)
|
||
|
|
self.assertEqual(res.headers.get('Content-Type'), 'text/html; charset=utf-8')
|
||
|
|
self.assertEqual(res.text, "Tek'ma'te")
|
||
|
|
|
||
|
|
def test_greeting2_headers_db(self):
|
||
|
|
new_test_user(self.env, 'jackoneill', context={'lang': 'en_US'})
|
||
|
|
self.authenticate('jackoneill', 'jackoneill')
|
||
|
|
res = self.db_url_open('/test_http/greeting')
|
||
|
|
self.assertEqual(res.status_code, 200)
|
||
|
|
self.assertEqual(res.headers.get('Content-Type'), 'text/html; charset=utf-8')
|
||
|
|
self.assertEqual(res.text, "Tek'ma'te")
|