From a7437563fccb03a53c88bf26fab20f905ccde6a0 Mon Sep 17 00:00:00 2001 From: Chris Gorgolewski Date: Thu, 25 May 2017 17:22:34 -0700 Subject: [PATCH 1/7] added token auth with tests --- dockereve-master/eve-app/app.py | 9 ++++++++- dockereve-master/eve-app/settings.py | 2 ++ test/testGetPost.py | 22 +++++++++++++--------- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/dockereve-master/eve-app/app.py b/dockereve-master/eve-app/app.py index 2d01536..f3daf15 100644 --- a/dockereve-master/eve-app/app.py +++ b/dockereve-master/eve-app/app.py @@ -3,8 +3,15 @@ import os script_dir = os.path.dirname(os.path.abspath(__file__)) +from eve import Eve +from eve.auth import TokenAuth +from flask import current_app as app + +class TokenAuth(TokenAuth): + def check_auth(self, token, allowed_roles, resource, method): + return token == '' -app = Eve(settings=ms) +app = Eve(settings=ms, auth=TokenAuth) if __name__ == '__main__': app.run(host='0.0.0.0') diff --git a/dockereve-master/eve-app/settings.py b/dockereve-master/eve-app/settings.py index 0d251d1..e5ac00f 100644 --- a/dockereve-master/eve-app/settings.py +++ b/dockereve-master/eve-app/settings.py @@ -6,6 +6,8 @@ 'MONGO_HOST': get_mongo_host.group(1), 'MONGO_PORT': get_mongo_host.group(2), 'MONGO_DBNAME': 'scenarios', + 'PUBLIC_METHODS': ['GET'], + 'PUBLIC_ITEM_METHODS': ['GET'], 'X_DOMAINS': '*', 'DOMAIN': { 'bold': { diff --git a/test/testGetPost.py b/test/testGetPost.py index d0830fd..2d25582 100644 --- a/test/testGetPost.py +++ b/test/testGetPost.py @@ -23,6 +23,7 @@ def getRequest(postResponse, url): ###### MAIN ###### header = {'content-type': 'application/json', 'Accept-Charset': 'UTF-8'} +authenticated_header = {**header, **{'Authorization': ''}} numOfTestData = 84 urlBold = "http://localhost:80/bold" urlT1w = "http://localhost:80/T1w" @@ -38,7 +39,9 @@ def test_00_GETAllData(self): inputCount += 1 inputData = json.load(fp) # POST request - postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = authenticated_header) + self.assertTrue( postResponse.raise_for_status() == None ) + # GET request # print requests.get(urlT1w) getResponse = requests.get(urlT1w).json() @@ -54,7 +57,7 @@ def test_01_ConnectionStatus(self): inputData = json.load(fp) # print inputData # POST request - postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = authenticated_header) self.assertTrue( postResponse.raise_for_status() == None ) # GET request getResponse = requests.get( getURL(postResponse, urlBold) ) @@ -67,7 +70,7 @@ def test_02_MissingFieldInput(self): with open(fileName) as fp: inputData = json.load(fp) # POST request - postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = authenticated_header) # print postResponse.status_code self.assertTrue( postResponse.status_code == codeForInvalid ) @@ -80,7 +83,7 @@ def test_03_ConnectionStatus(self): inputData = json.load(fp) # print inputData # POST request - postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = authenticated_header) self.assertTrue( postResponse.raise_for_status() == None ) # GET request getResponse = requests.get( getURL(postResponse, urlT1w) ) @@ -93,7 +96,7 @@ def test_04_MissingFieldInput(self): with open(fileName) as fp: inputData = json.load(fp) # POST request - postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = authenticated_header) # print postResponse.status_code self.assertTrue( postResponse.status_code == codeForInvalid ) @@ -105,7 +108,7 @@ def test_05_boldDataToT1wEndPoint(self): with open(fileName) as fp: inputData = json.load(fp) # POST request - postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = authenticated_header) self.assertTrue( postResponse.status_code == codeForInvalid ) def test_06_T1wDataToBoldEndPoint(self): @@ -115,7 +118,7 @@ def test_06_T1wDataToBoldEndPoint(self): with open(fileName) as fp: inputData = json.load(fp) # POST request - postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = authenticated_header) self.assertTrue( postResponse.status_code == codeForInvalid ) def test_07_T1wDataValid(self): @@ -124,7 +127,7 @@ def test_07_T1wDataValid(self): with open(fileName) as fp: inputData = json.load(fp) # 2. POST request - postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlT1w, data = json.dumps(inputData), headers = authenticated_header) # 3. GET request queriedData = getRequest(postResponse, urlT1w) @@ -142,7 +145,8 @@ def test_08_boldDataValid(self): with open(fileName) as fp: inputData = json.load(fp) # 2. POST request - postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = header) + postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = authenticated_header) + self.assertTrue( postResponse.raise_for_status() == None ) # 3. GET request queriedData = getRequest(postResponse, urlBold) From db9211cb037ff41fe794ba1a87222527c21264b6 Mon Sep 17 00:00:00 2001 From: Chris Gorgolewski Date: Thu, 25 May 2017 17:27:13 -0700 Subject: [PATCH 2/7] added a new test --- test/testGetPost.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/testGetPost.py b/test/testGetPost.py index 2d25582..2a55159 100644 --- a/test/testGetPost.py +++ b/test/testGetPost.py @@ -156,6 +156,12 @@ def test_08_boldDataValid(self): self.assertTrue(key in queriedData) # check key-value pair match self.assertTrue( inputData[key] == queriedData[key] ) + + def test_09_failedAuth(self): + with open(glob(boldPattern)[0]) as fp: + inputData = json.load(fp) + postResponse = requests.post(urlBold, data = json.dumps(inputData), headers = header) + self.assertTrue( postResponse.status_code == 401 ) # **************** From 87a8c22bf9ad714361810098f290914bd6a1ee22 Mon Sep 17 00:00:00 2001 From: Chris Gorgolewski Date: Thu, 25 May 2017 18:05:35 -0700 Subject: [PATCH 3/7] old python compatible --- test/testGetPost.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/testGetPost.py b/test/testGetPost.py index 2a55159..b307584 100644 --- a/test/testGetPost.py +++ b/test/testGetPost.py @@ -23,7 +23,8 @@ def getRequest(postResponse, url): ###### MAIN ###### header = {'content-type': 'application/json', 'Accept-Charset': 'UTF-8'} -authenticated_header = {**header, **{'Authorization': ''}} +authenticated_header = header.copy() +header['Authorization'] = '' numOfTestData = 84 urlBold = "http://localhost:80/bold" urlT1w = "http://localhost:80/T1w" From 122d4e097b6eb383a28bce97cf86d71595e4f824 Mon Sep 17 00:00:00 2001 From: Chris Gorgolewski Date: Thu, 25 May 2017 18:12:18 -0700 Subject: [PATCH 4/7] test fix --- test/testGetPost.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/testGetPost.py b/test/testGetPost.py index b307584..f89aca2 100644 --- a/test/testGetPost.py +++ b/test/testGetPost.py @@ -24,7 +24,7 @@ def getRequest(postResponse, url): ###### MAIN ###### header = {'content-type': 'application/json', 'Accept-Charset': 'UTF-8'} authenticated_header = header.copy() -header['Authorization'] = '' +authenticated_header['Authorization'] = '' numOfTestData = 84 urlBold = "http://localhost:80/bold" urlT1w = "http://localhost:80/T1w" From 8c692305ba8a780a6e3cb42cba2a6b2358bf927b Mon Sep 17 00:00:00 2001 From: Chris Gorgolewski Date: Wed, 31 May 2017 18:05:27 -0700 Subject: [PATCH 5/7] fixes --- test/testGetPost.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/testGetPost.py b/test/testGetPost.py index 393c411..51f4edf 100644 --- a/test/testGetPost.py +++ b/test/testGetPost.py @@ -52,12 +52,12 @@ def test_00_GETAllData(self): headers=authenticated_header) self.assertTrue(postResponse.raise_for_status() == None) - # GET request - # print requests.get(urlT1w) - get_resp = requests.get(urlT1w).json() - log.debug("total: %d (input_count=%d)", get_resp['_meta']['total'], - input_count) - self.assertTrue(input_count == get_resp['_meta']['total']) + # GET request + # print requests.get(urlT1w) + get_resp = requests.get(urlT1w).json() + log.debug("total: %d (input_count=%d)", get_resp['_meta']['total'], + input_count) + self.assertTrue(input_count == get_resp['_meta']['total']) ########## Testing Bold ############ From 8e64b8e60b85ea642de275b6db9ed122b78a6a3c Mon Sep 17 00:00:00 2001 From: Chris Gorgolewski Date: Wed, 31 May 2017 18:11:02 -0700 Subject: [PATCH 6/7] fixes --- test/testGetPost.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/test/testGetPost.py b/test/testGetPost.py index 51f4edf..8758e39 100644 --- a/test/testGetPost.py +++ b/test/testGetPost.py @@ -184,11 +184,12 @@ def test_08_boldDataValid(self): for file_name in glob(boldPattern): with open(file_name) as fp: input_data = json.load(fp) - # 2. POST request - post_resp = requests.post( - urlBold, data=json.dumps(input_data), - headers=authenticated_header) - self.assertTrue(post_resp.raise_for_status() == None) + + # 2. POST request + post_resp = requests.post( + urlBold, data=json.dumps(input_data), + headers=authenticated_header) + self.assertTrue(post_resp.raise_for_status() == None) # 3. GET request queried_data = getRequest(post_resp, urlBold) From f9d554af09b49c4b83ac90bd5c8375fa2aeb651e Mon Sep 17 00:00:00 2001 From: Chris Gorgolewski Date: Wed, 31 May 2017 18:30:43 -0700 Subject: [PATCH 7/7] fixes --- dockereve-master/eve-app/settings.py | 2 +- test/testGetPost.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dockereve-master/eve-app/settings.py b/dockereve-master/eve-app/settings.py index e9f6fc7..d738b79 100644 --- a/dockereve-master/eve-app/settings.py +++ b/dockereve-master/eve-app/settings.py @@ -554,7 +554,7 @@ 'MONGO_HOST': get_mongo_host.group(1), 'MONGO_PORT': get_mongo_host.group(2), 'MONGO_DBNAME': 'scenarios', - 'PUBLIC_METHODS': ['GET'], + 'PUBLIC_METHODS': ['GET'], 'PUBLIC_ITEM_METHODS': ['GET'], 'X_DOMAINS': '*', 'DOMAIN': { diff --git a/test/testGetPost.py b/test/testGetPost.py index 8758e39..e602dfa 100644 --- a/test/testGetPost.py +++ b/test/testGetPost.py @@ -50,7 +50,7 @@ def test_00_GETAllData(self): input_count += 1 # POST request postResponse = requests.post(urlT1w, data=json.dumps(inputData), headers=authenticated_header) - self.assertTrue(postResponse.raise_for_status() == None) + self.assertTrue(postResponse.raise_for_status() is None) # GET request # print requests.get(urlT1w) @@ -184,12 +184,12 @@ def test_08_boldDataValid(self): for file_name in glob(boldPattern): with open(file_name) as fp: input_data = json.load(fp) - + # 2. POST request post_resp = requests.post( urlBold, data=json.dumps(input_data), headers=authenticated_header) - self.assertTrue(post_resp.raise_for_status() == None) + self.assertTrue(post_resp.raise_for_status() is None) # 3. GET request queried_data = getRequest(post_resp, urlBold)