tests/security/api_tests.py - superset - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # isort:skip_file
 # pylint: disable=too-many-public-methods, no-self-use, invalid-name, too-many-arguments
 """Unit tests for Superset"""
 import json

 from tests.base_tests import SupersetTestCase
 from flask_wtf.csrf import generate_csrf


 class TestSecurityApi(SupersetTestCase):
     resource_name = "security"

     def _assert_get_csrf_token(self):
         uri = f"api/v1/{self.resource_name}/csrf_token/"
         response = self.client.get(uri)
         assert response.status_code == 200
         data = json.loads(response.data.decode("utf-8"))
         assert data["result"] == generate_csrf()

     def test_get_csrf_token(self):
         """
         Security API: Test get CSRF token
         """
         self.login(username="admin")
         self._assert_get_csrf_token()

     def test_get_csrf_token_gamma(self):
         """
         Security API: Test get CSRF token by gamma
         """
         self.login(username="gamma")
         self._assert_get_csrf_token()

     def test_get_csrf_unauthorized(self):
         """
         Security API: Test get CSRF no login
         """
         self.logout()
         uri = f"api/v1/{self.resource_name}/csrf_token/"
         response = self.client.get(uri)
         self.assertEqual(response.status_code, 401)
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	# isort:skip_file
	# pylint: disable=too-many-public-methods, no-self-use, invalid-name, too-many-arguments
	"""Unit tests for Superset"""
	import json

	from tests.base_tests import SupersetTestCase
	from flask_wtf.csrf import generate_csrf


	class TestSecurityApi(SupersetTestCase):
	resource_name = "security"

	def _assert_get_csrf_token(self):
	uri = f"api/v1/{self.resource_name}/csrf_token/"
	response = self.client.get(uri)
	assert response.status_code == 200
	data = json.loads(response.data.decode("utf-8"))
	assert data["result"] == generate_csrf()

	def test_get_csrf_token(self):
	"""
	Security API: Test get CSRF token
	"""
	self.login(username="admin")
	self._assert_get_csrf_token()

	def test_get_csrf_token_gamma(self):
	"""
	Security API: Test get CSRF token by gamma
	"""
	self.login(username="gamma")
	self._assert_get_csrf_token()

	def test_get_csrf_unauthorized(self):
	"""
	Security API: Test get CSRF no login
	"""
	self.logout()
	uri = f"api/v1/{self.resource_name}/csrf_token/"
	response = self.client.get(uri)
	self.assertEqual(response.status_code, 401)