introduces Sheet models and auth flow

2026-06-11 21:18:35 +03:00 · 2024-11-05 10:33:44 +00:00
parent f1525ef85a
commit 59c1be597c
13 changed files with 493 additions and 74 deletions
--- a/src/tests/endpoints/test_default.py
+++ b/src/tests/endpoints/test_default.py
@@ -101,10 +101,16 @@ def test_favicon(client_with_auth):
    assert r.headers["content-type"] == "image/vnd.microsoft.icon"


+def test_endpoint_test_prometheus_no_auth(client, test_no_auth):
+    test_no_auth(client.get, "/metrics")
+
+def test_endpoint_test_prometheus_no_user_auth(client_with_auth, test_no_auth):
+    test_no_auth(client_with_auth.get, "/metrics")
+
@pytest.mark.asyncio
-async def test_prometheus_metrics(test_data, client_with_auth, get_settings):
+async def test_prometheus_metrics(test_data, client_with_token, get_settings):
    # before metrics calculation
-    r = client_with_auth.get("/metrics")
+    r = client_with_token.get("/metrics")
    assert r.status_code == 200
    assert r.headers["content-type"] == "text/plain; version=0.0.4; charset=utf-8"
    assert "disk_utilization" in r.text
@@ -116,7 +122,7 @@ async def test_prometheus_metrics(test_data, client_with_auth, get_settings):
    # after metrics calculation
    from utils.metrics import measure_regular_metrics
    await measure_regular_metrics(get_settings.DATABASE_PATH, 60 * 60 * 24 * 31 * 12 * 100)
-    r2 = client_with_auth.get("/metrics")
+    r2 = client_with_token.get("/metrics")
    assert 'disk_utilization{type="used"}' in r2.text
    assert 'disk_utilization{type="free"}' in r2.text
    assert 'disk_utilization{type="database"}' in r2.text
@@ -130,7 +136,7 @@ async def test_prometheus_metrics(test_data, client_with_auth, get_settings):
    # 30s window, should not change the gauges nor the total in the counters
    from utils.metrics import measure_regular_metrics
    await measure_regular_metrics(get_settings.DATABASE_PATH, 30)
-    r3 = client_with_auth.get("/metrics")
+    r3 = client_with_token.get("/metrics")
    assert 'database_metrics{query="count_archives"} 100.0' in r3.text
    assert 'database_metrics{query="count_archive_urls"} 1000.0' in r3.text
    assert 'database_metrics{query="count_users"} 4.0' in r3.text
--- a/src/tests/endpoints/test_interopreability.py
+++ b/src/tests/endpoints/test_interopreability.py
@@ -5,15 +5,19 @@ def test_submit_manual_archive_unauthenticated(client, test_no_auth):
    test_no_auth(client.post, "/interop/submit-archive")


-def test_submit_manual_archive(client_with_auth):
+def test_submit_manual_archive_not_user_auth(client_with_auth, test_no_auth):
+    test_no_auth(client_with_auth.post, "/interop/submit-archive")
+
+
+def test_submit_manual_archive(client_with_token):
    aa_metadata = json.dumps({"status": "test: success", "metadata": {"url": "http://example.com"}, "media": []})

-    r = client_with_auth.post("/interop/submit-archive", json={"result": aa_metadata, "public": False, "author_id": "jerry@gmail.com", "group_id": None, "tags": ["test"]})
+    r = client_with_token.post("/interop/submit-archive", json={"result": aa_metadata, "public": False, "author_id": "jerry@gmail.com", "group_id": None, "tags": ["test"]})
    assert r.status_code == 201
    assert "id" in r.json()

    # cannot have the same URL twice
    aa_metadata = json.dumps({"status": "test: success", "metadata": {"url": "http://example.com"}, "media": [{"filename": "fn1", "urls": ["http://example.com", "http://example.com"]}]})
-    r = client_with_auth.post("/interop/submit-archive", json={"result": aa_metadata, "public": False, "author_id": "jerry@gmail.com", "group_id": None, "tags": ["test"]})
+    r = client_with_token.post("/interop/submit-archive", json={"result": aa_metadata, "public": False, "author_id": "jerry@gmail.com", "group_id": None, "tags": ["test"]})
    assert r.status_code == 422
    assert r.json() == {"detail": "Cannot insert into DB due to integrity error"}
--- a/src/tests/endpoints/test_sheet.py
+++ b/src/tests/endpoints/test_sheet.py
@@ -1,46 +1,210 @@
+from datetime import datetime
 import json
 from unittest.mock import patch

+from fastapi.testclient import TestClient
+
 from db.schemas import TaskResult


-def test_sheet_no_auth(client, test_no_auth):
+def test_endpoints_no_auth(client, test_no_auth):
+    test_no_auth(client.post, "/sheet/create")
+    test_no_auth(client.get, "/sheet/mine")
+    test_no_auth(client.delete, "/sheet/123-sheet-id")
+    test_no_auth(client.post, "/sheet/123-sheet-id/archive")
    test_no_auth(client.post, "/sheet/archive")


-@patch("worker.main.create_sheet_task.delay", return_value=TaskResult(id="123-456-789", status="PENDING", result=""))
-def test_sheet_rick(m1, client_with_auth):
+def test_create_sheet_endpoint(app_with_auth):
+    client_with_auth = TestClient(app_with_auth)
+    good_data = {
+        "id": "123-sheet-id",
+        "name": "Test Sheet",
+        "group_id": "spaceship",
+        "frequency": "daily"
+    }

-    response = client_with_auth.post("/sheet/archive", json={"sheet_id": "123-sheet-id"})
+    # with good data
+    response = client_with_auth.post("/sheet/create", json=good_data)
    assert response.status_code == 201
-    assert response.json() == {'id': '123-456-789'}
+    j = response.json()
+    assert datetime.fromisoformat(j.pop("created_at"))
+    assert datetime.fromisoformat(j.pop("last_archived_at"))
+    assert j.pop("stats") == {}
+    assert j.pop("author_id") == 'morty@example.com'
+    assert j == good_data

-    m1.assert_called_once()
-    called_val = m1.call_args.args[0]
-    assert json.loads(called_val) == {"sheet_id": "123-sheet-id", "sheet_name": None, "public": False, "author_id": "rick@example.com", "group_id": None, "tags": [], "columns": {}, "header": 1}
+    # already exists
+    response = client_with_auth.post("/sheet/create", json=good_data)
+    assert response.status_code == 400
+    assert response.json() == {"detail": "Sheet with this ID already exists."}

+    # bad frequency
+    bad_data = good_data.copy()
+    bad_data["frequency"] = "every hour"
+    response = client_with_auth.post("/sheet/create", json=bad_data)
+    assert response.status_code == 422
+    assert "Value error, Invalid frequency: every hour. Must be one of" in response.json()["detail"][0]["msg"]

-def test_sheet_missing_sheet_data(client_with_auth):
-    r = client_with_auth.post("/sheet/archive", json={})
-    assert r.status_code == 422
-    assert r.json() == {"detail": "sheet name or id is required"}
+    # bad group
+    bad_data = good_data.copy()
+    bad_data["group_id"] = "not a group"
+    response = client_with_auth.post("/sheet/create", json=bad_data)
+    assert response.status_code == 403
+    assert response.json() == {"detail": "User does not have access to this group."}

-
-@patch("worker.main.create_sheet_task.delay", return_value=TaskResult(id="123-API-789", status="PENDING", result=""))
-def test_sheet_api(m1, client):
-
-    response = client.post("/sheet/archive", json={"sheet_name": "456-sheet_name-id"}, headers={"Authorization": "Bearer this_is_the_test_api_token"})
+    # bad quota
+    jerry_data = good_data.copy()
+    jerry_data["group_id"] = "animated-characters"
+    jerry_data["id"] = "jerry-sheet-id"
+    from web.security import get_active_user_auth
+    app_with_auth.dependency_overrides[get_active_user_auth] = lambda: "jerry@example.com"
+    client_jerry = TestClient(app_with_auth)
+    response = client_jerry.post("/sheet/create", json=jerry_data)
    assert response.status_code == 201
-    assert response.json() == {'id': '123-API-789'}

-    m1.assert_called_once()
-    called_val = m1.call_args.args[0]
-    assert json.loads(called_val) == {"sheet_name": "456-sheet_name-id", "sheet_id": None, "public": False, "author_id": "api-endpoint", "group_id": None, "tags": [], "columns": {}, "header": 1}
+    response = client_jerry.post("/sheet/create", json=jerry_data)
+    assert response.status_code == 429
+    assert response.json() == {"detail": "User has reached their sheet quota."}

-    response = client.post("/sheet/archive", json={"sheet_id": "456-sheet-id", "author_id": "custom-author"}, headers={"Authorization": "Bearer this_is_the_test_api_token"})
-    assert response.status_code == 201
-    assert response.json() == {'id': '123-API-789'}

-    assert m1.call_count == 2
-    called_val = m1.call_args.args[0]
-    assert json.loads(called_val) == {"sheet_id": "456-sheet-id", "sheet_name": None, "public": False, "author_id": "custom-author", "group_id": None, "tags": [], "columns": {}, "header": 1}
+def test_get_user_sheets_endpoint(client_with_auth, db_session):
+    # no data
+    response = client_with_auth.get("/sheet/mine")
+    assert response.status_code == 200
+    assert response.json() == []
+
+    # with data
+    from db import models
+    db_session.add(
+        models.Sheet(id="123", name="Test Sheet 1", author_id="morty@example.com", group_id="spaceship", frequency="hourly")
+    )
+    db_session.commit()
+    db_session.add_all([
+        models.Sheet(id="456", name="Test Sheet 2", author_id="morty@example.com", group_id="interdimensional", frequency="daily"),
+        models.Sheet(id="789", name="Test Sheet 3", author_id="rick@example.com", group_id="interdimensional", frequency="hourly"),
+    ])
+    db_session.commit()
+
+    response = client_with_auth.get("/sheet/mine")
+    assert response.status_code == 200
+    r = response.json()
+    assert isinstance(r, list)
+    assert len(r) == 2
+    assert datetime.fromisoformat(r[0].pop("created_at"))
+    assert datetime.fromisoformat(r[0].pop("last_archived_at"))
+    assert datetime.fromisoformat(r[1].pop("created_at"))
+    assert datetime.fromisoformat(r[1].pop("last_archived_at"))
+    assert r[0] == {
+        'id': '123',
+        'author_id': 'morty@example.com',
+        'frequency': 'hourly',
+        'group_id': 'spaceship',
+        'name': 'Test Sheet 1',
+        'stats': {},
+    }
+    assert r[1] == {
+        'id': '456',
+        'author_id': 'morty@example.com',
+        'frequency': 'daily',
+        'group_id': 'interdimensional',
+        'name': 'Test Sheet 2',
+        'stats': {},
+    }
+
+
+def test_delete_sheet_endpoint(client_with_auth, db_session):
+    # missing sheet
+    response = client_with_auth.delete("/sheet/123-sheet-id")
+    assert response.status_code == 200
+    assert response.json() == {
+        "id": "123-sheet-id",
+        "deleted": False
+    }
+
+    # add sheets for deletion
+    from db import models
+    db_session.add_all([
+        models.Sheet(id="123-sheet-id", name="Test Sheet 1", author_id="morty@example.com", group_id="interdimensional", frequency="daily"),
+        models.Sheet(id="456-sheet-id", name="Test Sheet 2", author_id="rick@example.com", group_id="spaceship", frequency="hourly"),
+    ])
+    db_session.commit()
+
+    # morty can delete his
+    response = client_with_auth.delete("/sheet/123-sheet-id")
+    assert response.status_code == 200
+    assert response.json() == {"id": "123-sheet-id", "deleted": True}
+    # but only once
+    response = client_with_auth.delete("/sheet/123-sheet-id")
+    assert response.status_code == 200
+    assert response.json() == {"id": "123-sheet-id", "deleted": False}
+    # and not rick's
+    response = client_with_auth.delete("/sheet/456-sheet-id")
+    assert response.status_code == 200
+    assert response.json() == {"id": "456-sheet-id", "deleted": False}
+
+
+# def test_archive_user_sheet_endpoint(client_with_auth):
+#     response = client_with_auth.post("/sheet/123-sheet-id/archive")
+#     assert response.status_code == 201
+#     assert "id" in response.json()
+
+
+class TestArchiveUserSheetEndpoint:
+    def test_token_auth(self, client_with_token, test_no_auth):
+        test_no_auth(client_with_token.post, "/sheet/123-sheet-id/archive")
+
+    def test_missing_data(self, client_with_auth):
+        r = client_with_auth.post("/sheet/123-sheet-id/archive")
+        assert r.status_code == 403
+        assert r.json() == {"detail": "No access to this sheet."}
+
+    def test_no_access(self, client_with_auth, db_session):
+        from db import models
+        db_session.add(models.Sheet(id="123-sheet-id", name="Test Sheet 1", author_id="rick@example.com", group_id="spaceship", frequency="hourly"))
+        db_session.commit()
+        r = client_with_auth.post("/sheet/123-sheet-id/archive")
+        assert r.status_code == 403
+        assert r.json() == {"detail": "No access to this sheet."}
+
+    @patch("worker.main.create_sheet_task.delay", return_value=TaskResult(id="123-taskid", status="PENDING", result=""))
+    def test_normal_flow(self, m1, client_with_auth, db_session):
+        from db import models
+        db_session.add(models.Sheet(id="123-sheet-id", name="Test Sheet 1", author_id="morty@example.com", group_id="spaceship", frequency="hourly"))
+        db_session.commit()
+        r = client_with_auth.post("/sheet/123-sheet-id/archive")
+        assert r.status_code == 201
+        assert r.json() == {"id": "123-taskid"}
+        m1.assert_called_once()
+
+
+class TestTokenArchiveEndpoint:
+
+    def test_user_auth(self, client_with_auth, test_no_auth):
+        test_no_auth(client_with_auth.post, "/sheet/archive")
+
+    def test_missing_data(self, client_with_token):
+        r = client_with_token.post("/sheet/archive", json={})
+        assert r.status_code == 422
+        assert r.json() == {"detail": "sheet id is required"}
+
+    @patch("worker.main.create_sheet_task.delay", return_value=TaskResult(id="123-456-789", status="PENDING", result=""))
+    def test_normal_flow(self, m1, client_with_token):
+
+        # minimum data
+        response = client_with_token.post("/sheet/archive", json={"sheet_id": "123-sheet-id"})
+        assert response.status_code == 201
+        assert response.json() == {'id': '123-456-789'}
+
+        m1.assert_called_once()
+        called_val = m1.call_args.args[0]
+        assert json.loads(called_val) == {"sheet_id": "123-sheet-id", "sheet_name": None, "public": False, "author_id": "api-endpoint", "group_id": None, "tags": [], "columns": {}, "header": 1}
+
+        # maximum data
+        response = client_with_token.post("/sheet/archive", json={"sheet_id": "123-sheet-id", "sheet_name": "768-sheet-name", "author_id": "birdman@example.com", "header": 2, "public": True, "group_id": "456-group-id", "tags": ["tag1"], "columns": {"col1": "type1"}})
+        assert response.status_code == 201
+        assert response.json() == {'id': '123-456-789'}
+
+        m1.call_count == 2
+        called_val = m1.call_args.args[0]
+        assert json.loads(called_val) == {"sheet_id": "123-sheet-id", "sheet_name": "768-sheet-name", "public": True, "author_id": "birdman@example.com", "group_id": "456-group-id", "tags": ["tag1"], "columns": {"col1": "type1"}, "header": 2}