diff --git a/src/db/schemas.py b/src/db/schemas.py index ef06fe7..2f04462 100644 --- a/src/db/schemas.py +++ b/src/db/schemas.py @@ -35,7 +35,7 @@ class SubmitSheet(BaseModel): public: bool = False author_id: str | None = None group_id: str | None = None - tags: set[Tag] | None = set() + tags: set[str] | None = set() columns: dict | None = {} # TODO: implement class SubmitManual(BaseModel): @@ -43,7 +43,7 @@ class SubmitManual(BaseModel): public: bool = False author_id: str | None = None group_id: str | None = None - tags: set[Tag] | None = set() + tags: set[str] | None = set() class Task(BaseModel): id: str diff --git a/src/endpoints/interoperability.py b/src/endpoints/interoperability.py index e59702d..7885b08 100644 --- a/src/endpoints/interoperability.py +++ b/src/endpoints/interoperability.py @@ -23,4 +23,4 @@ def submit_manual_archive(manual: schemas.SubmitManual, auth=Depends(token_api_k except sqlalchemy.exc.IntegrityError as e: logger.error(e) raise HTTPException(status_code=422, detail=f"Cannot insert into DB due to integrity error") - return JSONResponse({"id": archive_id}) + return JSONResponse({"id": archive_id}, status_code=201) diff --git a/src/tests/conftest.py b/src/tests/conftest.py index a63b5ba..d21fc41 100644 --- a/src/tests/conftest.py +++ b/src/tests/conftest.py @@ -70,9 +70,10 @@ def client(app): @pytest.fixture() def app_with_auth(app): - from security import get_token_or_user_auth, get_user_auth + from security import get_token_or_user_auth, get_user_auth, token_api_key_auth app.dependency_overrides[get_token_or_user_auth] = lambda: "rick@example.com" app.dependency_overrides[get_user_auth] = lambda: "morty@example.com" + app.dependency_overrides[token_api_key_auth] = lambda: "jerry@example.com" return app @@ -80,3 +81,13 @@ def app_with_auth(app): def client_with_auth(app_with_auth): client = TestClient(app_with_auth) return client + + +@pytest.fixture() +def test_no_auth(): + # reusable code to ensure a method/endpoint combination is unauthorized + def no_auth(http_method, endpoint): + response = http_method(endpoint) + assert response.status_code == 403 + assert response.json() == {"detail": "Not authenticated"} + return no_auth \ No newline at end of file diff --git a/src/tests/endpoints/test_interopreability.py b/src/tests/endpoints/test_interopreability.py new file mode 100644 index 0000000..82136f0 --- /dev/null +++ b/src/tests/endpoints/test_interopreability.py @@ -0,0 +1,19 @@ +import json + + +def test_submit_manual_archive_unauthenticated(client, test_no_auth): + test_no_auth(client.post, "/interop/submit-archive") + + +def test_submit_manual_archive(client_with_auth): + aa_metadata = json.dumps({"status": "test: success", "metadata": {"url": "http://example.com"}, "media": []}) + + r = client_with_auth.post("/interop/submit-archive", json={"result": aa_metadata, "public": False, "author_id": "jerry@gmail.com", "group_id": None, "tags": ["test"]}) + assert r.status_code == 201 + assert "id" in r.json() + + # cannot have the same URL twice + aa_metadata = json.dumps({"status": "test: success", "metadata": {"url": "http://example.com"}, "media": [{"filename": "fn1", "urls": ["http://example.com", "http://example.com"]}]}) + r = client_with_auth.post("/interop/submit-archive", json={"result": aa_metadata, "public": False, "author_id": "jerry@gmail.com", "group_id": None, "tags": ["test"]}) + assert r.status_code == 422 + assert r.json() == {"detail": "Cannot insert into DB due to integrity error"} diff --git a/src/tests/endpoints/test_url.py b/src/tests/endpoints/test_url.py index e5f0afa..8353287 100644 --- a/src/tests/endpoints/test_url.py +++ b/src/tests/endpoints/test_url.py @@ -6,18 +6,9 @@ from unittest.mock import patch from db.schemas import ArchiveCreate, TaskResult -NO_AUTH = {'detail': 'Not authenticated'} - - -def test_archive_url_unauthenticated(client): - response = client.post("/url/archive") - assert response.status_code == 403 - assert response.json() == NO_AUTH - - # this will call archive/{id} - response = client.get("/url/archive") - assert response.status_code == 403 - assert response.json() == NO_AUTH +def test_archive_url_unauthenticated(client, test_no_auth): + test_no_auth(client.post, "/url/archive") + test_no_auth(client.get, "/url/archive") @patch("worker.create_archive_task.delay", return_value=TaskResult(id="123-456-789", status="PENDING", result="")) @@ -36,10 +27,8 @@ def test_archive_url(m1, client_with_auth): assert json.loads(called_val) == {"id": None, "url": "https://example.com", "result": None, "public": True, "author_id": "rick@example.com", "group_id": None, "tags": [], "rearchive": True} -def test_search_by_url_unauthenticated(client): - response = client.get("/url/search") - assert response.status_code == 403 - assert response.json() == NO_AUTH +def test_search_by_url_unauthenticated(client, test_no_auth): + test_no_auth(client.get, "/url/search") def test_search_by_url(client_with_auth, db_session): @@ -81,10 +70,8 @@ def test_search_by_url(client_with_auth, db_session): assert len(response.json()) == 10 -def test_latest_unauthenticated(client): - response = client.get("/url/latest") - assert response.status_code == 403 - assert response.json() == NO_AUTH +def test_latest_unauthenticated(client, test_no_auth): + test_no_auth(client.get, "/url/latest") def test_latest(client_with_auth, db_session): @@ -116,10 +103,8 @@ def test_latest(client_with_auth, db_session): assert len(response.json()) == 2 -def test_lookup_unauthenticated(client): - response = client.get("/url/123-456-789") - assert response.status_code == 403 - assert response.json() == NO_AUTH +def test_lookup_unauthenticated(client, test_no_auth): + test_no_auth(client.get, "/url/123-456-789") def test_lookup(client_with_auth, db_session): @@ -144,10 +129,8 @@ def test_lookup(client_with_auth, db_session): assert j["rearchive"] == True -def test_delete_task_unauthenticated(client): - response = client.delete("/url/123-456-789") - assert response.status_code == 403 - assert response.json() == NO_AUTH +def test_delete_task_unauthenticated(client, test_no_auth): + test_no_auth(client.delete, "/url/123-456-789") def test_delete_task(client_with_auth, db_session):