[asterisk-commits] qwell: branch qwell/CORS r3897 - in /asterisk/team/qwell/CORS/tests/rest_api:...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Jul 11 15:03:33 CDT 2013
Author: qwell
Date: Thu Jul 11 15:03:31 2013
New Revision: 3897
URL: http://svnview.digium.com/svn/testsuite?view=rev&rev=3897
Log:
Take 1. This doesn't work, because of a filesystem issue (I think). Save progress.
Added:
asterisk/team/qwell/CORS/tests/rest_api/CORS/
- copied from r3892, asterisk/trunk/tests/rest_api/authentication/
asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_multiple.conf
- copied, changed from r3892, asterisk/trunk/tests/rest_api/authentication/configs/ast1/ari.conf
asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_star.conf
- copied, changed from r3892, asterisk/trunk/tests/rest_api/authentication/configs/ast1/ari.conf
Modified:
asterisk/team/qwell/CORS/tests/rest_api/CORS/configs/ast1/ari.conf
asterisk/team/qwell/CORS/tests/rest_api/CORS/run-test
asterisk/team/qwell/CORS/tests/rest_api/CORS/test-config.yaml
asterisk/team/qwell/CORS/tests/rest_api/tests.yaml
Copied: asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_multiple.conf (from r3892, asterisk/trunk/tests/rest_api/authentication/configs/ast1/ari.conf)
URL: http://svnview.digium.com/svn/testsuite/asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_multiple.conf?view=diff&rev=3897&p1=asterisk/trunk/tests/rest_api/authentication/configs/ast1/ari.conf&r1=3892&p2=asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_multiple.conf&r2=3897
==============================================================================
--- asterisk/trunk/tests/rest_api/authentication/configs/ast1/ari.conf (original)
+++ asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_multiple.conf Thu Jul 11 15:03:31 2013
@@ -1,15 +1,6 @@
[general]
enabled = yes
+allowed_origins = a
-[user-ro]
-read_only = yes
-password = ro-pass
-
-[user-rw]
-password = rw-pass
-
-[user-crypt]
-; password = q
-password_format = crypt
-password = $6$Wwpq0WjHUpbzGlWH$Yl0iVJDUzMsG25g5b3gTftVvhMerlO7clXAJidxgmx26cLOOyjcdiSk8PkDJKFGA2Oj0ZN9J.5u3/wkbEwYCd/
-
+[user-cors]
+password = cors-pass
Copied: asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_star.conf (from r3892, asterisk/trunk/tests/rest_api/authentication/configs/ast1/ari.conf)
URL: http://svnview.digium.com/svn/testsuite/asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_star.conf?view=diff&rev=3897&p1=asterisk/trunk/tests/rest_api/authentication/configs/ast1/ari.conf&r1=3892&p2=asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_star.conf&r2=3897
==============================================================================
--- asterisk/trunk/tests/rest_api/authentication/configs/ast1/ari.conf (original)
+++ asterisk/team/qwell/CORS/tests/rest_api/CORS/ari_star.conf Thu Jul 11 15:03:31 2013
@@ -1,15 +1,6 @@
[general]
enabled = yes
+allowed_origins = *
-[user-ro]
-read_only = yes
-password = ro-pass
-
-[user-rw]
-password = rw-pass
-
-[user-crypt]
-; password = q
-password_format = crypt
-password = $6$Wwpq0WjHUpbzGlWH$Yl0iVJDUzMsG25g5b3gTftVvhMerlO7clXAJidxgmx26cLOOyjcdiSk8PkDJKFGA2Oj0ZN9J.5u3/wkbEwYCd/
-
+[user-cors]
+password = cors-pass
Modified: asterisk/team/qwell/CORS/tests/rest_api/CORS/configs/ast1/ari.conf
URL: http://svnview.digium.com/svn/testsuite/asterisk/team/qwell/CORS/tests/rest_api/CORS/configs/ast1/ari.conf?view=diff&rev=3897&r1=3892&r2=3897
==============================================================================
--- asterisk/team/qwell/CORS/tests/rest_api/CORS/configs/ast1/ari.conf (original)
+++ asterisk/team/qwell/CORS/tests/rest_api/CORS/configs/ast1/ari.conf Thu Jul 11 15:03:31 2013
@@ -1,15 +1,6 @@
[general]
enabled = yes
+allowed_origins =
-[user-ro]
-read_only = yes
-password = ro-pass
-
-[user-rw]
-password = rw-pass
-
-[user-crypt]
-; password = q
-password_format = crypt
-password = $6$Wwpq0WjHUpbzGlWH$Yl0iVJDUzMsG25g5b3gTftVvhMerlO7clXAJidxgmx26cLOOyjcdiSk8PkDJKFGA2Oj0ZN9J.5u3/wkbEwYCd/
-
+[user-cors]
+password = cors-pass
Modified: asterisk/team/qwell/CORS/tests/rest_api/CORS/run-test
URL: http://svnview.digium.com/svn/testsuite/asterisk/team/qwell/CORS/tests/rest_api/CORS/run-test?view=diff&rev=3897&r1=3892&r2=3897
==============================================================================
--- asterisk/team/qwell/CORS/tests/rest_api/CORS/run-test (original)
+++ asterisk/team/qwell/CORS/tests/rest_api/CORS/run-test Thu Jul 11 15:03:31 2013
@@ -8,6 +8,7 @@
'''
import logging
+import os
import requests
import sys
@@ -37,78 +38,84 @@
return '{ userpass=%s, method=%s, expected=%d }' % (
self.userpass, self.method.__name__, self.expected_response)
- def eval(self, str, test, resp):
+ def run(self, test, expect_headers):
+ LOGGER.debug("Running %s" % self)
+ # api_key auth
+ resp = self.method(build_url('ari', 'channels'),
+ params={'api_key': "%s:%s" % self.userpass},
+ headers={'Origin': 'http://localhost'})
+
if self.expected_response != resp.status_code:
- LOGGER.error("Expected %d, got %d (%s). %s - %s" % (
- self.expected_response, resp.status_code, resp.text, self, str))
+ LOGGER.error("Expected %d, got %d (%s). %s" % (
+ self.expected_response, resp.status_code, resp.text, self))
test.passed = False
+ test.stop_reactor()
- def run(self, test):
- LOGGER.debug("Running %s" % self)
- if self.userpass is None:
- # Test no authentication
- resp = self.method(build_url('stasis', 'channels'))
- self.eval('Unauthenticated', test, resp)
- return
-
- # Test basic auth
- resp = self.method(build_url('stasis', 'channels'),
- auth=self.userpass)
- self.eval('Basic', test, resp)
-
- # Test api_key auth
- resp = self.method(build_url('stasis', 'channels'),
- params={'api_key': "%s:%s" % self.userpass})
- self.eval('api_key', test, resp)
+ if resp.headers['Access-Control-Allow-Origin'] is None:
+ if expect_headers == True:
+ LOGGER.error("Expected Access-Control-Allow-Origin header.")
+ test.passed = False
+ test.stop_reactor()
+ else:
+ if expect_headers == False:
+ LOGGER.error("Did not expect Access-Control-Allow-Origin header.")
+ test.passed = False
+ test.stop_reactor()
SCENARIOS=[
- # Unauthenticated requests
- Scenario(None, requests.get, codes.unauthorized),
- Scenario(None, requests.post, codes.unauthorized),
- Scenario(('ro', 'not-a-password'), requests.get, codes.unauthorized),
- Scenario(('notauser', 'password'), requests.get, codes.unauthorized),
-
- # Read only requests
- Scenario(('ro', 'ro-pass'), requests.options, codes.no_content),
- Scenario(('ro', 'ro-pass'), requests.get, codes.okay),
- Scenario(('ro', 'ro-pass'), requests.post, codes.forbidden),
- Scenario(('ro', 'ro-pass'), requests.put, codes.forbidden),
- Scenario(('ro', 'ro-pass'), requests.patch, codes.forbidden),
- Scenario(('ro', 'ro-pass'), requests.delete, codes.forbidden),
-
- # Read-write requests
- Scenario(('rw', 'rw-pass'), requests.options, codes.no_content),
- Scenario(('rw', 'rw-pass'), requests.get, codes.okay),
- Scenario(('rw', 'rw-pass'), requests.post, codes.bad_request),
- Scenario(('rw', 'rw-pass'), requests.put, codes.method_not_allowed),
- Scenario(('rw', 'rw-pass'), requests.patch, codes.method_not_allowed),
- Scenario(('rw', 'rw-pass'), requests.delete, codes.method_not_allowed),
-
- # crypted password
- Scenario(('crypt', 'q'), requests.get, codes.okay),
- Scenario(('crypt', 'Q'), requests.get, codes.unauthorized),
+ Scenario(('cors', 'cors-pass'), requests.options, codes.no_content),
+ Scenario(('cors', 'cors-pass'), requests.get, codes.okay),
]
-class ARIAuthenticationTest(TestCase):
+class ARICORSTest(TestCase):
def __init__(self):
TestCase.__init__(self)
self.passed = True
self.create_asterisk()
def run(self):
- try:
- for scenario in SCENARIOS:
- scenario.run(self)
- except:
- logging.exception("Exception caught during test")
- self.passed = False
- finally:
- self.stop_reactor()
+ self.create_ami_factory()
+
+ def ami_connect(self, ami):
+ self.run_scenarios(False)
+
+ self.replace_config(ami, "ari_star.conf", self.star_reload_finished)
+
+ def run_scenarios(self, expect_headers):
+ for scenario in SCENARIOS:
+ if self.passed == False:
+ return
+
+ scenario.run(self, expect_headers)
+
+ def replace_config(self, ami, config, callback):
+ if self.passed == False:
+ return
+
+ src = "%s/tests/%s/%s" % (os.getcwd(), self.realbase, config)
+
+ LOGGER.debug( "Installing replacement configuration %s" % src)
+ self.ast[0].install_config(src, target_filename = "ari.conf")
+
+ message = {'action': 'reload', 'module': 'res_stasis_http.so'}
+
+ ami.sendMessage(message, responseCallback = callback)
+
+ def star_reload_finished(self, received):
+ self.run_scenarios(True)
+
+ self.replace_config(self.ami[0], "ari_multiple.conf", self.multiple_reload_finished)
+
+ def multiple_reload_finished(self, received):
+ self.run_scenarios(True)
+
+ self.stop_reactor()
def main():
- test = ARIAuthenticationTest()
+ test = ARICORSTest()
reactor.run()
+
if test.passed:
return 0
return 1
Modified: asterisk/team/qwell/CORS/tests/rest_api/CORS/test-config.yaml
URL: http://svnview.digium.com/svn/testsuite/asterisk/team/qwell/CORS/tests/rest_api/CORS/test-config.yaml?view=diff&rev=3897&r1=3892&r2=3897
==============================================================================
--- asterisk/team/qwell/CORS/tests/rest_api/CORS/test-config.yaml (original)
+++ asterisk/team/qwell/CORS/tests/rest_api/CORS/test-config.yaml Thu Jul 11 15:03:31 2013
@@ -1,9 +1,8 @@
testinfo:
- summary: Test authentication for the RESTful API
+ summary: Test CORS (Cross-Origin Resource Sharing) with the RESTful API
description: |
- This test attempts several accesses to the RESTful API via all of its
- authentication mechanisms, making sure we don't accidentally leave the
- door open for everyone.
+ This test attempts several accesses to the RESTful API using various
+ allowable origins.
properties:
minversion: '12.0.0'
Modified: asterisk/team/qwell/CORS/tests/rest_api/tests.yaml
URL: http://svnview.digium.com/svn/testsuite/asterisk/team/qwell/CORS/tests/rest_api/tests.yaml?view=diff&rev=3897&r1=3896&r2=3897
==============================================================================
--- asterisk/team/qwell/CORS/tests/rest_api/tests.yaml (original)
+++ asterisk/team/qwell/CORS/tests/rest_api/tests.yaml Thu Jul 11 15:03:31 2013
@@ -2,3 +2,4 @@
tests:
- test: 'continue'
- test: 'authentication'
+ - test: 'CORS'
More information about the asterisk-commits
mailing list