diff --git a/conftest.py b/conftest.py index 1332eda..4727684 100644 --- a/conftest.py +++ b/conftest.py @@ -10,6 +10,8 @@ from django.conf import settings BASEDOMAIN = "nsupdate.info" TEST_HOST = 'test.' + BASEDOMAIN # unit tests can update this host ONLY TEST_SECRET = "secret" +TEST_HOST2 = 'test2.' + BASEDOMAIN +TEST_SECRET2 = "somethingelse" NAMESERVER_IP = "85.10.192.104" NAMESERVER_UPDATE_ALGORITHM = "HMAC_SHA512" # no problem, you can ONLY update the TEST_HOST with this key, nothing else: @@ -17,6 +19,7 @@ NAMESERVER_UPDATE_KEY = "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWF NAMESERVER_PUBLIC = True USERNAME = 'test' +USERNAME2 = 'test2' PASSWORD = 'pass' from django.utils.translation import activate @@ -33,6 +36,8 @@ def db_init(db): # note: db is a predefined fixture and required here to have t # create a fresh test user u = User.objects.create_user(USERNAME, settings.DEFAULT_FROM_EMAIL, PASSWORD) u.save() + u2 = User.objects.create_user(USERNAME2, 'test@example.org', PASSWORD) + u2.save() # this is for updating: Domain.objects.create( domain=TEST_HOST, # special: single-host update secret! @@ -52,6 +57,8 @@ def db_init(db): # note: db is a predefined fixture and required here to have t # a Host for api / session update tests h = Host(subdomain='test', domain=d, created_by=u) h.generate_secret(secret=TEST_SECRET) + h = Host(subdomain='test2', domain=d, created_by=u2) + h.generate_secret(secret=TEST_SECRET2) def pytest_runtest_setup(item): diff --git a/nsupdate/api/_tests/test_api.py b/nsupdate/api/_tests/test_api.py index 5f2e03b..1994aed 100644 --- a/nsupdate/api/_tests/test_api.py +++ b/nsupdate/api/_tests/test_api.py @@ -8,6 +8,7 @@ from django.core.urlresolvers import reverse TEST_HOST = "test.nsupdate.info" +TEST_HOST2 = "test2.nsupdate.info" TEST_SECRET = "secret" USERNAME = 'test' @@ -38,6 +39,22 @@ def test_nic_update_badauth(client): assert response.content == "badauth" +def test_nic_update_authorized_nonexistent_host(client): + response = client.get(reverse('nic_update') + '?hostname=nonexistent.nsupdate.info', + HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) + assert response.status_code == 200 + # we must not get this updated, it doesn't exist in the database: + assert response.content == 'nohost' + + +def test_nic_update_authorized_foreign_host(client): + response = client.get(reverse('nic_update') + '?hostname=%s' % TEST_HOST2, + HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) + assert response.status_code == 200 + # we must not get this updated, this is a host of some other user! + assert response.content == 'nohost' + + def test_nic_update_authorized(client): response = client.get(reverse('nic_update'), HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) @@ -46,6 +63,14 @@ def test_nic_update_authorized(client): assert response.content.startswith('good ') or response.content.startswith('nochg ') +def test_nic_update_authorized_myip(client): + response = client.get(reverse('nic_update') + '?myip=4.3.2.1', + HTTP_AUTHORIZATION=make_basic_auth_header(TEST_HOST, TEST_SECRET)) + assert response.status_code == 200 + # we don't care whether it is nochg or good, but should be the ip from myip=...: + assert response.content in ['good 4.3.2.1', 'nochg 4.3.2.1'] + + def test_nic_update_session_nosession(client): response = client.get(reverse('nic_update_authorized')) assert response.status_code == 302 # redirects to login view @@ -61,7 +86,15 @@ def test_nic_update_session(client): assert response.content.startswith('good ') or response.content.startswith('nochg ') -def test_detect_ip(client): +def test_nic_update_session_foreign_host(client): + client.login(username=USERNAME, password=PASSWORD) + response = client.get(reverse('nic_update_authorized') + '?hostname=%s' % TEST_HOST2) + assert response.status_code == 200 + # we must not get this updated, this is a host of some other user! + assert response.content == "nohost" + + +def test_detect_ip_invalid_session(client): response = client.get(reverse('detectip', args=('invalid_session_id', ))) assert response.status_code == 204