test_message_fetch: Verify the value of WWW-Authenticate.

In `JsonableErrorHandler`, we convert `MissingAuthenticationError` into
a response that has `WWW-Authenticated` set for `/api` or `/json` views.

This covers and verify the value of the header for unauthenticated
access.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This commit is contained in:
Zixuan James Li 2022-07-13 20:58:20 -04:00 committed by Tim Abbott
parent ff01777139
commit 31c7344979
1 changed files with 26 additions and 15 deletions

View File

@ -1396,6 +1396,22 @@ class GetOldMessagesTest(ZulipTestCase):
query_ids["public_streams_recipents"] = ", ".join(str(r) for r in recipients) query_ids["public_streams_recipents"] = ", ".join(str(r) for r in recipients)
return query_ids return query_ids
def check_unauthenticated_response(
self, result: "TestHttpResponse", www_authenticate: str = 'Session realm="zulip"'
) -> None:
"""
In `JsonErrorHandler`, we convert `MissingAuthenticationError` into responses with `WWW-Authenticate`
set depending on which endpoint encounters the error.
This verifies the status code as well as the value of the set header.
`www_authenticate` should be `Basic realm="zulip"` for paths starting with "/api", and
`Session realm="zulip"` otherwise.
"""
self.assert_json_error(
result, "Not logged in: API authentication or user session required", status_code=401
)
self.assertEqual(result["WWW-Authenticate"], www_authenticate)
def test_content_types(self) -> None: def test_content_types(self) -> None:
""" """
Test old `/json/messages` returns reactions. Test old `/json/messages` returns reactions.
@ -1487,9 +1503,12 @@ class GetOldMessagesTest(ZulipTestCase):
"num_after": 1, "num_after": 1,
} }
result = self.client_get("/json/messages", dict(get_params)) result = self.client_get("/json/messages", dict(get_params))
self.assert_json_error( self.check_unauthenticated_response(result)
result, "Not logged in: API authentication or user session required", status_code=401
) # Paths starting with /api/v1 should receive a response that asks
# for basic auth.
result = self.client_get("/api/v1/messages", dict(get_params))
self.check_unauthenticated_response(result, www_authenticate='Basic realm="zulip"')
# Successful access to web-public stream messages. # Successful access to web-public stream messages.
web_public_stream_get_params: Dict[str, Union[int, str, bool]] = { web_public_stream_get_params: Dict[str, Union[int, str, bool]] = {
@ -1511,9 +1530,7 @@ class GetOldMessagesTest(ZulipTestCase):
"narrow": orjson.dumps([dict(operator="is", operand="private")]).decode(), "narrow": orjson.dumps([dict(operator="is", operand="private")]).decode(),
} }
result = self.client_get("/json/messages", dict(private_message_get_params)) result = self.client_get("/json/messages", dict(private_message_get_params))
self.assert_json_error( self.check_unauthenticated_response(result)
result, "Not logged in: API authentication or user session required", status_code=401
)
# narrow should pass conditions in `is_spectator_compatible`. # narrow should pass conditions in `is_spectator_compatible`.
non_spectator_compatible_narrow_get_params: Dict[str, Union[int, str, bool]] = { non_spectator_compatible_narrow_get_params: Dict[str, Union[int, str, bool]] = {
@ -1527,18 +1544,14 @@ class GetOldMessagesTest(ZulipTestCase):
).decode(), ).decode(),
} }
result = self.client_get("/json/messages", dict(non_spectator_compatible_narrow_get_params)) result = self.client_get("/json/messages", dict(non_spectator_compatible_narrow_get_params))
self.assert_json_error( self.check_unauthenticated_response(result)
result, "Not logged in: API authentication or user session required", status_code=401
)
# Spectator login disabled in Realm. # Spectator login disabled in Realm.
do_set_realm_property( do_set_realm_property(
get_realm("zulip"), "enable_spectator_access", False, acting_user=None get_realm("zulip"), "enable_spectator_access", False, acting_user=None
) )
result = self.client_get("/json/messages", dict(web_public_stream_get_params)) result = self.client_get("/json/messages", dict(web_public_stream_get_params))
self.assert_json_error( self.check_unauthenticated_response(result)
result, "Not logged in: API authentication or user session required", status_code=401
)
do_set_realm_property(get_realm("zulip"), "enable_spectator_access", True, acting_user=None) do_set_realm_property(get_realm("zulip"), "enable_spectator_access", True, acting_user=None)
# Verify works after enabling `realm.enable_spectator_access` again. # Verify works after enabling `realm.enable_spectator_access` again.
result = self.client_get("/json/messages", dict(web_public_stream_get_params)) result = self.client_get("/json/messages", dict(web_public_stream_get_params))
@ -1550,9 +1563,7 @@ class GetOldMessagesTest(ZulipTestCase):
"narrow": orjson.dumps([dict(operator="stream", operand="Rome")]).decode(), "narrow": orjson.dumps([dict(operator="stream", operand="Rome")]).decode(),
} }
result = self.client_get("/json/messages", dict(non_web_public_stream_get_params)) result = self.client_get("/json/messages", dict(non_web_public_stream_get_params))
self.assert_json_error( self.check_unauthenticated_response(result)
result, "Not logged in: API authentication or user session required", status_code=401
)
# Verify that same request would work with `streams:web-public` added. # Verify that same request would work with `streams:web-public` added.
rome_web_public_get_params: Dict[str, Union[int, str, bool]] = { rome_web_public_get_params: Dict[str, Union[int, str, bool]] = {