improving tests (#40)

Finishing tests for most stuff that is currently implemented

---------

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>

Author: bigcat88

.github/workflows/analysis-coverage.yml

@@ -131,8 +131,9 @@ jobs:
           cd nc_py_api
           coverage run --data-file=.coverage.ci_install tests/_install.py &
           echo $! > /tmp/_install.pid
+          python3 tests/_install_wait.py http://127.0.0.1:$APP_PORT/heartbeat "\"status\":\"ok\"" 15 0.5
+          python3 tests/_app_security_checks.py http://127.0.0.1:$APP_PORT
           cd ..
-          sleep 5s
           php occ app_ecosystem_v2:daemon:register manual_install "Manual Install" manual-install 0 0 0
           php occ app_ecosystem_v2:app:register $APP_ID manual_install --json-info \
             "{\"appid\":\"$APP_ID\",\"name\":\"$APP_ID\",\"daemon_config_name\":\"manual_install\",\"version\":\"$APP_VERSION\",\"secret\":\"$APP_SECRET\",\"host\":\"localhost\",\"port\":$APP_PORT,\"protocol\":\"http\",\"system_app\":1}" \
@@ -257,8 +258,9 @@ jobs:
           cd nc_py_api
           coverage run --data-file=.coverage.ci_install tests/_install.py &
           echo $! > /tmp/_install.pid
+          python3 tests/_install_wait.py http://127.0.0.1:$APP_PORT/heartbeat "\"status\":\"ok\"" 15 0.5
+          python3 tests/_app_security_checks.py http://127.0.0.1:$APP_PORT
           cd ..
-          sleep 5s
           php occ app_ecosystem_v2:daemon:register manual_install "Manual Install" manual-install 0 0 0
           php occ app_ecosystem_v2:app:register $APP_ID manual_install --json-info \
             "{\"appid\":\"$APP_ID\",\"name\":\"$APP_ID\",\"daemon_config_name\":\"manual_install\",\"version\":\"$APP_VERSION\",\"secret\":\"$APP_SECRET\",\"host\":\"localhost\",\"port\":$APP_PORT,\"protocol\":\"http\",\"system_app\":1}" \
@@ -376,8 +378,9 @@ jobs:
           cd nc_py_api
           coverage run --data-file=.coverage.ci_install tests/_install.py &
           echo $! > /tmp/_install.pid
+          python3 tests/_install_wait.py http://127.0.0.1:$APP_PORT/heartbeat "\"status\":\"ok\"" 15 0.5
+          python3 tests/_app_security_checks.py http://127.0.0.1:$APP_PORT
           cd ..
-          sleep 5s
           php occ app_ecosystem_v2:daemon:register manual_install "Manual Install" manual-install 0 0 0
           php occ app_ecosystem_v2:app:register $APP_ID manual_install --json-info \
             "{\"appid\":\"$APP_ID\",\"name\":\"$APP_ID\",\"daemon_config_name\":\"manual_install\",\"version\":\"$APP_VERSION\",\"secret\":\"$APP_SECRET\",\"host\":\"localhost\",\"port\":$APP_PORT,\"protocol\":\"http\",\"system_app\":1}" \
@@ -486,8 +489,9 @@ jobs:
           cd nc_py_api
           coverage run --data-file=.coverage.ci_install tests/_install.py &
           echo $! > /tmp/_install.pid
+          python3 tests/_install_wait.py http://127.0.0.1:$APP_PORT/heartbeat "\"status\":\"ok\"" 15 0.5
+          python3 tests/_app_security_checks.py http://127.0.0.1:$APP_PORT
           cd ..
-          sleep 5s
           php occ app_ecosystem_v2:daemon:register manual_install "Manual Install" manual-install 0 0 0
           php occ app_ecosystem_v2:app:register $APP_ID manual_install --json-info \
             "{\"appid\":\"$APP_ID\",\"name\":\"$APP_ID\",\"daemon_config_name\":\"manual_install\",\"version\":\"$APP_VERSION\",\"secret\":\"$APP_SECRET\",\"host\":\"localhost\",\"port\":$APP_PORT,\"protocol\":\"http\",\"system_app\":1}" \
@@ -586,8 +590,9 @@ jobs:
           cd nc_py_api
           coverage run --data-file=.coverage.ci_install tests/_install.py &
           echo $! > /tmp/_install.pid
+          python3 tests/_install_wait.py http://127.0.0.1:$APP_PORT/heartbeat "\"status\":\"ok\"" 15 0.5
+          python3 tests/_app_security_checks.py http://127.0.0.1:$APP_PORT
           cd ..
-          sleep 5s
           php occ app_ecosystem_v2:daemon:register manual_install "Manual Install" manual-install 0 0 0
           php occ app_ecosystem_v2:app:register $APP_ID manual_install --json-info \
             "{\"appid\":\"$APP_ID\",\"name\":\"$APP_ID\",\"daemon_config_name\":\"manual_install\",\"version\":\"$APP_VERSION\",\"secret\":\"$APP_SECRET\",\"host\":\"localhost\",\"protocol\":\"http\",\"port\":$APP_PORT,\"system_app\":1}" \

nc_py_api/_version.py

@@ -1,3 +1,3 @@
 """ Version of nc_py_api"""
 
-__version__ = "0.0.24"
+__version__ = "0.0.25-dev"

nc_py_api/appconfig_preferences_ex.py

@@ -24,12 +24,9 @@ def get_value(self, key: str, default=None) -> Optional[str]:
         if not key:
             raise ValueError("`key` parameter can not be empty")
         require_capabilities("app_ecosystem_v2", self._session.capabilities)
-        try:
-            r = self.get_values([key])
-            if r:
-                return r[0]["configvalue"]
-        except NextcloudExceptionNotFound:
-            pass
+        r = self.get_values([key])
+        if r:
+            return r[0]["configvalue"]
         return default
 
     def get_values(self, keys: list[str]) -> list[AppCfgPrefRecord]:

nc_py_api/misc.py

@@ -21,7 +21,7 @@ def kwargs_to_dict(keys: list[str], **kwargs) -> dict:
 def require_capabilities(capabilities: Union[str, list[str]], srv_capabilities: dict) -> None:
     result = check_capabilities(capabilities, srv_capabilities)
     if result:
-        raise NextcloudException(404, f"{result} capability is not available")
+        raise NextcloudException(404, f"{result} is not available")
 
 
 def check_capabilities(capabilities: Union[str, list[str]], srv_capabilities: dict) -> list[str]:

nc_py_api/theming.py

@@ -20,7 +20,7 @@ class ThemingInfo(TypedDict):
     background_default: bool
 
 
-def __convert_str_color(theming_capability: dict, key: str) -> tuple[int, int, int]:
+def convert_str_color(theming_capability: dict, key: str) -> tuple[int, int, int]:
     if key not in theming_capability:
         return 0, 0, 0
     value = theming_capability[key]
@@ -35,11 +35,11 @@ def get_parsed_theme(theming_capability: dict) -> ThemingInfo:
         name=i["name"],
         url=i["url"],
         slogan=i["slogan"],
-        color=__convert_str_color(i, "color"),
-        color_text=__convert_str_color(i, "color-text"),
-        color_element=__convert_str_color(i, "color-element"),
-        color_element_bright=__convert_str_color(i, "color-element-bright"),
-        color_element_dark=__convert_str_color(i, "color-element-dark"),
+        color=convert_str_color(i, "color"),
+        color_text=convert_str_color(i, "color-text"),
+        color_element=convert_str_color(i, "color-element"),
+        color_element_bright=convert_str_color(i, "color-element-bright"),
+        color_element_dark=convert_str_color(i, "color-element-dark"),
         logo=i["logo"],
         background=i.get("background", ""),
         background_plain=i.get("background-plain", False),

nc_py_api/users_status.py

@@ -5,7 +5,7 @@
 from typing import Literal, Optional, TypedDict, Union
 
 from ._session import NcSessionBasic
-from .exceptions import NextcloudException
+from .exceptions import NextcloudExceptionNotFound
 from .misc import check_capabilities, kwargs_to_dict, require_capabilities
 
 ENDPOINT = "/ocs/v1.php/apps/user_status/api/v1"
@@ -53,10 +53,8 @@ def get(self, user_id: str) -> Optional[UserStatus]:
         require_capabilities("user_status", self._session.capabilities)
         try:
             return self._session.ocs(method="GET", path=f"{ENDPOINT}/statuses/{user_id}")
-        except NextcloudException as e:
-            if e.status_code == 404:
-                return None
-            raise e from None
+        except NextcloudExceptionNotFound:
+            return None
 
     def get_predefined(self) -> list[PredefinedStatus]:
         if self._session.nc_version["major"] < 27:

scripts/dev_register.sh

@@ -11,7 +11,7 @@ echo "registering nc_py_api as an app for $1 container"
 NEXTCLOUD_URL="http://$2" APP_PORT=9009 APP_ID="nc_py_api" APP_SECRET="12345" APP_VERSION="1.0.0" \
   python3 tests/_install.py > /dev/null 2>&1 &
 echo $! > /tmp/_install.pid
-sleep 7
+python3 tests/_install_wait.py "http://localhost:9009/heartbeat" "\"status\":\"ok\"" 15 0.5
 docker exec "$1" sudo -u www-data php occ app_ecosystem_v2:app:register nc_py_api manual_install --json-info \
   "{\"appid\":\"nc_py_api\",\"name\":\"NC_Py_API\",\"daemon_config_name\":\"manual_install\",\"version\":\"1.0.0\",\"secret\":\"12345\",\"host\":\"host.docker.internal\",\"port\":9009,\"protocol\":\"http\",\"system_app\":1}" \
   -e --force-scopes

tests/_app_security_checks.py

@@ -0,0 +1,76 @@
+import hmac
+from datetime import datetime, timezone
+from hashlib import sha256
+from json import dumps
+from os import environ
+from sys import argv
+
+import requests
+from xxhash import xxh64
+
+
+def sign_request(url: str, req_headers: dict, time: int = 0):
+    data_hash = xxh64()
+    req_headers["AE-DATA-HASH"] = data_hash.hexdigest()
+    if time:
+        req_headers["AE-SIGN-TIME"] = str(time)
+    else:
+        req_headers["AE-SIGN-TIME"] = str(int(datetime.now(timezone.utc).timestamp()))
+    req_headers.pop("AE-SIGNATURE", None)
+    request_to_sign = "PUT" + url + dumps(req_headers, separators=(",", ":"))
+    hmac_sign = hmac.new(environ["APP_SECRET"].encode("UTF-8"), request_to_sign.encode("UTF-8"), digestmod=sha256)
+    req_headers["AE-SIGNATURE"] = hmac_sign.hexdigest()
+
+
+# params: app base url
+if __name__ == "__main__":
+    request_url = argv[1] + "/sec_check?value=1"
+    headers = {}
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 401  # Missing headers
+    headers.update(
+        {
+            "AE-VERSION": environ.get("AE_VERSION", "1.0.0"),
+            "EX-APP-ID": environ.get("APP_ID", "nc_py_api"),
+            "EX-APP-VERSION": environ.get("APP_VERSION", "1.0.0"),
+        }
+    )
+    sign_request("/sec_check?value=1", headers)
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 200
+    # Invalid AE-SIGNATURE
+    request_url = argv[1] + "/sec_check?value=0"
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 401
+    sign_request("/sec_check?value=0", headers)
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 200
+    # Invalid EX-APP-ID
+    old_app_name = headers["EX-APP-ID"]
+    headers["EX-APP-ID"] = "unknown_app"
+    sign_request("/sec_check?value=0", headers)
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 401
+    headers["EX-APP-ID"] = old_app_name
+    sign_request("/sec_check?value=0", headers)
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 200
+    # Invalid AE-DATA-HASH
+    result = requests.put(request_url, headers=headers, data=b"some_data")
+    assert result.status_code == 401
+    # Sign time
+    sign_request("/sec_check?value=0", headers, time=int(datetime.now(timezone.utc).timestamp()))
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 200
+    sign_request("/sec_check?value=0", headers, time=int(datetime.now(timezone.utc).timestamp() - 4.0 * 60))
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 200
+    sign_request("/sec_check?value=0", headers, time=int(datetime.now(timezone.utc).timestamp() - 5.0 * 60 - 3.0))
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 401
+    sign_request("/sec_check?value=0", headers, time=int(datetime.now(timezone.utc).timestamp() + 4.0 * 60))
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 200
+    sign_request("/sec_check?value=0", headers, time=int(datetime.now(timezone.utc).timestamp() + 5.0 * 60 + 3.0))
+    result = requests.put(request_url, headers=headers)
+    assert result.status_code == 401

tests/_install.py

@@ -1,20 +1,33 @@
 from os import environ
+from typing import Annotated
 
 import uvicorn
-from fastapi import FastAPI
+from fastapi import Depends, FastAPI
+from fastapi.responses import JSONResponse
 
 from nc_py_api import (
     ApiScope,
     LogLvl,
     NextcloudApp,
     enable_heartbeat,
+    nc_app,
     set_enabled_handler,
     set_scopes,
 )
 
 APP = FastAPI()
 
 
+@APP.put("/sec_check")
+def sec_check(
+    value: int,
+    nc: Annotated[NextcloudApp, Depends(nc_app)],
+):
+    print(value)
+    _ = nc
+    return JSONResponse(content={"error": ""}, status_code=200)
+
+
 def enabled_handler(enabled: bool, nc: NextcloudApp) -> str:
     print(f"enabled_handler: enabled={enabled}", flush=True)
     if enabled:
@@ -24,6 +37,10 @@ def enabled_handler(enabled: bool, nc: NextcloudApp) -> str:
     return ""
 
 
+def heartbeat_callback():
+    return "ok"
+
+
 @APP.on_event("startup")
 def initialization():
     set_enabled_handler(APP, enabled_handler)
@@ -41,7 +58,7 @@ def initialization():
             "optional": [],
         },
     )
-    enable_heartbeat(APP)
+    enable_heartbeat(APP, heartbeat_callback)
 
 
 if __name__ == "__main__":

tests/_install_wait.py

@@ -0,0 +1,18 @@
+import re
+from sys import argv
+from time import sleep
+
+from requests import get
+
+# params: app heartbeat url, string to check, number of tries, time to sleep between retries
+if __name__ == "__main__":
+    for i in range(int(argv[3])):
+        try:
+            result = get(argv[1])
+            if result.text:
+                if re.search(str(argv[2]), result.text, re.IGNORECASE) is not None:
+                    exit(0)
+        except Exception as _:
+            _ = _
+        sleep(float(argv[4]))
+    exit(2)