test descriptions
This commit is contained in:
@@ -78,6 +78,8 @@ def secured_tracker():
|
||||
|
||||
|
||||
def test_forfeit_rejects_missing_garbage_and_api_key(secured_tracker):
|
||||
"Forfeit rejects missing garbage and api key\n\nTags: auth, http, security"
|
||||
|
||||
url = f"{secured_tracker['url']}/v1/billing/forfeit"
|
||||
payload = {"wallet": "wallet-x", "reason": "fraud"}
|
||||
|
||||
@@ -92,6 +94,8 @@ def test_forfeit_rejects_missing_garbage_and_api_key(secured_tracker):
|
||||
|
||||
|
||||
def test_forfeit_accepts_service_token_and_admin_session(secured_tracker):
|
||||
"Forfeit accepts service token and admin session\n\nTags: auth, http, security"
|
||||
|
||||
url = f"{secured_tracker['url']}/v1/billing/forfeit"
|
||||
result = _request(
|
||||
url, method="POST", payload={"wallet": "wallet-x"}, token=SERVICE_TOKEN,
|
||||
@@ -116,6 +120,8 @@ def test_forfeit_accepts_service_token_and_admin_session(secured_tracker):
|
||||
"/v1/registry/wallets",
|
||||
])
|
||||
def test_financial_reads_require_admin_session(secured_tracker, path):
|
||||
"Financial reads require admin session\n\nTags: auth, http, security"
|
||||
|
||||
url = f"{secured_tracker['url']}{path}"
|
||||
assert _status_of(lambda: _request(url)) == 401
|
||||
assert _status_of(lambda: _request(url, token=secured_tracker["user_session"])) == 403
|
||||
@@ -124,6 +130,8 @@ def test_financial_reads_require_admin_session(secured_tracker, path):
|
||||
|
||||
|
||||
def test_benchmark_endpoints_require_admin_or_service(secured_tracker):
|
||||
"Benchmark endpoints require admin or service\n\nTags: auth, http, performance, security"
|
||||
|
||||
url = f"{secured_tracker['url']}/v1/benchmark/results"
|
||||
assert _status_of(lambda: _request(url)) == 401
|
||||
assert _status_of(lambda: _request(url, token=secured_tracker["user_session"])) == 403
|
||||
@@ -132,6 +140,8 @@ def test_benchmark_endpoints_require_admin_or_service(secured_tracker):
|
||||
|
||||
|
||||
def test_dashboard_stays_public(secured_tracker):
|
||||
"Dashboard stays public\n\nTags: auth, http, security"
|
||||
|
||||
assert _status_of(lambda: urllib.request.urlopen(
|
||||
f"{secured_tracker['url']}/dashboard"
|
||||
)) == 200
|
||||
@@ -148,6 +158,8 @@ def _gossip_events():
|
||||
|
||||
|
||||
def test_unsigned_gossip_is_rejected_and_applies_nothing(secured_tracker):
|
||||
"Unsigned gossip is rejected and applies nothing\n\nTags: auth, gossip, http, network, security"
|
||||
|
||||
url = f"{secured_tracker['url']}/v1/billing/gossip"
|
||||
payload = {"events": _gossip_events()}
|
||||
assert _status_of(lambda: _request(url, method="POST", payload=payload)) == 401
|
||||
@@ -159,6 +171,8 @@ def test_unsigned_gossip_is_rejected_and_applies_nothing(secured_tracker):
|
||||
|
||||
|
||||
def test_signed_gossip_applies_and_wrong_secret_rejected(secured_tracker):
|
||||
"Signed gossip applies and wrong secret rejected\n\nTags: auth, gossip, http, network, security"
|
||||
|
||||
url = f"{secured_tracker['url']}/v1/billing/gossip"
|
||||
body = json.dumps({"events": _gossip_events()}).encode()
|
||||
|
||||
@@ -179,6 +193,8 @@ def test_signed_gossip_applies_and_wrong_secret_rejected(secured_tracker):
|
||||
|
||||
|
||||
def test_stale_signature_rejected():
|
||||
"Stale signature rejected\n\nTags: auth, http, security"
|
||||
|
||||
body = b'{"events": []}'
|
||||
stale = sign_hive_request(HIVE_SECRET, body, timestamp=time.time() - 3600)
|
||||
assert not verify_hive_request(HIVE_SECRET, stale, body)
|
||||
@@ -191,13 +207,16 @@ def test_stale_signature_rejected():
|
||||
|
||||
|
||||
def test_accounts_and_stats_gossip_also_gated(secured_tracker):
|
||||
"Accounts and stats gossip also gated\n\nTags: auth, gossip, http, network, security"
|
||||
|
||||
for path in ("/v1/accounts/gossip", "/v1/stats/gossip"):
|
||||
url = f"{secured_tracker['url']}{path}"
|
||||
assert _status_of(lambda: _request(url, method="POST", payload={})) == 401
|
||||
|
||||
|
||||
def test_push_to_peers_signs_so_peers_accept(secured_tracker):
|
||||
"""Outgoing gossip from a tracker with the shared secret lands on a peer."""
|
||||
"Outgoing gossip from a tracker with the shared secret lands on a peer.\n\nTags: auth, http, security"
|
||||
|
||||
sender = TrackerServer(
|
||||
billing=BillingLedger(starting_credit=0.0),
|
||||
cluster_peers=[secured_tracker["url"]],
|
||||
|
||||
Reference in New Issue
Block a user