From 88f48cfdc7ecb1b8d955ddea2d991208bd6b408d Mon Sep 17 00:00:00 2001
From: Christian Boettcher <c.boettcher@fz-juelich.de>
Date: Tue, 9 Nov 2021 09:17:02 +0100
Subject: [PATCH] test with different accept headers, test with unauthorized
 secrets access

---
 tests/apiserver_tests/test_responsiveness.py | 31 ++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/tests/apiserver_tests/test_responsiveness.py b/tests/apiserver_tests/test_responsiveness.py
index c517a15..0848ab3 100644
--- a/tests/apiserver_tests/test_responsiveness.py
+++ b/tests/apiserver_tests/test_responsiveness.py
@@ -53,3 +53,34 @@ class NonAuthTests(unittest.TestCase):
         j = rsp.json()
         self.assertTrue('detail' in j, f"{j} should contain message")
 
+    def test_accept_headers(self):
+        header_accept_json = {'Accept' : "application/json"}
+        header_accept_html = {'Accept' : "text/html"}
+        header_accept_none = {'Accept' : ""}
+        
+        rsp = self.client.get("/", headers=header_accept_json)
+        self.assertEqual(rsp.json(), [{element.value: "/" + element.value} for element in storage.LocationDataType])
+        
+        rsp = self.client.get("/", headers=header_accept_html, allow_redirects=False)
+        self.assertEqual(rsp.status_code, 307)
+        
+        rsp = self.client.get("/", headers=header_accept_html, allow_redirects=True)
+        self.assertEqual(rsp.status_code, 422) # forwarded to /index.html which does not exist on the apiserver
+        
+        rsp = self.client.get("/", headers=header_accept_none)
+        self.assertEqual(rsp.json(), [{element.value: "/" + element.value} for element in storage.LocationDataType])
+
+    def test_secrets_access(self): 
+        # check if access for all secrets endpoints failed with 401 Auth required
+        # list secrets, add secret, get secret, delete secret
+        rsp = self.client.get(f'/dataset/{proper_uuid}/secrets')
+        self.assertEqual(401, rsp.status_code)
+        
+        rsp = self.client.get(f'/dataset/{proper_uuid}/secrets/somespecificsecret')
+        self.assertEqual(401, rsp.status_code)
+        
+        rsp = self.client.post(f'/dataset/{proper_uuid}/secrets', json={'key' : "somekey", "secret" : "somesecret"})
+        self.assertEqual(401, rsp.status_code)
+        
+        rsp = self.client.delete(f'/dataset/{proper_uuid}/secrets/somespecificsecret')
+        self.assertEqual(401, rsp.status_code)
-- 
GitLab