stackoom
  简体   繁体   中英

Testing Google appengine app security as set in app.yaml

 原文  2013-04-08 17:27:44       python/ google-app-engine

Question

What's the way to test the python app security as set up in the app.yaml file?

In my app.yaml, I have a log section that is restricted: 

- url: /log/?.*
  script: swim.app
  login: required

I've a suite of tests for my GAE app (python) and I'd like to add some tests that check that login restriction. I've set up the test runner as per these instructions and then initialized my stub(s) as they show for the DemoTestCase earlier in that page . 

def setUp(self):
    self.testbed = testbed.Testbed()
    self.testbed.activate()
    # Set consistency policy to simulate HR consistency model
    self.policy = datastore_stub_util.PseudoRandomHRConsistencyPolicy(probability=0)
    self.testbed.init_datastore_v3_stub(consistency_policy=self.policy)
    self.testbed.init_user_stub()

def tearDown(self):
    self.testbed.deactivate()

...

def test_log_requires_login(self):
    ''' Make sure attempted access redirects to a login page '''
    request = webapp2.Request.blank('/log')
    response = request.get_response(swim.app) 
    self.assertEqual(response.status_int, 302)

The test_log_requires_login method won't pass because response.status_int passes back a 200 status. If I step through the code in the debugger, it appears as though the page just allows an anonymous user to access the page in the test setup and the response.body gives me the form on that page. This is not the behavior of the running app, as a request to the application for '/log' will give a 302 status and redirect to a login page.

I've tried using WebTest to do it too, with the same results. The issue seems to be that the app running through the test framework doesn't use the app.yaml information (makes sense because I'm not actually running the full app). I can write tests that drive the running application to test the security, but it would be handy if I could just run those tests with the rest of the unit/integration tests without requiring the running application. Is there a way to do so?

Update: I've been working with nosegae . It seems promising because it actually loads the app.yaml information using GAE dev_appserver and it produced the same mappings that the running app uses. It's not clear yet that those are applied in any way though, because my tests still show that an empty user can access the login: required page.

1 answers

solution1
 0 ACCPTED  2013-04-11 04:10:23

I just found an early release of the "regression test framework" for devappserver2, which is the default development appserver as of 1.7.6 . It sets up a server that will indeed use the app.yaml security settings and does just what I need in terms of integration testing.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Define query param in app.yaml in Google Appengine Google App Engine | Python | APP.YAML How to create custom error pages with app.yaml for Google Appengine Python Python Appengine run certain code before following app.yaml Python AppEngine - How to pass query strings in app.yaml Appengine (Python) “Push to Deploy” app.yaml Location Specifying custom URL schema in appengine using app.yaml? How to write `app.yaml` file for Google App Engine app? app.yaml file: Running 2 Python Files Google App Engine Google App Engine is not servig my defined entrypoint in app.yaml
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM