2 files changed, 174 insertions, 6 deletions

diff --git a/service/test/unit/resources/test_auth.py b/service/test/unit/resources/test_auth.py
new file mode 100644
index 00000000..6bd0338a
--- /dev/null
+++ b/service/test/unit/resources/test_auth.py
@@ -0,0 +1,85 @@
+from mockito import mock, when, any as ANY
+from pixelated.resources.auth import SessionChecker, PixelatedRealm, PixelatedAuthSessionWrapper
+from pixelated.resources.login_resource import LoginResource
+from pixelated.resources.root_resource import RootResource
+from test.unit.resources import DummySite
+from twisted.cred import error
+from twisted.cred.checkers import ANONYMOUS, AllowAnonymousAccess
+from twisted.cred.portal import Portal
+from twisted.internet.defer import succeed, fail
+from twisted.python import failure
+from twisted.trial import unittest
+from twisted.web._auth.wrapper import UnauthorizedResource
+from twisted.web.resource import IResource, getChildForRequest
+from twisted.web.test.requesthelper import DummyRequest
+
+
+class TestPixelatedRealm(unittest.TestCase):
+
+    def setUp(self):
+        self.authenticated_root_resource = mock()
+        self.public_root_resource = mock()
+        self.realm = PixelatedRealm(self.authenticated_root_resource, self.public_root_resource)
+
+    def test_anonymous_user_gets_anonymous_resource(self):
+        interface, avatar, logout_handler = self.realm.requestAvatar(ANONYMOUS, None, IResource)
+        self.assertEqual(interface, IResource)
+        self.assertIs(avatar, self.public_root_resource)
+
+    def test_authenticated_user_gets_root_resource(self):
+        interface, avatar, logout_handler = self.realm.requestAvatar('username', None, IResource)
+        self.assertEqual(interface, IResource)
+        self.assertIs(avatar, self.authenticated_root_resource)
+
+
+class TestPixelatedAuthSessionWrapper(unittest.TestCase):
+
+    def setUp(self):
+        self.realm_mock = mock()
+        services_factory = mock()
+        session_checker = SessionChecker(services_factory)
+        self.portal = Portal(self.realm_mock, [session_checker, AllowAnonymousAccess()])
+        self.user_uuid_mock = mock()
+        self.root_resource = RootResource(services_factory)
+        self.anonymous_resource_mock = mock()
+
+        self.session_wrapper = PixelatedAuthSessionWrapper(self.portal, self.root_resource, self.anonymous_resource_mock)
+        self.request = DummyRequest([])
+        self.request.prepath = ['']
+        self.request.path = '/'
+
+    def test_should_proxy_to_login_resource_when_the_user_is_not_logged_in(self):
+        when(self.realm_mock).requestAvatar(ANONYMOUS, None, IResource).thenReturn((IResource, self.anonymous_resource_mock, lambda: None))
+
+        deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
+        d = deferred_resource.d
+
+        def assert_anonymous_resource(resource):
+            self.assertIs(resource, self.anonymous_resource_mock)
+
+        d.addCallback(assert_anonymous_resource)
+        return d
+
+    def test_should_proxy_to_root_resource_when_the_user_is_logged_in(self):
+        when(self.realm_mock).requestAvatar(ANY(), None, IResource).thenReturn((IResource, self.root_resource, lambda: None))
+
+        deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
+        d = deferred_resource.d
+
+        def assert_root_resource(resource):
+            self.assertIs(resource, self.root_resource)
+
+        d.addCallback(assert_root_resource)
+        return d
+
+    def test_should_X_when_unauthenticated_user_requests_non_public_resource(self):
+        when(self.realm_mock).requestAvatar(ANONYMOUS, None, IResource).thenReturn((IResource, self.anonymous_resource_mock, lambda: None))
+
+        deferred_resource = self.session_wrapper.getChildWithDefault('', self.request)
+        d = deferred_resource.d
+
+        def assert_unauthorized_resource(resource):
+            self.assertIs(resource, self.anonymous_resource_mock)
+
+        d.addCallback(assert_unauthorized_resource)
+        return d
diff --git a/service/test/unit/resources/test_root_resource.py b/service/test/unit/resources/test_root_resource.py
index 4ff11ce8..2c74d7b9 100644
--- a/service/test/unit/resources/test_root_resource.py
+++ b/service/test/unit/resources/test_root_resource.py
@@ -1,14 +1,20 @@
-import unittest
+import os
 import re
 
 from mock import MagicMock, patch
 from mockito import mock, when, any as ANY
 
+import pixelated
 from pixelated.application import UserAgentMode
 from pixelated.resources.features_resource import FeaturesResource
 from test.unit.resources import DummySite
+from twisted.cred.checkers import ANONYMOUS
+from twisted.internet.defer import succeed
+from twisted.trial import unittest
+from twisted.web.resource import IResource
+from twisted.web.static import File
 from twisted.web.test.requesthelper import DummyRequest
-from pixelated.resources.root_resource import RootResource, MODE_STARTUP, MODE_RUNNING
+from pixelated.resources.root_resource import InboxResource, RootResource, MODE_STARTUP, MODE_RUNNING
 
 
 class TestRootResource(unittest.TestCase):
@@ -25,12 +31,13 @@ class TestRootResource(unittest.TestCase):
         self.mail_service.account_email = self.MAIL_ADDRESS
 
         root_resource = RootResource(self.services_factory)
-        root_resource._html_template = "<html><head><title>$account_email</title></head></html>"
-        root_resource._mode = root_resource
         self.web = DummySite(root_resource)
         self.root_resource = root_resource
 
     def test_render_GET_should_template_account_email(self):
+        self.root_resource._inbox_resource._html_template = "<html><head><title>$account_email</title></head></html>"
+        self.root_resource.initialize(provider=mock(), authenticator=mock())
+
         request = DummyRequest([''])
         request.addCookie = lambda key, value: 'stubbed'
 
@@ -88,6 +95,8 @@ class TestRootResource(unittest.TestCase):
         request.requestHeaders.setRawHeaders('x-xsrf-token', [csrf_token])
 
     def test_should_unauthorize_child_resource_ajax_requests_when_csrf_mismatch(self):
+        self.root_resource.initialize(provider=mock(), authenticator=mock())
+
         request = DummyRequest(['/child'])
         request.method = 'POST'
         self._mock_ajax_csrf(request, 'stubbed csrf token')
@@ -103,11 +112,41 @@ class TestRootResource(unittest.TestCase):
         d.addCallback(assert_unauthorized)
         return d
 
+    def test_GET_should_return_503_for_uninitialized_resource(self):
+        request = DummyRequest(['/sandbox/'])
+        request.method = 'GET'
+
+        request.getCookie = MagicMock(return_value='stubbed csrf token')
+
+        d = self.web.get(request)
+
+        def assert_unavailable(_):
+            self.assertEqual(503, request.responseCode)
+
+        d.addCallback(assert_unavailable)
+        return d
+
+    def test_GET_should_return_404_for_non_existing_resource(self):
+        self.root_resource.initialize(provider=mock(), authenticator=mock())
+
+        request = DummyRequest(['/non-existing-child'])
+        request.method = 'GET'
+        request.getCookie = MagicMock(return_value='stubbed csrf token')
+
+        d = self.web.get(request)
+
+        def assert_not_found(_):
+            self.assertEqual(404, request.responseCode)
+
+        d.addCallback(assert_not_found)
+        return d
+
     def test_should_404_non_existing_resource_with_valid_csrf(self):
+        self.root_resource.initialize(provider=mock(), authenticator=mock())
+
         request = DummyRequest(['/non-existing-child'])
         request.method = 'POST'
         self._mock_ajax_csrf(request, 'stubbed csrf token')
-
         request.getCookie = MagicMock(return_value='stubbed csrf token')
 
         d = self.web.get(request)
@@ -123,7 +162,7 @@ class TestRootResource(unittest.TestCase):
         request = DummyRequest(['features'])
 
         request.getCookie = MagicMock(return_value='irrelevant -- stubbed')
-        self.root_resource._child_resources.add('features', FeaturesResource())
+        self.root_resource.putChild('features', FeaturesResource())
         self.root_resource._mode = MODE_RUNNING
 
         d = self.web.get(request)
@@ -135,6 +174,8 @@ class TestRootResource(unittest.TestCase):
         return d
 
     def test_should_unauthorize_child_resource_non_ajax_POST_requests_when_csrf_input_mismatch(self):
+        self.root_resource.initialize(provider=mock(), authenticator=mock())
+
         request = DummyRequest(['mails'])
         request.method = 'POST'
         request.addArg('csrftoken', 'some csrf token')
@@ -152,3 +193,45 @@ class TestRootResource(unittest.TestCase):
 
         d.addCallback(assert_unauthorized)
         return d
+
+    def test_assets_should_be_publicly_available(self):
+        self.root_resource.initialize(provider=mock(), authenticator=mock())
+
+        request = DummyRequest(['assets', 'dummy.json'])
+        d = self.web.get(request)
+
+        def assert_response(_):
+            self.assertEqual(200, request.responseCode)
+
+        d.addCallback(assert_response)
+        return d
+
+    def test_login_should_be_publicly_available(self):
+        self.root_resource.initialize(provider=mock(), authenticator=mock())
+
+        request = DummyRequest(['login'])
+        d = self.web.get(request)
+
+        def assert_response(_):
+            self.assertEqual(200, request.responseCode)
+
+        d.addCallback(assert_response)
+        return d
+
+    def test_root_should_be_handled_by_inbox_resource(self):
+        request = DummyRequest([])
+        request.prepath = ['']
+        request.path = '/'
+        # TODO: setup mocked portal
+
+        resource = self.root_resource.getChildWithDefault(request.prepath[-1], request)
+        self.assertIsInstance(resource, InboxResource)
+
+    def test_inbox_should_not_be_public(self):
+        request = DummyRequest([])
+        request.prepath = ['']
+        request.path = '/'
+        # TODO: setup mocked portal
+
+        resource = self.root_resource.getChildWithDefault(request.prepath[-1], request)
+        self.assertIsInstance(resource, InboxResource)