Merge pull request #68 from DevinciHQ/dev-282-frontend-test-anon

Dev 282 frontend test anon

Author: aashil

backend/handlers/api/query.py

@@ -19,17 +19,24 @@ def query_handler():
 
     tags = get_tags(search_string)
     query_string = get_query(search_string)
+
     # Return 400 bad request error if the search_string contains only
     # hashtags and no actual search query.
     if len(query_string) == 0:
         abort(400)
     user = None
+
+    # If we get an unauthenticated query request, just go ahead and redirect them to google for now
+    # without recording it in the database. (We may change this behavior soon)
+    if not security.is_request_with_auth(request):
+        return jsonify(ApiResponse({'redirect': create_google_redirect(query_string)}))
+
+    # The request WAS trying to authenticate, so let's try to get the authenticated user.
     try:
         user = security.authenticate_user(request)
     except security.ValidationError as err:
-        escaped_q = urllib.urlencode({'q': query_string})
-        redirect = 'http://google.com/#' + escaped_q
-        return jsonify(ApiResponse({'redirect': redirect}))
+        logging.debug(err)
+        abort(401)
 
     # Get the user-agent header from the request.
     user_agent = parseUA(request.headers['User-Agent'])
@@ -58,12 +65,7 @@ def query_handler():
     # Save to the datatore.
     query.put()
     logging.debug('query: %s', str(query))
-
-    escaped_q = urllib.urlencode({'q': query_string})
-    redirect = 'http://google.com/#' + escaped_q
-
-    # response.headers['Content-Type'] = 'application/json'
-    return jsonify(ApiResponse({'redirect': redirect}))
+    return jsonify(ApiResponse({'redirect': create_google_redirect(query_string)}))
 
 
 def get_tags(search_string):
@@ -98,3 +100,10 @@ def get_query(search_string):
             search_query.append(i)
             cursor = False
     return " ".join(search_query)
+
+
+def create_google_redirect(search_string):
+    """convert a string into a google url that will show search results."""
+    escaped_q = urllib.urlencode({'q': search_string})
+    redirect = 'https://google.com/#' + escaped_q
+    return redirect

backend/shared/security.py

@@ -245,5 +245,11 @@ def get_referrer_insecure(req):
         logging.warn("Got a malformed referrer.")
 
 
+def is_request_with_auth(req):
+    """Check if the request has an auth header."""
+    auth_header = req.headers.get('Authorization', False)
+    if not auth_header:
+        return False
+    return True
 # Create the global pubkey object so that other code can use it.
 PUBKEY = PublicKey()

backend/tests/handlers_api_query_test.py

@@ -60,7 +60,7 @@ def test_anon_query(self):
         # Suppressing the pylint error for no-member
         # pylint: disable=maybe-no-member
         data = json.loads(rv.data) # type: Response
-        self.assertEqual(data['payload']['redirect'], "http://google.com/#q=test")
+        self.assertEqual(data['payload']['redirect'], "https://google.com/#q=test")
 
     def test_empty_hashtag(self):
         """ Testing the empty hashtag case."""
@@ -91,6 +91,10 @@ def test_remove_hashtags(self):
         search_query = query.get_query("#this is a #test")
         self.assertEqual(search_query, "is a #test")
 
+    def test_create_google_redirect(self):
+        redirect = query.create_google_redirect("&? Search test")
+        self.assertEqual(redirect, "https://google.com/#q=%26%3F+Search+test")
+
     def open_with_auth(self, url, method):
         fake_token = get_fake_jwt_token()
         return self.app.open(url, method=method, headers={"Authorization": "Bearer " + fake_token},

backend/tests/security_test.py

@@ -147,5 +147,12 @@ def test_authentication(self):
             security.set_auth_session_cookie(auth_request)
             user = security.authenticate_user(empty_request)
 
+    def test_is_request_with_auth(self):
+        with app.test_request_context():
+            # Expect that requests without an Authorization header return False
+            empty_request = MockRequest(headers={})
+            self.assertEqual(security.is_request_with_auth(empty_request), False)
 
-
+            # Expect that requests with an Authorization header return True;
+            auth_request = MockRequest(headers={"Authorization": "anything"})
+            self.assertEqual(security.is_request_with_auth(auth_request), True)

default/src/app/query/query.service.spec.ts

@@ -6,12 +6,14 @@ import {
 } from '@angular/core/testing';
 import { QueryService } from './query.service';
 import { BackendService} from '../shared/backend.service';
-import { Observable, Observer } from 'rxjs';
+import { Observable, Observer, BehaviorSubject } from 'rxjs';
+import { User } from '../shared/user';
+import { AuthService } from '../auth/auth.service';
 
 
 class MockBackendService {
 
-    request(path: string, data: any) {
+    request(path: string, data: any, use_auth: boolean) {
         return Observable.create(
             (observer: Observer<any>) => {
                 observer.next(null);
@@ -21,25 +23,47 @@ class MockBackendService {
     }
 }
 
+class MockAuthService {
+
+   private user = new BehaviorSubject<User>(null);
+    // Observable string streams
+    // user$ = this.user.asObservable();
+
+    login() {
+       this.user.next(new User(new User({uid: '123abc', email: 'fake.test@example.com', loggedIn: true})));
+    }
+
+    logout() {
+        this.user.next(new User);
+    }
+
+    getUser() {
+        return this.user;
+    }
+
+}
+
 describe('QueryService', () => {
     beforeEach(() => {
         addProviders([
             QueryService,
+            {provide: AuthService, useClass: MockAuthService},
             {provide: BackendService, useClass: MockBackendService}
         ]);
     });
 
-    it('should call backend path with query and source as data.', async(inject(
+    it('should call backend path with query, source and authentication as data.', async(inject(
         // Note that we pass XHRBackend, NOT MockBackend.
-        [QueryService, BackendService], (queryService: QueryService, backend: MockBackendService) => {
+        [QueryService, AuthService, BackendService], (queryService: QueryService, auth: MockAuthService, backend: MockBackendService) => {
 
             let query = 'asdf';
             let source = 'test';
 
             spyOn(backend, 'request').and.callThrough();
 
+            auth.login();
             queryService.doQuery('asdf', 'test').subscribe(data => {
-                expect(backend.request).toHaveBeenCalledWith('/api/q', {q: query, source: source});
+                expect(backend.request).toHaveBeenCalledWith('/api/q', {q: query, source: source}, true);
                 },
                 err => {
                     throw new Error('Query failed');
@@ -48,6 +72,65 @@ describe('QueryService', () => {
 
         }
     )));
+    it('should use an un-authenticated request if the user is logged out.', async(inject(
+        // Note that we pass XHRBackend, NOT MockBackend.
+        [QueryService, AuthService, BackendService], (queryService: QueryService, auth: MockAuthService, backend: MockBackendService) => {
+
+            let query = 'asdf';
+            let source = 'test';
+
+            spyOn(backend, 'request').and.callThrough();
+            auth.logout();
+
+            queryService.doQuery('asdf', 'test').subscribe(data => {
+                expect(backend.request).toHaveBeenCalledWith('/api/q', {q: query, source: source}, false);
+                },
+                err => {
+                    throw new Error('Query failed');
+                }
+            );
+
+        }
+    )));
+    it('should use an authenticated request if the user is logged in.', async(inject(
+        // Note that we pass XHRBackend, NOT MockBackend.
+        [QueryService, AuthService, BackendService], (queryService: QueryService, auth: MockAuthService, backend: MockBackendService) => {
+
+            let query = 'asdf';
+            let source = 'test';
+
+            spyOn(backend, 'request').and.callThrough();
+            auth.login();
+
+            queryService.doQuery('asdf', 'test').subscribe(data => {
+                expect(backend.request).toHaveBeenCalledWith('/api/q', {q: query, source: source}, true);
+                },
+                err => {
+                    throw new Error('Query failed');
+                }
+            );
+
+        }
+    )));
+    it('should not make any request if the user is null.', async(inject(
+        // Note that we pass XHRBackend, NOT MockBackend.
+        [QueryService, AuthService, BackendService], (queryService: QueryService, auth: MockAuthService, backend: MockBackendService) => {
+
+            spyOn(backend, 'request').and.callThrough();
+
+            // We don't login or logout, so the user should be null.
+
+            queryService.doQuery('asdf', 'test').subscribe(data => {
+                expect(backend.request).not.toHaveBeenCalled();
+                },
+                err => {
+                    throw new Error('Query failed');
+                }
+            );
+
+        }
+    )));
+
     describe('getQueries()', () => {
 
         it('should call backend.request() just the /api/report path and an empty object.', async(inject(

default/src/app/query/query.service.ts

@@ -3,19 +3,35 @@ import { Injectable }     from '@angular/core';
 import { Observable }     from 'rxjs/Observable';
 import 'rxjs/add/operator/catch';
 import {BackendService} from '../shared/backend.service';
+import {AuthService} from '../auth/auth.service';
 
 @Injectable()
 export class QueryService {
-    constructor(private backend: BackendService) {}
+    constructor(private backend: BackendService, private auth: AuthService) {}
 
     /**
      *
      * @param query
+     * @param source
      * @returns {Observable<Object>}
      */
     public doQuery(query: string, source: string): Observable<Object> {
+        let user = this.auth.getUser().getValue();
+        let use_auth: boolean;
+
+        // Send an authenticated request if the user is logged in.
+        if (user && user.loggedIn) {
+            use_auth = true;
+        } else if (user && !user.loggedIn) {
+            // Send an un-authenticated request if the user is logged out.
+            use_auth = false;
+        } else {
+            // If the user is still pending (null), then don't do anything yet.
+            console.log('Not making any request until the user\'s loggedIn status is resolved.');
+            return Observable.empty();
+        }
         // Save the search query and get the JSON response (which also contains link to redirect) in return.
-        return this.backend.request('/api/q', {q: query, source: source });
+        return this.backend.request('/api/q', {q: query, source: source }, use_auth);
     }
 
     // Get the search history as a JSON response.

default/src/app/search/search.component.spec.ts

@@ -2,7 +2,7 @@ import {addProviders, inject } from '@angular/core/testing';
 import { SearchComponent } from './index';
 import { QueryService } from '../query/index';
 import { AuthService} from '../auth/auth.service';
-import { Observable, BehaviorSubject }   from 'rxjs';
+import { Observable, BehaviorSubject, Observer }   from 'rxjs';
 import { User } from '../shared/user';
 
 class MockQueryService {
@@ -78,4 +78,32 @@ describe('SearchComponent', () => {
             expect(value).toBe('some search stuff');
         })
     );
+
+    it('anonymous should be able to search and then get redirected.',
+        inject([SearchComponent, QueryService, AuthService], (component: SearchComponent, querySrv: MockQueryService,
+                                                              auth: MockAuthService) => {
+            spyOn(querySrv, 'doQuery').and.callFake(() => {
+                return Observable.create(
+                    (observer: Observer<any>) => {
+                        observer.next({
+                               'success': 'true',
+                               'payload': {
+                                    'redirect': 'http://google.com/q#=whatever',
+                                },
+                               'cursor': null
+                        });
+                        observer.complete();
+                    }
+                );
+            });
+
+            // We can get around private method issues like this.
+            let redirect = spyOn(component, '_redirect');
+            auth.logout();
+            component.submit('whatever');
+            expect(querySrv.doQuery).toHaveBeenCalled();
+            expect(redirect).toHaveBeenCalledWith('http://google.com/q#=whatever');
+        })
+
+    );
 });

default/src/app/search/search.component.ts

@@ -12,22 +12,9 @@ import {AuthService} from '../auth/auth.service';
 export class SearchComponent {
 
     private preSearchText: any;
-    private disabled = true;
     constructor(private queryService: QueryService, private auth: AuthService) {
         this.preSearchText = this.populateSearch(window.location.href);
         this.recordOmniSearch(window.location.href);
-        this.auth.getUser().subscribe(
-            user => {
-                if (user && user.loggedIn) {
-                    this.disabled = false;
-                } else {
-                    this.disabled = true;
-                }
-            },
-            err => {
-                console.log('authEvent', err);
-            }
-        );
     }
 
     submit(searchField: string) {
@@ -46,7 +33,7 @@ export class SearchComponent {
         this.queryService.doQuery(searchField, 'site-search').subscribe(
             data => {
                 // If when data is returned from a query with a redirect set, do the redirect.
-                if (data['payload']['redirect']) {
+                if (data['payload'] && data['payload']['redirect']) {
                     this._redirect(data['payload']['redirect']);
                 }
             }