Skip to content

Commit

Permalink
tests: Add unit test verifying error handlers are in place
Browse files Browse the repository at this point in the history
The status codes in here are to ensure that the cases the
ErrorDocument directives previously in the Apache journalist
configuration are handled in the application code.
  • Loading branch information
redshiftzero authored and emkll committed Mar 21, 2019
1 parent a802dde commit 12977cc
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 3 deletions.
4 changes: 2 additions & 2 deletions securedrop/journalist_app/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,7 @@ def get_current_user():
user = get_user_object(request)
return jsonify(user.to_json()), 200

def _handle_http_exception(error):
def _handle_api_http_exception(error):
# Workaround for no blueprint-level 404/5 error handlers, see:
# https://github.com/pallets/flask/issues/503#issuecomment-71383286
response = jsonify({'error': error.name,
Expand All @@ -318,6 +318,6 @@ def _handle_http_exception(error):
return response, error.code

for code in default_exceptions:
api.errorhandler(code)(_handle_http_exception)
api.errorhandler(code)(_handle_api_http_exception)

return api
6 changes: 6 additions & 0 deletions securedrop/tests/test_journalist.py
Original file line number Diff line number Diff line change
Expand Up @@ -2024,3 +2024,9 @@ def test_does_set_cookie_headers(journalist_app, test_journo):
observed_headers = response.headers
assert 'Set-Cookie' in observed_headers.keys()
assert 'Cookie' in observed_headers['Vary']


def test_app_error_handlers_defined(journalist_app):
for status_code in [400, 401, 403, 404, 500]:
# This will raise KeyError if an app-wide error handler is not defined
assert journalist_app.error_handler_spec[None][status_code]
11 changes: 10 additions & 1 deletion securedrop/tests/test_journalist_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,16 @@ def test_user_without_token_cannot_post_protected_endpoints(journalist_app,
assert response.status_code == 403


def test_api_404(journalist_app, journalist_api_token):
def test_api_error_handlers_defined(journalist_app):
"""Ensure the expected error handler is defined in the API blueprint"""
for status_code in [400, 401, 403, 404, 500]:
result = journalist_app.error_handler_spec['api'][status_code]

expected_error_handler = '_handle_api_http_exception'
assert result.values()[0].__name__ == expected_error_handler


def test_api_error_handler_404(journalist_app, journalist_api_token):
with journalist_app.test_client() as app:
response = app.get('/api/v1/invalidendpoint',
headers=get_api_headers(journalist_api_token))
Expand Down

0 comments on commit 12977cc

Please sign in to comment.