o ?h[@sdZddlZddlmmZddlZddlZddl Z ddl Z ddl m Z da ddZejjddZejjdd Zejjd d Zejjd d ZejjddZejjddZejjddZejjddZejjddZejjddZejjddZejjddZdS)ag test_cameras.py Purpose: Comprehensive test suite for camera management functionality including CRUD operations, data validation, API endpoint testing, and database consistency. Tests camera adding, renaming, deleting, listing, and user permission boundaries. This module implements red-team level security testing with comprehensive input validation and follows modular, well-organized patterns for production Apache2 deployment scenarios. Each test ensures proper authentication, CSRF protection, and database state verification. Test Categories: - Camera CRUD operations (add, rename, delete, list) - Data validation for camera IDs and names - API endpoint testing and responses - Database consistency verification - User permission boundaries and data isolation - Camera ID uniqueness validation - Authentication and CSRF protection N)get_dbcCsRtd7attdd}td}tdd}|d|d|d}|d d S) z1Generate a unique 12-digit camera ID for testing.iid c08d02dN ) _test_counterinttimerandomrandint) timestamp counter_part random_part unique_idr./var/www/html/tests/functional/test_cameras.pyget_unique_camera_id!s   rcCs|d}|d}t}|jd|d|ddd}|j}d}||k} | sXtd | fd ||fd tvs9t|r>t|nd t|t|d } d d| i} t t | d}} }| d| T} | dd} | d}d}||u}|std|fd||fdtvst|rt|ndt|d}t ddd|i} t t | d}}Wdn1swY|jd| ||dddd}|j}d}||k} | std | fd ||fd tvst|rt|nd t|t|d } d d| i} t t | d}} }t|j}|d!}d"} || u}|sOtd#|fd$|| ft|t| d%}d&d'|i}t t |d}}} |jt}|d(||df}d}||u}|std|fd||fd)tvst|rt|nd)t|d}d*d|i} t t | d}}|d+}t|}||k}|std |fd,||ft|d-tvsttrttnd-d.tvst|rt|nd.t|d/}d0d1|i}t t |d}}}|d}|d} || k}|s9td |fd2|| ft|t| d%}d&d'|i}t t |d}}} WddS1sKwYdS)3zETest adding cameras with valid 12-digit IDs via POST /api/kamere/add.regularvalid/loginusernamepasswordrrdata.==z3%(py2)s {%(py2)s = %(py0)s.status_code } == %(py5)slogin_responsepy0py2py5assert %(py7)spy7N/ csrf_tokenuser_idis notz%(py0)s is not %(py3)sr$py3zUser should be logged inz >assert %(py5)sr&/api/kamere/add?csrf_token= camera_name camera_idr3application/jsonjson content_typeresponsesuccessTisz%(py1)s is %(py4)spy1py4assert %(py6)spy6z=SELECT * FROM cameras WHERE camera_id = ? AND camera_name = ?cameraassert %(py5)sr5)z0%(py1)s == %(py6)s {%(py6)s = %(py3)s(%(py4)s) }r unique_camera_id)rAr1rBrDassert %(py8)spy8z%(py1)s == %(py4)s)rpost status_code @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _safereprAssertionError_format_explanationgetsession_transaction_format_assertmsgr8loadsr application app_contextrexecutefetchoner )client test_userssample_camera_datauser camera_datarGr" @py_assert1 @py_assert4 @py_assert3 @py_format6 @py_format8sessr*r, @py_assert2 @py_format4r;r @py_assert0 @py_format5 @py_format7dbrE @py_assert5 @py_format9rrrtest_add_camera_valid_data-sF       l  ~r$rpcCsR|d}|d}|jd|d|ddd}|j}d}||k}|sUtd |fd ||fd tvs6t|r;t|nd t|t|d } d d| i} tt | d}}}| d| } | dd} Wdn1suwY|jd| |d|dddd} | j}d}||k}|std |fd ||fdtvst| rt| ndt|t|d } d d| i} tt | d}}}t | j}|d}d}||u}|std|fd||ft|t|d}d d!|i}tt |d}}}d"}|d#}||v}|s=td$|fd%||ft|t|d}d d!|i}tt |d}}}|jVt}|d&|df}d}||u}|std|fd'||fd(tvswt|r|t|nd(t|d)}d*d+|i} tt | d}}WddS1swYdS),zFTest adding cameras with invalid short IDs returns appropriate errors.rinvalid_short_idrrrrrrrr!r"r#r'r(Nr)r*r+r2r5r3r4r6r7r;r<Fr=r?r@rCrDznamenkimessageinz%(py1)s in %(py4)s)SELECT * FROM cameras WHERE camera_id = ?z%(py0)s is %(py3)srEr0rFr&rKrLrMrNrOrPrQrRrSrTrUrVr8rXrrYrZrr[r\r]r^r_r`rar"rbrcrdrerfrgr*r;rrjrhrkrlrmrErirrr test_add_camera_invalid_short_id^s>     ll $r|cCs|d}|d}|jd|d|ddd}|j}d}||k}|sUtd |fd ||fd tvs6t|r;t|nd t|t|d } d d| i} tt | d}}}| d| } | dd} Wdn1suwY|jd| |d|dddd} | j}d}||k}|std |fd ||fdtvst| rt| ndt|t|d } d d| i} tt | d}}}t | j}|d}d}||u}|std|fd||ft|t|d}d d!|i}tt |d}}}|jVt}|d"|df}d}||u}|s\td|fd#||fd$tvsAt|rFt|nd$t|d%}d&d'|i} tt | d}}WddS1slwYdS)(zLTest adding cameras with invalid non-numeric IDs returns appropriate errors.rinvalid_non_numericrrrrrrrr!r"r#r'r(Nr)r*r+r2r5r3r4r6r7rrr;r<Fr=r?r@rCrDz+SELECT * FROM cameras WHERE camera_name = ?ryrEr0rFr&rzr{rrr&test_add_camera_invalid_non_numeric_ids<     l $r~cCsP|d}|d}t}|jd|d|ddd}|j}d}||k} | sXtd | fd ||fd tvs9t|r>t|nd t|t|d } d d| i} t t | d}} }| d| } | dd} Wdn1sxwY|jd| ||dddd}|j}d}||k} | std | fd ||fdtvst|rt|ndt|t|d } d d| i} t t | d}} }t |j}|d}d} || u}|std|fd|| ft|t| d}dd |i}t t |d}}} d!}|d"} || v}|s>td#|fd$|| ft|t| d}dd |i}t t |d}}} |jTt}|d%|f}d}||u}|std|fd&||fd'tvsvt|r{t|nd't|d(}d)d*|i} t t | d}}WddS1swYdS)+z@Test adding cameras with empty names returns appropriate errors.rinvalid_empty_namerrrrrrrr!r"r#r'r(Nr)r*r+r2r3r4r6r7rrr;r<Fr=r?r@rCrDobaveznortrurwrxryrEr0rFr&)rrKrLrMrNrOrPrQrRrSrTrUrVr8rXrrYrZrr[r\r]r^r_r`rarGr"rbrcrdrerfrgr*r;rrjrhrkrlrmrErirrrtest_add_camera_empty_names@     ll $rcCsZ|d}t}|d}|jd|d|ddd}|j}d}||k} | sXtd | fd ||fd tvs9t|r>t|nd t|t|d } d d| i} t t | d}} }| I} | d} d}| |u}|std|fd| |fdtvst| rt| ndt|d}dd|i} t t | d}}Wdn1swY|j t}|d| t||df|Wdn1swY| d}|j}d}||k} | s#td | fd ||fdtvst|r t|ndt|t|d } d d| i} t t | d}} }t|j}d}||v}|sjtd|fd||ft|dtvsSt|rXt|ndd}dd|i} t t | d}}|d}t|t} | sd d!tvsttrttnd!dtvst|rt|ndd"tvsttrttnd"t| d#}t t |d} t|}d$}||k}|std%|fd&||fd'tvsttrttnd'dtvst|rt|ndt|t|d(}d)d*|i}t t |d}}}d}|D]}|d+|kr2|}nq%d}||u}|sotd|fd||fd,tvsTt|rYt|nd,t|d}dd|i} t t | d}}|d}|d} || k}|std |fd-|| ft|t| d.}d/d0|i}t t |d}}} dS)1z:Test retrieving camera lists via GET /api/kamere endpoint.rrrrrrrrrr!r"r#r'r(Nr,r-r/r0rFr&FINSERT INTO cameras (user_id, camera_id, camera_name) VALUES (?, ?, ?)r3 /api/kamerer:r;camerasru)z%(py1)s in %(py3)srrAr1z5assert %(py4)s {%(py4)s = %(py0)s(%(py1)s, %(py2)s) } isinstancelist)r$rAr%rBr)>)z/%(py3)s {%(py3)s = %(py0)s(%(py1)s) } > %(py6)slenr$rAr1rDrHrIr5 our_camerarJr@rCrD)rrKrLrMrNrOrPrQrRrSrTrVrUrYrZrr[r commitr8rXrrrr)r]r^r_r`rGrar"rbrcrdrerfrgr,rhrirmr;rrjrrkrnrlrorrErrrtest_retrieve_camera_list_apisF   z    ~~trcCsl|d}|d}d}t}|jd|d|ddd}|j}d } || k} | sZtd | fd || fd tvs;t|r@t|nd t|t| d } dd| i} t t | d}} } | I} | d}d}||u}|std|fd||fdtvst|rt|ndt|d}dd|i} t t | d}}Wdn1swY|j t}|d|t||df|Wdn1swY| d| } | dd}Wdn1swY|jd|||ddd}|j}d } || k} | sMtd | fd || fd!tvs.t|r3t|nd!t|t| d } dd| i} t t | d}} } t|j}|d"}d#} || u}|std$|fd%|| ft|t| d&}d'd(|i}t t |d}}} |j t}|d)t|f}d}||u}|std|fd||fd*tvst|rt|nd*t|d}dd|i} t t | d}}|d}||k}|std |fd+||ft|d,tvst|r t|nd,d-}dd|i} t t | d}}WddS1s/wYdS).z;Test renaming existing cameras via POST /api/kamere/rename.rrzRenamed Test Camerarrrrrrrr!r"r#r'r(Nr,r-r/r0rFr&rr3r)r*r+/api/kamere/rename?csrf_token=r4r6r7r:r;r<Tr=r?r@rCrDrxrE)z%(py1)s == %(py3)snew_namerrrKrLrMrNrOrPrQrRrSrTrVrUrYrZrr[r rr8rXrr\)r]r^r_r`rarrGr"rbrcrdrerfrgr,rhrirmr*r;rrjrkrlrErrrtest_rename_existing_camerasZ   z     l ~$rcCs|d}|d}t}|jd|d|ddd}|j}d}||k} | sXtd | fd ||fd tvs9t|r>t|nd t|t|d } d d| i} t t | d}} }| I} | d} d}| |u}|std|fd| |fdtvst| rt| ndt|d}dd|i} t t | d}}Wdn1swY|j t}|d| t||df|Wdn1swY| d| } | dd}Wdn1swY|jd|d|idd}|j}d}||k} | sJtd | fd ||fd tvs+t|r0t|nd t|t|d } d d| i} t t | d}} }t|j}|d!}d"} || u}|std#|fd$|| ft|t| d%}d&d'|i}t t |d}}} |j Vt}|d(t|f}d}||u}|std#|fd)||fd*tvst|rt|nd*t|d}dd|i} t t | d}}WddS1swYdS)+z2Test deleting cameras via POST /api/kamere/delete.rrrrrrrrrr!r"r#r'r(Nr,r-r/r0rFr&rr3r)r*r+z/api/kamere/delete?csrf_token=r5r6r7r:r;r<Tr=r?r@rCrDrxryrEr)r]r^r_r`rarGr"rbrcrdrerfrgr,rhrirmr*r;rrjrkrlrErrrtest_delete_existing_cameraJsT   z     l $rc" Cs8|d}t}t}|jd|d|ddd}|j}d}||k} | sWtd| fd ||fd tvs8t|r=t|nd t|t|d } d d | i} t t | d}} }| I} | d} d}| |u}|std|fd| |fdtvst| rt| ndt|d}dd|i} t t | d}}Wdn1swYg}|j Gt}t||df||dfgD])\}\}}|d| t||dd|f|t||dd|dq|Wdn 1swY| d}|j}d}||k} | sPtd| fd ||fdtvs1t|r6t|ndt|t|d } d d | i} t t | d}} }t|j}|d}|j t}|d| f}Wdn 1s}wYt|}t|}||k}|std|fd ||fd!tvsttrttnd!d"tvst|rt|nd"t|d!tvsttrttnd!d#tvst|rt|nd#t|d$}d%d&|i}t t |d}}}|D]}d}|D]}|d't|d'kr|}nqd}||u}|s\td|fd||fd(tvsAt|rFt|nd(t|d}dd|i} t t | d}}|d}|d} || k}|std|fd)|| ft|t| d*} d+d,| i}!t t |!d}}} qdS)-z6Test database cameras match API responses consistency.rrrrrrrrr!r"r#r'r(Nr,r-r/r0rFr&rvalid_2rr3 r4rr:r;rz'SELECT * FROM cameras WHERE user_id = ?)zN%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py8)s {%(py8)s = %(py5)s(%(py6)s) }r api_cameras db_cameras)r$rAr1r&rDrIzassert %(py10)spy10r5 api_camerarJr@rCrD)rrKrLrMrNrOrPrQrRrSrTrVrUrYrZr enumerater[r appendrr8rXrfetchallrstr)"r]r^r_r`unique_camera_id_1unique_camera_id_2r"rbrcrdrerfrgr,rhri cameras_addedrmir5rar;api_datarr @py_assert7ro @py_format11 db_camerarcamrjrkrlrrr)test_database_cameras_match_api_responsessl   z        ~trcCsZ|d}|d}|d}t}|jd|d|ddd}|j}d } || k} | s\td | fd || fd tvs=t|rBt|nd t|t| d } dd| i} t t | d}} } | I} | d}d}||u}|std|fd||fdtvst|rt|ndt|d}dd|i} t t | d}}Wdn1swY|j t}|d|t||df|Wdn1swY|jdddid|jd|d|ddd}|j}d } || k} | s9td | fd || fd tvst|rt|nd t|t| d } dd| i} t t | d}} } | d}|j}d} || k} | std | fd || fdtvsgt|rlt|ndt|t| d } dd| i} t t | d}} } t|j}|d}|D]D}|d }||k}|std!|fd"||ft|d#tvst|rt|nd#d$}dd|i} t t | d}}q| d%| } | dd}Wdn 1swY|jd&||d'd(d)d*}|j}d+} || k} | sMtd | fd || fdtvs.t|r3t|ndt|t| d } dd| i} t t | d}} } t|j}|d,}d-} || u}|std.|fd/|| ft|t| d0}d1d2|i}t t |d}}} |j t}|d3t|f}d}||u}|std|fd||fd4tvst|rt|nd4t|d}dd|i} t t | d}}|d}|d} || k}|std |fd5|| ft|t| d0}d1d2|i}t t |d}}} WddS1s&wYdS)6z-Test users can only manage their own cameras.rlimitedrrrrrrrrr!r"r#r'r(Nr,r-r/r0rFr&rr3z/logoutr*r+rr:r;rr5)!=)z%(py1)s != %(py3)srGrr)rzHacked Camera Namer4r6r7ir<Fr=r?r@rCrDrxrErJr)r]r^r_ user_regular user_limitedrarGr"rbrcrdrerfrgr,rhrirmr; limited_datalimited_camerasrErjr*rrkrlrrrtest_user_isolation_camerassr   z          l ~r$rcCs:|d}|d}t}|jd|d|ddd}|j}d}||k} | sXtd | fd ||fd tvs9t|r>t|nd t|t|d } d d| i} t t | d}} }| d| } | dd} Wdn1sxwY|jd| ||dddd}|j}d}||k} | std | fd ||fdtvst|rt|ndt|t|d } d d| i} t t | d}} }|jd| |dddd}|j}d}||k} | s"td | fd ||fdtvst|rt|ndt|t|d } d d| i} t t | d}} }t |j}|d}d} || u}|s^td|fd|| ft|t| d }d!d"|i}t t |d}}} d#}|d$} || v}|std%|fd&|| ft|t| d }d!d"|i}t t |d}}} |jst}|d't|f}t|}d(}||k}|std |fd)||fd*tvsttrttnd*d+tvst|rt|nd+t|t|d,}d-d.|i}t t |d}}}WddS1swYdS)/z%Test camera ID uniqueness validation.rrrrrrrrrr!r"r#r'r(Nr)r*r+r2r3r4r6r7r:r;zDifferent Camera Nameir<Fr=r?r@rCrDu već postojirtrurwrxr)z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py6)srrrrHrI)rrKrLrMrNrOrPrQrRrSrTrUrVr8rXrrYrZrr[r rr)r]r^r_r`rarGr"rbrcrdrerfrgr*r;rrjrhrkrlrmrrnrorrr$test_camera_id_uniqueness_validationsN      ll $rcCs(gd}|D] \}}|dkr||}n|j|id}|j}gd}||v}|s]td|fd||fdtvs>t|rCt|ndt|t|d}d d |i} t t | d }}}|jd krg}d } |j } | | v}|} |sd} |j }| |v}|} | std|fd| | ft| dtvst|rt|ndt| d} dd| i}| ||std|fd| |ft| dtvst|rt|ndt|d}dd|i}| |t |di}dd|i}t t |d } }} }} } }}qd S)z.Test camera operations require authentication.))rGET)z/api/kamere/addPOST)z/api/kamere/renamer)z/api/kamere/deleterr)r8)riiru)z3%(py2)s {%(py2)s = %(py0)s.status_code } in %(py5)sr;r#r'r(Nrr)login)z0%(py3)s in %(py7)s {%(py7)s = %(py5)s.location })r1r&r(z%(py9)spy9)z4%(py12)s in %(py16)s {%(py16)s = %(py14)s.location })py12py14py16z%(py18)spy18rzassert %(py21)spy21)rUrKrLrMrNrOrPrQrRrSrTlocationr_format_boolop)r]endpoints_to_testendpointmethodr;rbrcrdrerfrh @py_assert6rj @py_assert11 @py_assert15 @py_assert13 @py_format10 @py_format17 @py_format19 @py_format20 @py_format22rrr-test_camera_operations_require_authenticationKs  RrcCs|d}|d}t}|jd|d|ddd}|j}d}||k} | sXtd | fd ||fd tvs9t|r>t|nd t|t|d } d d| i} t t | d}} }| d| } | dd} Wdn1sxwY|jd| ||dddd}|j}d}||k} | std | fd ||fdtvst|rt|ndt|t|d } d d| i} t t | d}} }t |j}|d}d} || u}|std|fd|| ft|t| d}dd |i}t t |d}}} |jVt}|d!t|f}d}||u}|s]td"|fd#||fd$tvsBt|rGt|nd$t|d%}d&d'|i} t t | d}}WddS1smwYdS)(z1Test camera operations work with CSRF protection.rrrrrrrrrr!r"r#r'r(Nr)r*r+r2r3r4r6r7r:r;r<Tr=r?r@rCrDrxr-r/rEr0rFr&)rrKrLrMrNrOrPrQrRrSrTrUrVr8rXrrYrZrr[r r\rrrr$test_camera_add_with_csrf_protectiones>     l $r)__doc__builtinsrO_pytest.assertion.rewrite assertionrewriterMpytestr8r r app_modules.dbrr rmarkrrpr|r~rrrrrrrrrrrrrs@"  0 ( ' + 3 : 7 C N 5