invenio-app-rdm 13.0.0b2.dev2__py2.py3-none-any.whl → 13.0.0b2.dev4__py2.py3-none-any.whl

tests/api/test_protect_files_rest.py

@@ -0,0 +1,73 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2021 CERN.
+# Copyright (C) 2021 Northwestern University.
+#
+# Invenio-RDM-Records is free software; you can redistribute it and/or modify
+# it under the terms of the MIT License; see LICENSE file for more details.
+
+"""Test files-rest is protected."""
+
+from io import BytesIO
+
+
+def create_draft(client, record, headers):
+    """Create draft and return its id."""
+    response = client.post("/records", json=record, headers=headers)
+    assert response.status_code == 201
+    return response.json["id"]
+
+
+def init_file(client, recid, headers):
+    """Init a file for draft with given recid."""
+    return client.post(
+        f"/records/{recid}/draft/files", headers=headers, json=[{"key": "test.pdf"}]
+    )
+
+
+def upload_file(client, recid):
+    """Create draft and return its id."""
+    return client.put(
+        f"/records/{recid}/draft/files/test.pdf/content",
+        headers={
+            "content-type": "application/octet-stream",
+            "accept": "application/json",
+        },
+        data=BytesIO(b"testfile"),
+    )
+
+
+def commit_file(client, recid, headers):
+    """Create draft and return its id."""
+    return client.post(f"/records/{recid}/draft/files/test.pdf/commit", headers=headers)
+
+
+# NOTE: It seems like it was already the case that a logged in user wouldn't be
+#       able to access files-rest. We are just making doubly-clear.
+def test_files_rest_endpoint_is_protected(
+    running_app, client_with_login, headers, es_clear, minimal_record
+):
+    client = client_with_login
+
+    # Create draft with file
+    minimal_record["files"] = {"enabled": True}
+    recid = create_draft(client, minimal_record, headers)
+    init_file(client, recid, headers)
+    upload_file(client, recid)
+    commit_file(client, recid, headers)
+
+    # Get bucket information
+    url = f"/records/{recid}/draft/files/test.pdf"
+    response = client.get(url, headers=headers)
+    bucket_id = response.json["bucket_id"]
+
+    # Nobody is allowed to use the invenio-files-rest endpoints
+    # (even logged-in user). Just testing for the GET of each is enough
+
+    bucket_url = f"/files/{bucket_id}"
+    response = client.get(bucket_url, headers=headers)
+    assert 404 == response.status_code  # because of files-rest hiding feature
+
+    bucket_key_url = f"/files/{bucket_id}/test.pdf"
+    response = client.get(bucket_key_url, headers=headers)
+    assert 404 == response.status_code

tests/api/test_record_api.py

@@ -0,0 +1,175 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2019-2021 CERN.
+# Copyright (C) 2019-2021 Northwestern University.
+# Copyright (C) 2024 Graz University of Technology.
+#
+# Invenio-RDM-Records is free software; you can redistribute it and/or modify
+# it under the terms of the MIT License; see LICENSE file for more details.
+
+"""Module tests."""
+
+import pytest
+from invenio_pidstore.models import PersistentIdentifier
+
+SINGLE_RECORD_API_URL = "/records/{}"
+LIST_RECORDS_API_URL = "/records"
+DRAFT_API_URL = "/records/{}/draft"
+DRAFT_ACTION_API_URL = "/records/{}/draft/actions/{}"
+
+
+def test_record_read_non_existing_pid(client, location, minimal_record, es_clear):
+    """Retrieve a non existing record."""
+    # retrieve unknown record
+    response = client.get(SINGLE_RECORD_API_URL.format("notfound"))
+    assert response.status_code == 404
+    assert response.json["status"] == 404
+    assert response.json["message"] == "The persistent identifier does not exist."
+
+
+def test_record_draft_create_and_read(
+    client_with_login, running_app, minimal_record, es_clear
+):
+    """Test draft creation of a non-existing record."""
+    # create a record
+    client = client_with_login
+    response = client.post(LIST_RECORDS_API_URL, json=minimal_record)
+
+    assert response.status_code == 201
+
+    response_fields = response.json.keys()
+    fields_to_check = ["id", "metadata", "revision_id", "created", "updated", "links"]
+
+    for field in fields_to_check:
+        assert field in response_fields
+
+    recid = response.json["id"]
+
+    # retrieve record draft
+    response = client.get(DRAFT_API_URL.format(recid))
+    assert response.status_code == 200
+    assert response.json is not None
+
+
+def test_record_draft_publish(
+    client_with_login, headers, running_app, minimal_record, es_clear
+):
+    """Test draft publication of a non-existing record.
+
+    It has to first create said draft and includes record read.
+    """
+    # Create the draft
+    client = client_with_login
+    response = client.post(LIST_RECORDS_API_URL, json=minimal_record, headers=headers)
+
+    assert response.status_code == 201
+    recid = response.json["id"]
+
+    # Publish it
+    response = client.post(
+        DRAFT_ACTION_API_URL.format(recid, "publish"), headers=headers
+    )
+
+    assert response.status_code == 202
+    response_fields = response.json.keys()
+    fields_to_check = ["id", "metadata", "revision_id", "created", "updated", "links"]
+
+    for field in fields_to_check:
+        assert field in response_fields
+
+    response = client.get(DRAFT_API_URL.format(recid), headers=headers)
+    assert response.status_code == 404
+
+    # Test record exists
+    response = client.get(SINGLE_RECORD_API_URL.format(recid), headers=headers)
+
+    assert response.status_code == 200
+
+    response_fields = response.json.keys()
+    fields_to_check = ["id", "metadata", "revision_id", "created", "updated", "links"]
+
+    for field in fields_to_check:
+        assert field in response_fields
+
+
+def test_read_record_with_redirected_pid(
+    client_with_login, headers, running_app, minimal_record, es_clear
+):
+    """Test read a record with a redirected pid."""
+    # Create dummy record
+    client = client_with_login
+    response = client.post(LIST_RECORDS_API_URL, headers=headers, json=minimal_record)
+    assert response.status_code == 201
+    # Publish it
+    pid1_value = response.json["id"]
+    response = client.post(
+        DRAFT_ACTION_API_URL.format(pid1_value, "publish"), headers=headers
+    )
+    assert response.status_code == 202
+
+    # Create another dummy record
+    response = client.post(LIST_RECORDS_API_URL, headers=headers, json=minimal_record)
+    assert response.status_code == 201
+    pid2_value = response.json["id"]
+    # Publish it
+    response = client.post(
+        DRAFT_ACTION_API_URL.format(pid2_value, "publish"), headers=headers
+    )
+    assert response.status_code == 202
+
+    # redirect pid1 to pid2
+    pid1 = PersistentIdentifier.get("recid", pid1_value)
+    pid2 = PersistentIdentifier.get("recid", pid2_value)
+    pid1.redirect(pid2)
+
+    response = client.get(SINGLE_RECORD_API_URL.format(pid1.pid_value), headers=headers)
+    assert response.status_code == 301
+
+    assert response.json["status"] == 301
+    assert response.json["message"] == "Moved Permanently."
+
+
+@pytest.mark.skip()
+def test_read_deleted_record(
+    client_with_login, headers, location, minimal_record, es_clear, administration_user
+):
+    """Test read a deleted record."""
+    client = client_with_login
+
+    # Create dummy record to test delete
+    response = client.post(LIST_RECORDS_API_URL, headers=headers, json=minimal_record)
+    assert response.status_code == 201
+    recid = response.json["id"]
+    # Publish it
+    response = client.post(
+        DRAFT_ACTION_API_URL.format(recid, "publish"), headers=headers
+    )
+    assert response.status_code == 202
+
+    # Delete the record
+    response = client.delete(SINGLE_RECORD_API_URL.format(recid), headers=headers)
+    assert response.status_code == 204
+
+    # Read the deleted record
+    response = client.get(SINGLE_RECORD_API_URL.format(recid), headers=headers)
+    assert response.status_code == 410
+    assert response.json["message"] == "The record has been deleted."
+
+
+def test_record_search(client, headers, running_app, es_clear):
+    """Test record search."""
+    expected_response_keys = set(["hits", "links", "aggregations"])
+    expected_metadata_keys = set(["resource_type", "creators", "titles"])
+
+    # Get published bibliographic records
+    response = client.get(LIST_RECORDS_API_URL, headers=headers)
+
+    assert response.status_code == 200
+    response_keys = set(response.json.keys())
+    # The datamodel has other tests (jsonschemas, mappings, schemas)
+    # Here we just want to crosscheck the important ones are there.
+    assert expected_response_keys.issubset(response_keys)
+
+    for r in response.json["hits"]["hits"]:
+        metadata_keys = set(r["metadata"])
+        assert expected_metadata_keys.issubset(metadata_keys)

tests/api/test_stats_api.py

@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2023 CERN.
+# Copyright (C) 2024 Graz University of Technology.
+#
+# Invenio App RDM is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Test the statistics integration."""
+
+from invenio_accounts.testutils import login_user_via_session
+
+
+def test_ui_event_emission(running_app, headers, client, administration_user):
+    """It is expected that the REST API endpoint for the statistics is disabled."""
+    login_user_via_session(client, email=administration_user.email)
+
+    # NOTE: the permissions are only relevant per requested query type ("stat")
+    data = {"my-query": {"stat": "record-view", "params": {"recid": "doesnt-matter"}}}
+    result = client.post("/stats", headers=headers, json=data)
+    assert result.status_code == 403
+
+    # i.e. if no queries are requested, nothing will be denied
+    result = client.post("/stats", headers=headers, json={})
+    assert result.status_code == 200
+    assert result.json == {}

tests/conftest.py

@@ -0,0 +1,313 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2019-2025 CERN.
+# Copyright (C) 2019-2021 Northwestern University.
+# Copyright (C) 2024-2025 Graz University of Technology.
+#
+# Invenio App RDM is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Common pytest fixtures and plugins."""
+
+# Monkey patch Werkzeug 2.1
+# Flask-Login uses the safe_str_cmp method which has been removed in Werkzeug
+# 2.1. Flask-Login v0.6.0 (yet to be released at the time of writing) fixes the
+# issue. Once we depend on Flask-Login v0.6.0 as the minimal version in
+# Flask-Security-Invenio/Invenio-Accounts we can remove this patch again.
+try:
+    # Werkzeug <2.1
+    from werkzeug import security
+
+    security.safe_str_cmp
+except AttributeError:
+    # Werkzeug >=2.1
+    import hmac
+
+    from werkzeug import security
+
+    security.safe_str_cmp = hmac.compare_digest
+
+import shutil
+import tempfile
+from collections import namedtuple
+
+import pytest
+from flask_security import login_user
+from flask_security.utils import hash_password
+from invenio_access.models import ActionUsers
+from invenio_access.permissions import system_identity
+from invenio_access.proxies import current_access
+from invenio_accounts.proxies import current_datastore
+from invenio_accounts.testutils import login_user_via_session
+from invenio_app.factory import create_app as _create_app
+from invenio_db import db
+from invenio_files_rest.models import Bucket, FileInstance, Location, ObjectVersion
+from invenio_records_resources.proxies import current_service_registry
+from invenio_vocabularies.contrib.subjects.api import Subject
+from invenio_vocabularies.proxies import current_service as vocabulary_service
+from invenio_vocabularies.records.api import Vocabulary
+from invenio_vocabularies.records.models import VocabularyScheme
+
+
+@pytest.fixture(scope="module")
+def create_app(entry_points):
+    """Creates a test app."""
+    return _create_app
+
+
+@pytest.fixture(scope="module")
+def app_config(app_config):
+    """Override pytest-invenio app_config fixture to disable CSRF check."""
+    # Variable not used. We set it to silent warnings
+    app_config["REST_CSRF_ENABLED"] = False
+
+    return app_config
+
+
+@pytest.fixture(scope="module")
+def subjects_service(app):
+    """Subjects service."""
+    return current_service_registry.get("subjects")
+
+
+pytest_plugins = ("celery.contrib.pytest",)
+
+
+@pytest.fixture(scope="module")
+def extra_entry_points():
+    """Register extra entry point."""
+    return {
+        "invenio_base.blueprints": [
+            "mock_module = tests.mock_module.views:create_blueprint"
+        ],
+    }
+
+
+@pytest.fixture(scope="function")
+def minimal_record(users):
+    """Minimal record data as dict coming from the external world."""
+    return {
+        "access": {
+            "record": "public",
+            "files": "public",
+        },
+        "files": {"enabled": False},  # Most tests don't care about file upload
+        "metadata": {
+            "publication_date": "2020-06-01",
+            "resource_type": {
+                "id": "image-photo",
+            },
+            # Technically not required
+            "creators": [
+                {
+                    "person_or_org": {
+                        "type": "personal",
+                        "name": "Doe, John",
+                        "given_name": "John Doe",
+                        "family_name": "Doe",
+                    }
+                }
+            ],
+            "title": "A Romans story",
+        },
+    }
+
+
+@pytest.fixture()
+def users(app, db):
+    """Create users."""
+    password = "123456"
+    with db.session.begin_nested():
+        datastore = app.extensions["security"].datastore
+        # create users
+        hashed_password = hash_password(password)
+        user1 = datastore.create_user(
+            email="user1@test.com", password=hashed_password, active=True
+        )
+        user2 = datastore.create_user(
+            email="user2@test.com", password=hashed_password, active=True
+        )
+        # Give role to administration-access
+        db.session.add(ActionUsers(action="administration-access", user=user1))
+    db.session.commit()
+    return {
+        "user1": user1,
+        "user2": user2,
+    }
+
+
+@pytest.fixture()
+def roles(app, db):
+    """Create some roles."""
+    with db.session.begin_nested():
+        datastore = app.extensions["security"].datastore
+        role1 = datastore.create_role(
+            name="administration", description="administration role"
+        )
+        role2 = datastore.create_role(name="test", description="tests are coming")
+
+    db.session.commit()
+    return {"administration": role1, "test": role2}
+
+
+@pytest.fixture()
+def administration_user(users, roles):
+    """Give administration rights to a user."""
+    user = users["user1"]
+    role = roles["administration"]
+    current_datastore.add_role_to_user(user, role)
+    action = current_access.actions["superuser-access"]
+    db.session.add(ActionUsers.allow(action, user_id=user.id))
+
+    return user
+
+
+@pytest.fixture()
+def client_with_login(client, users):
+    """Log in a user to the client."""
+    user = users["user1"]
+    login_user(user, remember=True)
+    login_user_via_session(client, email=user.email)
+    return client
+
+
+@pytest.fixture(scope="module")
+def resource_type_type(app):
+    """Resource type vocabulary type."""
+    return vocabulary_service.create_type(system_identity, "resourcetypes", "rsrct")
+
+
+@pytest.fixture(scope="module")
+def resource_type_item(app, resource_type_type):
+    """Resource type vocabulary record."""
+    rst = vocabulary_service.create(
+        system_identity,
+        {
+            "id": "image-photo",
+            "icon": "chart bar outline",
+            "props": {
+                "csl": "graphic",
+                "datacite_general": "Image",
+                "datacite_type": "Photo",
+                "eurepo": "info:eu-repo/semantic/image-photo",
+                "openaire_resourceType": "25",
+                "openaire_type": "dataset",
+                "schema.org": "https://schema.org/Photograph",
+                "subtype": "image-photo",
+                "type": "image",
+            },
+            "title": {"en": "Photo"},
+            "tags": ["depositable", "linkable"],
+            "type": "resourcetypes",
+        },
+    )
+
+    Vocabulary.index.refresh()
+
+    return rst
+
+
+@pytest.fixture(scope="module")
+def languages_type(app):
+    """Language vocabulary type."""
+    return vocabulary_service.create_type(system_identity, "languages", "lng")
+
+
+@pytest.fixture(scope="module")
+def language_item(app, languages_type):
+    """Language vocabulary record."""
+    lang = vocabulary_service.create(
+        system_identity,
+        {
+            "id": "eng",
+            "props": {
+                "alpha_2": "",
+            },
+            "title": {"en": "English"},
+            "type": "languages",
+        },
+    )
+
+    Vocabulary.index.refresh()
+
+    return lang
+
+
+@pytest.fixture
+def subjects_mesh_scheme(app, db):
+    """Subject Scheme for MeSH."""
+    scheme = VocabularyScheme.create(
+        id="MeSH",
+        parent_id="subjects",
+        name="Medical Subject Headings",
+        uri="https://www.nlm.nih.gov/mesh/meshhome.html",
+    )
+    db.session.commit()
+    return scheme
+
+
+@pytest.fixture
+def subject_item(app, subjects_mesh_scheme, subjects_service):
+    """Subject vocabulary record."""
+    subj = subjects_service.create(
+        system_identity,
+        {
+            "id": "https://id.nlm.nih.gov/mesh/D000015",
+            "scheme": "MeSH",
+            "subject": "Abnormalities, Multiple",
+        },
+    )
+
+    Subject.index.refresh()
+
+    return subj
+
+
+RunningApp = namedtuple(
+    "RunningApp",
+    ["app", "location", "resource_type_item", "language_item", "subject_item"],
+)
+
+
+@pytest.fixture
+def running_app(app, location, resource_type_item, language_item, subject_item):
+    """Fixture mimicking a running app."""
+    return RunningApp(app, location, resource_type_item, language_item, subject_item)
+
+
+@pytest.yield_fixture()
+def dummy_location(db):
+    """File system location."""
+    tmppath = tempfile.mkdtemp()
+
+    loc = Location(name="testloc", uri=tmppath, default=True)
+    db.session.add(loc)
+    db.session.commit()
+
+    yield loc
+
+    shutil.rmtree(tmppath)
+
+
+@pytest.fixture
+def invalid_file_instance(db, dummy_location):
+    """Creates a file instance."""
+    # Create a Bucket and ObjectVersion
+    b1 = Bucket.create(location=dummy_location)
+    with open("README.rst", "rb") as fp:
+        obj = ObjectVersion.create(b1, "README.rst", stream=fp)
+    db.session.commit()
+    file_id = obj.file_id
+
+    # Get FileInstance from file ID
+    f = FileInstance.query.get(file_id)
+
+    # Force an invalid checksum
+    f.checksum = "invalid"
+    f.verify_checksum()
+    db.session.commit()
+
+    # Retrieve the file instance (with updated last_check)
+    f = FileInstance.query.get(file_id)
+
+    return f

tests/fixtures/__init__.py

@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2025 Graz University of Technology.
+#
+# Invenio App RDM is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Tests."""

tests/fixtures/app_data/oai_sets.yaml

@@ -0,0 +1,3 @@
+- name: "Set1"
+  spec: "set1"
+  search_pattern: "metadata.resource_type.id:dataset"

tests/fixtures/app_data/pages/about.html

@@ -0,0 +1 @@
+About page

tests/fixtures/app_data/pages.yaml

@@ -0,0 +1,4 @@
+- url: /about
+  title: About
+  description: About
+  template: about.html

tests/fixtures/conftest.py

@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2022 CERN.
+#
+# Invenio App RDM is free software; you can redistribute it and/or modify it
+# under the terms of the MIT License; see LICENSE file for more details.
+
+"""Test fixtures for application vocabulary fixtures."""
+
+import pytest
+from invenio_app.factory import create_api
+
+
+@pytest.fixture(scope="module")
+def create_app():
+    """Application factory fixture."""
+    return create_api
+
+
+@pytest.fixture(scope="module")
+def cli_runner(base_app):
+    """Create a CLI runner for testing a CLI command."""
+
+    def cli_invoke(command, *args, input=None):
+        return base_app.test_cli_runner().invoke(command, args, input=input)
+
+    return cli_invoke

tests/fixtures/test_cli.py

@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2022 CERN.
+#
+# Invenio App RDM is free software; you can redistribute it and/or modify
+# it under the terms of the MIT License; see LICENSE file for more details.
+
+"""Tests for the CLI."""
+
+from invenio_access.permissions import system_identity
+from invenio_rdm_records.proxies import current_oaipmh_server_service
+
+from invenio_app_rdm.cli import create_fixtures
+
+
+def test_create_fixtures(app, db, cli_runner):
+    """Assert that fixtures are created."""
+    result = cli_runner(create_fixtures)
+    assert result.exit_code == 0
+
+    service = current_oaipmh_server_service
+    res_set = service.search(system_identity, params={"q": f"%"})
+
+    # oai_sets.yaml file left empty
+    assert res_set.total == 2