PyPI - karrio-server-core - Versions diffs - 2025.5__py3-none-any.whl - Mend

karrio-server-core 2025.5__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

karrio/server/core/tests.py ADDED Viewed

@@ -0,0 +1,99 @@
+from django.contrib.auth import get_user_model
+from rest_framework.test import APITestCase as BaseAPITestCase, APIClient
+from karrio.server.core.logging import logger
+from karrio.server.user.models import Token
+import karrio.server.iam.permissions as iam
+import karrio.server.providers.models as providers
+iam.setup_groups()
+class APITestCase(BaseAPITestCase):
+    def setUp(self) -> None:
+        self.maxDiff = None
+        # Loguru is already configured globally in settings
+        # Setup user and API Token.
+        self.user = get_user_model().objects.create_superuser(
+            "admin@example.com", "test"
+        )
+        self.token = Token.objects.create(user=self.user, test_mode=True)
+        # Setup API client.
+        self.client = APIClient()
+        self.client.credentials(HTTP_AUTHORIZATION="Token " + self.token.key)
+        # Setup test carrier connections.
+        self.carrier = providers.Carrier.objects.create(
+            carrier_code="canadapost",
+            carrier_id="canadapost",
+            test_mode=True,
+            active=True,
+            created_by=self.user,
+            credentials=dict(
+                username="6e93d53968881714",
+                customer_number="2004381",
+                contract_id="42708517",
+                password="0bfa9fcb9853d1f51ee57a",
+            ),
+        )
+        self.ups_carrier = providers.Carrier.objects.create(
+            carrier_code="ups",
+            carrier_id="ups_package",
+            test_mode=True,
+            active=True,
+            created_by=self.user,
+            credentials=dict(
+                client_id="test",
+                client_secret="test",
+                account_number="000000",
+            ),
+        )
+        self.fedex_carrier = providers.Carrier.objects.create(
+            carrier_code="fedex",
+            carrier_id="fedex_express",
+            test_mode=True,
+            active=True,
+            created_by=self.user,
+            credentials=dict(
+                api_key="test",
+                secret_key="password",
+                account_number="000000",
+                track_api_key="test",
+                track_secret_key="password",
+            ),
+        )
+        self.dhl_carrier = providers.Carrier.objects.create(
+            carrier_code="dhl_express",
+            carrier_id="dhl_express",
+            test_mode=True,
+            active=True,
+            created_by=self.user,
+            credentials=dict(
+                site_id="test",
+                password="password",
+                account_number="000000",
+            )
+        )
+    def getJWTToken(self, email: str, password: str) -> str:
+        url = reverse("jwt-obtain-pair")
+        data = dict(
+            email=email,
+            password=password,
+        )
+        response = self.client.post(url, data)
+        return response.data.get("access")
+    def assertResponseNoErrors(self, response):
+        is_ok = f"{response.status_code}".startswith("2")
+        if is_ok is False or response.data.get("errors") is not None:
+            logger.error("Response has errors",
+                        status_code=response.status_code,
+                        response_data=response.data)
+        self.assertTrue(is_ok)
+        assert response.data.get("errors") is None

karrio/server/core/tests_resource_token.py ADDED Viewed

@@ -0,0 +1,411 @@
+"""Tests for ResourceAccessToken and /api/tokens endpoint."""
+from unittest import mock
+from django.test import TestCase
+from django.contrib.auth import get_user_model
+from rest_framework.test import APITestCase, APIClient
+from karrio.server.user.models import Token
+from karrio.server.core.utils import ResourceAccessToken
+class TestResourceAccessTokenUnit(TestCase):
+    """Unit tests for ResourceAccessToken class."""
+    def setUp(self):
+        self.user = get_user_model().objects.create_user(
+            email="test@example.com", password="testpass123"
+        )
+    def test_create_token_for_single_resource(self):
+        """Test creating a token for a single resource."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="shipment",
+            resource_ids=["shp_123"],
+            access=["label"],
+            format="pdf",
+        )
+        self.assertDictEqual(
+            {
+                "resource_type": token["resource_type"],
+                "resource_ids": token["resource_ids"],
+                "access": token["access"],
+                "format": token["format"],
+            },
+            {
+                "resource_type": "shipment",
+                "resource_ids": ["shp_123"],
+                "access": ["label"],
+                "format": "pdf",
+            },
+        )
+    def test_create_token_for_multiple_resources(self):
+        """Test creating a token for multiple resources."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="document",
+            resource_ids=["shp_1", "shp_2", "shp_3"],
+            access=["batch_labels"],
+            format="pdf",
+        )
+        self.assertDictEqual(
+            {
+                "resource_type": token["resource_type"],
+                "resource_ids": sorted(token["resource_ids"]),
+                "access": token["access"],
+            },
+            {
+                "resource_type": "document",
+                "resource_ids": ["shp_1", "shp_2", "shp_3"],
+                "access": ["batch_labels"],
+            },
+        )
+    def test_decode_valid_token(self):
+        """Test decoding a valid token."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="manifest",
+            resource_ids=["mnf_456"],
+            access=["manifest"],
+        )
+        claims = ResourceAccessToken.decode(str(token))
+        self.assertDictEqual(
+            {
+                "resource_type": claims["resource_type"],
+                "resource_ids": claims["resource_ids"],
+                "access": claims["access"],
+            },
+            {
+                "resource_type": "manifest",
+                "resource_ids": ["mnf_456"],
+                "access": ["manifest"],
+            },
+        )
+    def test_validate_access_success(self):
+        """Test successful access validation."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="shipment",
+            resource_ids=["shp_123"],
+            access=["label", "invoice"],
+        )
+        claims = ResourceAccessToken.validate_access(
+            token_string=str(token),
+            resource_type="shipment",
+            resource_id="shp_123",
+            access="label",
+        )
+        self.assertIsNotNone(claims)
+        self.assertEqual(claims["resource_type"], "shipment")
+    def test_validate_access_wrong_resource_type(self):
+        """Test validation fails for wrong resource type."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="shipment",
+            resource_ids=["shp_123"],
+            access=["label"],
+        )
+        with self.assertRaises(PermissionError) as context:
+            ResourceAccessToken.validate_access(
+                token_string=str(token),
+                resource_type="manifest",
+                resource_id="shp_123",
+                access="label",
+            )
+        self.assertIn("resource type", str(context.exception).lower())
+    def test_validate_access_wrong_resource_id(self):
+        """Test validation fails for wrong resource ID."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="shipment",
+            resource_ids=["shp_123"],
+            access=["label"],
+        )
+        with self.assertRaises(PermissionError) as context:
+            ResourceAccessToken.validate_access(
+                token_string=str(token),
+                resource_type="shipment",
+                resource_id="shp_999",
+                access="label",
+            )
+        self.assertIn("resource", str(context.exception).lower())
+    def test_validate_access_wrong_permission(self):
+        """Test validation fails for wrong access permission."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="shipment",
+            resource_ids=["shp_123"],
+            access=["label"],
+        )
+        with self.assertRaises(PermissionError) as context:
+            ResourceAccessToken.validate_access(
+                token_string=str(token),
+                resource_type="shipment",
+                resource_id="shp_123",
+                access="invoice",
+            )
+        self.assertIn("access", str(context.exception).lower())
+    def test_validate_batch_access_success(self):
+        """Test successful batch access validation."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="document",
+            resource_ids=["shp_1", "shp_2", "shp_3"],
+            access=["batch_labels"],
+        )
+        claims = ResourceAccessToken.validate_batch_access(
+            token_string=str(token),
+            resource_type="document",
+            resource_ids=["shp_1", "shp_2"],
+            access="batch_labels",
+        )
+        self.assertIsNotNone(claims)
+        self.assertEqual(claims["resource_type"], "document")
+    def test_validate_batch_access_missing_id(self):
+        """Test batch validation fails when requesting ID not in token."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="document",
+            resource_ids=["shp_1", "shp_2"],
+            access=["batch_labels"],
+        )
+        with self.assertRaises(PermissionError) as context:
+            ResourceAccessToken.validate_batch_access(
+                token_string=str(token),
+                resource_type="document",
+                resource_ids=["shp_1", "shp_2", "shp_3"],
+                access="batch_labels",
+            )
+        self.assertIn("shp_3", str(context.exception))
+    def test_token_with_org_id_and_test_mode(self):
+        """Test token includes org_id and test_mode when provided."""
+        token = ResourceAccessToken.for_resource(
+            user=self.user,
+            resource_type="shipment",
+            resource_ids=["shp_123"],
+            access=["label"],
+            org_id="org_abc",
+            test_mode=True,
+        )
+        claims = ResourceAccessToken.decode(str(token))
+        self.assertDictEqual(
+            {
+                "org_id": claims["org_id"],
+                "test_mode": claims["test_mode"],
+            },
+            {
+                "org_id": "org_abc",
+                "test_mode": True,
+            },
+        )
+class TestResourceTokenAPI(APITestCase):
+    """API tests for /api/tokens endpoint."""
+    def setUp(self):
+        self.user = get_user_model().objects.create_user(
+            email="api_test@example.com", password="testpass123"
+        )
+        self.token = Token.objects.create(user=self.user, test_mode=True)
+        self.client = APIClient()
+        self.client.credentials(HTTP_AUTHORIZATION=f"Token {self.token.key}")
+    def test_generate_shipment_label_token(self):
+        """Test generating a token for shipment label access."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "shipment",
+                "resource_ids": ["shp_123"],
+                "access": ["label"],
+                "format": "pdf",
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 201)
+        self.assertDictEqual(
+            {
+                "has_token": "token" in response.data,
+                "has_expires_at": "expires_at" in response.data,
+                "has_resource_urls": "resource_urls" in response.data,
+                "has_shp_123_url": "shp_123" in response.data.get("resource_urls", {}),
+            },
+            {
+                "has_token": True,
+                "has_expires_at": True,
+                "has_resource_urls": True,
+                "has_shp_123_url": True,
+            },
+        )
+    def test_generate_batch_labels_token(self):
+        """Test generating a token for batch labels."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "document",
+                "resource_ids": ["shp_1", "shp_2", "shp_3"],
+                "access": ["batch_labels"],
+                "format": "pdf",
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 201)
+        self.assertIn("batch", response.data["resource_urls"])
+    def test_generate_manifest_token(self):
+        """Test generating a token for manifest access."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "manifest",
+                "resource_ids": ["mnf_456"],
+                "access": ["manifest"],
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 201)
+        self.assertIn("mnf_456", response.data["resource_urls"])
+    def test_generate_template_token(self):
+        """Test generating a token for template access."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "template",
+                "resource_ids": ["tpl_789"],
+                "access": ["render"],
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 201)
+        self.assertIn("tpl_789", response.data["resource_urls"])
+    def test_unauthenticated_request_fails(self):
+        """Test that unauthenticated requests are rejected."""
+        self.client.credentials()
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "shipment",
+                "resource_ids": ["shp_123"],
+                "access": ["label"],
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 401)
+    def test_invalid_resource_type_fails(self):
+        """Test that invalid resource type is rejected."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "invalid_type",
+                "resource_ids": ["shp_123"],
+                "access": ["label"],
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 400)
+    def test_invalid_access_type_fails(self):
+        """Test that invalid access type is rejected."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "shipment",
+                "resource_ids": ["shp_123"],
+                "access": ["invalid_access"],
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 400)
+    def test_empty_resource_ids_fails(self):
+        """Test that empty resource_ids is rejected."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "shipment",
+                "resource_ids": [],
+                "access": ["label"],
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 400)
+    def test_custom_expiration_success(self):
+        """Test custom token expiration."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "shipment",
+                "resource_ids": ["shp_123"],
+                "access": ["label"],
+                "expires_in": 600,
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 201)
+    def test_response_has_no_cache_headers(self):
+        """Test that token response includes cache prevention headers."""
+        response = self.client.post(
+            "/api/tokens",
+            {
+                "resource_type": "shipment",
+                "resource_ids": ["shp_123"],
+                "access": ["label"],
+            },
+            format="json",
+        )
+        self.assertEqual(response.status_code, 201)
+        self.assertDictEqual(
+            {
+                "cache_control": response.get("Cache-Control"),
+                "cdn_cache_control": response.get("CDN-Cache-Control"),
+            },
+            {
+                "cache_control": "no-store",
+                "cdn_cache_control": "no-store",
+            },
+        )

karrio/server/core/urls.py ADDED Viewed

@@ -0,0 +1,12 @@
+"""
+karrio server core module urls
+"""
+from django.urls import include, path
+from karrio.server.core.views import metadata, router
+app_name = "karrio.server.core"
+urlpatterns = [
+    path("", metadata.view, name="metadata"),
+    path("v1/", include(router.urls), name="references"),
+    path("status/", include("health_check.urls")),
+]