From 65c052a2f72e59bd0c420ed30111f0831a0ae7fa Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 21 Mar 2015 19:47:50 +0000
Subject: [PATCH] Callback API test code paths  - Legacy-Id: 9305

---
 ietf/api/tests.py | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/ietf/api/tests.py b/ietf/api/tests.py
index 99cd42587..43d167168 100644
--- a/ietf/api/tests.py
+++ b/ietf/api/tests.py
@@ -7,6 +7,7 @@ from django.conf import settings
 from django.utils.importlib import import_module
 from django.db import models
 
+from tastypie.exceptions import BadRequest
 from tastypie.test import ResourceTestCase
 
 import debug                            # pyflakes:ignore
@@ -43,16 +44,40 @@ class TastypieApiTestCase(ResourceTestCase):
             self.assertIn(name, resource_list,
                         "Expected a REST API resource for %s, but didn't find one" % name)
 
+    def _assertCallbackReturnsSameJSON(self, api_url, json_dict):
+        cbclient = Client(Accept='text/javascript')
+        identity = lambda x: x
+        # To be able to eval JSON, we need to have three more symbols
+        true = True
+        false = False
+        null = None
+        r = cbclient.get(api_url + '?callback=identity')
+        code = compile(r.content, '<string>', 'eval')
+        # Make sure it is just a call with the identity function
+        self.assertTrue(len(code.co_names) == 1, "The callback API returned "
+            "code which uses more symbols than just the given \'identity\' "
+            "callback function: %s" % ', '.join(code.co_names))
+        self.assertTrue(code.co_names[0] == 'identity', "The callback API "
+            "returned code with a different symbol than the given "
+            "\'identity\' callback function: %s" % code.co_names[0])
+        # After all these checks, I think calling eval is "safe"
+        # Fingers crossed!
+        callback_dict = eval(code)
+        self.assertEqual(callback_dict, json_dict, "The callback API returned "
+            "a different dictionary than the json API")
+
     def test_all_model_resources_exist(self):
         client = Client(Accept='application/json')
         r = client.get("/api/v1")
         top = json.loads(r.content)
+        self._assertCallbackReturnsSameJSON("/api/v1", top)
         for name in self.apps:
             app = self.apps[name]
             self.assertEqual("/api/v1/%s/"%name, top[name]["list_endpoint"])
             r = client.get(top[name]["list_endpoint"])
             self.assertValidJSONResponse(r)
             app_resources = json.loads(r.content)
+            self._assertCallbackReturnsSameJSON("/api/v1/%s/"%name, app_resources)
             model_list = models.get_models(app.models)
             for model in model_list:
                 if not model._meta.model_name in app_resources.keys():
@@ -60,3 +85,11 @@ class TastypieApiTestCase(ResourceTestCase):
                     self.assertIn(model._meta.model_name, app_resources.keys(),
                         "There doesn't seem to be any API resource for model %s.models.%s"%(app.__name__,model.__name__,))
 
+    def test_invalid_jsonp_callback_value(self):
+        cbclient = Client(Accept='text/javascript')
+        try:
+            r = cbclient.get("/api/v1?callback=$.23")
+        except BadRequest:
+            return
+        self.assertTrue(False,
+            "The callback API accepted an invalid JSONP callback name")