Add request-builder fixtures (#40)

ericof · ericof · commit d51c43e68b7f · 2026-04-16T13:54:06.000-03:00
Introduces `request_factory`, `manager_request`, and `anon_request`, replacing the 5+ near-identical session fixtures that downstream codebases reimplement. `request_factory` returns a built-in `RelativeSession` (a thin `requests.Session` subclass) bound to the functional portal. Supported modes: `role="Manager"`, `role="Anonymous"` (default), or explicit `basic_auth=(user, password)`. The `++api++` suffix is added by default. The standalone `RelativeSession` avoids pulling in `plone.restapi[test]`'s fragile import chain (`plone.app.iterate`, `collective.MockMailHost`) while keeping the same calling convention downstream code already expects. Closes #40
diff --git a/README.md b/README.md
@@ -444,6 +444,61 @@ def test_manager_action(portal, grant_roles):
     # test user now has Manager role on portal
 ```
 
+### request_factory
+
+|  |  |
+| --- | --- |
+| Description | Callable that builds a `RelativeSession` against the functional portal. |
+| Required Fixture | **functional_portal** |
+| Scope | **Function** |
+
+Replaces the 5+ near-identical request-session fixtures that downstream codebases reimplement. Returns a `RelativeSession` (a thin `requests.Session` subclass that resolves relative URLs against the portal's base URL) with sensible defaults:
+
+- `role="Manager"` — authenticate as the portal owner.
+- `role="Anonymous"` (default) — no authentication.
+- `basic_auth=(user, password)` — any other identity; takes precedence over `role`.
+- `api=True` (default) — suffix the base URL with `++api++` so relative calls hit the REST API.
+
+Sessions are closed automatically at the end of the test.
+
+```python
+def test_list_content(request_factory):
+    """Test that the Manager role can list content."""
+    session = request_factory(role="Manager")
+    response = session.get("/")
+    assert response.status_code == 200
+```
+
+### manager_request
+
+|  |  |
+| --- | --- |
+| Description | `RelativeSession` pre-authenticated as the portal owner (Manager). |
+| Required Fixture | **request_factory** |
+| Scope | **Function** |
+
+```python
+def test_controlpanels(manager_request):
+    """Test listing of control panels."""
+    response = manager_request.get("/@controlpanels")
+    assert response.status_code == 200
+```
+
+### anon_request
+
+|  |  |
+| --- | --- |
+| Description | `RelativeSession` with no authentication (Anonymous). |
+| Required Fixture | **request_factory** |
+| Scope | **Function** |
+
+```python
+def test_public_endpoint(anon_request):
+    """Test a public REST API endpoint."""
+    response = anon_request.get("/")
+    assert response.status_code == 200
+```
+
 ## Markers
 
 ### @pytest.mark.portal
diff --git a/news/40.feature b/news/40.feature
@@ -0,0 +1 @@
+Added `request_factory`, `manager_request`, and `anon_request` fixtures — build a `RelativeSession` against the functional portal with Manager, Anonymous, or custom basic-auth credentials. Replaces boilerplate duplicated across downstream codebases. @ericof
diff --git a/pyproject.toml b/pyproject.toml
@@ -40,6 +40,7 @@ dependencies = [
     "plone.browserlayer",
     "plone.dexterity",
     "Products.CMFPlone[test]",
+    "requests",
     "zope.component",
     "zope.schema",
 ]
diff --git a/src/pytest_plone/_types.py b/src/pytest_plone/_types.py
@@ -4,6 +4,7 @@
 from plone.dexterity.content import DexterityContent
 from plone.dexterity.fti import DexterityFTI
 from Products.CMFPlone.Portal import PloneSite
+from typing import Any
 from typing import Protocol
 from typing import TypeAlias
 from zope.schema.vocabulary import SimpleVocabulary
@@ -45,3 +46,13 @@ def __call__(
 
 class RolesGranter(Protocol):
     def __call__(self, context: DexterityContent | Item, roles: list[str]) -> None: ...
+
+
+class RequestFactory(Protocol):
+    def __call__(
+        self,
+        *,
+        role: str = ...,
+        basic_auth: tuple[str, str] | None = ...,
+        api: bool = ...,
+    ) -> Any: ...
diff --git a/src/pytest_plone/fixtures/__init__.py b/src/pytest_plone/fixtures/__init__.py
@@ -17,13 +17,17 @@
 from .content import get_behaviors
 from .content import get_fti
 from .env import generate_mo
+from .requests import anon_request
+from .requests import manager_request
+from .requests import request_factory
 from .security import grant_roles
 from .vocabularies import get_vocabulary
 
 import pytest
 
 
 __all__ = [
+    "anon_request",
     "app",
     "apply_profiles",
     "browser_layers",
@@ -39,8 +43,10 @@
     "grant_roles",
     "http_request",
     "installer",
+    "manager_request",
     "portal",
     "profile_last_version",
+    "request_factory",
     "setup_tool",
     "uninstalled",
 ]
diff --git a/src/pytest_plone/fixtures/requests.py b/src/pytest_plone/fixtures/requests.py
@@ -0,0 +1,121 @@
+"""Request-builder fixtures for REST API / functional HTTP tests."""
+
+from plone.app.testing import SITE_OWNER_NAME
+from plone.app.testing import SITE_OWNER_PASSWORD
+from Products.CMFPlone.Portal import PloneSite
+from pytest_plone import _types as t
+from urllib.parse import urljoin
+from urllib.parse import urlparse
+
+import pytest
+import requests
+
+
+_ROLE_AUTH: dict[str, tuple[str, str] | None] = {
+    "Manager": (SITE_OWNER_NAME, SITE_OWNER_PASSWORD),
+    "Anonymous": None,
+}
+
+
+class RelativeSession(requests.Session):
+    """`requests.Session` that resolves relative URLs against a base URL.
+
+    Minimal standalone equivalent of ``plone.restapi.testing.RelativeSession``
+    — avoids pulling the full ``plone.restapi[test]`` import chain into
+    pytest-plone's runtime.
+    """
+
+    def __init__(self, base_url: str) -> None:
+        super().__init__()
+        if not base_url.endswith("/"):
+            base_url += "/"
+        self._base_url = base_url
+
+    def request(self, method: str, url: str, **kwargs):  # type: ignore[override]
+        if urlparse(url).scheme not in ("http", "https"):
+            url = urljoin(self._base_url, url.lstrip("/"))
+        return super().request(method, url, **kwargs)
+
+
+@pytest.fixture
+def request_factory(
+    functional_portal: PloneSite, request: pytest.FixtureRequest
+) -> t.RequestFactory:
+    """Builder fixture for HTTP request sessions against the functional portal.
+
+    Returns a callable that produces a :class:`RelativeSession` bound to the
+    portal URL. The session is closed automatically at the end of the test.
+
+    Parameters accepted by the returned callable:
+
+    - ``role`` — ``"Manager"`` or ``"Anonymous"`` (default). Maps to
+      predefined test credentials. Unknown roles raise ``ValueError`` — use
+      ``basic_auth`` for other identities.
+    - ``basic_auth`` — ``(username, password)`` tuple; takes precedence over
+      ``role`` when provided.
+    - ``api`` — when ``True`` (default), the base URL is suffixed with
+      ``++api++`` so relative requests hit the REST API traverser.
+
+    Example usage:
+    ```python
+    def test_list_content(request_factory):
+        session = request_factory(role="Manager")
+        response = session.get("/")
+        assert response.status_code == 200
+    ```
+    """
+
+    def factory(
+        *,
+        role: str = "Anonymous",
+        basic_auth: tuple[str, str] | None = None,
+        api: bool = True,
+    ) -> RelativeSession:
+        base_url = functional_portal.absolute_url()
+        if api:
+            base_url = f"{base_url}/++api++"
+        session = RelativeSession(base_url)
+        session.headers.update({"Accept": "application/json"})
+        if basic_auth is not None:
+            session.auth = basic_auth
+        elif role in _ROLE_AUTH:
+            auth = _ROLE_AUTH[role]
+            if auth is not None:
+                session.auth = auth
+        else:
+            raise ValueError(
+                f"Unknown role {role!r}. Pass role='Manager' or 'Anonymous', "
+                "or use basic_auth=(username, password) for other identities."
+            )
+        request.addfinalizer(session.close)
+        return session
+
+    return factory
+
+
+@pytest.fixture
+def manager_request(request_factory: t.RequestFactory) -> RelativeSession:
+    """A `RelativeSession` authenticated as the portal owner (Manager).
+
+    Example usage:
+    ```python
+    def test_admin_endpoint(manager_request):
+        response = manager_request.get("/@controlpanels")
+        assert response.status_code == 200
+    ```
+    """
+    return request_factory(role="Manager")
+
+
+@pytest.fixture
+def anon_request(request_factory: t.RequestFactory) -> RelativeSession:
+    """A `RelativeSession` with no authentication (Anonymous).
+
+    Example usage:
+    ```python
+    def test_public_endpoint(anon_request):
+        response = anon_request.get("/")
+        assert response.status_code == 200
+    ```
+    """
+    return request_factory(role="Anonymous")
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -33,6 +33,7 @@ def testdir(pytester: Pytester) -> Pytester:
 
 
 OUR_FIXTURES = [
+    "anon_request",
     "app",
     "apply_profiles",
     "browser_layers",
@@ -48,8 +49,10 @@ def testdir(pytester: Pytester) -> Pytester:
     "grant_roles",
     "http_request",
     "installer",
+    "manager_request",
     "portal",
     "profile_last_version",
+    "request_factory",
     "setup_tool",
 ]
 
diff --git a/tests/fixtures/test_request_factory.py b/tests/fixtures/test_request_factory.py

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Added `request_factory`, `manager_request`, and `anon_request` fixtures — build a `RelativeSession` against the functional portal with Manager, Anonymous, or custom basic-auth credentials. Replaces boilerplate duplicated across downstream codebases. @ericof
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ dependencies = [`
`40`	`40`	`"plone.browserlayer",`
`41`	`41`	`"plone.dexterity",`
`42`	`42`	`"Products.CMFPlone[test]",`
	`43`	`+ "requests",`
`43`	`44`	`"zope.component",`
`44`	`45`	`"zope.schema",`
`45`	`46`	`]`