You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2014/12/09 15:17:09 UTC
[2/3] allura git commit: [#7805] ticket:696 Implement scopes access
check
[#7805] ticket:696 Implement scopes access check
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/5cb3cdc8
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/5cb3cdc8
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/5cb3cdc8
Branch: refs/heads/ib/7805
Commit: 5cb3cdc893c925b3dcff0b9a644b4cae31fb2a54
Parents: a650ad5
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu Dec 4 16:48:25 2014 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Tue Dec 9 09:36:49 2014 +0000
----------------------------------------------------------------------
.../forgeimporters/github/__init__.py | 12 +++++
.../forgeimporters/github/tests/test_oauth.py | 54 ++++++++++++++++++++
2 files changed, 66 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/5cb3cdc8/ForgeImporters/forgeimporters/github/__init__.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/github/__init__.py b/ForgeImporters/forgeimporters/github/__init__.py
index 6dae509..e0a3dd5 100644
--- a/ForgeImporters/forgeimporters/github/__init__.py
+++ b/ForgeImporters/forgeimporters/github/__init__.py
@@ -215,3 +215,15 @@ class GitHubOAuthMixin(object):
c.user.set_tool_data('GitHubProjectImport',
token=token['access_token'])
redirect(session.get('github.oauth.redirect', '/'))
+
+ def oauth_has_access(self, scope):
+ if not scope:
+ return False
+ token = c.user.get_tool_data('GitHubProjectImport', 'token')
+ if not token:
+ return False
+ url = 'https://api.github.com/?access_token={}'.format(token)
+ r = requests.head(url)
+ scopes = r.headers.get('X-OAuth-Scopes', '')
+ scopes = [s.strip() for s in scopes.split(',')]
+ return scope in scopes
http://git-wip-us.apache.org/repos/asf/allura/blob/5cb3cdc8/ForgeImporters/forgeimporters/github/tests/test_oauth.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/github/tests/test_oauth.py b/ForgeImporters/forgeimporters/github/tests/test_oauth.py
new file mode 100644
index 0000000..c6fb8f3
--- /dev/null
+++ b/ForgeImporters/forgeimporters/github/tests/test_oauth.py
@@ -0,0 +1,54 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from unittest import TestCase
+from mock import Mock, patch
+from pylons import tmpl_context as c
+from allura.tests import TestController
+from forgeimporters.github import GitHubOAuthMixin
+
+
+class TestGitHubOAuthMixin(TestController, TestCase):
+
+ def setUp(self):
+ super(TestGitHubOAuthMixin, self).setUp()
+ c.user = Mock()
+ self.mix = GitHubOAuthMixin()
+
+ def test_oauth_has_access_no_scope(self):
+ self.assertFalse(self.mix.oauth_has_access(None))
+ self.assertFalse(self.mix.oauth_has_access(''))
+
+ def test_oauth_has_access_no_token(self):
+ c.user.get_tool_data.return_value = None
+ self.assertFalse(self.mix.oauth_has_access('write:repo_hook'))
+
+ @patch('forgeimporters.github.requests')
+ def test_oauth_has_access_no_headers(self, req):
+ c.user.get_tool_data.return_value = 'token'
+ self.assertFalse(self.mix.oauth_has_access('write:repo_hook'))
+ req.head.assert_called_once_with('https://api.github.com/?access_token=token')
+
+ @patch('forgeimporters.github.requests')
+ def test_oauth_has_access_with_headers(self, req):
+ c.user.get_tool_data.return_value = 'token'
+ req.head.return_value.headers = {'X-OAuth-Scopes': ''}
+ self.assertFalse(self.mix.oauth_has_access('write:repo_hook'))
+ req.head.return_value.headers = {'X-OAuth-Scopes': 'some, other:scopes'}
+ self.assertFalse(self.mix.oauth_has_access('write:repo_hook'))
+ req.head.return_value.headers = {'X-OAuth-Scopes': 'write:repo_hook, user'}
+ self.assertTrue(self.mix.oauth_has_access('write:repo_hook'))