You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2014/12/09 15:17:09 UTC

[2/3] allura git commit: [#7805] ticket:696 Implement scopes access check

[#7805] ticket:696 Implement scopes access check


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/5cb3cdc8
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/5cb3cdc8
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/5cb3cdc8

Branch: refs/heads/ib/7805
Commit: 5cb3cdc893c925b3dcff0b9a644b4cae31fb2a54
Parents: a650ad5
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu Dec 4 16:48:25 2014 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Tue Dec 9 09:36:49 2014 +0000

----------------------------------------------------------------------
 .../forgeimporters/github/__init__.py           | 12 +++++
 .../forgeimporters/github/tests/test_oauth.py   | 54 ++++++++++++++++++++
 2 files changed, 66 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/5cb3cdc8/ForgeImporters/forgeimporters/github/__init__.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/github/__init__.py b/ForgeImporters/forgeimporters/github/__init__.py
index 6dae509..e0a3dd5 100644
--- a/ForgeImporters/forgeimporters/github/__init__.py
+++ b/ForgeImporters/forgeimporters/github/__init__.py
@@ -215,3 +215,15 @@ class GitHubOAuthMixin(object):
         c.user.set_tool_data('GitHubProjectImport',
                              token=token['access_token'])
         redirect(session.get('github.oauth.redirect', '/'))
+
+    def oauth_has_access(self, scope):
+        if not scope:
+            return False
+        token = c.user.get_tool_data('GitHubProjectImport', 'token')
+        if not token:
+            return False
+        url = 'https://api.github.com/?access_token={}'.format(token)
+        r = requests.head(url)
+        scopes = r.headers.get('X-OAuth-Scopes', '')
+        scopes = [s.strip() for s in scopes.split(',')]
+        return scope in scopes

http://git-wip-us.apache.org/repos/asf/allura/blob/5cb3cdc8/ForgeImporters/forgeimporters/github/tests/test_oauth.py
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/github/tests/test_oauth.py b/ForgeImporters/forgeimporters/github/tests/test_oauth.py
new file mode 100644
index 0000000..c6fb8f3
--- /dev/null
+++ b/ForgeImporters/forgeimporters/github/tests/test_oauth.py
@@ -0,0 +1,54 @@
+#       Licensed to the Apache Software Foundation (ASF) under one
+#       or more contributor license agreements.  See the NOTICE file
+#       distributed with this work for additional information
+#       regarding copyright ownership.  The ASF licenses this file
+#       to you under the Apache License, Version 2.0 (the
+#       "License"); you may not use this file except in compliance
+#       with the License.  You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#       Unless required by applicable law or agreed to in writing,
+#       software distributed under the License is distributed on an
+#       "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#       KIND, either express or implied.  See the License for the
+#       specific language governing permissions and limitations
+#       under the License.
+
+from unittest import TestCase
+from mock import Mock, patch
+from pylons import tmpl_context as c
+from allura.tests import TestController
+from forgeimporters.github import GitHubOAuthMixin
+
+
+class TestGitHubOAuthMixin(TestController, TestCase):
+
+    def setUp(self):
+        super(TestGitHubOAuthMixin, self).setUp()
+        c.user = Mock()
+        self.mix = GitHubOAuthMixin()
+
+    def test_oauth_has_access_no_scope(self):
+        self.assertFalse(self.mix.oauth_has_access(None))
+        self.assertFalse(self.mix.oauth_has_access(''))
+
+    def test_oauth_has_access_no_token(self):
+        c.user.get_tool_data.return_value = None
+        self.assertFalse(self.mix.oauth_has_access('write:repo_hook'))
+
+    @patch('forgeimporters.github.requests')
+    def test_oauth_has_access_no_headers(self, req):
+        c.user.get_tool_data.return_value = 'token'
+        self.assertFalse(self.mix.oauth_has_access('write:repo_hook'))
+        req.head.assert_called_once_with('https://api.github.com/?access_token=token')
+
+    @patch('forgeimporters.github.requests')
+    def test_oauth_has_access_with_headers(self, req):
+        c.user.get_tool_data.return_value = 'token'
+        req.head.return_value.headers = {'X-OAuth-Scopes': ''}
+        self.assertFalse(self.mix.oauth_has_access('write:repo_hook'))
+        req.head.return_value.headers = {'X-OAuth-Scopes': 'some, other:scopes'}
+        self.assertFalse(self.mix.oauth_has_access('write:repo_hook'))
+        req.head.return_value.headers = {'X-OAuth-Scopes': 'write:repo_hook, user'}
+        self.assertTrue(self.mix.oauth_has_access('write:repo_hook'))