You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2015/02/23 14:28:06 UTC

[11/11] allura git commit: [#7832] ticket:731 Test fixes and some amends

[#7832] ticket:731 Test fixes and some amends

- Raise 404 instead of 500 when no app name in _lookup in admin REST controller
- Add tests for bearer token via headers and update existing tests
- Don't test that webhook values was not changed: mim does not play nicely with
  it, it works with actual requests, though


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/42c0cfca
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/42c0cfca
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/42c0cfca

Branch: refs/heads/ib/7832
Commit: 42c0cfcaaadd0c4ffa0988a214453b2b9c00565e
Parents: 55c0748
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Feb 23 12:57:44 2015 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Mon Feb 23 12:57:44 2015 +0000

----------------------------------------------------------------------
 Allura/allura/ext/admin/admin_main.py       |  5 +-
 Allura/allura/tests/functional/test_rest.py | 59 ++++++++++++++++++++++++
 Allura/allura/tests/test_webhooks.py        |  4 --
 3 files changed, 63 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/42c0cfca/Allura/allura/ext/admin/admin_main.py
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/admin_main.py b/Allura/allura/ext/admin/admin_main.py
index d5ae068..b51c816 100644
--- a/Allura/allura/ext/admin/admin_main.py
+++ b/Allura/allura/ext/admin/admin_main.py
@@ -885,7 +885,10 @@ class ProjectAdminRestController(BaseController):
         }
 
     @expose()
-    def _lookup(self, name, *remainder):
+    def _lookup(self, *args):
+        if len(args) == 0:
+            raise exc.HTTPNotFound, args
+        name, remainder = args[0], args[1:]
         app = c.project.app_instance(name)
         if app is None or app.admin_api_root is None:
             raise exc.HTTPNotFound, name

http://git-wip-us.apache.org/repos/asf/allura/blob/42c0cfca/Allura/allura/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_rest.py b/Allura/allura/tests/functional/test_rest.py
index 51ae930..fca1078 100644
--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -39,6 +39,7 @@ class TestRestHome(TestRestApiBase):
     @mock.patch('allura.controllers.rest.M.OAuthAccessToken')
     @mock.patch('allura.controllers.rest.request')
     def test_bearer_token_non_bearer(self, request, OAuthAccessToken):
+        request.headers = {}
         request.params = {'access_token': 'foo'}
         request.scheme = 'https'
         self._patch_token(OAuthAccessToken)
@@ -51,6 +52,7 @@ class TestRestHome(TestRestApiBase):
     @mock.patch('allura.controllers.rest.M.OAuthAccessToken')
     @mock.patch('allura.controllers.rest.request')
     def test_bearer_token_invalid(self, request, OAuthAccessToken):
+        request.headers = {}
         request.params = {'access_token': 'foo'}
         request.scheme = 'https'
         self._patch_token(OAuthAccessToken)
@@ -80,11 +82,68 @@ class TestRestHome(TestRestApiBase):
             is_bearer=True,
         )
         ThreadLocalODMSession.flush_all()
+        request.headers = {}
         request.params = {'access_token': access_token.api_key}
         request.scheme = 'https'
         r = self.api_post('/rest/p/test/wiki', access_token='foo')
         assert_equal(r.status_int, 200)
 
+    @mock.patch('allura.controllers.rest.M.OAuthAccessToken')
+    @mock.patch('allura.controllers.rest.request')
+    def test_bearer_token_non_bearer_via_headers(self, request, OAuthAccessToken):
+        request.headers = {
+            'Authorization': 'OAuth BearerToken access_token=foo'
+        }
+        request.scheme = 'https'
+        self._patch_token(OAuthAccessToken)
+        access_token = OAuthAccessToken.query.get.return_value
+        access_token.is_bearer = False
+        r = self.api_post('/rest/p/test/wiki', access_token='foo')
+        assert_equal(r.status_int, 403)
+        OAuthAccessToken.query.get.assert_called_once_with(api_key='foo')
+
+    @mock.patch('allura.controllers.rest.M.OAuthAccessToken')
+    @mock.patch('allura.controllers.rest.request')
+    def test_bearer_token_invalid_via_headers(self, request, OAuthAccessToken):
+        request.headers = {
+            'Authorization': 'OAuth BearerToken access_token=foo'
+        }
+        request.scheme = 'https'
+        self._patch_token(OAuthAccessToken)
+        OAuthAccessToken.query.get.return_value = None
+        r = self.api_post('/rest/p/test/wiki', access_token='foo')
+        assert_equal(r.status_int, 403)
+
+    @mock.patch('allura.controllers.rest.request')
+    @td.with_wiki
+    def test_bearer_token_valid_via_headers(self, request):
+        user = M.User.by_username('test-admin')
+        consumer_token = M.OAuthConsumerToken(
+            name='foo',
+            description='foo app',
+        )
+        request_token = M.OAuthRequestToken(
+            consumer_token_id=consumer_token._id,
+            user_id=user._id,
+            callback='manual',
+            validation_pin=h.nonce(20),
+            is_bearer=True,
+        )
+        access_token = M.OAuthAccessToken(
+            consumer_token_id=consumer_token._id,
+            request_token_id=request_token._id,
+            user_id=user._id,
+            is_bearer=True,
+        )
+        ThreadLocalODMSession.flush_all()
+        token = access_token.api_key
+        request.headers = {
+            'Authorization': 'OAuth BearerToken access_token={}'.format(token)
+        }
+        request.scheme = 'https'
+        r = self.api_post('/rest/p/test/wiki', access_token='foo')
+        assert_equal(r.status_int, 200)
+
     def test_bad_path(self):
         r = self.api_post('/rest/1/test/wiki/')
         assert r.status_int == 404

http://git-wip-us.apache.org/repos/asf/allura/blob/42c0cfca/Allura/allura/tests/test_webhooks.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_webhooks.py b/Allura/allura/tests/test_webhooks.py
index a336f32..e86dbd8 100644
--- a/Allura/allura/tests/test_webhooks.py
+++ b/Allura/allura/tests/test_webhooks.py
@@ -868,16 +868,12 @@ class TestWebhookRestController(TestRestApiBase):
     def test_edit_duplicates(self):
         webhook = self.webhooks[0]
         url = '{}/repo-push/{}'.format(self.url, webhook._id)
-        # change only url
         data = {'url': 'http://httpbin.org/post/1'}
         r = self.api_post(url, status=400, **data)
         expected = {u'result': u'error',
                     u'error': u'_the_form: "repo-push" webhook already '
                               u'exists for Git http://httpbin.org/post/1'}
         assert_equal(r.json, expected)
-        webhook = M.Webhook.query.get(_id=webhook._id)
-        assert_equal(webhook.hook_url, 'http://httpbin.org/post/0')
-        assert_equal(webhook.secret, 'secret-0')
 
     def test_delete_validation(self):
         url = '{}/repo-push/invalid'.format(self.url)