|
Pierre-Yves Chibon |
4b7c3e |
# -*- coding: utf-8 -*-
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
"""
|
|
Pierre-Yves Chibon |
4b7c3e |
(c) 2019 - Copyright Red Hat Inc
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
Authors:
|
|
Pierre-Yves Chibon |
4b7c3e |
Pierre-Yves Chibon <pingou@pingoured.fr></pingou@pingoured.fr>
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
"""
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
from __future__ import unicode_literals, absolute_import
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
import arrow
|
|
Pierre-Yves Chibon |
4b7c3e |
import copy
|
|
Pierre-Yves Chibon |
4b7c3e |
import datetime
|
|
Pierre-Yves Chibon |
4b7c3e |
import unittest
|
|
Pierre-Yves Chibon |
4b7c3e |
import shutil
|
|
Pierre-Yves Chibon |
4b7c3e |
import sys
|
|
Pierre-Yves Chibon |
4b7c3e |
import time
|
|
Pierre-Yves Chibon |
4b7c3e |
import os
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
import flask
|
|
Pierre-Yves Chibon |
4b7c3e |
import json
|
|
Pierre-Yves Chibon |
4b7c3e |
import munch
|
|
Pierre-Yves Chibon |
4b7c3e |
from mock import patch, MagicMock
|
|
Pierre-Yves Chibon |
4b7c3e |
from sqlalchemy.exc import SQLAlchemyError
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
sys.path.insert(
|
|
Pierre-Yves Chibon |
4b7c3e |
0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
import pagure.lib.query
|
|
Pierre-Yves Chibon |
4b7c3e |
import tests
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
class PagureFlaskApiProjectBlockuserTests(tests.SimplePagureTest):
|
|
Pierre-Yves Chibon |
4b7c3e |
""" Tests for the flask API of pagure for assigning a PR """
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
maxDiff = None
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
@patch("pagure.lib.git.update_git", MagicMock(return_value=True))
|
|
Pierre-Yves Chibon |
4b7c3e |
@patch("pagure.lib.notify.send_email", MagicMock(return_value=True))
|
|
Pierre-Yves Chibon |
4b7c3e |
def setUp(self):
|
|
Pierre-Yves Chibon |
4b7c3e |
""" Set up the environnment, ran before every tests. """
|
|
Pierre-Yves Chibon |
4b7c3e |
super(PagureFlaskApiProjectBlockuserTests, self).setUp()
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
tests.create_projects(self.session)
|
|
Pierre-Yves Chibon |
73d120 |
tests.create_projects_git(os.path.join(self.path, "repos"), bare=True)
|
|
Pierre-Yves Chibon |
4b7c3e |
tests.create_tokens(self.session)
|
|
Pierre-Yves Chibon |
4b7c3e |
tests.create_tokens_acl(self.session)
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
item = pagure.lib.model.Token(
|
|
Pierre-Yves Chibon |
4b7c3e |
id="aaabbbcccdddeee",
|
|
Pierre-Yves Chibon |
4b7c3e |
user_id=2,
|
|
Pierre-Yves Chibon |
4b7c3e |
project_id=1,
|
|
Pierre-Yves Chibon |
4b7c3e |
expiration=datetime.datetime.utcnow()
|
|
Pierre-Yves Chibon |
4b7c3e |
+ datetime.timedelta(days=30),
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
self.session.add(item)
|
|
Pierre-Yves Chibon |
4b7c3e |
self.session.commit()
|
|
Pierre-Yves Chibon |
4b7c3e |
tests.create_tokens_acl(self.session, token_id="aaabbbcccdddeee")
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
project = pagure.lib.query.get_authorized_project(self.session, "test")
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertEqual(project.block_users, [])
|
|
Pierre-Yves Chibon |
4cfa1e |
self.blocked_users = []
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
73d120 |
project = pagure.lib.query.get_authorized_project(
|
|
Pierre-Yves Chibon |
73d120 |
self.session, "test2"
|
|
Pierre-Yves Chibon |
73d120 |
)
|
|
Pierre-Yves Chibon |
4cfa1e |
project.block_users = ["foo"]
|
|
Pierre-Yves Chibon |
4cfa1e |
self.session.add(project)
|
|
Pierre-Yves Chibon |
4cfa1e |
self.session.commit()
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
def tearDown(self):
|
|
Pierre-Yves Chibon |
4b7c3e |
""" Tears down the environment at the end of the tests. """
|
|
Pierre-Yves Chibon |
4b7c3e |
project = pagure.lib.query.get_authorized_project(self.session, "test")
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertEqual(project.block_users, self.blocked_users)
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
super(PagureFlaskApiProjectBlockuserTests, self).tearDown()
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
def test_api_blockuser_no_token(self):
|
|
Pierre-Yves Chibon |
4b7c3e |
""" Test api_project_block_user method when no token is provided.
|
|
Pierre-Yves Chibon |
4b7c3e |
"""
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
# No token
|
|
Pierre-Yves Chibon |
4b7c3e |
output = self.app.post("/api/0/test/blockuser")
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertEqual(output.status_code, 401)
|
|
Pierre-Yves Chibon |
4b7c3e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertDictEqual(
|
|
Pierre-Yves Chibon |
4b7c3e |
data,
|
|
Pierre-Yves Chibon |
4b7c3e |
{
|
|
Pierre-Yves Chibon |
4b7c3e |
"error": "Invalid or expired token. Please visit "
|
|
Pierre-Yves Chibon |
4b7c3e |
"http://localhost.localdomain/settings#api-keys to "
|
|
Pierre-Yves Chibon |
4b7c3e |
"get or renew your API token.",
|
|
Pierre-Yves Chibon |
4b7c3e |
"error_code": "EINVALIDTOK",
|
|
Pierre-Yves Chibon |
4b7c3e |
"errors": "Invalid token",
|
|
Pierre-Yves Chibon |
4b7c3e |
},
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
def test_api_blockuser_invalid_token(self):
|
|
Pierre-Yves Chibon |
4b7c3e |
""" Test api_project_block_user method when the token provided is invalid.
|
|
Pierre-Yves Chibon |
4b7c3e |
"""
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
headers = {"Authorization": "token aaabbbcccd"}
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
# Invalid token
|
|
Pierre-Yves Chibon |
4b7c3e |
output = self.app.post("/api/0/test/blockuser", headers=headers)
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertEqual(output.status_code, 401)
|
|
Pierre-Yves Chibon |
4b7c3e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertDictEqual(
|
|
Pierre-Yves Chibon |
4b7c3e |
data,
|
|
Pierre-Yves Chibon |
4b7c3e |
{
|
|
Pierre-Yves Chibon |
4b7c3e |
"error": "Invalid or expired token. Please visit "
|
|
Pierre-Yves Chibon |
4b7c3e |
"http://localhost.localdomain/settings#api-keys to "
|
|
Pierre-Yves Chibon |
4b7c3e |
"get or renew your API token.",
|
|
Pierre-Yves Chibon |
4b7c3e |
"error_code": "EINVALIDTOK",
|
|
Pierre-Yves Chibon |
4b7c3e |
"errors": "Invalid token",
|
|
Pierre-Yves Chibon |
4b7c3e |
},
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
def test_api_blockuser_no_data(self):
|
|
Pierre-Yves Chibon |
4b7c3e |
""" Test api_project_block_user method when no data is provided.
|
|
Pierre-Yves Chibon |
4b7c3e |
"""
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
headers = {"Authorization": "token aaabbbcccddd"}
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
# No user blocked
|
|
Pierre-Yves Chibon |
4b7c3e |
output = self.app.post("/api/0/test/blockuser", headers=headers)
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertEqual(output.status_code, 200)
|
|
Pierre-Yves Chibon |
4b7c3e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertDictEqual(data, {"message": "User(s) blocked"})
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
def test_api_blockuser_invalid_user(self):
|
|
Pierre-Yves Chibon |
4b7c3e |
""" Test api_project_block_user method when the data provided includes
|
|
Pierre-Yves Chibon |
4b7c3e |
an invalid username.
|
|
Pierre-Yves Chibon |
4b7c3e |
"""
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
headers = {"Authorization": "token aaabbbcccddd"}
|
|
Pierre-Yves Chibon |
4b7c3e |
data = {"username": ["invalid"]}
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
# No user blocked
|
|
Pierre-Yves Chibon |
4b7c3e |
output = self.app.post(
|
|
Pierre-Yves Chibon |
4b7c3e |
"/api/0/test/blockuser", headers=headers, data=data
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertEqual(output.status_code, 400)
|
|
Pierre-Yves Chibon |
4b7c3e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertDictEqual(
|
|
Pierre-Yves Chibon |
4b7c3e |
data, {"error": 'No user "invalid" found', "error_code": "ENOCODE"}
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
def test_api_blockuser_insufficient_rights(self):
|
|
Pierre-Yves Chibon |
4b7c3e |
""" Test api_project_block_user method when the user doing the action
|
|
Pierre-Yves Chibon |
4b7c3e |
does not have admin priviledges.
|
|
Pierre-Yves Chibon |
4b7c3e |
"""
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
headers = {"Authorization": "token aaabbbcccdddeee"}
|
|
Pierre-Yves Chibon |
4b7c3e |
data = {"username": ["invalid"]}
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
# No user blocked
|
|
Pierre-Yves Chibon |
4b7c3e |
output = self.app.post(
|
|
Pierre-Yves Chibon |
4b7c3e |
"/api/0/test/blockuser", headers=headers, data=data
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertEqual(output.status_code, 401)
|
|
Pierre-Yves Chibon |
4b7c3e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertDictEqual(
|
|
Pierre-Yves Chibon |
4b7c3e |
data,
|
|
Pierre-Yves Chibon |
4b7c3e |
{
|
|
Pierre-Yves Chibon |
4b7c3e |
"error": "You do not have sufficient permissions to perform "
|
|
Pierre-Yves Chibon |
4b7c3e |
"this action",
|
|
Pierre-Yves Chibon |
4b7c3e |
"error_code": "ENOTHIGHENOUGH",
|
|
Pierre-Yves Chibon |
4b7c3e |
},
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4cfa1e |
def test_api_blockuser_with_data(self):
|
|
Pierre-Yves Chibon |
4cfa1e |
""" Test api_pull_request_assign method when the project doesn't exist.
|
|
Pierre-Yves Chibon |
4cfa1e |
"""
|
|
Pierre-Yves Chibon |
4cfa1e |
self.blocked_users = ["foo"]
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4cfa1e |
headers = {"Authorization": "token aaabbbcccddd"}
|
|
Pierre-Yves Chibon |
4cfa1e |
data = {"username": ["foo"]}
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4cfa1e |
# user blocked
|
|
Pierre-Yves Chibon |
4cfa1e |
output = self.app.post(
|
|
Pierre-Yves Chibon |
4cfa1e |
"/api/0/test/blockuser", headers=headers, data=data
|
|
Pierre-Yves Chibon |
4cfa1e |
)
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertEqual(output.status_code, 200)
|
|
Pierre-Yves Chibon |
4cfa1e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertDictEqual(data, {"message": "User(s) blocked"})
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4cfa1e |
# Second request, no changes
|
|
Pierre-Yves Chibon |
4cfa1e |
headers = {"Authorization": "token aaabbbcccddd"}
|
|
Pierre-Yves Chibon |
4cfa1e |
data = {"username": ["foo"]}
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4cfa1e |
output = self.app.post(
|
|
Pierre-Yves Chibon |
4cfa1e |
"/api/0/test/blockuser", headers=headers, data=data
|
|
Pierre-Yves Chibon |
4cfa1e |
)
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertEqual(output.status_code, 200)
|
|
Pierre-Yves Chibon |
4cfa1e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertDictEqual(data, {"message": "User(s) blocked"})
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4cfa1e |
def test_api_blockeduser_api(self):
|
|
Pierre-Yves Chibon |
4cfa1e |
""" Test doing a POST request to the API when the user is blocked.
|
|
Pierre-Yves Chibon |
4b7c3e |
"""
|
|
Pierre-Yves Chibon |
4cfa1e |
self.blocked_users = ["pingou"]
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
headers = {"Authorization": "token aaabbbcccddd"}
|
|
Pierre-Yves Chibon |
4cfa1e |
data = {"username": ["pingou"]}
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4cfa1e |
# user blocked
|
|
Pierre-Yves Chibon |
4b7c3e |
output = self.app.post(
|
|
Pierre-Yves Chibon |
4b7c3e |
"/api/0/test/blockuser", headers=headers, data=data
|
|
Pierre-Yves Chibon |
4b7c3e |
)
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertEqual(output.status_code, 200)
|
|
Pierre-Yves Chibon |
4b7c3e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4b7c3e |
self.assertDictEqual(data, {"message": "User(s) blocked"})
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4cfa1e |
# Second request, but user is blocked
|
|
Pierre-Yves Chibon |
4cfa1e |
headers = {"Authorization": "token aaabbbcccddd"}
|
|
Pierre-Yves Chibon |
4cfa1e |
data = {"username": ["foo"]}
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
4cfa1e |
output = self.app.post(
|
|
Pierre-Yves Chibon |
4cfa1e |
"/api/0/test/blockuser", headers=headers, data=data
|
|
Pierre-Yves Chibon |
4cfa1e |
)
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertEqual(output.status_code, 403)
|
|
Pierre-Yves Chibon |
4cfa1e |
data = json.loads(output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertDictEqual(
|
|
Pierre-Yves Chibon |
4cfa1e |
data,
|
|
Pierre-Yves Chibon |
4cfa1e |
{
|
|
Pierre-Yves Chibon |
73d120 |
"error": "You have been blocked from this project",
|
|
Pierre-Yves Chibon |
73d120 |
"error_code": "EUBLOCKED",
|
|
Pierre-Yves Chibon |
73d120 |
},
|
|
Pierre-Yves Chibon |
4cfa1e |
)
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
4cfa1e |
def test_ui_new_issue_user_blocked(self):
|
|
Pierre-Yves Chibon |
4cfa1e |
""" Test doing a POST request to the UI when the user is blocked.
|
|
Pierre-Yves Chibon |
4cfa1e |
"""
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
4cfa1e |
user = tests.FakeUser(username="foo")
|
|
Pierre-Yves Chibon |
4cfa1e |
with tests.user_set(self.app.application, user):
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
73d120 |
output = self.app.get("/test2/new_issue")
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertEqual(output.status_code, 200)
|
|
Pierre-Yves Chibon |
73d120 |
self.assertIn("New Issue", output.get_data(as_text=True))
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
4cfa1e |
csrf_token = self.get_csrf(output=output)
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
4cfa1e |
data = {
|
|
Pierre-Yves Chibon |
73d120 |
"title": "Test issue",
|
|
Pierre-Yves Chibon |
73d120 |
"issue_content": "We really should improve on this issue",
|
|
Pierre-Yves Chibon |
73d120 |
"status": "Open",
|
|
Pierre-Yves Chibon |
73d120 |
"csrf_token": csrf_token,
|
|
Pierre-Yves Chibon |
4cfa1e |
}
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
73d120 |
output = self.app.post("/test2/new_issue", data=data)
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertEqual(output.status_code, 403)
|
|
Pierre-Yves Chibon |
4cfa1e |
output_text = output.get_data(as_text=True)
|
|
Pierre-Yves Chibon |
4cfa1e |
self.assertIn(
|
|
Pierre-Yves Chibon |
73d120 |
"You have been blocked from this project ", output_text
|
|
Pierre-Yves Chibon |
73d120 |
)
|
|
Pierre-Yves Chibon |
4cfa1e |
|
|
Pierre-Yves Chibon |
4b7c3e |
|
|
Pierre-Yves Chibon |
4b7c3e |
if __name__ == "__main__":
|
|
Pierre-Yves Chibon |
4b7c3e |
unittest.main(verbosity=2)
|