From f3c6b4aa88161650dd271c234523250f4e9c8623 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Jun 12 2018 17:39:31 +0000 Subject: Add a way to list all API tokens and don't restrict the info command By default `pagure-admin admin-token list` will only return API token that have at least one of the ACLs defined in: ADMIN_API_ACLS. This action now supports an `--all` options making it return all API tokens period. In addition, the `pagure-admin admin-token info` had the same restriction but for the info action the API token must be already known, so there is no point in restricting accessing this info based on the ACLs of the token. So just return the info of that token regardless of the ACLs associated with it. Signed-off-by: Pierre-Yves Chibon --- diff --git a/pagure/cli/admin.py b/pagure/cli/admin.py index f112faf..ddce4a2 100644 --- a/pagure/cli/admin.py +++ b/pagure/cli/admin.py @@ -115,6 +115,9 @@ def _parser_admin_token_list(subparser): local_parser.add_argument( '--expired', default=False, action='store_true', help="Only list expired API token") + local_parser.add_argument( + '--all', default=False, action='store_true', + help="Only list all API token instead of only those with admin ACLs") local_parser.set_defaults(func=do_list_admin_token) @@ -470,8 +473,11 @@ def do_list_admin_token(args): _log.debug('token: %s', args.token) _log.debug('active: %s', args.active) _log.debug('expire: %s', args.expired) + _log.debug('all: %s', args.all) acls = pagure.config.config['ADMIN_API_ACLS'] + if args.all: + acls = None tokens = pagure.lib.search_token( session, acls, user=args.user, @@ -493,8 +499,7 @@ def do_info_admin_token(args): """ _log.debug('token: %s', args.token) - acls = pagure.config.config['ADMIN_API_ACLS'] - token = pagure.lib.search_token(session, acls, token=args.token) + token = pagure.lib.search_token(session, acls=None, token=args.token) if not token: raise pagure.exceptions.PagureException('No such admin token found') diff --git a/tests/test_pagure_admin.py b/tests/test_pagure_admin.py index 0638cf6..2974457 100644 --- a/tests/test_pagure_admin.py +++ b/tests/test_pagure_admin.py @@ -66,6 +66,7 @@ class PagureAdminAdminTokenEmptytests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -247,6 +248,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -272,6 +274,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -286,12 +289,50 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) output = output.getvalue() self.assertEqual(output, 'No admin tokens found\n') + def test_do_list_admin_token_non_admin_acls(self): + """ Test the do_list_admin_token function of pagure-admin for a token + without any admin ACL. """ + pagure.lib.add_token_to_user( + self.session, + project=None, + acls=['issue_assign', 'pull_request_subscribe'], + username='pingou') + + # Retrieve all admin tokens + list_args = munch.Munch({ + 'user': None, + 'token': None, + 'active': False, + 'expired': False, + 'all': False, + }) + with tests.capture_output() as output: + pagure.cli.admin.do_list_admin_token(list_args) + output = output.getvalue() + self.assertEqual(output, 'No admin tokens found\n') + + # Retrieve all tokens + list_args = munch.Munch({ + 'user': None, + 'token': None, + 'active': False, + 'expired': False, + 'all': True, + }) + with tests.capture_output() as output: + pagure.cli.admin.do_list_admin_token(list_args) + output = output.getvalue() + self.assertNotEqual(output, 'No user "pingou" found\n') + self.assertEqual(len(output.split('\n')), 2) + self.assertIn(' -- pingou -- ', output) + @patch('pagure.cli.admin._get_input') @patch('pagure.cli.admin._ask_confirmation') def test_do_info_admin_token(self, conf, rinp): @@ -309,6 +350,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -331,6 +373,43 @@ class PagureAdminAdminTokentests(tests.Modeltests): - pull_request_flag ''') + def test_do_info_admin_token_non_admin_acl(self): + """ Test the do_info_admin_token function of pagure-admin for a + token not having any admin ACL. """ + pagure.lib.add_token_to_user( + self.session, + project=None, + acls=['issue_assign', 'pull_request_subscribe'], + username='pingou') + + # Retrieve the token + list_args = munch.Munch({ + 'user': None, + 'token': None, + 'active': False, + 'expired': False, + 'all': True, + }) + with tests.capture_output() as output: + pagure.cli.admin.do_list_admin_token(list_args) + output = output.getvalue() + self.assertNotEqual(output, 'No user "pingou" found\n') + self.assertEqual(len(output.split('\n')), 2) + self.assertIn(' -- pingou -- ', output) + + token = output.split(' ', 1)[0] + + args = munch.Munch({'token': token}) + with tests.capture_output() as output: + pagure.cli.admin.do_info_admin_token(args) + output = output.getvalue() + self.assertIn(' -- pingou -- ', output.split('\n', 1)[0]) + self.assertEqual( + output.split('\n', 1)[1], '''ACLs: + - issue_assign + - pull_request_subscribe +''') + @patch('pagure.cli.admin._get_input') @patch('pagure.cli.admin._ask_confirmation') def test_do_expire_admin_token(self, conf, rinp): @@ -351,6 +430,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -367,6 +447,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': True, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -385,6 +466,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': True, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -412,6 +494,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -452,6 +535,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -492,6 +576,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -533,6 +618,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': False, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -550,6 +636,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': True, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args) @@ -574,6 +661,7 @@ class PagureAdminAdminTokentests(tests.Modeltests): 'token': None, 'active': True, 'expired': False, + 'all': False, }) with tests.capture_output() as output: pagure.cli.admin.do_list_admin_token(list_args)