Finish API endpoint unit tests

endpoints/api.py

@@ -1248,7 +1248,11 @@ def create_webhook(namespace, repository):
 def get_webhook(namespace, repository, public_id):
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
-    webhook = model.get_webhook(namespace, repository, public_id)
+    try:
+      webhook = model.get_webhook(namespace, repository, public_id)
+    except model.InvalidWebhookException:
+      abort(404)
+
     return jsonify(webhook_view(webhook))
 
   abort(403)  # Permission denied
@@ -1643,7 +1647,11 @@ def list_repo_tokens(namespace, repository):
 def get_tokens(namespace, repository, code):
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
-    perm = model.get_repo_delegate_token(namespace, repository, code)
+    try:
+      perm = model.get_repo_delegate_token(namespace, repository, code)
+    except model.InvalidTokenException:
+      abort(404)
+
     return jsonify(token_view(perm))
 
   abort(403)  # Permission denied
@@ -1780,6 +1788,8 @@ def set_card(user, token):
         cus.save()
       except stripe.CardError as e:
         return carderror_response(e)
+      except stripe.InvalidRequestError as e:
+        return carderror_response(e)
 
   return get_card(user)
 

static/js/app.js

@@ -427,6 +427,8 @@ quayApp = angular.module('quay', ['ngRoute', 'chieffancypants.loadingBar', 'rest
       var planService = {};
       var listeners = [];
 
+      var previousSubscribeFailure = false;
+
       planService.getFreePlan = function() {
         return 'free';
       };
@@ -616,12 +618,15 @@ quayApp = angular.module('quay', ['ngRoute', 'chieffancypants.loadingBar', 'rest
           if (orgname && !planService.isOrgCompatible(plan)) { return; }
 
           planService.getCardInfo(orgname, function(cardInfo) {
-            if (plan.price > 0 && !cardInfo.last4) {
+            if (plan.price > 0 && (previousSubscribeFailure || !cardInfo.last4)) {
               planService.showSubscribeDialog($scope, orgname, planId, callbacks);
               return;
             }
         
+            previousSubscribeFailure = false;
+
             planService.setSubscription(orgname, planId, callbacks['success'], function(resp) {
+              previousSubscribeFailure = true;
               planService.handleCardError(resp);
               callbacks['failure'](resp);
             });

test/test_api_usage.py

@@ -13,6 +13,10 @@ app.register_blueprint(api, url_prefix='/api')
 NO_ACCESS_USER = 'freshuser'
 READ_ACCESS_USER = 'reader'
 ADMIN_ACCESS_USER = 'devtable'
+PUBLIC_USER = 'public'
+
+ORG_REPO = 'orgrepo'
+
 ORGANIZATION = 'buynlarge'
 
 NEW_USER_DETAILS = {
@@ -124,7 +128,7 @@ class TestGetUserPrivateCount(ApiTestCase):
     self.login(ADMIN_ACCESS_USER)
     json = self.getJsonResponse('api.get_user_private_count')
     assert json['privateCount'] == 6
-    assert json['reposAllowed'] == 125
+    assert json['reposAllowed'] > 0
 
 class TestConvertToOrganization(ApiTestCase):
   def test_sameadminuser(self):
@@ -707,6 +711,569 @@ class TestDeleteRepository(ApiTestCase):
                      params=dict(repository=ADMIN_ACCESS_USER + '/simple'),
                      expected_code=404)
 
+class TestGetRepository(ApiTestCase):
+  def test_getrepo_public_asguest(self):
+    json = self.getJsonResponse('api.get_repo',
+                                params=dict(repository=PUBLIC_USER + '/publicrepo'))
+    
+    self.assertEquals(PUBLIC_USER, json['namespace'])
+    self.assertEquals('publicrepo', json['name'])
+
+    self.assertEquals(True, json['is_public'])
+    self.assertEquals(False, json['is_organization'])
+    self.assertEquals(False, json['is_building'])
+
+    self.assertEquals(False, json['can_write'])
+    self.assertEquals(False, json['can_admin'])
+
+    assert 'latest' in json['tags']
+
+  def test_getrepo_public_asowner(self):
+    self.login(PUBLIC_USER)
+
+    json = self.getJsonResponse('api.get_repo',
+                                params=dict(repository=PUBLIC_USER + '/publicrepo'))
+    
+    self.assertEquals(False, json['is_organization'])
+    self.assertEquals(True, json['can_write'])
+    self.assertEquals(True, json['can_admin'])
+
+  def test_getrepo_building(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    json = self.getJsonResponse('api.get_repo',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/building'))
+    
+    self.assertEquals(True, json['can_write'])
+    self.assertEquals(True, json['can_admin'])
+    self.assertEquals(True, json['is_building'])
+    self.assertEquals(False, json['is_organization'])
+
+  def test_getrepo_org_asnonmember(self):
+    self.getResponse('api.get_repo',
+                     params=dict(repository=ORGANIZATION + '/' + ORG_REPO),
+                     expected_code=403)
+
+  def test_getrepo_org_asreader(self):
+    self.login(READ_ACCESS_USER)
+
+    json = self.getJsonResponse('api.get_repo',
+                                params=dict(repository=ORGANIZATION + '/' + ORG_REPO))
+    
+    self.assertEquals(ORGANIZATION, json['namespace'])
+    self.assertEquals(ORG_REPO, json['name'])
+
+    self.assertEquals(False, json['can_write'])
+    self.assertEquals(False, json['can_admin'])
+
+    self.assertEquals(True, json['is_organization'])
+
+  def test_getrepo_org_asadmin(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    json = self.getJsonResponse('api.get_repo',
+                                params=dict(repository=ORGANIZATION + '/' + ORG_REPO))
+    
+    self.assertEquals(True, json['can_write'])
+    self.assertEquals(True, json['can_admin'])
+
+    self.assertEquals(True, json['is_organization'])
+
+
+class TestGetRepoBuilds(ApiTestCase):
+  def test_getrepo_nobuilds(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    json = self.getJsonResponse('api.get_repo_builds',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
+    
+    assert len(json['builds']) == 0
+
+  def test_getrepobuilds(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    json = self.getJsonResponse('api.get_repo_builds',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/building'))
+    
+    assert len(json['builds']) > 0
+    build = json['builds'][0]
+
+    assert 'id' in build
+    assert 'status' in build
+    assert 'message' in build
+
+
+class TestRequearRepoBuild(ApiTestCase):
+  def test_requestrepobuild(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Ensure where not yet building.
+    json = self.getJsonResponse('api.get_repo_builds',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
+    
+    assert len(json['builds']) == 0
+
+    # Request a (fake) build.
+    self.postResponse('api.request_repo_build',
+                      params=dict(repository=ADMIN_ACCESS_USER + '/simple'),
+                      data=dict(file_id = 'foobarbaz'),
+                      expected_code=201)
+
+    # Check for the build.
+    json = self.getJsonResponse('api.get_repo_builds',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/building'))
+    
+    assert len(json['builds']) > 0
+   
+
+class TestWebhooks(ApiTestCase):
+  def test_webhooks(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Add a webhook.
+    json = self.postJsonResponse('api.create_webhook',
+                                 params=dict(repository=ADMIN_ACCESS_USER + '/simple'),
+                                 data=dict(url='http://example.com'))
+
+    self.assertEquals('http://example.com', json['parameters']['url'])
+    wid = json['public_id']
+
+    # Get the webhook.
+    json = self.getJsonResponse('api.get_webhook',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple', public_id=wid))
+
+    self.assertEquals(wid, json['public_id'])
+    self.assertEquals('http://example.com', json['parameters']['url'])
+
+    # Verify the webhook is listed.
+    json = self.getJsonResponse('api.list_webhooks',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
+
+    ids = [w['public_id'] for w in json['webhooks']]
+    assert wid in ids
+
+    # Delete the webhook.
+    self.deleteResponse('api.delete_webhook',
+                        params=dict(repository=ADMIN_ACCESS_USER + '/simple', public_id=wid),
+                        expected_code=204)
+
+    # Verify the webhook is gone.
+    self.getResponse('api.get_webhook',
+                     params=dict(repository=ADMIN_ACCESS_USER + '/simple', public_id=wid),
+                     expected_code=404)
+
+
+class TestListAndGetImage(ApiTestCase):
+  def test_listandgetimages(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    json = self.getJsonResponse('api.list_repository_images',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
+
+    assert len(json['images']) > 0
+    for image in json['images']:
+      assert 'id' in image
+      assert 'tags' in image
+      assert 'created' in image
+      assert 'comment' in image
+      assert 'command' in image
+      assert 'ancestors' in image
+      assert 'dbid' in image
+      assert 'size' in image
+
+      ijson = self.getJsonResponse('api.get_image',
+                                   params=dict(repository=ADMIN_ACCESS_USER + '/simple',
+                                               image_id=image['id']))
+
+      self.assertEquals(image['id'], ijson['id'])
+
+class TestGetImageChanges(ApiTestCase):
+  def test_getimagechanges(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Find an image to check.
+    json = self.getJsonResponse('api.list_repository_images',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
+
+    image_id = json['images'][0]['id']
+
+    # Lookup the image's changes.
+    # TODO: Fix me once we can get fake changes into the test data
+    #self.getJsonResponse('api.get_image_changes',
+    #                     params=dict(repository=ADMIN_ACCESS_USER + '/simple',
+    #                                 image_id=image_id))
+
+
+class TestListAndDeleteTag(ApiTestCase):
+  def test_listtagimagesanddeletetag(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # List the images for prod.
+    json = self.getJsonResponse('api.list_tag_images',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/complex', tag='prod'))
+
+    prod_images = json['images']
+    assert len(prod_images) > 0
+
+    # List the images for staging.
+    json = self.getJsonResponse('api.list_tag_images',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/complex', tag='staging'))
+
+    staging_images = json['images']
+    assert len(prod_images) == len(staging_images) + 1
+
+    # Delete prod.
+    self.deleteResponse('api.delete_full_tag',
+                        params=dict(repository=ADMIN_ACCESS_USER + '/complex', tag='prod'),
+                        expected_code=204)
+
+    # Make sure the tag is gone.
+    self.getResponse('api.list_tag_images',
+                     params=dict(repository=ADMIN_ACCESS_USER + '/complex', tag='prod'),
+                     expected_code=404)
+
+    # Make the sure the staging images are still there.
+    json = self.getJsonResponse('api.list_tag_images',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/complex', tag='staging'))
+
+    self.assertEquals(staging_images, json['images'])
+
+
+  def test_deletesubtag(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # List the images for prod.
+    json = self.getJsonResponse('api.list_tag_images',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/complex', tag='prod'))
+
+    prod_images = json['images']
+    assert len(prod_images) > 0
+
+    # Delete staging.
+    self.deleteResponse('api.delete_full_tag',
+                        params=dict(repository=ADMIN_ACCESS_USER + '/complex', tag='staging'),
+                        expected_code=204)
+
+    # Make sure the prod images are still around.
+    json = self.getJsonResponse('api.list_tag_images',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/complex', tag='prod'))
+
+    self.assertEquals(prod_images, json['images'])
+
+
+class TestRepoPermissions(ApiTestCase):
+  def listUserPermissions(self):
+    return self.getJsonResponse('api.list_repo_user_permissions',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))['permissions']
+
+  def listTeamPermissions(self):
+    return self.getJsonResponse('api.list_repo_team_permissions',
+                                params=dict(repository=ORGANIZATION + '/' + ORG_REPO))['permissions']
+
+  def test_userpermissions(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # The repo should start with just the admin as a user perm.
+    permissions = self.listUserPermissions()
+
+    self.assertEquals(1, len(permissions))
+    assert ADMIN_ACCESS_USER in permissions
+    self.assertEquals('admin', permissions[ADMIN_ACCESS_USER]['role'])
+
+    # Add another user.
+    self.putJsonResponse('api.change_user_permissions',
+                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', username=NO_ACCESS_USER),
+                         data=dict(role='read'))
+
+    # Verify the user is present.
+    permissions = self.listUserPermissions()
+
+    self.assertEquals(2, len(permissions))
+    assert NO_ACCESS_USER in permissions
+    self.assertEquals('read', permissions[NO_ACCESS_USER]['role'])
+
+    json = self.getJsonResponse('api.get_user_permissions',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple', username=NO_ACCESS_USER))
+    self.assertEquals('read', json['role'])
+
+    # Change the user's permissions.
+    self.putJsonResponse('api.change_user_permissions',
+                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', username=NO_ACCESS_USER),
+                         data=dict(role='admin'))
+
+    # Verify.
+    permissions = self.listUserPermissions()
+
+    self.assertEquals(2, len(permissions))
+    assert NO_ACCESS_USER in permissions
+    self.assertEquals('admin', permissions[NO_ACCESS_USER]['role'])
+
+    # Delete the user's permission.
+    self.deleteResponse('api.delete_user_permissions',
+                        params=dict(repository=ADMIN_ACCESS_USER + '/simple', username=NO_ACCESS_USER))
+
+    # Verify.
+    permissions = self.listUserPermissions()
+
+    self.assertEquals(1, len(permissions))
+    assert not NO_ACCESS_USER in permissions
+
+
+  def test_teampermissions(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # The repo should start with just the readers as a team perm.
+    permissions = self.listTeamPermissions()
+
+    self.assertEquals(1, len(permissions))
+    assert 'readers' in permissions
+    self.assertEquals('read', permissions['readers']['role'])
+
+    # Add another team.
+    self.putJsonResponse('api.change_team_permissions',
+                         params=dict(repository=ORGANIZATION + '/' + ORG_REPO, teamname='owners'),
+                         data=dict(role='write'))
+
+    # Verify the team is present.
+    permissions = self.listTeamPermissions()
+
+    self.assertEquals(2, len(permissions))
+    assert 'owners' in permissions
+    self.assertEquals('write', permissions['owners']['role'])
+
+    json = self.getJsonResponse('api.get_team_permissions',
+                                params=dict(repository=ORGANIZATION + '/' + ORG_REPO, teamname='owners'))
+    self.assertEquals('write', json['role'])
+
+    # Change the team's permissions.
+    self.putJsonResponse('api.change_team_permissions',
+                         params=dict(repository=ORGANIZATION + '/' + ORG_REPO, teamname='owners'),
+                         data=dict(role='admin'))
+
+    # Verify.
+    permissions = self.listTeamPermissions()
+
+    self.assertEquals(2, len(permissions))
+    assert 'owners' in permissions
+    self.assertEquals('admin', permissions['owners']['role'])
+
+    # Delete the team's permission.
+    self.deleteResponse('api.delete_team_permissions',
+                        params=dict(repository=ORGANIZATION + '/' + ORG_REPO, teamname='owners'))
+
+    # Verify.
+    permissions = self.listTeamPermissions()
+
+    self.assertEquals(1, len(permissions))
+    assert not 'owners' in permissions
+
+class TestApiTokens(ApiTestCase):
+  def listTokens(self):
+    return self.getJsonResponse('api.list_repo_tokens',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))['tokens']
+
+  def test_tokens(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Create a new token.
+    json = self.postJsonResponse('api.create_token',
+                                 params=dict(repository=ADMIN_ACCESS_USER + '/simple'),
+                                 data=dict(role='read', friendlyName='mytoken'),
+                                 expected_code=201)
+
+    self.assertEquals('mytoken', json['friendlyName'])
+    self.assertEquals('read', json['role'])
+    token_code = json['code']
+
+    # Verify.
+    tokens = self.listTokens()
+    assert token_code in tokens
+    self.assertEquals('mytoken', tokens[token_code]['friendlyName'])
+
+    json = self.getJsonResponse('api.get_tokens',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple', code=token_code))
+    self.assertEquals(tokens[token_code], json)
+
+    # Change the token's permission.
+    self.putJsonResponse('api.change_token',
+                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', code=token_code),
+                         data=dict(role='write'))
+
+    # Verify.
+    json = self.getJsonResponse('api.get_tokens',
+                                params=dict(repository=ADMIN_ACCESS_USER + '/simple', code=token_code))
+    self.assertEquals('write', json['role'])
+
+    # Delete the token.
+    self.deleteResponse('api.delete_token',
+                        params=dict(repository=ADMIN_ACCESS_USER + '/simple', code=token_code))
+
+    # Verify.
+    self.getResponse('api.get_tokens',
+                     params=dict(repository=ADMIN_ACCESS_USER + '/simple', code=token_code),
+                     expected_code=404)
+
+
+class TestUserCard(ApiTestCase):
+  def test_getusercard(self):
+    self.login(ADMIN_ACCESS_USER)
+    json = self.getJsonResponse('api.get_user_card')
+
+    self.assertEquals('4242', json['card']['last4'])
+    self.assertEquals('Visa', json['card']['type'])
+
+  def test_setusercard_error(self):
+    self.login(ADMIN_ACCESS_USER)
+    json = self.postJsonResponse('api.set_user_card', 
+                                 data=dict(token='sometoken'),
+                                 expected_code=402)
+    assert 'carderror' in json
+
+
+class TestOrgCard(ApiTestCase):
+  def test_getorgcard(self):
+    self.login(ADMIN_ACCESS_USER)
+    json = self.getJsonResponse('api.get_org_card',
+                                params=dict(orgname=ORGANIZATION))
+
+    self.assertEquals('4242', json['card']['last4'])
+    self.assertEquals('Visa', json['card']['type'])
+
+
+class TestUserSubscription(ApiTestCase):
+  def getSubscription(self):
+    return self.getJsonResponse('api.get_user_subscription')
+
+  def test_updateplan(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Change the plan.
+    self.putJsonResponse('api.update_user_subscription',
+                         data=dict(plan='free'))
+
+    # Verify
+    sub = self.getSubscription()
+    self.assertEquals('free', sub['plan'])
+
+    # Change the plan.
+    self.putJsonResponse('api.update_user_subscription',
+                         data=dict(plan='bus-large'))
+
+    # Verify
+    sub = self.getSubscription()
+    self.assertEquals('bus-large', sub['plan'])
+
+
+class TestOrgSubscription(ApiTestCase):
+  def getSubscription(self):
+    return self.getJsonResponse('api.get_org_subscription', params=dict(orgname=ORGANIZATION))
+
+  def test_updateplan(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Change the plan.
+    self.putJsonResponse('api.update_org_subscription',
+                         params=dict(orgname=ORGANIZATION),
+                         data=dict(plan='free'))
+
+    # Verify
+    sub = self.getSubscription()
+    self.assertEquals('free', sub['plan'])
+
+    # Change the plan.
+    self.putJsonResponse('api.update_org_subscription',
+                         params=dict(orgname=ORGANIZATION),
+                         data=dict(plan='bus-large'))
+
+    # Verify
+    sub = self.getSubscription()
+    self.assertEquals('bus-large', sub['plan'])
+
+
+class TestUserRobots(ApiTestCase):
+  def getRobotNames(self):
+    return [r['name'] for r in self.getJsonResponse('api.get_user_robots')['robots']]
+
+  def test_robots(self):
+    self.login(NO_ACCESS_USER)
+
+    # Create a robot.
+    json = self.putJsonResponse('api.create_user_robot',
+                                params=dict(robot_shortname='bender'),
+                                expected_code=201)
+
+    self.assertEquals(NO_ACCESS_USER + '+bender', json['name'])
+
+    # Verify.
+    robots = self.getRobotNames()
+    assert NO_ACCESS_USER + '+bender' in robots
+
+    # Delete the robot.
+    self.deleteResponse('api.delete_user_robot',
+                        params=dict(robot_shortname='bender'))
+
+    # Verify.
+    robots = self.getRobotNames()
+    assert not NO_ACCESS_USER + '+bender' in robots
+
+
+class TestOrgRobots(ApiTestCase):
+  def getRobotNames(self):
+    return [r['name'] for r in self.getJsonResponse('api.get_org_robots',
+                                                    params=dict(orgname=ORGANIZATION))['robots']]
+
+  def test_robots(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Create a robot.
+    json = self.putJsonResponse('api.create_org_robot',
+                                params=dict(orgname=ORGANIZATION, robot_shortname='bender'),
+                                expected_code=201)
+
+    self.assertEquals(ORGANIZATION + '+bender', json['name'])
+
+    # Verify.
+    robots = self.getRobotNames()
+    assert ORGANIZATION + '+bender' in robots
+
+    # Delete the robot.
+    self.deleteResponse('api.delete_org_robot',
+                        params=dict(orgname=ORGANIZATION, robot_shortname='bender'))
+
+    # Verify.
+    robots = self.getRobotNames()
+    assert not ORGANIZATION + '+bender' in robots
+
+
+class TestLogs(ApiTestCase):
+  def test_user_logs(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    json = self.getJsonResponse('api.list_user_logs')
+    assert 'logs' in json
+    assert 'start_time' in json
+    assert 'end_time' in json
+
+  def test_org_logs(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    json = self.getJsonResponse('api.list_org_logs', params=dict(orgname=ORGANIZATION))
+    assert 'logs' in json
+    assert 'start_time' in json
+    assert 'end_time' in json
+
+  def test_performer(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    json = self.getJsonResponse('api.list_org_logs', params=dict(orgname=ORGANIZATION))
+    all_logs = json['logs']
+
+    json = self.getJsonResponse('api.list_org_logs',
+                                params=dict(performer=READ_ACCESS_USER, orgname=ORGANIZATION))
+
+    assert len(json['logs']) < len(all_logs)
+    for log in json['logs']:
+      self.assertEquals(READ_ACCESS_USER, log['performer']['name'])
 
 if __name__ == '__main__':
   unittest.main()