vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add the next batch of tests and fixes.

Browse source
This commit is contained in:
yackob03 2013-11-06 17:56:31 -05:00
parent db59b5bf9c
commit 2a849f631b
3 changed files with 477 additions and 289 deletions
Download patch file Download diff file Expand all files Collapse all files

429
test/specs.py Normal file
View file

@ -0,0 +1,429 @@
import json
from flask import url_for
from collections import OrderedDict
from uuid import uuid4
PUBLIC_REPO = 'public/publicrepo'
PRIVATE_REPO = 'devtable/complex'
ORG = 'devtableorg'
ORG_REPO = ORG + '/orgrepo'
ORG_OWNERS = 'owners'
ORG_READERS = 'readers'
ORG_OWNER = 'devtable'
FAKE_IMAGE_ID = uuid4()
FAKE_TAG_NAME = uuid4()
FAKE_USERNAME = uuid4()
FAKE_TEAMNAME = uuid4()
FAKE_TOKEN = uuid4()
def open_kwargs(method='GET', json_object=None):
kwargs = {
'method': method,
}
if json_object is not None:
kwargs['data'] = json.dumps(json_object)
kwargs['content_type'] = 'application/json'
elif method == 'POST' or method == 'PUT':
kwargs['data'] = json.dumps({
'fake': 'json',
'data': 'here',
})
kwargs['content_type'] = 'application/json'
return kwargs
def build_anon_spec():
return OrderedDict([
(url_for('welcome'), (200, open_kwargs())),
(url_for('plans_list'), (200, open_kwargs())),
(url_for('get_logged_in_user'), (200, open_kwargs())),
(url_for('change_user_details'), (401, open_kwargs('PUT'))),
(url_for('create_user_api'), (400, open_kwargs('POST'))),
(url_for('signin_api'), (400, open_kwargs('POST'))),
(url_for('send_recovery'), (400, open_kwargs('POST'))),
(url_for('get_matching_users', prefix='dev'), (401, open_kwargs())),
(url_for('get_matching_entities', prefix='dev'), (401, open_kwargs())),
(url_for('get_organization', orgname=ORG), (401, open_kwargs())),
(url_for('get_organization_private_allowed', orgname=ORG),
(401, open_kwargs())),
(url_for('update_organization_team', orgname=ORG, teamname=ORG_OWNERS),
(401, open_kwargs('PUT'))),
(url_for('delete_organization_team', orgname=ORG, teamname=ORG_OWNERS),
(401, open_kwargs('DELETE'))),
(url_for('get_organization_team_members', orgname=ORG,
teamname=ORG_OWNERS), (401, open_kwargs())),
(url_for('update_organization_team_member', orgname=ORG,
teamname=ORG_OWNERS, membername=ORG_OWNER),
(401, open_kwargs('PUT'))),
(url_for('delete_organization_team_member', orgname=ORG,
teamname=ORG_OWNERS, membername=ORG_OWNER),
(401, open_kwargs('DELETE'))),
(url_for('create_repo_api'), (401, open_kwargs('POST'))),
(url_for('match_repos_api'), (200, open_kwargs())),
(url_for('list_repos_api'), (200, open_kwargs())),
(url_for('update_repo_api', repository=PUBLIC_REPO),
(401, open_kwargs('PUT'))),
(url_for('update_repo_api', repository=ORG_REPO),
(401, open_kwargs('PUT'))),
(url_for('update_repo_api', repository=PRIVATE_REPO),
(401, open_kwargs('PUT'))),
(url_for('change_repo_visibility_api', repository=PUBLIC_REPO),
(401, open_kwargs('POST'))),
(url_for('change_repo_visibility_api', repository=ORG_REPO),
(401, open_kwargs('POST'))),
(url_for('change_repo_visibility_api', repository=PRIVATE_REPO),
(401, open_kwargs('POST'))),
(url_for('delete_repository', repository=PUBLIC_REPO),
(401, open_kwargs('DELETE'))),
(url_for('delete_repository', repository=ORG_REPO),
(401, open_kwargs('DELETE'))),
(url_for('delete_repository', repository=PRIVATE_REPO),
(401, open_kwargs('DELETE'))),
(url_for('get_repo_api', repository=PUBLIC_REPO),(200, open_kwargs())),
(url_for('get_repo_api', repository=ORG_REPO), (403, open_kwargs())),
(url_for('get_repo_api', repository=PRIVATE_REPO), (403, open_kwargs())),
(url_for('get_repo_builds', repository=PUBLIC_REPO),
(401, open_kwargs())),
(url_for('get_repo_builds', repository=ORG_REPO), (401, open_kwargs())),
(url_for('get_repo_builds', repository=PRIVATE_REPO),
(401, open_kwargs())),
(url_for('get_filedrop_url'), (401, open_kwargs('POST'))),
(url_for('request_repo_build', repository=PUBLIC_REPO),
(401, open_kwargs('POST'))),
(url_for('request_repo_build', repository=ORG_REPO),
(401, open_kwargs('POST'))),
(url_for('request_repo_build', repository=PRIVATE_REPO),
(401, open_kwargs('POST'))),
(url_for('list_repository_images', repository=PUBLIC_REPO),
(200, open_kwargs())),
(url_for('list_repository_images', repository=ORG_REPO),
(403, open_kwargs())),
(url_for('list_repository_images', repository=PRIVATE_REPO),
(403, open_kwargs())),
(url_for('get_image', repository=PUBLIC_REPO, image_id=FAKE_IMAGE_ID),
(404, open_kwargs())),
(url_for('get_image', repository=ORG_REPO, image_id=FAKE_IMAGE_ID),
(403, open_kwargs())),
(url_for('get_image', repository=PRIVATE_REPO, image_id=FAKE_IMAGE_ID),
(403, open_kwargs())),
(url_for('get_image_changes', repository=PUBLIC_REPO,
image_id=FAKE_IMAGE_ID), (404, open_kwargs())),
(url_for('get_image_changes', repository=ORG_REPO,
image_id=FAKE_IMAGE_ID), (403, open_kwargs())),
(url_for('get_image_changes', repository=PRIVATE_REPO,
image_id=FAKE_IMAGE_ID), (403, open_kwargs())),
(url_for('list_tag_images', repository=PUBLIC_REPO, tag=FAKE_TAG_NAME),
(404, open_kwargs())),
(url_for('list_tag_images', repository=ORG_REPO, tag=FAKE_TAG_NAME),
(403, open_kwargs())),
(url_for('list_tag_images', repository=PRIVATE_REPO, tag=FAKE_TAG_NAME),
(403, open_kwargs())),
(url_for('list_repo_team_permissions', repository=PUBLIC_REPO),
(401, open_kwargs())),
(url_for('list_repo_team_permissions', repository=ORG_REPO),
(401, open_kwargs())),
(url_for('list_repo_team_permissions', repository=PRIVATE_REPO),
(401, open_kwargs())),
(url_for('list_repo_user_permissions', repository=PUBLIC_REPO),
(401, open_kwargs())),
(url_for('list_repo_user_permissions', repository=ORG_REPO),
(401, open_kwargs())),
(url_for('list_repo_user_permissions', repository=PRIVATE_REPO),
(401, open_kwargs())),
(url_for('get_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (401, open_kwargs())),
(url_for('get_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (401, open_kwargs())),
(url_for('get_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (401, open_kwargs())),
(url_for('get_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs())),
(url_for('get_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs())),
(url_for('get_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs())),
(url_for('change_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (401, open_kwargs('PUT'))),
(url_for('change_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (401, open_kwargs('PUT'))),
(url_for('change_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (401, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))),
(url_for('delete_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))),
(url_for('list_repo_tokens', repository=PUBLIC_REPO),
(401, open_kwargs())),
(url_for('list_repo_tokens', repository=ORG_REPO), (401, open_kwargs())),
(url_for('list_repo_tokens', repository=PRIVATE_REPO),
(401, open_kwargs())),
(url_for('get_tokens', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(401, open_kwargs())),
(url_for('get_tokens', repository=ORG_REPO, code=FAKE_TOKEN),
(401, open_kwargs())),
(url_for('get_tokens', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(401, open_kwargs())),
(url_for('create_token', repository=PUBLIC_REPO),
(401, open_kwargs('POST'))),
(url_for('create_token', repository=ORG_REPO),
(401, open_kwargs('POST'))),
(url_for('create_token', repository=PRIVATE_REPO),
(401, open_kwargs('POST'))),
(url_for('change_token', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(401, open_kwargs('PUT'))),
(url_for('change_token', repository=ORG_REPO, code=FAKE_TOKEN),
(401, open_kwargs('PUT'))),
(url_for('change_token', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(401, open_kwargs('PUT'))),
(url_for('delete_token', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(401, open_kwargs('DELETE'))),
(url_for('delete_token', repository=ORG_REPO, code=FAKE_TOKEN),
(401, open_kwargs('DELETE'))),
(url_for('delete_token', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(401, open_kwargs('DELETE'))),
(url_for('subscribe_api'), (401, open_kwargs('PUT'))),
(url_for('subscribe_org_api', orgname=ORG), (401, open_kwargs('PUT'))),
(url_for('get_subscription'), (401, open_kwargs())),
(url_for('get_org_subscription', orgname=ORG), (401, open_kwargs())),
])
def build_no_access_spec():
changes = OrderedDict([
(url_for('change_user_details'), (200, open_kwargs('PUT'))),
(url_for('get_matching_users', prefix='dev'), (200, open_kwargs())),
(url_for('get_matching_entities', prefix='dev'), (200, open_kwargs())),
(url_for('get_organization', orgname=ORG), (403, open_kwargs())),
(url_for('get_organization_private_allowed', orgname=ORG),
(403, open_kwargs())),
(url_for('update_organization_team', orgname=ORG, teamname=ORG_OWNERS),
(403, open_kwargs('PUT'))),
(url_for('delete_organization_team', orgname=ORG, teamname=ORG_OWNERS),
(403, open_kwargs('DELETE'))),
(url_for('get_organization_team_members', orgname=ORG,
teamname=ORG_OWNERS), (403, open_kwargs())),
(url_for('update_organization_team_member', orgname=ORG,
teamname=ORG_OWNERS, membername=ORG_OWNER),
(403, open_kwargs('PUT'))),
(url_for('delete_organization_team_member', orgname=ORG,
teamname=ORG_OWNERS, membername=ORG_OWNER),
(403, open_kwargs('DELETE'))),
(url_for('create_repo_api'), (403, open_kwargs('POST'))),
(url_for('update_repo_api', repository=PUBLIC_REPO),
(403, open_kwargs('PUT'))),
(url_for('update_repo_api', repository=ORG_REPO),
(403, open_kwargs('PUT'))),
(url_for('update_repo_api', repository=PRIVATE_REPO),
(403, open_kwargs('PUT'))),
(url_for('change_repo_visibility_api', repository=PUBLIC_REPO),
(403, open_kwargs('POST'))),
(url_for('change_repo_visibility_api', repository=ORG_REPO),
(403, open_kwargs('POST'))),
(url_for('change_repo_visibility_api', repository=PRIVATE_REPO),
(403, open_kwargs('POST'))),
(url_for('delete_repository', repository=PUBLIC_REPO),
(403, open_kwargs('DELETE'))),
(url_for('delete_repository', repository=ORG_REPO),
(403, open_kwargs('DELETE'))),
(url_for('delete_repository', repository=PRIVATE_REPO),
(403, open_kwargs('DELETE'))),
(url_for('get_repo_builds', repository=PUBLIC_REPO),
(403, open_kwargs())),
(url_for('get_repo_builds', repository=ORG_REPO), (403, open_kwargs())),
(url_for('get_repo_builds', repository=PRIVATE_REPO),
(403, open_kwargs())),
(url_for('get_filedrop_url'), (400, open_kwargs('POST'))),
(url_for('request_repo_build', repository=PUBLIC_REPO),
(403, open_kwargs('POST'))),
(url_for('request_repo_build', repository=ORG_REPO),
(403, open_kwargs('POST'))),
(url_for('request_repo_build', repository=PRIVATE_REPO),
(403, open_kwargs('POST'))),
(url_for('list_repo_team_permissions', repository=PUBLIC_REPO),
(403, open_kwargs())),
(url_for('list_repo_team_permissions', repository=ORG_REPO),
(403, open_kwargs())),
(url_for('list_repo_team_permissions', repository=PRIVATE_REPO),
(403, open_kwargs())),
(url_for('list_repo_user_permissions', repository=PUBLIC_REPO),
(403, open_kwargs())),
(url_for('list_repo_user_permissions', repository=ORG_REPO),
(403, open_kwargs())),
(url_for('list_repo_user_permissions', repository=PRIVATE_REPO),
(403, open_kwargs())),
(url_for('get_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (403, open_kwargs())),
(url_for('get_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (403, open_kwargs())),
(url_for('get_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (403, open_kwargs())),
(url_for('get_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs())),
(url_for('get_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs())),
(url_for('get_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs())),
(url_for('change_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (403, open_kwargs('PUT'))),
(url_for('change_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (403, open_kwargs('PUT'))),
(url_for('change_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (403, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs('PUT'))),
(url_for('delete_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (403, open_kwargs('DELETE'))),
(url_for('delete_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (403, open_kwargs('DELETE'))),
(url_for('delete_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (403, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (403, open_kwargs('DELETE'))),
(url_for('list_repo_tokens', repository=PUBLIC_REPO),
(403, open_kwargs())),
(url_for('list_repo_tokens', repository=ORG_REPO), (403, open_kwargs())),
(url_for('list_repo_tokens', repository=PRIVATE_REPO),
(403, open_kwargs())),
(url_for('get_tokens', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(403, open_kwargs())),
(url_for('get_tokens', repository=ORG_REPO, code=FAKE_TOKEN),
(403, open_kwargs())),
(url_for('get_tokens', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(403, open_kwargs())),
(url_for('create_token', repository=PUBLIC_REPO),
(403, open_kwargs('POST'))),
(url_for('create_token', repository=ORG_REPO),
(403, open_kwargs('POST'))),
(url_for('create_token', repository=PRIVATE_REPO),
(403, open_kwargs('POST'))),
(url_for('change_token', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(403, open_kwargs('PUT'))),
(url_for('change_token', repository=ORG_REPO, code=FAKE_TOKEN),
(403, open_kwargs('PUT'))),
(url_for('change_token', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(403, open_kwargs('PUT'))),
(url_for('delete_token', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(403, open_kwargs('DELETE'))),
(url_for('delete_token', repository=ORG_REPO, code=FAKE_TOKEN),
(403, open_kwargs('DELETE'))),
(url_for('delete_token', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(403, open_kwargs('DELETE'))),
(url_for('subscribe_api'), (403, open_kwargs('PUT'))),
(url_for('subscribe_org_api', orgname=ORG), (403, open_kwargs('PUT'))),
(url_for('get_subscription'), (200, open_kwargs())),
(url_for('get_org_subscription', orgname=ORG), (403, open_kwargs())),
])
to_update = build_anon_spec()
to_update.update(changes)
return to_update

293
test/test_api_security.py
View file

@ -1,265 +1,15 @@
import unittest
import json
from flask import url_for
from uuid import uuid4
from collections import OrderedDict
import endpoints.api
from app import app
from data import model
from initdb import wipe_database, initialize_database, populate_database
from specs import build_anon_spec, build_no_access_spec
PUBLIC_REPO = 'public/publicrepo'
PRIVATE_REPO = 'devtable/complex'
ORG = 'devtableorg'
ORG_REPO = ORG + '/orgrepo'
ORG_OWNERS = 'owners'
ORG_READERS = 'readers'
ORG_OWNER = 'devtable'
FAKE_IMAGE_ID = uuid4()
FAKE_TAG_NAME = uuid4()
FAKE_USERNAME = uuid4()
FAKE_TEAMNAME = uuid4()
FAKE_TOKEN = uuid4()
def open_kwargs(method='GET', json_object=None):
kwargs = {
'method': method,
}
if json_object is not None:
kwargs['data'] = json.dumps(json_object)
kwargs['content_type'] = 'application/json'
elif method == 'POST' or method == 'PUT':
kwargs['data'] = json.dumps({
'fake': 'json',
'data': 'here',
})
kwargs['content_type'] = 'application/json'
return kwargs
with app.test_request_context() as ctx:
ANON_SPEC = OrderedDict([
(url_for('welcome'), (200, open_kwargs())),
(url_for('plans_list'), (200, open_kwargs())),
(url_for('get_logged_in_user'), (200, open_kwargs())),
(url_for('change_user_details'), (401, open_kwargs('PUT'))),
(url_for('create_user_api'), (400, open_kwargs('POST'))),
(url_for('signin_api'), (400, open_kwargs('POST'))),
(url_for('logout'), (401, open_kwargs('POST'))),
(url_for('send_recovery'), (400, open_kwargs('POST'))),
(url_for('get_matching_users', prefix='dev'), (401, open_kwargs())),
(url_for('get_matching_entities', prefix='dev'), (401, open_kwargs())),
(url_for('get_organization', orgname=ORG), (401, open_kwargs())),
(url_for('get_organization_private_allowed', orgname=ORG),
(401, open_kwargs())),
(url_for('update_organization_team', orgname=ORG, teamname=ORG_OWNERS),
(401, open_kwargs('PUT'))),
(url_for('delete_organization_team', orgname=ORG, teamname=ORG_OWNERS),
(401, open_kwargs('DELETE'))),
(url_for('get_organization_team_members', orgname=ORG,
teamname=ORG_OWNERS), (401, open_kwargs())),
(url_for('update_organization_team_member', orgname=ORG,
teamname=ORG_OWNERS, membername=ORG_OWNER),
(401, open_kwargs('PUT'))),
(url_for('delete_organization_team_member', orgname=ORG,
teamname=ORG_OWNERS, membername=ORG_OWNER),
(401, open_kwargs('DELETE'))),
(url_for('create_repo_api'), (401, open_kwargs('POST'))),
(url_for('match_repos_api'), (200, open_kwargs())),
(url_for('list_repos_api'), (200, open_kwargs())),
(url_for('update_repo_api', repository=PUBLIC_REPO),
(401, open_kwargs('PUT'))),
(url_for('update_repo_api', repository=ORG_REPO),
(401, open_kwargs('PUT'))),
(url_for('update_repo_api', repository=PRIVATE_REPO),
(401, open_kwargs('PUT'))),
(url_for('change_repo_visibility_api', repository=PUBLIC_REPO),
(401, open_kwargs('POST'))),
(url_for('change_repo_visibility_api', repository=ORG_REPO),
(401, open_kwargs('POST'))),
(url_for('change_repo_visibility_api', repository=PRIVATE_REPO),
(401, open_kwargs('POST'))),
(url_for('delete_repository', repository=PUBLIC_REPO),
(401, open_kwargs('DELETE'))),
(url_for('delete_repository', repository=ORG_REPO),
(401, open_kwargs('DELETE'))),
(url_for('delete_repository', repository=PRIVATE_REPO),
(401, open_kwargs('DELETE'))),
(url_for('get_repo_api', repository=PUBLIC_REPO),(200, open_kwargs())),
(url_for('get_repo_api', repository=ORG_REPO), (403, open_kwargs())),
(url_for('get_repo_api', repository=PRIVATE_REPO), (403, open_kwargs())),
(url_for('get_repo_builds', repository=PUBLIC_REPO),
(401, open_kwargs())),
(url_for('get_repo_builds', repository=ORG_REPO), (401, open_kwargs())),
(url_for('get_repo_builds', repository=PRIVATE_REPO),
(401, open_kwargs())),
(url_for('get_filedrop_url'), (401, open_kwargs('POST'))),
(url_for('request_repo_build', repository=PUBLIC_REPO),
(401, open_kwargs('POST'))),
(url_for('request_repo_build', repository=ORG_REPO),
(401, open_kwargs('POST'))),
(url_for('request_repo_build', repository=PRIVATE_REPO),
(401, open_kwargs('POST'))),
(url_for('list_repository_images', repository=PUBLIC_REPO),
(200, open_kwargs())),
(url_for('list_repository_images', repository=ORG_REPO),
(403, open_kwargs())),
(url_for('list_repository_images', repository=PRIVATE_REPO),
(403, open_kwargs())),
(url_for('get_image', repository=PUBLIC_REPO, image_id=FAKE_IMAGE_ID),
(404, open_kwargs())),
(url_for('get_image', repository=ORG_REPO, image_id=FAKE_IMAGE_ID),
(403, open_kwargs())),
(url_for('get_image', repository=PRIVATE_REPO, image_id=FAKE_IMAGE_ID),
(403, open_kwargs())),
(url_for('get_image_changes', repository=PUBLIC_REPO,
image_id=FAKE_IMAGE_ID), (404, open_kwargs())),
(url_for('get_image_changes', repository=ORG_REPO,
image_id=FAKE_IMAGE_ID), (403, open_kwargs())),
(url_for('get_image_changes', repository=PRIVATE_REPO,
image_id=FAKE_IMAGE_ID), (403, open_kwargs())),
(url_for('list_tag_images', repository=PUBLIC_REPO, tag=FAKE_TAG_NAME),
(404, open_kwargs())),
(url_for('list_tag_images', repository=ORG_REPO, tag=FAKE_TAG_NAME),
(403, open_kwargs())),
(url_for('list_tag_images', repository=PRIVATE_REPO, tag=FAKE_TAG_NAME),
(403, open_kwargs())),
(url_for('list_repo_team_permissions', repository=PUBLIC_REPO),
(401, open_kwargs())),
(url_for('list_repo_team_permissions', repository=ORG_REPO),
(401, open_kwargs())),
(url_for('list_repo_team_permissions', repository=PRIVATE_REPO),
(401, open_kwargs())),
(url_for('list_repo_user_permissions', repository=PUBLIC_REPO),
(401, open_kwargs())),
(url_for('list_repo_user_permissions', repository=ORG_REPO),
(401, open_kwargs())),
(url_for('list_repo_user_permissions', repository=PRIVATE_REPO),
(401, open_kwargs())),
(url_for('get_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (401, open_kwargs())),
(url_for('get_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (401, open_kwargs())),
(url_for('get_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (401, open_kwargs())),
(url_for('get_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs())),
(url_for('get_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs())),
(url_for('get_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs())),
(url_for('change_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (401, open_kwargs('PUT'))),
(url_for('change_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (401, open_kwargs('PUT'))),
(url_for('change_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (401, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))),
(url_for('change_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('PUT'))),
(url_for('delete_user_permissions', repository=PUBLIC_REPO,
username=FAKE_USERNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_user_permissions', repository=ORG_REPO,
username=FAKE_USERNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_user_permissions', repository=PRIVATE_REPO,
username=FAKE_USERNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=PUBLIC_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=ORG_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))),
(url_for('delete_team_permissions', repository=PRIVATE_REPO,
teamname=FAKE_TEAMNAME), (401, open_kwargs('DELETE'))),
(url_for('list_repo_tokens', repository=PUBLIC_REPO),
(401, open_kwargs())),
(url_for('list_repo_tokens', repository=ORG_REPO), (401, open_kwargs())),
(url_for('list_repo_tokens', repository=PRIVATE_REPO),
(401, open_kwargs())),
(url_for('get_tokens', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(401, open_kwargs())),
(url_for('get_tokens', repository=ORG_REPO, code=FAKE_TOKEN),
(401, open_kwargs())),
(url_for('get_tokens', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(401, open_kwargs())),
(url_for('create_token', repository=PUBLIC_REPO),
(401, open_kwargs('POST'))),
(url_for('create_token', repository=ORG_REPO),
(401, open_kwargs('POST'))),
(url_for('create_token', repository=PRIVATE_REPO),
(401, open_kwargs('POST'))),
(url_for('change_token', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(401, open_kwargs('PUT'))),
(url_for('change_token', repository=ORG_REPO, code=FAKE_TOKEN),
(401, open_kwargs('PUT'))),
(url_for('change_token', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(401, open_kwargs('PUT'))),
(url_for('delete_token', repository=PUBLIC_REPO, code=FAKE_TOKEN),
(401, open_kwargs('DELETE'))),
(url_for('delete_token', repository=ORG_REPO, code=FAKE_TOKEN),
(401, open_kwargs('DELETE'))),
(url_for('delete_token', repository=PRIVATE_REPO, code=FAKE_TOKEN),
(401, open_kwargs('DELETE'))),
(url_for('subscribe_api'), (401, open_kwargs('PUT'))),
(url_for('subscribe_org_api', orgname=ORG), (401, open_kwargs('PUT'))),
(url_for('get_subscription'), (401, open_kwargs())),
(url_for('get_org_subscription', orgname=ORG), (401, open_kwargs())),
])
NO_ACCESS_USER = 'freshuser'
class ApiTestCase(unittest.TestCase):
@ -268,27 +18,32 @@ class ApiTestCase(unittest.TestCase):
initialize_database()
populate_database()
self.client = app.test_client()
def signin(self, username, password):
args = {
'username': username,
'password': password,
}
return self.client.post('/signin', data=json.dumps(args),
follow_redirects=True)
def signout(self):
return self.client.get('/signout', follow_redirects=True)
class TestAnonymousAccess(ApiTestCase):
def test_anonymous_public_access(self):
for url, (expected_status, open_kwargs) in ANON_SPEC.items():
rv = self.client.open(url, **open_kwargs)
def __runspec(self, client, spec):
for url, (expected_status, open_kwargs) in spec.items():
rv = client.open(url, **open_kwargs)
msg = '%s %s: %s expected: %s' % (open_kwargs['method'], url,
rv.status_code, expected_status)
self.assertEqual(rv.status_code, expected_status, msg)
self.assertEqual(rv.status_code, expected_status, msg)
def test_anonymous_public_access(self):
with app.test_request_context() as ctx:
spec = build_anon_spec()
with app.test_client() as c:
self.__runspec(c, spec)
def test_authenticated_but_not_authorized(self):
with app.test_request_context() as ctx:
spec = build_no_access_spec()
with app.test_client() as c:
with c.session_transaction() as sess:
sess['user_id'] = NO_ACCESS_USER
self.__runspec(c, spec)
if __name__ == '__main__':
unittest.main()