From 35a2414d854a1988f089d66fe83e7b5c519d1897 Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Mon, 23 Feb 2015 14:23:32 -0500 Subject: [PATCH] tests: star security tests --- endpoints/api/user.py | 6 +---- test/test_api_security.py | 54 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 54 insertions(+), 6 deletions(-) diff --git a/endpoints/api/user.py b/endpoints/api/user.py index f7a088c15..3284e4371 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -700,7 +700,6 @@ class StarredRepositoryList(ApiResource): } } - @require_scope(scopes.READ_REPO) @nickname('listStarredRepos') @parse_args @query_param('page', 'Offset page number. (int)', type=int) @@ -750,12 +749,11 @@ class StarredRepositoryList(ApiResource): 'repository': repository, }, 201 - raise NotFound() - @resource('/v1/user/starred/') @path_param('repository', 'The full path of the repository. e.g. namespace/name') class StarredRepository(RepositoryParamResource): """ Operations for managing a specific starred repository. """ + @nickname('deleteStar') @require_user_admin def delete(self, namespace, repository): @@ -769,5 +767,3 @@ class StarredRepository(RepositoryParamResource): #log_action('unstar_repository', user.username, namespace, # {'repo': repository, 'namespace': namespace}) return 'Deleted', 204 - - raise NotFound() diff --git a/test/test_api_security.py b/test/test_api_security.py index 6cc790fbc..7f047c270 100644 --- a/test/test_api_security.py +++ b/test/test_api_security.py @@ -26,7 +26,7 @@ from endpoints.api.repoemail import RepositoryAuthorizedEmail from endpoints.api.repositorynotification import RepositoryNotification, RepositoryNotificationList from endpoints.api.user import (PrivateRepositories, ConvertToOrganization, Recovery, Signout, Signin, User, UserAuthorizationList, UserAuthorization, UserNotification, - VerifyUser, DetachExternal) + VerifyUser, DetachExternal, StarredRepositoryList, StarredRepository) from endpoints.api.repotoken import RepositoryToken, RepositoryTokenList from endpoints.api.prototype import PermissionPrototype, PermissionPrototypeList from endpoints.api.logs import UserLogs, OrgLogs, RepositoryLogs @@ -132,6 +132,58 @@ class TestFindRepositories(ApiTestCase): +class TestUserStarredRepositoryList(ApiTestCase): + def setUp(self): + ApiTestCase.setUp(self) + self._set_url(StarredRepositoryList) + + def test_get_anonymous(self): + self._run_test('GET', 401, None, None) + + def test_get_freshuser(self): + self._run_test('GET', 200, 'freshuser', None) + + def test_get_reader(self): + self._run_test('GET', 200, 'reader', None) + + def test_get_devtable(self): + self._run_test('GET', 200, 'devtable', None) + + def test_post_anonymous(self): + self._run_test('POST', 401, None, {u'namespace': 'public', + u'repository': 'publicrepo'}) + + def test_post_freshuser(self): + self._run_test('POST', 201, 'freshuser', {u'namespace': 'public', + u'repository': 'publicrepo'}) + + def test_post_reader(self): + self._run_test('POST', 201, 'reader', {u'namespace': 'public', + u'repository': 'publicrepo'}) + + def test_post_devtable(self): + self._run_test('POST', 201, 'devtable', {u'namespace': 'public', + u'repository': 'publicrepo'}) + + +class TestUserStarredRepository(ApiTestCase): + def setUp(self): + ApiTestCase.setUp(self) + self._set_url(StarredRepository, repository="public/publicrepo") + + def test_delete_anonymous(self): + self._run_test('DELETE', 401, None, None) + + def test_delete_freshuser(self): + self._run_test('DELETE', 400, 'freshuser', None) + + def test_delete_reader(self): + self._run_test('DELETE', 400, 'reader', None) + + def test_delete_devtable(self): + self._run_test('DELETE', 400, 'devtable', None) + + class TestUserNotification(ApiTestCase): def setUp(self): ApiTestCase.setUp(self)