From 6fc369bed264de926bd485b835e0876bb785d5ad Mon Sep 17 00:00:00 2001 From: jakedt Date: Wed, 19 Mar 2014 13:57:36 -0400 Subject: [PATCH] Change non logged in 403s to 401s. --- auth/scopes.py | 4 +- endpoints/api/__init__.py | 12 +- endpoints/api/user.py | 9 +- test/test_api_security.py | 294 +++++++++++++++++++------------------- test/test_api_usage.py | 2 +- 5 files changed, 163 insertions(+), 158 deletions(-) diff --git a/auth/scopes.py b/auth/scopes.py index 6762fc42d..b6f66ce8e 100644 --- a/auth/scopes.py +++ b/auth/scopes.py @@ -30,7 +30,7 @@ CREATE_REPO = { 'the granting user or robot account is allowed to create repositories') } -USER_READ = { +READ_USER = { 'scope': 'user:read', 'icon': 'fa-user', 'title': 'Read User Information', @@ -39,7 +39,7 @@ USER_READ = { } ALL_SCOPES = {scope['scope']:scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO, - USER_READ)} + READ_USER)} def scopes_from_scope_string(scopes): diff --git a/endpoints/api/__init__.py b/endpoints/api/__init__.py index 6f18fd42c..5155dfa4e 100644 --- a/endpoints/api/__init__.py +++ b/endpoints/api/__init__.py @@ -57,7 +57,12 @@ class InvalidToken(ApiException): class Unauthorized(ApiException): def __init__(self, payload=None): - ApiException.__init__(self, 'insufficient_scope', 403, 'Unauthorized', payload) + user = get_authenticated_user() + if user is None or user.organization: + ApiException.__init__(self, 'invalid_token', 401, "Requires authentication", payload) + else: + ApiException.__init__(self, 'insufficient_scope', 403, 'Unauthorized', payload) + class NotFound(ApiException): @@ -190,8 +195,7 @@ def require_user_permission(permission_class, scope=None): def wrapped(self, *args, **kwargs): user = get_authenticated_user() if not user: - logger.debug('User is anonymous.') - raise InvalidToken('Method requires an auth token or user login.') + raise Unauthorized() logger.debug('Checking permission %s for user', permission_class, user.username) permission = permission_class(user.username) @@ -202,7 +206,7 @@ def require_user_permission(permission_class, scope=None): return wrapper -require_user_read = require_user_permission(UserReadPermission, scopes.USER_READ) +require_user_read = require_user_permission(UserReadPermission, scopes.READ_USER) require_user_admin = require_user_permission(UserAdminPermission, None) diff --git a/endpoints/api/user.py b/endpoints/api/user.py index f33e6e6cd..97341213e 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -8,13 +8,14 @@ from flask.ext.principal import identity_changed, AnonymousIdentity from app import app from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error, log_action, internal_only, NotFound, Unauthorized, require_user_admin, - require_user_read, InvalidToken) + require_user_read, InvalidToken, require_scope) from endpoints.api.subscribe import subscribe from endpoints.common import common_login from data import model from data.plans import get_plan from auth.permissions import AdministerOrganizationPermission, CreateRepositoryPermission from auth.auth_context import get_authenticated_user +from auth import scopes from util.gravatar import compute_hash from util.email import (send_confirmation_email, send_recovery_email, send_change_email) @@ -108,13 +109,13 @@ class User(ApiResource): }, } - @require_user_read + @require_scope(scopes.READ_USER) @nickname('getLoggedInUser') def get(self): """ Get user information for the authenticated user. """ user = get_authenticated_user() - if user.organization: - raise InvalidToken('User must not be an organization.') + if user is None or user.organization: + raise InvalidToken("Requires authentication", payload={'session_required': False}) return user_view(user) diff --git a/test/test_api_security.py b/test/test_api_security.py index 3b1ef9a91..c3c3d5cbd 100644 --- a/test/test_api_security.py +++ b/test/test_api_security.py @@ -439,7 +439,7 @@ class TestTeamMemberBuynlargeDevtableReaders(ApiTestCase): self._set_url(TeamMember, orgname="buynlarge", membername="devtable", teamname="readers") def test_put_anonymous(self): - self._run_test('PUT', 403, None, None) + self._run_test('PUT', 401, None, None) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', None) @@ -451,7 +451,7 @@ class TestTeamMemberBuynlargeDevtableReaders(ApiTestCase): self._run_test('PUT', 200, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -469,7 +469,7 @@ class TestTeamMemberBuynlargeDevtableOwners(ApiTestCase): self._set_url(TeamMember, orgname="buynlarge", membername="devtable", teamname="owners") def test_put_anonymous(self): - self._run_test('PUT', 403, None, None) + self._run_test('PUT', 401, None, None) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', None) @@ -481,7 +481,7 @@ class TestTeamMemberBuynlargeDevtableOwners(ApiTestCase): self._run_test('PUT', 400, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -499,7 +499,7 @@ class TestTeamMemberListBuynlargeReaders(ApiTestCase): self._set_url(TeamMemberList, orgname="buynlarge", teamname="readers") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -517,7 +517,7 @@ class TestTeamMemberListBuynlargeOwners(ApiTestCase): self._set_url(TeamMemberList, orgname="buynlarge", teamname="owners") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -535,7 +535,7 @@ class TestRepositoryUserPermissionA2o9PublicPublicrepo(ApiTestCase): self._set_url(RepositoryUserPermission, username="A2O9", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -547,7 +547,7 @@ class TestRepositoryUserPermissionA2o9PublicPublicrepo(ApiTestCase): self._run_test('GET', 403, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -559,7 +559,7 @@ class TestRepositoryUserPermissionA2o9PublicPublicrepo(ApiTestCase): self._run_test('PUT', 403, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -577,7 +577,7 @@ class TestRepositoryUserPermissionA2o9DevtableShared(ApiTestCase): self._set_url(RepositoryUserPermission, username="A2O9", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -589,7 +589,7 @@ class TestRepositoryUserPermissionA2o9DevtableShared(ApiTestCase): self._run_test('GET', 400, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -601,7 +601,7 @@ class TestRepositoryUserPermissionA2o9DevtableShared(ApiTestCase): self._run_test('PUT', 400, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -619,7 +619,7 @@ class TestRepositoryUserPermissionA2o9BuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryUserPermission, username="A2O9", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -631,7 +631,7 @@ class TestRepositoryUserPermissionA2o9BuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 400, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -643,7 +643,7 @@ class TestRepositoryUserPermissionA2o9BuynlargeOrgrepo(ApiTestCase): self._run_test('PUT', 400, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -661,7 +661,7 @@ class TestRepositoryTeamPermissionReadersPublicPublicrepo(ApiTestCase): self._set_url(RepositoryTeamPermission, teamname="readers", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -673,7 +673,7 @@ class TestRepositoryTeamPermissionReadersPublicPublicrepo(ApiTestCase): self._run_test('GET', 403, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -685,7 +685,7 @@ class TestRepositoryTeamPermissionReadersPublicPublicrepo(ApiTestCase): self._run_test('PUT', 403, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -703,7 +703,7 @@ class TestRepositoryTeamPermissionReadersDevtableShared(ApiTestCase): self._set_url(RepositoryTeamPermission, teamname="readers", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -715,7 +715,7 @@ class TestRepositoryTeamPermissionReadersDevtableShared(ApiTestCase): self._run_test('GET', 400, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -727,7 +727,7 @@ class TestRepositoryTeamPermissionReadersDevtableShared(ApiTestCase): self._run_test('PUT', 400, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -745,7 +745,7 @@ class TestRepositoryTeamPermissionReadersBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryTeamPermission, teamname="readers", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -757,7 +757,7 @@ class TestRepositoryTeamPermissionReadersBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -769,7 +769,7 @@ class TestRepositoryTeamPermissionReadersBuynlargeOrgrepo(ApiTestCase): self._run_test('PUT', 200, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -787,7 +787,7 @@ class TestRepositoryTeamPermissionOwnersPublicPublicrepo(ApiTestCase): self._set_url(RepositoryTeamPermission, teamname="owners", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -799,7 +799,7 @@ class TestRepositoryTeamPermissionOwnersPublicPublicrepo(ApiTestCase): self._run_test('GET', 403, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -811,7 +811,7 @@ class TestRepositoryTeamPermissionOwnersPublicPublicrepo(ApiTestCase): self._run_test('PUT', 403, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -829,7 +829,7 @@ class TestRepositoryTeamPermissionOwnersDevtableShared(ApiTestCase): self._set_url(RepositoryTeamPermission, teamname="owners", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -841,7 +841,7 @@ class TestRepositoryTeamPermissionOwnersDevtableShared(ApiTestCase): self._run_test('GET', 400, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -853,7 +853,7 @@ class TestRepositoryTeamPermissionOwnersDevtableShared(ApiTestCase): self._run_test('PUT', 400, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -871,7 +871,7 @@ class TestRepositoryTeamPermissionOwnersBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryTeamPermission, teamname="owners", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -883,7 +883,7 @@ class TestRepositoryTeamPermissionOwnersBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 400, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -895,7 +895,7 @@ class TestRepositoryTeamPermissionOwnersBuynlargeOrgrepo(ApiTestCase): self._run_test('PUT', 200, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -913,7 +913,7 @@ class TestBuildTriggerActivateSwo1PublicPublicrepo(ApiTestCase): self._set_url(BuildTriggerActivate, trigger_uuid="SWO1", repository="public/publicrepo") def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -931,7 +931,7 @@ class TestBuildTriggerActivateSwo1DevtableShared(ApiTestCase): self._set_url(BuildTriggerActivate, trigger_uuid="SWO1", repository="devtable/shared") def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -949,7 +949,7 @@ class TestBuildTriggerActivateSwo1BuynlargeOrgrepo(ApiTestCase): self._set_url(BuildTriggerActivate, trigger_uuid="SWO1", repository="buynlarge/orgrepo") def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -967,7 +967,7 @@ class TestBuildTriggerSources831cPublicPublicrepo(ApiTestCase): self._set_url(BuildTriggerSources, trigger_uuid="831C", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -985,7 +985,7 @@ class TestBuildTriggerSources831cDevtableShared(ApiTestCase): self._set_url(BuildTriggerSources, trigger_uuid="831C", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1003,7 +1003,7 @@ class TestBuildTriggerSources831cBuynlargeOrgrepo(ApiTestCase): self._set_url(BuildTriggerSources, trigger_uuid="831C", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1021,7 +1021,7 @@ class TestBuildTriggerSubdirs4i2yPublicPublicrepo(ApiTestCase): self._set_url(BuildTriggerSubdirs, trigger_uuid="4I2Y", repository="public/publicrepo") def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -1039,7 +1039,7 @@ class TestBuildTriggerSubdirs4i2yDevtableShared(ApiTestCase): self._set_url(BuildTriggerSubdirs, trigger_uuid="4I2Y", repository="devtable/shared") def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -1057,7 +1057,7 @@ class TestBuildTriggerSubdirs4i2yBuynlargeOrgrepo(ApiTestCase): self._set_url(BuildTriggerSubdirs, trigger_uuid="4I2Y", repository="buynlarge/orgrepo") def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -1075,7 +1075,7 @@ class TestTriggerBuildListZm1wPublicPublicrepo(ApiTestCase): self._set_url(TriggerBuildList, trigger_uuid="ZM1W", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1093,7 +1093,7 @@ class TestTriggerBuildListZm1wDevtableShared(ApiTestCase): self._set_url(TriggerBuildList, trigger_uuid="ZM1W", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1111,7 +1111,7 @@ class TestTriggerBuildListZm1wBuynlargeOrgrepo(ApiTestCase): self._set_url(TriggerBuildList, trigger_uuid="ZM1W", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1129,7 +1129,7 @@ class TestActivateBuildTrigger0byePublicPublicrepo(ApiTestCase): self._set_url(ActivateBuildTrigger, trigger_uuid="0BYE", repository="public/publicrepo") def test_post_anonymous(self): - self._run_test('POST', 403, None, None) + self._run_test('POST', 401, None, None) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', None) @@ -1147,7 +1147,7 @@ class TestActivateBuildTrigger0byeDevtableShared(ApiTestCase): self._set_url(ActivateBuildTrigger, trigger_uuid="0BYE", repository="devtable/shared") def test_post_anonymous(self): - self._run_test('POST', 403, None, None) + self._run_test('POST', 401, None, None) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', None) @@ -1165,7 +1165,7 @@ class TestActivateBuildTrigger0byeBuynlargeOrgrepo(ApiTestCase): self._set_url(ActivateBuildTrigger, trigger_uuid="0BYE", repository="buynlarge/orgrepo") def test_post_anonymous(self): - self._run_test('POST', 403, None, None) + self._run_test('POST', 401, None, None) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', None) @@ -1201,7 +1201,7 @@ class TestRepositoryImageChangesPtsgDevtableShared(ApiTestCase): self._set_url(RepositoryImageChanges, image_id="PTSG", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1219,7 +1219,7 @@ class TestRepositoryImageChangesPtsgBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryImageChanges, image_id="PTSG", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1255,7 +1255,7 @@ class TestRepositoryBuildStatusFg86DevtableShared(ApiTestCase): self._set_url(RepositoryBuildStatus, build_uuid="FG86", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1273,7 +1273,7 @@ class TestRepositoryBuildStatusFg86BuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryBuildStatus, build_uuid="FG86", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1291,7 +1291,7 @@ class TestRepositoryBuildLogsS5j8PublicPublicrepo(ApiTestCase): self._set_url(RepositoryBuildLogs, build_uuid="S5J8", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1309,7 +1309,7 @@ class TestRepositoryBuildLogsS5j8DevtableShared(ApiTestCase): self._set_url(RepositoryBuildLogs, build_uuid="S5J8", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1327,7 +1327,7 @@ class TestRepositoryBuildLogsS5j8BuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryBuildLogs, build_uuid="S5J8", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1363,7 +1363,7 @@ class TestRepositoryTagImagesTn96DevtableShared(ApiTestCase): self._set_url(RepositoryTagImages, tag="TN96", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1381,7 +1381,7 @@ class TestRepositoryTagImagesTn96BuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryTagImages, tag="TN96", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1399,7 +1399,7 @@ class TestPermissionPrototypeBuynlargeL24b(ApiTestCase): self._set_url(PermissionPrototype, orgname="buynlarge", prototypeid="L24B") def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -1411,7 +1411,7 @@ class TestPermissionPrototypeBuynlargeL24b(ApiTestCase): self._run_test('PUT', 404, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1429,7 +1429,7 @@ class TestOrganizationMemberBuynlargeDevtable(ApiTestCase): self._set_url(OrganizationMember, orgname="buynlarge", membername="devtable") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1447,7 +1447,7 @@ class TestOrgRobotBuynlargeZ7pd(ApiTestCase): self._set_url(OrgRobot, orgname="buynlarge", robot_shortname="Z7PD") def test_put_anonymous(self): - self._run_test('PUT', 403, None, None) + self._run_test('PUT', 401, None, None) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', None) @@ -1459,7 +1459,7 @@ class TestOrgRobotBuynlargeZ7pd(ApiTestCase): self._run_test('PUT', 400, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1477,7 +1477,7 @@ class TestOrganizationTeamBuynlargeReaders(ApiTestCase): self._set_url(OrganizationTeam, orgname="buynlarge", teamname="readers") def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'member'}) + self._run_test('PUT', 401, None, {u'role': u'member'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'member'}) @@ -1489,7 +1489,7 @@ class TestOrganizationTeamBuynlargeReaders(ApiTestCase): self._run_test('PUT', 200, 'devtable', {u'role': u'member'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1507,7 +1507,7 @@ class TestOrganizationTeamBuynlargeOwners(ApiTestCase): self._set_url(OrganizationTeam, orgname="buynlarge", teamname="owners") def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'member'}) + self._run_test('PUT', 401, None, {u'role': u'member'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'member'}) @@ -1519,7 +1519,7 @@ class TestOrganizationTeamBuynlargeOwners(ApiTestCase): self._run_test('PUT', 400, 'devtable', {u'role': u'member'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1537,7 +1537,7 @@ class TestRepositoryTeamPermissionListPublicPublicrepo(ApiTestCase): self._set_url(RepositoryTeamPermissionList, repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1555,7 +1555,7 @@ class TestRepositoryTeamPermissionListDevtableShared(ApiTestCase): self._set_url(RepositoryTeamPermissionList, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1573,7 +1573,7 @@ class TestRepositoryTeamPermissionListBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryTeamPermissionList, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1591,7 +1591,7 @@ class TestRepositoryUserPermissionListPublicPublicrepo(ApiTestCase): self._set_url(RepositoryUserPermissionList, repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1609,7 +1609,7 @@ class TestRepositoryUserPermissionListDevtableShared(ApiTestCase): self._set_url(RepositoryUserPermissionList, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1627,7 +1627,7 @@ class TestRepositoryUserPermissionListBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryUserPermissionList, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1645,7 +1645,7 @@ class TestBuildTriggerD6tiPublicPublicrepo(ApiTestCase): self._set_url(BuildTrigger, trigger_uuid="D6TI", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1657,7 +1657,7 @@ class TestBuildTriggerD6tiPublicPublicrepo(ApiTestCase): self._run_test('GET', 403, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1675,7 +1675,7 @@ class TestBuildTriggerD6tiDevtableShared(ApiTestCase): self._set_url(BuildTrigger, trigger_uuid="D6TI", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1687,7 +1687,7 @@ class TestBuildTriggerD6tiDevtableShared(ApiTestCase): self._run_test('GET', 404, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1705,7 +1705,7 @@ class TestBuildTriggerD6tiBuynlargeOrgrepo(ApiTestCase): self._set_url(BuildTrigger, trigger_uuid="D6TI", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1717,7 +1717,7 @@ class TestBuildTriggerD6tiBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 404, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1735,7 +1735,7 @@ class TestWebhookQfatPublicPublicrepo(ApiTestCase): self._set_url(Webhook, public_id="QFAT", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1747,7 +1747,7 @@ class TestWebhookQfatPublicPublicrepo(ApiTestCase): self._run_test('GET', 403, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1765,7 +1765,7 @@ class TestWebhookQfatDevtableShared(ApiTestCase): self._set_url(Webhook, public_id="QFAT", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1777,7 +1777,7 @@ class TestWebhookQfatDevtableShared(ApiTestCase): self._run_test('GET', 404, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1795,7 +1795,7 @@ class TestWebhookQfatBuynlargeOrgrepo(ApiTestCase): self._set_url(Webhook, public_id="QFAT", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1807,7 +1807,7 @@ class TestWebhookQfatBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 404, 'devtable', None) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1825,7 +1825,7 @@ class TestRepositoryTokenUjqbPublicPublicrepo(ApiTestCase): self._set_url(RepositoryToken, code="UJQB", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1837,7 +1837,7 @@ class TestRepositoryTokenUjqbPublicPublicrepo(ApiTestCase): self._run_test('GET', 403, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -1849,7 +1849,7 @@ class TestRepositoryTokenUjqbPublicPublicrepo(ApiTestCase): self._run_test('PUT', 403, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1867,7 +1867,7 @@ class TestRepositoryTokenUjqbDevtableShared(ApiTestCase): self._set_url(RepositoryToken, code="UJQB", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1879,7 +1879,7 @@ class TestRepositoryTokenUjqbDevtableShared(ApiTestCase): self._run_test('GET', 404, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -1891,7 +1891,7 @@ class TestRepositoryTokenUjqbDevtableShared(ApiTestCase): self._run_test('PUT', 400, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1909,7 +1909,7 @@ class TestRepositoryTokenUjqbBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryToken, code="UJQB", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1921,7 +1921,7 @@ class TestRepositoryTokenUjqbBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 404, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'role': u'read'}) + self._run_test('PUT', 401, None, {u'role': u'read'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'role': u'read'}) @@ -1933,7 +1933,7 @@ class TestRepositoryTokenUjqbBuynlargeOrgrepo(ApiTestCase): self._run_test('PUT', 400, 'devtable', {u'role': u'read'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -1969,7 +1969,7 @@ class TestRepositoryImage5avqDevtableShared(ApiTestCase): self._set_url(RepositoryImage, image_id="5AVQ", repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -1987,7 +1987,7 @@ class TestRepositoryImage5avqBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryImage, image_id="5AVQ", repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2005,7 +2005,7 @@ class TestRepositoryTagHp8rPublicPublicrepo(ApiTestCase): self._set_url(RepositoryTag, tag="HP8R", repository="public/publicrepo") def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -2023,7 +2023,7 @@ class TestRepositoryTagHp8rDevtableShared(ApiTestCase): self._set_url(RepositoryTag, tag="HP8R", repository="devtable/shared") def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -2041,7 +2041,7 @@ class TestRepositoryTagHp8rBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryTag, tag="HP8R", repository="buynlarge/orgrepo") def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -2059,7 +2059,7 @@ class TestPermissionPrototypeListBuynlarge(ApiTestCase): self._set_url(PermissionPrototypeList, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2071,7 +2071,7 @@ class TestPermissionPrototypeListBuynlarge(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'role': u'read', + self._run_test('POST', 401, None, {u'role': u'read', u'delegate': {u'kind': u'user', u'name': '7DGP'}}) def test_post_freshuser(self): @@ -2093,7 +2093,7 @@ class TestOrgnaizationInvoiceListBuynlarge(ApiTestCase): self._set_url(OrgnaizationInvoiceList, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2111,7 +2111,7 @@ class TestOrgPrivateRepositoriesBuynlarge(ApiTestCase): self._set_url(OrgPrivateRepositories, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2129,7 +2129,7 @@ class TestOrgnaizationMemberListBuynlarge(ApiTestCase): self._set_url(OrgnaizationMemberList, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2147,7 +2147,7 @@ class TestOrgRobotListBuynlarge(ApiTestCase): self._set_url(OrgRobotList, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2165,7 +2165,7 @@ class TestOrganizationCardBuynlarge(ApiTestCase): self._set_url(OrganizationCard, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2177,7 +2177,7 @@ class TestOrganizationCardBuynlarge(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'token': '4VFR'}) + self._run_test('POST', 401, None, {u'token': '4VFR'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'token': '4VFR'}) @@ -2192,7 +2192,7 @@ class TestOrganizationPlanBuynlarge(ApiTestCase): self._set_url(OrganizationPlan, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2204,7 +2204,7 @@ class TestOrganizationPlanBuynlarge(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'plan': 'WWEI'}) + self._run_test('PUT', 401, None, {u'plan': 'WWEI'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'plan': 'WWEI'}) @@ -2219,7 +2219,7 @@ class TestOrgLogsBuynlarge(ApiTestCase): self._set_url(OrgLogs, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2237,7 +2237,7 @@ class TestRepositoryVisibilityPublicPublicrepo(ApiTestCase): self._set_url(RepositoryVisibility, repository="public/publicrepo") def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'visibility': u'public'}) + self._run_test('POST', 401, None, {u'visibility': u'public'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'visibility': u'public'}) @@ -2255,7 +2255,7 @@ class TestRepositoryVisibilityDevtableShared(ApiTestCase): self._set_url(RepositoryVisibility, repository="devtable/shared") def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'visibility': u'public'}) + self._run_test('POST', 401, None, {u'visibility': u'public'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'visibility': u'public'}) @@ -2273,7 +2273,7 @@ class TestRepositoryVisibilityBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryVisibility, repository="buynlarge/orgrepo") def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'visibility': u'public'}) + self._run_test('POST', 401, None, {u'visibility': u'public'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'visibility': u'public'}) @@ -2291,7 +2291,7 @@ class TestBuildTriggerListPublicPublicrepo(ApiTestCase): self._set_url(BuildTriggerList, repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2309,7 +2309,7 @@ class TestBuildTriggerListDevtableShared(ApiTestCase): self._set_url(BuildTriggerList, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2327,7 +2327,7 @@ class TestBuildTriggerListBuynlargeOrgrepo(ApiTestCase): self._set_url(BuildTriggerList, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2345,7 +2345,7 @@ class TestWebhookListPublicPublicrepo(ApiTestCase): self._set_url(WebhookList, repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2357,7 +2357,7 @@ class TestWebhookListPublicPublicrepo(ApiTestCase): self._run_test('GET', 403, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -2375,7 +2375,7 @@ class TestWebhookListDevtableShared(ApiTestCase): self._set_url(WebhookList, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2387,7 +2387,7 @@ class TestWebhookListDevtableShared(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -2405,7 +2405,7 @@ class TestWebhookListBuynlargeOrgrepo(ApiTestCase): self._set_url(WebhookList, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2417,7 +2417,7 @@ class TestWebhookListBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {}) + self._run_test('POST', 401, None, {}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {}) @@ -2435,7 +2435,7 @@ class TestRepositoryTokenListPublicPublicrepo(ApiTestCase): self._set_url(RepositoryTokenList, repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2447,7 +2447,7 @@ class TestRepositoryTokenListPublicPublicrepo(ApiTestCase): self._run_test('GET', 403, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'friendlyName': 'R1CN'}) + self._run_test('POST', 401, None, {u'friendlyName': 'R1CN'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'friendlyName': 'R1CN'}) @@ -2465,7 +2465,7 @@ class TestRepositoryTokenListDevtableShared(ApiTestCase): self._set_url(RepositoryTokenList, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2477,7 +2477,7 @@ class TestRepositoryTokenListDevtableShared(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'friendlyName': 'R1CN'}) + self._run_test('POST', 401, None, {u'friendlyName': 'R1CN'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'friendlyName': 'R1CN'}) @@ -2495,7 +2495,7 @@ class TestRepositoryTokenListBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryTokenList, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2507,7 +2507,7 @@ class TestRepositoryTokenListBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'friendlyName': 'R1CN'}) + self._run_test('POST', 401, None, {u'friendlyName': 'R1CN'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'friendlyName': 'R1CN'}) @@ -2537,7 +2537,7 @@ class TestRepositoryBuildListPublicPublicrepo(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'file_id': 'UX7K'}) + self._run_test('POST', 401, None, {u'file_id': 'UX7K'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'file_id': 'UX7K'}) @@ -2555,7 +2555,7 @@ class TestRepositoryBuildListDevtableShared(ApiTestCase): self._set_url(RepositoryBuildList, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2567,7 +2567,7 @@ class TestRepositoryBuildListDevtableShared(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'file_id': 'UX7K'}) + self._run_test('POST', 401, None, {u'file_id': 'UX7K'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'file_id': 'UX7K'}) @@ -2585,7 +2585,7 @@ class TestRepositoryBuildListBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryBuildList, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2597,7 +2597,7 @@ class TestRepositoryBuildListBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_post_anonymous(self): - self._run_test('POST', 403, None, {u'file_id': 'UX7K'}) + self._run_test('POST', 401, None, {u'file_id': 'UX7K'}) def test_post_freshuser(self): self._run_test('POST', 403, 'freshuser', {u'file_id': 'UX7K'}) @@ -2633,7 +2633,7 @@ class TestRepositoryImageListDevtableShared(ApiTestCase): self._set_url(RepositoryImageList, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2651,7 +2651,7 @@ class TestRepositoryImageListBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryImageList, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2669,7 +2669,7 @@ class TestRepositoryLogsPublicPublicrepo(ApiTestCase): self._set_url(RepositoryLogs, repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2687,7 +2687,7 @@ class TestRepositoryLogsDevtableShared(ApiTestCase): self._set_url(RepositoryLogs, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2705,7 +2705,7 @@ class TestRepositoryLogsBuynlargeOrgrepo(ApiTestCase): self._set_url(RepositoryLogs, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2753,7 +2753,7 @@ class TestOrganizationBuynlarge(ApiTestCase): self._set_url(Organization, orgname="buynlarge") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2765,7 +2765,7 @@ class TestOrganizationBuynlarge(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {}) + self._run_test('PUT', 401, None, {}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {}) @@ -2795,7 +2795,7 @@ class TestRepositoryPublicPublicrepo(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'description': 'WXNG'}) + self._run_test('PUT', 401, None, {u'description': 'WXNG'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'description': 'WXNG'}) @@ -2807,7 +2807,7 @@ class TestRepositoryPublicPublicrepo(ApiTestCase): self._run_test('PUT', 403, 'devtable', {u'description': 'WXNG'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -2825,7 +2825,7 @@ class TestRepositoryDevtableShared(ApiTestCase): self._set_url(Repository, repository="devtable/shared") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2837,7 +2837,7 @@ class TestRepositoryDevtableShared(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'description': 'WXNG'}) + self._run_test('PUT', 401, None, {u'description': 'WXNG'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'description': 'WXNG'}) @@ -2849,7 +2849,7 @@ class TestRepositoryDevtableShared(ApiTestCase): self._run_test('PUT', 200, 'devtable', {u'description': 'WXNG'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) @@ -2867,7 +2867,7 @@ class TestRepositoryBuynlargeOrgrepo(ApiTestCase): self._set_url(Repository, repository="buynlarge/orgrepo") def test_get_anonymous(self): - self._run_test('GET', 403, None, None) + self._run_test('GET', 401, None, None) def test_get_freshuser(self): self._run_test('GET', 403, 'freshuser', None) @@ -2879,7 +2879,7 @@ class TestRepositoryBuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 200, 'devtable', None) def test_put_anonymous(self): - self._run_test('PUT', 403, None, {u'description': 'WXNG'}) + self._run_test('PUT', 401, None, {u'description': 'WXNG'}) def test_put_freshuser(self): self._run_test('PUT', 403, 'freshuser', {u'description': 'WXNG'}) @@ -2891,7 +2891,7 @@ class TestRepositoryBuynlargeOrgrepo(ApiTestCase): self._run_test('PUT', 200, 'devtable', {u'description': 'WXNG'}) def test_delete_anonymous(self): - self._run_test('DELETE', 403, None, None) + self._run_test('DELETE', 401, None, None) def test_delete_freshuser(self): self._run_test('DELETE', 403, 'freshuser', None) diff --git a/test/test_api_usage.py b/test/test_api_usage.py index bb86e4682..aaf812aad 100644 --- a/test/test_api_usage.py +++ b/test/test_api_usage.py @@ -828,7 +828,7 @@ class TestGetRepository(ApiTestCase): def test_getrepo_org_asnonmember(self): self.getResponse(Repository, params=dict(repository=ORGANIZATION + '/' + ORG_REPO), - expected_code=403) + expected_code=401) def test_getrepo_org_asreader(self): self.login(READ_ACCESS_USER)