From a73640761124fa562629f764a23d8aa3f9a73eaa Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 9 May 2016 11:16:01 +0200 Subject: [PATCH] Fix user:admin scope handling and add test --- auth/permissions.py | 1 + data/model/oauth.py | 9 +++++---- test/test_api_usage.py | 38 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 42 insertions(+), 6 deletions(-) diff --git a/auth/permissions.py b/auth/permissions.py index 641cfce33..f35d9b9c7 100644 --- a/auth/permissions.py +++ b/auth/permissions.py @@ -54,6 +54,7 @@ SCOPE_MAX_USER_ROLES = defaultdict(lambda: None) SCOPE_MAX_USER_ROLES.update({ scopes.READ_USER: 'read', scopes.DIRECT_LOGIN: 'admin', + scopes.ADMIN_USER: 'admin', }) def repository_read_grant(namespace, repository): diff --git a/data/model/oauth.py b/data/model/oauth.py index bdec2f7a1..7ee82185d 100644 --- a/data/model/oauth.py +++ b/data/model/oauth.py @@ -282,9 +282,10 @@ def list_applications_for_org(org): return query -def create_access_token_for_testing(user_obj, client_id, scope): +def create_access_token_for_testing(user_obj, client_id, scope, access_token='test'): expires_at = datetime.utcnow() + timedelta(seconds=10000) application = get_application_for_client_id(client_id) - OAuthAccessToken.create(application=application, authorized_user=user_obj, scope=scope, - token_type='token', access_token='test', - expires_at=expires_at, refresh_token='', data='') + created = OAuthAccessToken.create(application=application, authorized_user=user_obj, scope=scope, + token_type='token', access_token=access_token, + expires_at=expires_at, refresh_token='', data='') + return created \ No newline at end of file diff --git a/test/test_api_usage.py b/test/test_api_usage.py index c6a75491c..2aefabd02 100644 --- a/test/test_api_usage.py +++ b/test/test_api_usage.py @@ -141,9 +141,12 @@ class ApiTestCase(unittest.TestCase): parsed = py_json.loads(data) return parsed - def postResponse(self, resource_name, params={}, data={}, file=None, expected_code=200): + def postResponse(self, resource_name, params={}, data={}, file=None, headers=None, + expected_code=200): data = py_json.dumps(data) - headers = {"Content-Type": "application/json"} + + headers = headers or {} + headers.update({"Content-Type": "application/json"}) if file is not None: data = {'file': file} @@ -801,6 +804,37 @@ class TestCreateOrganization(ApiTestCase): self.assertEquals(True, json['is_admin']) + def test_createorg_viaoauth(self): + # Attempt with no auth. + self.postResponse(OrganizationList, + data=dict(name='neworg', + email='testorg@example.com'), + expected_code=401) + + # Attempt with auth with invalid scope. + dt_user = model.user.get_user(ADMIN_ACCESS_USER) + token = model.oauth.create_access_token_for_testing(dt_user, 'deadbeef', 'repo:read', + access_token='foo') + self.postResponse(OrganizationList, + data=dict(name='neworg', + email='testorg@example.com'), + headers=dict(Authorization='Bearer ' + token.access_token), + expected_code=403) + + + # Create OAuth token with user:admin scope. + token = model.oauth.create_access_token_for_testing(dt_user, 'deadbeef', 'user:admin', + access_token='bar') + + data = self.postResponse(OrganizationList, + data=dict(name='neworg', + email='testorg@example.com'), + headers=dict(Authorization='Bearer ' + token.access_token), + expected_code=201) + + self.assertEquals('"Created"', data) + + class TestGetOrganization(ApiTestCase): def test_unknownorg(self): self.login(ADMIN_ACCESS_USER)