Fix user:admin scope handling and add test

2016-05-09 11:16:01 +02:00 · 2016-05-09 11:16:01 +02:00 · a736407611
commit a736407611
parent eae771a465
3 changed files with 42 additions and 6 deletions
--- a/auth/permissions.py
+++ b/auth/permissions.py
@ -54,6 +54,7 @@ SCOPE_MAX_USER_ROLES = defaultdict(lambda: None)
 SCOPE_MAX_USER_ROLES.update({
  scopes.READ_USER: 'read',
  scopes.DIRECT_LOGIN: 'admin',
+  scopes.ADMIN_USER: 'admin',
 })

 def repository_read_grant(namespace, repository):
--- a/data/model/oauth.py
+++ b/data/model/oauth.py
@ -282,9 +282,10 @@ def list_applications_for_org(org):
  return query


-def create_access_token_for_testing(user_obj, client_id, scope):
+def create_access_token_for_testing(user_obj, client_id, scope, access_token='test'):
  expires_at = datetime.utcnow() + timedelta(seconds=10000)
  application = get_application_for_client_id(client_id)
-  OAuthAccessToken.create(application=application, authorized_user=user_obj, scope=scope,
-                          token_type='token', access_token='test',
-                          expires_at=expires_at, refresh_token='', data='')
+  created = OAuthAccessToken.create(application=application, authorized_user=user_obj, scope=scope,
+                                    token_type='token', access_token=access_token,
+                                    expires_at=expires_at, refresh_token='', data='')
+  return created
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -141,9 +141,12 @@ class ApiTestCase(unittest.TestCase):
    parsed = py_json.loads(data)
    return parsed

-  def postResponse(self, resource_name, params={}, data={}, file=None, expected_code=200):
+  def postResponse(self, resource_name, params={}, data={}, file=None, headers=None,
+                   expected_code=200):
    data = py_json.dumps(data)
-    headers = {"Content-Type": "application/json"}
+
+    headers = headers or {}
+    headers.update({"Content-Type": "application/json"})

    if file is not None:
      data = {'file': file}
@ -801,6 +804,37 @@ class TestCreateOrganization(ApiTestCase):
    self.assertEquals(True, json['is_admin'])


+  def test_createorg_viaoauth(self):
+    # Attempt with no auth.
+    self.postResponse(OrganizationList,
+                      data=dict(name='neworg',
+                                email='testorg@example.com'),
+                      expected_code=401)
+
+    # Attempt with auth with invalid scope.
+    dt_user = model.user.get_user(ADMIN_ACCESS_USER)
+    token = model.oauth.create_access_token_for_testing(dt_user, 'deadbeef', 'repo:read',
+                                                        access_token='foo')
+    self.postResponse(OrganizationList,
+                      data=dict(name='neworg',
+                                email='testorg@example.com'),
+                      headers=dict(Authorization='Bearer ' + token.access_token),
+                      expected_code=403)
+
+
+    # Create OAuth token with user:admin scope.
+    token = model.oauth.create_access_token_for_testing(dt_user, 'deadbeef', 'user:admin',
+                                                        access_token='bar')
+
+    data = self.postResponse(OrganizationList,
+                             data=dict(name='neworg',
+                                       email='testorg@example.com'),
+                             headers=dict(Authorization='Bearer ' + token.access_token),
+                             expected_code=201)
+
+    self.assertEquals('"Created"', data)
+
+
 class TestGetOrganization(ApiTestCase):
  def test_unknownorg(self):
    self.login(ADMIN_ACCESS_USER)