Fix user:admin scope handling and add test
This commit is contained in:
parent
eae771a465
commit
a736407611
3 changed files with 42 additions and 6 deletions
|
@ -54,6 +54,7 @@ SCOPE_MAX_USER_ROLES = defaultdict(lambda: None)
|
||||||
SCOPE_MAX_USER_ROLES.update({
|
SCOPE_MAX_USER_ROLES.update({
|
||||||
scopes.READ_USER: 'read',
|
scopes.READ_USER: 'read',
|
||||||
scopes.DIRECT_LOGIN: 'admin',
|
scopes.DIRECT_LOGIN: 'admin',
|
||||||
|
scopes.ADMIN_USER: 'admin',
|
||||||
})
|
})
|
||||||
|
|
||||||
def repository_read_grant(namespace, repository):
|
def repository_read_grant(namespace, repository):
|
||||||
|
|
|
@ -282,9 +282,10 @@ def list_applications_for_org(org):
|
||||||
return query
|
return query
|
||||||
|
|
||||||
|
|
||||||
def create_access_token_for_testing(user_obj, client_id, scope):
|
def create_access_token_for_testing(user_obj, client_id, scope, access_token='test'):
|
||||||
expires_at = datetime.utcnow() + timedelta(seconds=10000)
|
expires_at = datetime.utcnow() + timedelta(seconds=10000)
|
||||||
application = get_application_for_client_id(client_id)
|
application = get_application_for_client_id(client_id)
|
||||||
OAuthAccessToken.create(application=application, authorized_user=user_obj, scope=scope,
|
created = OAuthAccessToken.create(application=application, authorized_user=user_obj, scope=scope,
|
||||||
token_type='token', access_token='test',
|
token_type='token', access_token=access_token,
|
||||||
expires_at=expires_at, refresh_token='', data='')
|
expires_at=expires_at, refresh_token='', data='')
|
||||||
|
return created
|
|
@ -141,9 +141,12 @@ class ApiTestCase(unittest.TestCase):
|
||||||
parsed = py_json.loads(data)
|
parsed = py_json.loads(data)
|
||||||
return parsed
|
return parsed
|
||||||
|
|
||||||
def postResponse(self, resource_name, params={}, data={}, file=None, expected_code=200):
|
def postResponse(self, resource_name, params={}, data={}, file=None, headers=None,
|
||||||
|
expected_code=200):
|
||||||
data = py_json.dumps(data)
|
data = py_json.dumps(data)
|
||||||
headers = {"Content-Type": "application/json"}
|
|
||||||
|
headers = headers or {}
|
||||||
|
headers.update({"Content-Type": "application/json"})
|
||||||
|
|
||||||
if file is not None:
|
if file is not None:
|
||||||
data = {'file': file}
|
data = {'file': file}
|
||||||
|
@ -801,6 +804,37 @@ class TestCreateOrganization(ApiTestCase):
|
||||||
self.assertEquals(True, json['is_admin'])
|
self.assertEquals(True, json['is_admin'])
|
||||||
|
|
||||||
|
|
||||||
|
def test_createorg_viaoauth(self):
|
||||||
|
# Attempt with no auth.
|
||||||
|
self.postResponse(OrganizationList,
|
||||||
|
data=dict(name='neworg',
|
||||||
|
email='testorg@example.com'),
|
||||||
|
expected_code=401)
|
||||||
|
|
||||||
|
# Attempt with auth with invalid scope.
|
||||||
|
dt_user = model.user.get_user(ADMIN_ACCESS_USER)
|
||||||
|
token = model.oauth.create_access_token_for_testing(dt_user, 'deadbeef', 'repo:read',
|
||||||
|
access_token='foo')
|
||||||
|
self.postResponse(OrganizationList,
|
||||||
|
data=dict(name='neworg',
|
||||||
|
email='testorg@example.com'),
|
||||||
|
headers=dict(Authorization='Bearer ' + token.access_token),
|
||||||
|
expected_code=403)
|
||||||
|
|
||||||
|
|
||||||
|
# Create OAuth token with user:admin scope.
|
||||||
|
token = model.oauth.create_access_token_for_testing(dt_user, 'deadbeef', 'user:admin',
|
||||||
|
access_token='bar')
|
||||||
|
|
||||||
|
data = self.postResponse(OrganizationList,
|
||||||
|
data=dict(name='neworg',
|
||||||
|
email='testorg@example.com'),
|
||||||
|
headers=dict(Authorization='Bearer ' + token.access_token),
|
||||||
|
expected_code=201)
|
||||||
|
|
||||||
|
self.assertEquals('"Created"', data)
|
||||||
|
|
||||||
|
|
||||||
class TestGetOrganization(ApiTestCase):
|
class TestGetOrganization(ApiTestCase):
|
||||||
def test_unknownorg(self):
|
def test_unknownorg(self):
|
||||||
self.login(ADMIN_ACCESS_USER)
|
self.login(ADMIN_ACCESS_USER)
|
||||||
|
|
Reference in a new issue