Add ability for users to see their authorized applications and revoke the access

2014-03-24 20:57:02 -04:00 · 2014-03-24 20:57:02 -04:00 · c82d1ffe98
commit c82d1ffe98
parent e92cf37583
10 changed files with 262 additions and 3 deletions
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@ -17,7 +17,7 @@ from endpoints.api.trigger import (BuildTriggerActivate, BuildTriggerSources, Bu
                                   BuildTriggerList)
 from endpoints.api.webhook import Webhook, WebhookList
 from endpoints.api.user import (PrivateRepositories, ConvertToOrganization, Recovery, Signout,
-                                Signin, User)
+                                Signin, User, UserAuthorizationList, UserAuthorization)
 from endpoints.api.repotoken import RepositoryToken, RepositoryTokenList
 from endpoints.api.prototype import PermissionPrototype, PermissionPrototypeList
 from endpoints.api.logs import UserLogs, OrgLogs, RepositoryLogs
@ -3039,5 +3039,56 @@ class TestOrganizationApplicationResetClientSecret(ApiTestCase):
    self._run_test('POST', 200, 'devtable', None)


+
+class TestUserAuthorizationList(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(UserAuthorizationList)
+
+  def test_get_anonymous(self):
+    self._run_test('GET', 401, None, None)
+
+  def test_get_freshuser(self):
+    self._run_test('GET', 200, 'freshuser', None)
+
+  def test_get_reader(self):
+    self._run_test('GET', 200, 'reader', None)
+
+  def test_get_devtable(self):
+    self._run_test('GET', 200, 'devtable', None)
+
+
+
+class TestUserAuthorization(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(UserAuthorization, access_token_uuid='fake')
+
+  def test_get_anonymous(self):
+    self._run_test('GET', 401, None, None)
+
+  def test_get_freshuser(self):
+    self._run_test('GET', 404, 'freshuser', None)
+
+  def test_get_reader(self):
+    self._run_test('GET', 404, 'reader', None)
+
+  def test_get_devtable(self):
+    self._run_test('GET', 404, 'devtable', None)
+
+
+  def test_delete_anonymous(self):
+    self._run_test('DELETE', 401, None, None)
+
+  def test_delete_freshuser(self):
+    self._run_test('DELETE', 404, 'freshuser', None)
+
+  def test_delete_reader(self):
+    self._run_test('DELETE', 404, 'reader', None)
+
+  def test_delete_devtable(self):
+    self._run_test('DELETE', 404, 'devtable', None)
+
+
 if __name__ == '__main__':
  unittest.main()