Add superuser abilities: create user, show logs. Also fix the super users UI to show the user drop down and make all superuser API calls require fresh login

2014-10-01 13:55:09 -04:00 · 2014-10-01 13:55:09 -04:00 · d9c7e92637
commit d9c7e92637
parent 039d53ea6c
6 changed files with 225 additions and 29 deletions
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@ -1,5 +1,6 @@
 import unittest
 import json
+import datetime

 from urllib import urlencode
 from urlparse import urlparse, urlunparse, parse_qs
@ -41,7 +42,8 @@ from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repos
 from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission,
                                      RepositoryTeamPermissionList, RepositoryUserPermissionList)

-from endpoints.api.superuser import SuperUserLogs, SuperUserList, SuperUserManagement
+from endpoints.api.superuser import (SuperUserLogs, SuperUserList, SuperUserManagement,
+                                     SuperUserSendRecoveryEmail)


 try:
@ -78,6 +80,7 @@ class ApiTestCase(unittest.TestCase):
        if auth_username:
          loaded = model.get_user(auth_username)
          sess['user_id'] = loaded.id
+          sess['login_time'] = datetime.datetime.now()
        sess[CSRF_TOKEN_KEY] = CSRF_TOKEN

      # Restore the teardown functions
@ -512,13 +515,13 @@ class TestUser(ApiTestCase):
    self._run_test('PUT', 401, None, {})

  def test_put_freshuser(self):
-    self._run_test('PUT', 401, 'freshuser', {})
+    self._run_test('PUT', 200, 'freshuser', {})

  def test_put_reader(self):
-    self._run_test('PUT', 401, 'reader', {})
+    self._run_test('PUT', 200, 'reader', {})

  def test_put_devtable(self):
-    self._run_test('PUT', 401, 'devtable', {})
+    self._run_test('PUT', 200, 'devtable', {})

  def test_post_anonymous(self):
    self._run_test('POST', 400, None, {u'username': 'T946', u'password': '0SG4', u'email': 'MENT'})
@ -3585,6 +3588,24 @@ class TestSuperUserLogs(ApiTestCase):
    self._run_test('GET', 200, 'devtable', None)


+class TestSuperUserSendRecoveryEmail(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(SuperUserSendRecoveryEmail, username='someuser')
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 404, 'devtable', None)
+
+
 class TestTeamMemberInvite(ApiTestCase):
  def setUp(self):
    ApiTestCase.setUp(self)
@ -3621,7 +3642,7 @@ class TestSuperUserList(ApiTestCase):
    self._set_url(SuperUserList)

  def test_get_anonymous(self):
-    self._run_test('GET', 403, None, None)
+    self._run_test('GET', 401, None, None)

  def test_get_freshuser(self):
    self._run_test('GET', 403, 'freshuser', None)
@ -3639,7 +3660,7 @@ class TestSuperUserManagement(ApiTestCase):
    self._set_url(SuperUserManagement, username='freshuser')

  def test_get_anonymous(self):
-    self._run_test('GET', 403, None, None)
+    self._run_test('GET', 401, None, None)

  def test_get_freshuser(self):
    self._run_test('GET', 403, 'freshuser', None)
@ -3652,7 +3673,7 @@ class TestSuperUserManagement(ApiTestCase):


  def test_put_anonymous(self):
-    self._run_test('PUT', 403, None, {})
+    self._run_test('PUT', 401, None, {})

  def test_put_freshuser(self):
    self._run_test('PUT', 403, 'freshuser', {})
@ -3665,7 +3686,7 @@ class TestSuperUserManagement(ApiTestCase):


  def test_delete_anonymous(self):
-    self._run_test('DELETE', 403, None, None)
+    self._run_test('DELETE', 401, None, None)

  def test_delete_freshuser(self):
    self._run_test('DELETE', 403, 'freshuser', None)