# -*- coding: utf-8 -*- """ (c) 2019 - Copyright Red Hat Inc Authors: Pierre-Yves Chibon """ from __future__ import unicode_literals, absolute_import import arrow import copy import datetime import unittest import shutil import sys import time import os import flask import json import munch from mock import patch, MagicMock from sqlalchemy.exc import SQLAlchemyError sys.path.insert( 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..") ) import pagure.lib.query import tests class PagureFlaskApiProjectBlockuserTests(tests.SimplePagureTest): """ Tests for the flask API of pagure for assigning a PR """ maxDiff = None @patch("pagure.lib.git.update_git", MagicMock(return_value=True)) @patch("pagure.lib.notify.send_email", MagicMock(return_value=True)) def setUp(self): """ Set up the environnment, ran before every tests. """ super(PagureFlaskApiProjectBlockuserTests, self).setUp() tests.create_projects(self.session) tests.create_projects_git(os.path.join(self.path, "repos"), bare=True) tests.create_tokens(self.session) tests.create_tokens_acl(self.session) item = pagure.lib.model.Token( id="aaabbbcccdddeee", user_id=2, project_id=1, expiration=datetime.datetime.utcnow() + datetime.timedelta(days=30), ) self.session.add(item) self.session.commit() tests.create_tokens_acl(self.session, token_id="aaabbbcccdddeee") project = pagure.lib.query.get_authorized_project(self.session, "test") self.assertEqual(project.block_users, []) self.blocked_users = [] project = pagure.lib.query.get_authorized_project( self.session, "test2" ) project.block_users = ["foo"] self.session.add(project) self.session.commit() def tearDown(self): """ Tears down the environment at the end of the tests. """ project = pagure.lib.query.get_authorized_project(self.session, "test") self.assertEqual(project.block_users, self.blocked_users) super(PagureFlaskApiProjectBlockuserTests, self).tearDown() def test_api_blockuser_no_token(self): """ Test api_project_block_user method when no token is provided. """ # No token output = self.app.post("/api/0/test/blockuser") self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual( data, { "error": "Invalid or expired token. Please visit " "http://localhost.localdomain/settings#nav-api-tab to " "get or renew your API token.", "error_code": "EINVALIDTOK", "errors": "Invalid token", }, ) def test_api_blockuser_invalid_token(self): """ Test api_project_block_user method when the token provided is invalid. """ headers = {"Authorization": "token aaabbbcccd"} # Invalid token output = self.app.post("/api/0/test/blockuser", headers=headers) self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual( data, { "error": "Invalid or expired token. Please visit " "http://localhost.localdomain/settings#nav-api-tab to " "get or renew your API token.", "error_code": "EINVALIDTOK", "errors": "Invalid token", }, ) def test_api_blockuser_no_data(self): """ Test api_project_block_user method when no data is provided. """ headers = {"Authorization": "token aaabbbcccddd"} # No user blocked output = self.app.post("/api/0/test/blockuser", headers=headers) self.assertEqual(output.status_code, 200) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual(data, {"message": "User(s) blocked"}) def test_api_blockuser_invalid_user(self): """ Test api_project_block_user method when the data provided includes an invalid username. """ headers = {"Authorization": "token aaabbbcccddd"} data = {"username": ["invalid"]} # No user blocked output = self.app.post( "/api/0/test/blockuser", headers=headers, data=data ) self.assertEqual(output.status_code, 400) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual( data, {"error": 'No user "invalid" found', "error_code": "ENOCODE"} ) def test_api_blockuser_insufficient_rights(self): """ Test api_project_block_user method when the user doing the action does not have admin priviledges. """ headers = {"Authorization": "token aaabbbcccdddeee"} data = {"username": ["invalid"]} # No user blocked output = self.app.post( "/api/0/test/blockuser", headers=headers, data=data ) self.assertEqual(output.status_code, 401) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual( data, { "error": "You do not have sufficient permissions to perform " "this action", "error_code": "ENOTHIGHENOUGH", }, ) def test_api_blockuser_with_data(self): """ Test api_pull_request_assign method when the project doesn't exist. """ self.blocked_users = ["foo"] headers = {"Authorization": "token aaabbbcccddd"} data = {"username": ["foo"]} # user blocked output = self.app.post( "/api/0/test/blockuser", headers=headers, data=data ) self.assertEqual(output.status_code, 200) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual(data, {"message": "User(s) blocked"}) # Second request, no changes headers = {"Authorization": "token aaabbbcccddd"} data = {"username": ["foo"]} output = self.app.post( "/api/0/test/blockuser", headers=headers, data=data ) self.assertEqual(output.status_code, 200) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual(data, {"message": "User(s) blocked"}) def test_api_blockeduser_api(self): """ Test doing a POST request to the API when the user is blocked. """ self.blocked_users = ["pingou"] headers = {"Authorization": "token aaabbbcccddd"} data = {"username": ["pingou"]} # user blocked output = self.app.post( "/api/0/test/blockuser", headers=headers, data=data ) self.assertEqual(output.status_code, 200) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual(data, {"message": "User(s) blocked"}) # Second request, but user is blocked headers = {"Authorization": "token aaabbbcccddd"} data = {"username": ["foo"]} output = self.app.post( "/api/0/test/blockuser", headers=headers, data=data ) self.assertEqual(output.status_code, 403) data = json.loads(output.get_data(as_text=True)) self.assertDictEqual( data, { "error": "You have been blocked from this project", "error_code": "EUBLOCKED", }, ) def test_ui_new_issue_user_blocked(self): """ Test doing a POST request to the UI when the user is blocked. """ user = tests.FakeUser(username="foo") with tests.user_set(self.app.application, user): output = self.app.get("/test2/new_issue") self.assertEqual(output.status_code, 200) self.assertIn("New Issue", output.get_data(as_text=True)) csrf_token = self.get_csrf(output=output) data = { "title": "Test issue", "issue_content": "We really should improve on this issue", "status": "Open", "csrf_token": csrf_token, } output = self.app.post("/test2/new_issue", data=data) self.assertEqual(output.status_code, 403) output_text = output.get_data(as_text=True) self.assertIn( "

You have been blocked from this project

", output_text ) if __name__ == "__main__": unittest.main(verbosity=2)