test_pagure_flask_api_project_blockuser.py 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2019 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. """
  7. from __future__ import unicode_literals, absolute_import
  8. import arrow
  9. import copy
  10. import datetime
  11. import unittest
  12. import shutil
  13. import sys
  14. import time
  15. import os
  16. import flask
  17. import json
  18. import munch
  19. from mock import patch, MagicMock
  20. from sqlalchemy.exc import SQLAlchemyError
  21. sys.path.insert(
  22. 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
  23. )
  24. import pagure.lib.query
  25. import tests
  26. class PagureFlaskApiProjectBlockuserTests(tests.SimplePagureTest):
  27. """Tests for the flask API of pagure for assigning a PR"""
  28. maxDiff = None
  29. @patch("pagure.lib.git.update_git", MagicMock(return_value=True))
  30. @patch("pagure.lib.notify.send_email", MagicMock(return_value=True))
  31. def setUp(self):
  32. """Set up the environnment, ran before every tests."""
  33. super(PagureFlaskApiProjectBlockuserTests, self).setUp()
  34. tests.create_projects(self.session)
  35. tests.create_projects_git(os.path.join(self.path, "repos"), bare=True)
  36. tests.create_tokens(self.session)
  37. tests.create_tokens_acl(self.session)
  38. item = pagure.lib.model.Token(
  39. id="aaabbbcccdddeee",
  40. user_id=2,
  41. project_id=1,
  42. expiration=datetime.datetime.utcnow()
  43. + datetime.timedelta(days=30),
  44. )
  45. self.session.add(item)
  46. self.session.commit()
  47. tests.create_tokens_acl(self.session, token_id="aaabbbcccdddeee")
  48. project = pagure.lib.query.get_authorized_project(self.session, "test")
  49. self.assertEqual(project.block_users, [])
  50. self.blocked_users = []
  51. project = pagure.lib.query.get_authorized_project(
  52. self.session, "test2"
  53. )
  54. project.block_users = ["foo"]
  55. self.session.add(project)
  56. self.session.commit()
  57. def tearDown(self):
  58. """Tears down the environment at the end of the tests."""
  59. project = pagure.lib.query.get_authorized_project(self.session, "test")
  60. self.assertEqual(project.block_users, self.blocked_users)
  61. super(PagureFlaskApiProjectBlockuserTests, self).tearDown()
  62. def test_api_blockuser_no_token(self):
  63. """Test api_project_block_user method when no token is provided."""
  64. # No token
  65. output = self.app.post("/api/0/test/blockuser")
  66. self.assertEqual(output.status_code, 401)
  67. data = json.loads(output.get_data(as_text=True))
  68. self.assertDictEqual(
  69. data,
  70. {
  71. "error": "Invalid or expired token. Please visit "
  72. "http://localhost.localdomain/settings#nav-api-tab to "
  73. "get or renew your API token.",
  74. "error_code": "EINVALIDTOK",
  75. "errors": "Invalid token",
  76. },
  77. )
  78. def test_api_blockuser_invalid_token(self):
  79. """Test api_project_block_user method when the token provided is invalid."""
  80. headers = {"Authorization": "token aaabbbcccd"}
  81. # Invalid token
  82. output = self.app.post("/api/0/test/blockuser", headers=headers)
  83. self.assertEqual(output.status_code, 401)
  84. data = json.loads(output.get_data(as_text=True))
  85. self.assertDictEqual(
  86. data,
  87. {
  88. "error": "Invalid or expired token. Please visit "
  89. "http://localhost.localdomain/settings#nav-api-tab to "
  90. "get or renew your API token.",
  91. "error_code": "EINVALIDTOK",
  92. "errors": "Invalid token",
  93. },
  94. )
  95. def test_api_blockuser_no_data(self):
  96. """Test api_project_block_user method when no data is provided."""
  97. headers = {"Authorization": "token aaabbbcccddd"}
  98. # No user blocked
  99. output = self.app.post("/api/0/test/blockuser", headers=headers)
  100. self.assertEqual(output.status_code, 200)
  101. data = json.loads(output.get_data(as_text=True))
  102. self.assertDictEqual(data, {"message": "User(s) blocked"})
  103. def test_api_blockuser_invalid_user(self):
  104. """Test api_project_block_user method when the data provided includes
  105. an invalid username.
  106. """
  107. headers = {"Authorization": "token aaabbbcccddd"}
  108. data = {"username": ["invalid"]}
  109. # No user blocked
  110. output = self.app.post(
  111. "/api/0/test/blockuser", headers=headers, data=data
  112. )
  113. self.assertEqual(output.status_code, 400)
  114. data = json.loads(output.get_data(as_text=True))
  115. self.assertDictEqual(
  116. data, {"error": 'No user "invalid" found', "error_code": "ENOCODE"}
  117. )
  118. def test_api_blockuser_insufficient_rights(self):
  119. """Test api_project_block_user method when the user doing the action
  120. does not have admin priviledges.
  121. """
  122. headers = {"Authorization": "token aaabbbcccdddeee"}
  123. data = {"username": ["invalid"]}
  124. # No user blocked
  125. output = self.app.post(
  126. "/api/0/test/blockuser", headers=headers, data=data
  127. )
  128. self.assertEqual(output.status_code, 401)
  129. data = json.loads(output.get_data(as_text=True))
  130. self.assertDictEqual(
  131. data,
  132. {
  133. "error": "You do not have sufficient permissions to perform "
  134. "this action",
  135. "error_code": "ENOTHIGHENOUGH",
  136. },
  137. )
  138. def test_api_blockuser_with_data(self):
  139. """Test api_pull_request_assign method when the project doesn't exist."""
  140. self.blocked_users = ["foo"]
  141. headers = {"Authorization": "token aaabbbcccddd"}
  142. data = {"username": ["foo"]}
  143. # user blocked
  144. output = self.app.post(
  145. "/api/0/test/blockuser", headers=headers, data=data
  146. )
  147. self.assertEqual(output.status_code, 200)
  148. data = json.loads(output.get_data(as_text=True))
  149. self.assertDictEqual(data, {"message": "User(s) blocked"})
  150. # Second request, no changes
  151. headers = {"Authorization": "token aaabbbcccddd"}
  152. data = {"username": ["foo"]}
  153. output = self.app.post(
  154. "/api/0/test/blockuser", headers=headers, data=data
  155. )
  156. self.assertEqual(output.status_code, 200)
  157. data = json.loads(output.get_data(as_text=True))
  158. self.assertDictEqual(data, {"message": "User(s) blocked"})
  159. def test_api_blockeduser_api(self):
  160. """Test doing a POST request to the API when the user is blocked."""
  161. self.blocked_users = ["pingou"]
  162. headers = {"Authorization": "token aaabbbcccddd"}
  163. data = {"username": ["pingou"]}
  164. # user blocked
  165. output = self.app.post(
  166. "/api/0/test/blockuser", headers=headers, data=data
  167. )
  168. self.assertEqual(output.status_code, 200)
  169. data = json.loads(output.get_data(as_text=True))
  170. self.assertDictEqual(data, {"message": "User(s) blocked"})
  171. # Second request, but user is blocked
  172. headers = {"Authorization": "token aaabbbcccddd"}
  173. data = {"username": ["foo"]}
  174. output = self.app.post(
  175. "/api/0/test/blockuser", headers=headers, data=data
  176. )
  177. self.assertEqual(output.status_code, 403)
  178. data = json.loads(output.get_data(as_text=True))
  179. self.assertDictEqual(
  180. data,
  181. {
  182. "error": "You have been blocked from this project",
  183. "error_code": "EUBLOCKED",
  184. },
  185. )
  186. def test_ui_new_issue_user_blocked(self):
  187. """Test doing a POST request to the UI when the user is blocked."""
  188. user = tests.FakeUser(username="foo")
  189. with tests.user_set(self.app.application, user):
  190. output = self.app.get("/test2/new_issue")
  191. self.assertEqual(output.status_code, 200)
  192. self.assertIn("New Issue", output.get_data(as_text=True))
  193. csrf_token = self.get_csrf(output=output)
  194. data = {
  195. "title": "Test issue",
  196. "issue_content": "We really should improve on this issue",
  197. "status": "Open",
  198. "csrf_token": csrf_token,
  199. }
  200. output = self.app.post("/test2/new_issue", data=data)
  201. self.assertEqual(output.status_code, 403)
  202. output_text = output.get_data(as_text=True)
  203. self.assertIn(
  204. "<p>You have been blocked from this project</p>", output_text
  205. )
  206. if __name__ == "__main__":
  207. unittest.main(verbosity=2)