Allura/allura/tests/functional/test_rest_api_tickets.py - allura - Git at Google

 #       Licensed to the Apache Software Foundation (ASF) under one
 #       or more contributor license agreements.  See the NOTICE file
 #       distributed with this work for additional information
 #       regarding copyright ownership.  The ASF licenses this file
 #       to you under the Apache License, Version 2.0 (the
 #       "License"); you may not use this file except in compliance
 #       with the License.  You may obtain a copy of the License at
 #
 #         http://www.apache.org/licenses/LICENSE-2.0
 #
 #       Unless required by applicable law or agreed to in writing,
 #       software distributed under the License is distributed on an
 #       "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 #       KIND, either express or implied.  See the License for the
 #       specific language governing permissions and limitations
 #       under the License.

 from datetime import datetime, timedelta

 from ming.orm import session

 from allura import model as M
 from allura.tests import decorators as td
 from alluratest.controller import TestRestApiBase


 class TestApiTicket(TestRestApiBase):

     def set_api_ticket(self, expire=None):
         if not expire:
             expire = timedelta(days=1)
         api_ticket = M.ApiTicket(user_id=self.user._id, capabilities={'import': ['Projects','test']},
                                  expires=datetime.utcnow() + expire)
         session(api_ticket).flush()
         self.set_api_token(api_ticket)

     def test_bad_signature(self):
         self.set_api_ticket()
         r = self.api_post('/rest/p/test/wiki/', api_signature='foo')
         assert r.status_int == 403

     def test_bad_token(self):
         self.set_api_ticket()
         r = self.api_post('/rest/p/test/wiki/', api_key='foo')
         assert r.status_int == 403

     def test_bad_timestamp(self):
         self.set_api_ticket()
         r = self.api_post('/rest/p/test/wiki/', api_timestamp=(datetime.utcnow() + timedelta(days=1)).isoformat())
         assert r.status_int == 403

     def test_bad_path(self):
         self.set_api_ticket()
         r = self.api_post('/rest/1/test/wiki/')
         assert r.status_int == 404
         r = self.api_post('/rest/p/1223/wiki/')
         assert r.status_int == 404
         r = self.api_post('/rest/p/test/12wiki/')
         assert r.status_int == 404

     def test_no_api(self):
         self.set_api_ticket()
         r = self.api_post('/rest/p/test/admin/')
         assert r.status_int == 404

     @td.with_wiki
     def test_project_ping(self):
         self.set_api_ticket()
         r = self.api_get('/rest/p/test/wiki/Home/')
         assert r.status_int == 200
         assert r.json['title'] == 'Home', r.json

     def test_project_ping_expired_ticket(self):
         self.set_api_ticket(timedelta(seconds=-1))
         r = self.api_post('/rest/p/test/wiki/')
         assert r.status_int == 403

     @td.with_tool('test/sub1', 'Wiki', 'wiki')
     def test_subproject_ping(self):
         self.set_api_ticket()
         r = self.api_get('/rest/p/test/sub1/wiki/Home/')
         assert r.status_int == 200
         assert r.json['title'] == 'Home', r.json
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	from datetime import datetime, timedelta

	from ming.orm import session

	from allura import model as M
	from allura.tests import decorators as td
	from alluratest.controller import TestRestApiBase


	class TestApiTicket(TestRestApiBase):

	def set_api_ticket(self, expire=None):
	if not expire:
	expire = timedelta(days=1)
	api_ticket = M.ApiTicket(user_id=self.user._id, capabilities={'import': ['Projects','test']},
	expires=datetime.utcnow() + expire)
	session(api_ticket).flush()
	self.set_api_token(api_ticket)

	def test_bad_signature(self):
	self.set_api_ticket()
	r = self.api_post('/rest/p/test/wiki/', api_signature='foo')
	assert r.status_int == 403

	def test_bad_token(self):
	self.set_api_ticket()
	r = self.api_post('/rest/p/test/wiki/', api_key='foo')
	assert r.status_int == 403

	def test_bad_timestamp(self):
	self.set_api_ticket()
	r = self.api_post('/rest/p/test/wiki/', api_timestamp=(datetime.utcnow() + timedelta(days=1)).isoformat())
	assert r.status_int == 403

	def test_bad_path(self):
	self.set_api_ticket()
	r = self.api_post('/rest/1/test/wiki/')
	assert r.status_int == 404
	r = self.api_post('/rest/p/1223/wiki/')
	assert r.status_int == 404
	r = self.api_post('/rest/p/test/12wiki/')
	assert r.status_int == 404

	def test_no_api(self):
	self.set_api_ticket()
	r = self.api_post('/rest/p/test/admin/')
	assert r.status_int == 404

	@td.with_wiki
	def test_project_ping(self):
	self.set_api_ticket()
	r = self.api_get('/rest/p/test/wiki/Home/')
	assert r.status_int == 200
	assert r.json['title'] == 'Home', r.json

	def test_project_ping_expired_ticket(self):
	self.set_api_ticket(timedelta(seconds=-1))
	r = self.api_post('/rest/p/test/wiki/')
	assert r.status_int == 403

	@td.with_tool('test/sub1', 'Wiki', 'wiki')
	def test_subproject_ping(self):
	self.set_api_ticket()
	r = self.api_get('/rest/p/test/sub1/wiki/Home/')
	assert r.status_int == 200
	assert r.json['title'] == 'Home', r.json