def test_update_authorized(self):
"""Update an existing cover letter comment as an authorized user.
To be authorized users must meet at least one of the following:
- project maintainer, cover letter submitter, or cover letter
comment submitter
Ensure updates can only be performed by authorized users.
"""
# Update as maintainer
person = create_person(user=self.user)
resp = self._test_update(person=person)
self.assertEqual(1, CoverComment.objects.all().count())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertTrue(resp.data['addressed'])
# Update as cover letter submitter
person = create_person(name='cover-submitter', user=create_user())
cover = create_cover(submitter=person)
resp = self._test_update(person=person, cover=cover)
self.assertEqual(2, CoverComment.objects.all().count())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertTrue(resp.data['addressed'])
# Update as cover letter comment submitter
person = create_person(name='comment-submitter', user=create_user())
cover = create_cover()
resp = self._test_update(person=person, cover=cover, submitter=person)
self.assertEqual(3, CoverComment.objects.all().count())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertTrue(resp.data['addressed'])
def test_update_other_user(self):
"""Update user as another, non-maintainer user."""
user_a = create_user()
user_b = create_user()
self.client.force_authenticate(user=user_a)
resp = self.client.patch(self.api_url(user_b.id),
{'first_name': 'Tan'})
self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
def test_update(self):
"""Ensure updates can be performed by maintainers."""
project = create_project()
patch = create_patch(project=project)
state = create_state()
# anonymous user
resp = self.client.patch(self.api_url(patch.id), {'state': state.name})
self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
# authenticated user
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.patch(self.api_url(patch.id), {'state': state.name})
self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
# maintainer
user = create_maintainer(project)
self.client.force_authenticate(user=user)
resp = self.client.patch(self.api_url(patch.id), {
'state': state.name, 'delegate': user.id})
self.assertEqual(status.HTTP_200_OK, resp.status_code, resp)
self.assertEqual(Patch.objects.get(id=patch.id).state, state)
self.assertEqual(Patch.objects.get(id=patch.id).delegate, user)
# (who can unset fields too)
# we need to send as JSON due to https://stackoverflow.com/q/30677216/
resp = self.client.patch(self.api_url(patch.id), {'delegate': None},
format='json')
self.assertEqual(status.HTTP_200_OK, resp.status_code, resp)
self.assertIsNone(Patch.objects.get(id=patch.id).delegate)
def test_patch_with_checks(self):
user = create_user()
patch = create_patch()
check_a = create_check(
patch=patch, user=user, context='foo', state=Check.STATE_FAIL,
date=(dt.utcnow() - timedelta(days=1)))
create_check(
patch=patch, user=user, context='foo', state=Check.STATE_SUCCESS)
check_b = create_check(
patch=patch, user=user, context='bar', state=Check.STATE_PENDING)
requested_url = reverse(
'patch-detail',
kwargs={
'project_id': patch.project.linkname,
'msgid': patch.url_msgid,
},
)
response = self.client.get(requested_url)
# the response should contain checks
self.assertContains(response, '<h2>Checks</h2>')
# and it should only show the unique checks
self.assertEqual(
1, response.content.decode().count(
f'<td>{check_a.user}/{check_a.context}</td>'
))
self.assertEqual(
1, response.content.decode().count(
f'<td>{check_b.user}/{check_b.context}</td>'
))
def setUp(self, count=3):
self.user = create_user()
self.client.login(username=self.user.username,
password=self.user.username)
self.bundle = create_bundle(owner=self.user)
self.project = create_project()
self.patches = create_patches(count, project=self.project)
def test_list(self):
"""Validate we can list a patch."""
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(0, len(resp.data))
state_obj = create_state(name='Under Review')
patch_obj = create_patch(state=state_obj)
# anonymous user
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(1, len(resp.data))
patch_rsp = resp.data[0]
self.assertSerialized(patch_obj, patch_rsp)
self.assertNotIn('headers', patch_rsp)
self.assertNotIn('content', patch_rsp)
self.assertNotIn('diff', patch_rsp)
# test filtering by state
resp = self.client.get(self.api_url(), {'state': 'under-review'})
self.assertEqual([patch_obj.id], [x['id'] for x in resp.data])
resp = self.client.get(self.api_url(), {'state': 'missing-state'})
self.assertEqual(0, len(resp.data))
# authenticated user
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(1, len(resp.data))
patch_rsp = resp.data[0]
self.assertSerialized(patch_obj, patch_rsp)
def test_patch_submitter_expiry(self):
# someone submits a patch...
patch = create_patch()
submitter = patch.submitter
# ... then starts registration...
date = ((datetime.datetime.utcnow() - EmailConfirmation.validity) -
datetime.timedelta(hours=1))
user = create_user(link_person=False, email=submitter.email)
user.is_active = False
user.date_joined = user.last_login = date
user.save()
conf = EmailConfirmation(type='registration', user=user,
email=user.email)
conf.date = date
conf.save()
# ... which expires
expire_notifications()
# we should see no matching user
self.assertFalse(User.objects.filter(email=patch.submitter.email)
.exists())
# but the patch and person should still be present
self.assertTrue(Person.objects.filter(pk=submitter.pk).exists())
self.assertTrue(Patch.objects.filter(pk=patch.pk).exists())
# and there should be no user associated with the person
self.assertEqual(Person.objects.get(pk=submitter.pk).user, None)
def setUp(self):
self.secondary_email = '*****@*****.**'
self.user = create_user()
self.client.login(username=self.user.username,
password=self.user.username)
def setUp(self):
self.default_state = create_state()
self.nondefault_state = create_state()
self.patch = read_patch(self.patch_filename)
self.user = create_user()
self.project = create_project()
def test_list(self):
"""Validate we can list bundles."""
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(0, len(resp.data))
user = create_user()
bundle_public = create_bundle(public=True, owner=user)
bundle_private = create_bundle(public=False, owner=user)
# anonymous users
# should only see the public bundle
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(1, len(resp.data))
bundle_rsp = resp.data[0]
self.assertSerialized(bundle_public, bundle_rsp)
# authenticated user
# should see the public and private bundle
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(2, len(resp.data))
for bundle_rsp, bundle_obj in zip(resp.data,
[bundle_public, bundle_private]):
self.assertSerialized(bundle_obj, bundle_rsp)
def test_patch_submitter_expiry(self):
# someone submits a patch...
patch = create_patch()
submitter = patch.submitter
# ... then starts registration...
date = ((datetime.datetime.utcnow() - EmailConfirmation.validity) -
datetime.timedelta(hours=1))
user = create_user(link_person=False, email=submitter.email)
user.is_active = False
user.date_joined = user.last_login = date
user.save()
conf = EmailConfirmation(type='registration',
user=user,
email=user.email)
conf.date = date
conf.save()
# ... which expires
expire_notifications()
# we should see no matching user
self.assertFalse(
User.objects.filter(email=patch.submitter.email).exists())
# but the patch and person should still be present
self.assertTrue(Person.objects.filter(pk=submitter.pk).exists())
self.assertTrue(Patch.objects.filter(pk=patch.pk).exists())
# and there should be no user associated with the person
self.assertEqual(Person.objects.get(pk=submitter.pk).user, None)
def setUp(self):
self.user = create_user()
self.password = User.objects.make_random_password()
self.user.set_password(self.password)
self.user.save()
self.client.login(username=self.user.username, password=self.password)
def setUp(self):
super(BundlePrivateViewTest, self).setUp()
self.bundle.public = False
self.bundle.save()
self.bundle.append_patch(self.patches[0])
self.url = bundle_url(self.bundle)
self.other_user = create_user()
def test_update(self):
"""Ensure updates can be performed by maintainers."""
project = create_project()
data = {'web_url': 'TEST'}
# an anonymous user
resp = self.client.patch(self.api_url(project.id), data)
self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
# a normal user
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.patch(self.api_url(project.id), data)
self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
# a maintainer
user = create_maintainer(project)
self.client.force_authenticate(user=user)
resp = self.client.patch(self.api_url(project.id), data)
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(resp.data['web_url'], 'TEST')
# ...with the exception of some read-only fields
resp = self.client.patch(self.api_url(project.id), {
'link_name': 'test'})
# NOTE(stephenfin): This actually returns HTTP 200 due to
# https://github.com/encode/django-rest-framework/issues/1655
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertNotEqual(resp.data['link_name'], 'test')
def test_unlink_another_user(self):
other_user = create_user()
self._test_unlink_post(other_user.email)
person = Person.objects.get(email=other_user.email)
self.assertIsNone(person.user)
def setUp(self):
self.user = create_user()
self.secondary_email = _generate_secondary_email(self.user)
self.conf = EmailConfirmation(type='userperson',
email=self.secondary_email,
user=self.user)
self.conf.save()
def testExistingUsername(self):
user = create_user()
data = self.default_data.copy()
data['username'] = user.username
response = self.client.post('/register/', data)
self.assertEquals(response.status_code, 200)
self.assertFormError(response, 'form', 'username',
'This username is already taken. Please choose another.')
def setUp(self):
self.user = create_user()
self.secondary_email = _generate_secondary_email(self.user)
self.conf = EmailConfirmation(type='userperson',
email=self.secondary_email,
user=self.user)
self.conf.save()
def test_detail_authenticated(self):
"""Show user as authenticated user."""
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url(user.id))
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertSerialized(user, resp.data)
def test_patchwork_delegate_header(self):
"""Validate inclusion of generated 'X-Patchwork-Delegate' header."""
user = create_user()
patch = create_patch(delegate=user)
response = self.client.get(
reverse('patch-mbox', args=[patch.project.linkname,
patch.url_msgid]))
self.assertContains(response, 'X-Patchwork-Delegate: %s' % user.email)
def test_update_self(self):
"""Update user as self."""
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.patch(self.api_url(user.id), {'first_name': 'Tan'})
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertSerialized(user, resp.data)
def test_update_self(self):
"""Update user as self."""
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.patch(self.api_url(user.id), {'first_name': 'Tan'})
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertSerialized(user, resp.data)
def setUp(self):
self.user = create_user()
self.password = User.objects.make_random_password()
self.user.set_password(self.password)
self.user.save()
self.client.login(username=self.user.username,
password=self.password)
def setUp(self):
self.patch = read_patch(self.patch_filename)
self.user = create_user()
self.p1 = Project(linkname = 'test-project-1', name = 'Project 1',
listid = '1.example.com', listemail='*****@*****.**')
self.p1.save()
self.default_state = get_default_initial_patch_state()
self.nondefault_state = State.objects.get(name="Accepted")
def test_patch_delegated(self):
# purposefully setting series to None to minimize additional events
patch = utils.create_patch(series=None)
delegate_a = utils.create_user()
actor = utils.create_maintainer(project=patch.project)
# None -> Delegate A
patch.delegate = delegate_a
self.assertTrue(patch.is_editable(actor))
patch.save()
events = _get_events(patch=patch)
self.assertEqual(events.count(), 2)
# we don't care about the CATEGORY_PATCH_CREATED event here
self.assertEqual(events[1].category, Event.CATEGORY_PATCH_DELEGATED)
self.assertEqual(events[1].project, patch.project)
self.assertEqual(events[1].actor, actor)
self.assertEventFields(events[1], current_delegate=delegate_a)
delegate_b = utils.create_user()
# Delegate A -> Delegate B
patch.delegate = delegate_b
patch.save()
events = _get_events(patch=patch)
self.assertEqual(events.count(), 3)
self.assertEqual(events[2].category, Event.CATEGORY_PATCH_DELEGATED)
self.assertEventFields(
events[2],
previous_delegate=delegate_a,
current_delegate=delegate_b,
)
# Delegate B -> None
patch.delegate = None
patch.save()
events = _get_events(patch=patch)
self.assertEqual(events.count(), 4)
self.assertEqual(events[3].category, Event.CATEGORY_PATCH_DELEGATED)
self.assertEventFields(events[3], previous_delegate=delegate_b)
def test_create_non_maintainer(self):
"""Create a check as a non-maintainer.
Ensure creations can only be performed by maintainers.
"""
user = create_user()
resp = self._test_create(user=user)
self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
def test_list_authenticated(self):
"""List users as authenticated user."""
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(1, len(resp.data))
self.assertSerialized(user, resp.data[0])
def _create_bundles(self):
user = create_user(username='******')
project = create_project(linkname='myproject')
bundle_public = create_bundle(public=True, owner=user,
project=project)
bundle_private = create_bundle(public=False, owner=user,
project=project)
return user, project, bundle_public, bundle_private
def test_existing_username(self):
user = create_user()
data = self.default_data.copy()
data['username'] = user.username
response = self.client.post('/register/', data)
self.assertEqual(response.status_code, 200)
self.assertFormError(
response, 'form', 'username',
'This username is already taken. Please choose another.')
def test_list_empty(self):
"""List people when none are present."""
# authentication is required
user = create_user(link_person=False)
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(0, len(resp.data))
def setUp(self, patch_count=3):
self.user = create_user()
self.client.login(username=self.user.username,
password=self.user.username)
defaults.project.save()
self.bundle = Bundle(owner=self.user, project=defaults.project,
name='testbundle')
self.bundle.save()
self.patches = create_patches(patch_count)
def test_detail_linked(self):
"""Show linked person as authenticated user."""
user = create_user(link_person=True)
person = user.person_set.all().first()
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url(person.id))
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertSerialized(person, resp.data, has_user=True)
def test_detail_unlinked(self):
"""Show unlinked person as authenticted user."""
person = create_person()
user = create_user(link_person=False)
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url(person.id))
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertSerialized(person, resp.data, has_user=False)
def testExistingEmail(self):
user = create_user()
data = self.default_data.copy()
data['email'] = user.email
response = self.client.post('/register/', data)
self.assertEquals(response.status_code, 200)
self.assertFormError(response, 'form', 'email',
'This email address is already in use ' + \
'for the account "%s".\n' % user.username)
def test_authenticated_list(self):
"""This API requires authenticated users."""
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(1, len(resp.data))
self.assertEqual(user.username, resp.data[0]['name'])
self.assertEqual(user.email, resp.data[0]['email'])
self.assertIn('users/%d/' % user.id, resp.data[0]['user_url'])
def test_authenticated_list(self):
"""This API requires authenticated users."""
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(1, len(resp.data))
self.assertEqual(user.username, resp.data[0]['username'])
self.assertNotIn('password', resp.data[0])
self.assertNotIn('is_superuser', resp.data[0])
def setUp(self):
project = defaults.project
defaults.project.save()
defaults.patch_author_person.save()
self.patch = Patch(project=project,
msgid='x', name=defaults.patch_name,
submitter=defaults.patch_author_person,
diff='')
self.patch.save()
self.user = create_user()
def test_list_authenticated(self):
"""List people as an authenticated user."""
person = create_person()
user = create_user(link_person=False)
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(1, len(resp.data))
self.assertSerialized(person, resp.data[0])
def test_unlinked_user(self):
defaults.patch_author_person.save()
user = create_user()
self.client.force_authenticate(user=user)
resp = self.client.get(self.api_url())
self.assertEqual(status.HTTP_200_OK, resp.status_code)
self.assertEqual(2, len(resp.data))
self.assertEqual(defaults.patch_author_person.name,
resp.data[0]['name'])
self.assertIsNone(resp.data[0]['user_url'])
def test_patch_delegated(self):
# purposefully setting series to None to minimize additional events
patch = utils.create_patch(series=None)
delegate_a = utils.create_user()
# None -> Delegate A
patch.delegate = delegate_a
patch.save()
events = _get_events(patch=patch)
self.assertEqual(events.count(), 2)
# we don't care about the CATEGORY_PATCH_CREATED event here
self.assertEqual(events[1].category,
Event.CATEGORY_PATCH_DELEGATED)
self.assertEqual(events[1].project, patch.project)
self.assertEventFields(events[1], current_delegate=delegate_a)
delegate_b = utils.create_user()
# Delegate A -> Delegate B
patch.delegate = delegate_b
patch.save()
events = _get_events(patch=patch)
self.assertEqual(events.count(), 3)
self.assertEqual(events[2].category,
Event.CATEGORY_PATCH_DELEGATED)
self.assertEventFields(events[2], previous_delegate=delegate_a,
current_delegate=delegate_b)
# Delegate B -> None
patch.delegate = None
patch.save()
events = _get_events(patch=patch)
self.assertEqual(events.count(), 4)
self.assertEqual(events[3].category,
Event.CATEGORY_PATCH_DELEGATED)
self.assertEventFields(events[3], previous_delegate=delegate_b)
def register(self, date):
user = create_user()
user.is_active = False
user.date_joined = user.last_login = date
user.save()
conf = EmailConfirmation(type="registration", user=user, email=user.email)
conf.date = date
conf.save()
return (user, conf)
