def test_access_page_via_expired_api_key(self):
new_api_key = ApiKeyModel().create(base.TEST_USER_ADMIN_LOGIN, 'test')
Session().commit()
# patch the API key and make it expired
new_api_key.expires = 0
Session().commit()
self._api_key_test(new_api_key.api_key, status=403)
def test_access_page_via_expired_api_key(self):
whitelist = self._get_api_whitelist(
['ChangesetController:changeset_raw'])
with mock.patch('kallithea.CONFIG', whitelist):
assert ['ChangesetController:changeset_raw'
] == whitelist['api_access_controllers_whitelist']
new_api_key = ApiKeyModel().create(TEST_USER_ADMIN_LOGIN, u'test')
Session().commit()
#patch the API key and make it expired
new_api_key.expires = 0
Session().commit()
self._api_key_test(new_api_key.api_key, status=403)
def my_account_api_keys_add(self):
lifetime = safe_int(request.POST.get('lifetime'), -1)
description = request.POST.get('description')
ApiKeyModel().create(self.authuser.user_id, description, lifetime)
Session().commit()
h.flash(_("Api key successfully created"), category='success')
return redirect(url('my_account_api_keys'))
def test_access_page_via_expired_api_key(self):
whitelist = self._get_api_whitelist(['ChangesetController:changeset_raw'])
with mock.patch('kallithea.CONFIG', whitelist):
self.assertEqual(['ChangesetController:changeset_raw'],
whitelist['api_access_controllers_whitelist'])
new_api_key = ApiKeyModel().create(TEST_USER_ADMIN_LOGIN, u'test')
Session().commit()
#patch the api key and make it expired
new_api_key.expires = 0
Session().add(new_api_key)
Session().commit()
with fixture.anon_access(False):
self.app.get(url(controller='changeset',
action='changeset_raw',
repo_name=HG_REPO, revision='tip',
api_key=new_api_key.api_key),
status=302)
def add_api_key(self, id):
c.user = self._get_user_or_raise_if_default(id)
lifetime = safe_int(request.POST.get('lifetime'), -1)
description = request.POST.get('description')
ApiKeyModel().create(c.user.user_id, description, lifetime)
Session().commit()
h.flash(_("API key successfully created"), category='success')
raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id))
def test_access_page_via_expired_api_key(self):
whitelist = self._get_api_whitelist(
['ChangesetController:changeset_raw'])
with mock.patch('kallithea.CONFIG', whitelist):
self.assertEqual(['ChangesetController:changeset_raw'],
whitelist['api_access_controllers_whitelist'])
new_api_key = ApiKeyModel().create(TEST_USER_ADMIN_LOGIN, u'test')
Session().commit()
#patch the api key and make it expired
new_api_key.expires = 0
Session().add(new_api_key)
Session().commit()
with fixture.anon_access(False):
self.app.get(url(controller='changeset',
action='changeset_raw',
repo_name=HG_REPO,
revision='tip',
api_key=new_api_key.api_key),
status=302)
def add_api_key(self, id):
c.user = User.get_or_404(id)
if c.user.username == User.DEFAULT_USER:
h.flash(_("You can't edit this user"), category='warning')
return redirect(url('users'))
lifetime = safe_int(request.POST.get('lifetime'), -1)
description = request.POST.get('description')
ApiKeyModel().create(c.user.user_id, description, lifetime)
Session().commit()
h.flash(_("Api key successfully created"), category='success')
return redirect(url('edit_user_api_keys', id=c.user.user_id))
def my_account_api_keys_delete(self):
api_key = request.POST.get('del_api_key')
if request.POST.get('del_api_key_builtin'):
user = User.get(request.authuser.user_id)
user.api_key = generate_api_key()
Session().commit()
h.flash(_("API key successfully reset"), category='success')
elif api_key:
ApiKeyModel().delete(api_key, request.authuser.user_id)
Session().commit()
h.flash(_("API key successfully deleted"), category='success')
raise HTTPFound(location=url('my_account_api_keys'))
def delete_api_key(self, id):
c.user = self._get_user_or_raise_if_default(id)
api_key = request.POST.get('del_api_key')
if request.POST.get('del_api_key_builtin'):
c.user.api_key = generate_api_key()
Session().commit()
h.flash(_("API key successfully reset"), category='success')
elif api_key:
ApiKeyModel().delete(api_key, c.user.user_id)
Session().commit()
h.flash(_("API key successfully deleted"), category='success')
raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id))
def my_account_api_keys(self):
c.active = 'api_keys'
self.__load_data()
show_expired = True
c.lifetime_values = [
(str(-1), _('forever')),
(str(5), _('5 minutes')),
(str(60), _('1 hour')),
(str(60 * 24), _('1 day')),
(str(60 * 24 * 30), _('1 month')),
]
c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
c.user_api_keys = ApiKeyModel().get_api_keys(self.authuser.user_id,
show_expired=show_expired)
return render('admin/my_account/my_account.html')
def my_account_api_keys_delete(self):
api_key = request.POST.get('del_api_key')
user_id = self.authuser.user_id
if request.POST.get('del_api_key_builtin'):
user = User.get(user_id)
if user:
user.api_key = generate_api_key(user.username)
Session().add(user)
Session().commit()
h.flash(_("Api key successfully reset"), category='success')
elif api_key:
ApiKeyModel().delete(api_key, self.authuser.user_id)
Session().commit()
h.flash(_("Api key successfully deleted"), category='success')
return redirect(url('my_account_api_keys'))
def delete_api_key(self, id):
c.user = User.get_or_404(id)
if c.user.username == User.DEFAULT_USER:
h.flash(_("You can't edit this user"), category='warning')
return redirect(url('users'))
api_key = request.POST.get('del_api_key')
if request.POST.get('del_api_key_builtin'):
user = User.get(c.user.user_id)
if user:
user.api_key = generate_api_key(user.username)
Session().add(user)
Session().commit()
h.flash(_("Api key successfully reset"), category='success')
elif api_key:
ApiKeyModel().delete(api_key, c.user.user_id)
Session().commit()
h.flash(_("Api key successfully deleted"), category='success')
return redirect(url('edit_user_api_keys', id=c.user.user_id))
def edit_api_keys(self, id):
c.user = self._get_user_or_raise_if_default(id)
c.active = 'api_keys'
show_expired = True
c.lifetime_values = [
(str(-1), _('Forever')),
(str(5), _('5 minutes')),
(str(60), _('1 hour')),
(str(60 * 24), _('1 day')),
(str(60 * 24 * 30), _('1 month')),
]
c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,
show_expired=show_expired)
defaults = c.user.get_dict()
return htmlfill.render(
render('admin/users/user_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def edit_api_keys(self, id):
c.user = User.get_or_404(id)
if c.user.username == User.DEFAULT_USER:
h.flash(_("You can't edit this user"), category='warning')
return redirect(url('users'))
c.active = 'api_keys'
show_expired = True
c.lifetime_values = [
(str(-1), _('forever')),
(str(5), _('5 minutes')),
(str(60), _('1 hour')),
(str(60 * 24), _('1 day')),
(str(60 * 24 * 30), _('1 month')),
]
c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,
show_expired=show_expired)
defaults = c.user.get_dict()
return htmlfill.render(render('admin/users/user_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def test_access_page_via_extra_api_key(self):
new_api_key = ApiKeyModel().create(base.TEST_USER_ADMIN_LOGIN, 'test')
Session().commit()
self._api_key_test(new_api_key.api_key, status=200)