def _post(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): self.finish_request({'code': 403, 'msg': 'You do not have the reviewer ' 'permision / role!'}) return test = yield dbapi.db_find_one( 'tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({'code': 403, 'msg': 'No permision to review own results'}) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } review = yield dbapi.db_find_one(self.table, query) if review: if review['outcome'] != self.json_args['outcome']: yield dbapi.db_update(self.table, query, {'$set': { 'outcome': self.json_args['outcome'], 'creation_date': datetime.now()}}) self.finish_request() else: self.json_args['reviewer_name'] = user['fullname'] self.json_args['reviewer_email'] = user['email'] self._create(miss_fields=[], carriers=[])
class TestTokenCreateResult(test_result.TestResultBase): def get_app(self): from opnfv_testapi.router import url_mappings return web.Application( url_mappings.mappings, db=fake_pymongo, debug=True, auth=True ) def setUp(self): super(TestTokenCreateResult, self).setUp() fake_pymongo.tokens.insert({"access_token": "12345"}) @executor.create(httplib.FORBIDDEN, message.invalid_token()) def test_resultCreateTokenInvalid(self): self.headers['X-Auth-Token'] = '1234' return self.req_d @executor.create(httplib.UNAUTHORIZED, message.unauthorized()) def test_resultCreateTokenUnauthorized(self): if 'X-Auth-Token' in self.headers: self.headers.pop('X-Auth-Token') return self.req_d @executor.create(httplib.OK, '_create_success') def test_resultCreateTokenSuccess(self): self.headers['X-Auth-Token'] = '12345' return self.req_d def _create_success(self, body): self.assertIn('CreateResponse', str(type(body)))
class TestTokenUpdateProject(TestToken): def setUp(self): super(TestTokenUpdateProject, self).setUp() self.req_d = project_models.ProjectCreateRequest('vping') fake_pymongo.tokens.insert({"access_token": "12345"}) self.basePath = '/api/v1/projects' self.headers['X-Auth-Token'] = '12345' self.create_d() @executor.update(httplib.FORBIDDEN, message.invalid_token()) def test_projectUpdateTokenIvalid(self): self.headers['X-Auth-Token'] = '1234' req = project_models.ProjectUpdateRequest('newName', 'new description') return req, self.req_d.name @executor.update(httplib.UNAUTHORIZED, message.unauthorized()) def test_projectUpdateTokenUnauthorized(self): self.headers.pop('X-Auth-Token') req = project_models.ProjectUpdateRequest('newName', 'new description') return req, self.req_d.name @executor.update(httplib.OK, '_update_success') def test_projectUpdateTokenSuccess(self): req = project_models.ProjectUpdateRequest('newName', 'new description') return req, self.req_d.name def _update_success(self, request, body): self.assertIn(request.name, body)
class TestTokenCreateProject(TestToken): def setUp(self): super(TestTokenCreateProject, self).setUp() self.req_d = project_models.ProjectCreateRequest('vping') fake_pymongo.tokens.insert({"access_token": "12345"}) self.basePath = '/api/v1/projects' @executor.create(httplib.FORBIDDEN, message.invalid_token()) def test_projectCreateTokenInvalid(self): self.headers['X-Auth-Token'] = '1234' return self.req_d @executor.create(httplib.UNAUTHORIZED, message.unauthorized()) def test_projectCreateTokenUnauthorized(self): if 'X-Auth-Token' in self.headers: self.headers.pop('X-Auth-Token') return self.req_d @executor.create(httplib.OK, '_create_success') def test_projectCreateTokenSuccess(self): self.headers['X-Auth-Token'] = '12345' return self.req_d def _create_success(self, body): self.assertIn('CreateResponse', str(type(body)))
def test_projectDeleteTokenUnauthorized(self): self.headers['X-Auth-Token'] = '12345' self.create_d() self.headers.pop('X-Auth-Token') code, body = self.delete(self.req_d.name) self.assertEqual(code, httplib.UNAUTHORIZED) self.assertIn(message.unauthorized(), body)
def test_projectUpdateTokenUnauthorized(self): self.headers['X-Auth-Token'] = '12345' self.create_d() code, body = self.get(self.req_d.name) self.headers.pop('X-Auth-Token') req = project_models.ProjectUpdateRequest('newName', 'new description') code, body = self.update(req, self.req_d.name) self.assertEqual(code, httplib.UNAUTHORIZED) self.assertIn(message.unauthorized(), body)
def wrapper(self, *args, **kwargs): if self.auth: try: token = self.request.headers['X-Auth-Token'] except KeyError: raises.Unauthorized(message.unauthorized()) query = {'access_token': token} check = yield self._eval_db_find_one(query, 'tokens') if not check: raises.Forbidden(message.invalid_token()) ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret)
def _del(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): raises.Unauthorized(message.no_auth()) test = yield dbapi.db_find_one( 'tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({'code': 403, 'msg': 'No permision to review own results'}) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } yield dbapi.db_delete(self.table, query) self.finish_request()
def test_projectCreateTokenUnauthorized(self): self.headers.pop('X-Auth-Token') code, body = self.create_d() self.assertEqual(code, httplib.UNAUTHORIZED) self.assertIn(message.unauthorized(), body)