def _post(self):
     query = {'openid': self.json_args['reviewer_openid']}
     user = yield dbapi.db_find_one('users', query)
     if not user:
         raises.Forbidden(message.unauthorized())
     role = self.get_secure_cookie(auth_const.ROLE)
     if 'reviewer' not in role.split(','):
         self.finish_request({'code': 403,
                              'msg': 'You do not have the reviewer '
                              'permision / role!'})
         return
     test = yield dbapi.db_find_one(
         'tests', {'id': self.json_args['test_id']})
     if test['owner'] == self.json_args['reviewer_openid']:
         self.finish_request({'code': 403,
                              'msg': 'No permision to review own results'})
         return
     query = {
         'reviewer_openid': self.json_args['reviewer_openid'],
         'test_id': self.json_args['test_id']
     }
     review = yield dbapi.db_find_one(self.table, query)
     if review:
         if review['outcome'] != self.json_args['outcome']:
             yield dbapi.db_update(self.table, query,
                                   {'$set': {
                                       'outcome': self.json_args['outcome'],
                                       'creation_date': datetime.now()}})
         self.finish_request()
     else:
         self.json_args['reviewer_name'] = user['fullname']
         self.json_args['reviewer_email'] = user['email']
         self._create(miss_fields=[], carriers=[])
Example #2
0
class TestTokenCreateResult(test_result.TestResultBase):
    def get_app(self):
        from opnfv_testapi.router import url_mappings
        return web.Application(
            url_mappings.mappings,
            db=fake_pymongo,
            debug=True,
            auth=True
        )

    def setUp(self):
        super(TestTokenCreateResult, self).setUp()
        fake_pymongo.tokens.insert({"access_token": "12345"})

    @executor.create(httplib.FORBIDDEN, message.invalid_token())
    def test_resultCreateTokenInvalid(self):
        self.headers['X-Auth-Token'] = '1234'
        return self.req_d

    @executor.create(httplib.UNAUTHORIZED, message.unauthorized())
    def test_resultCreateTokenUnauthorized(self):
        if 'X-Auth-Token' in self.headers:
            self.headers.pop('X-Auth-Token')
        return self.req_d

    @executor.create(httplib.OK, '_create_success')
    def test_resultCreateTokenSuccess(self):
        self.headers['X-Auth-Token'] = '12345'
        return self.req_d

    def _create_success(self, body):
        self.assertIn('CreateResponse', str(type(body)))
Example #3
0
class TestTokenUpdateProject(TestToken):
    def setUp(self):
        super(TestTokenUpdateProject, self).setUp()
        self.req_d = project_models.ProjectCreateRequest('vping')
        fake_pymongo.tokens.insert({"access_token": "12345"})
        self.basePath = '/api/v1/projects'
        self.headers['X-Auth-Token'] = '12345'
        self.create_d()

    @executor.update(httplib.FORBIDDEN, message.invalid_token())
    def test_projectUpdateTokenIvalid(self):
        self.headers['X-Auth-Token'] = '1234'
        req = project_models.ProjectUpdateRequest('newName', 'new description')
        return req, self.req_d.name

    @executor.update(httplib.UNAUTHORIZED, message.unauthorized())
    def test_projectUpdateTokenUnauthorized(self):
        self.headers.pop('X-Auth-Token')
        req = project_models.ProjectUpdateRequest('newName', 'new description')
        return req, self.req_d.name

    @executor.update(httplib.OK, '_update_success')
    def test_projectUpdateTokenSuccess(self):
        req = project_models.ProjectUpdateRequest('newName', 'new description')
        return req, self.req_d.name

    def _update_success(self, request, body):
        self.assertIn(request.name, body)
Example #4
0
class TestTokenCreateProject(TestToken):
    def setUp(self):
        super(TestTokenCreateProject, self).setUp()
        self.req_d = project_models.ProjectCreateRequest('vping')
        fake_pymongo.tokens.insert({"access_token": "12345"})
        self.basePath = '/api/v1/projects'

    @executor.create(httplib.FORBIDDEN, message.invalid_token())
    def test_projectCreateTokenInvalid(self):
        self.headers['X-Auth-Token'] = '1234'
        return self.req_d

    @executor.create(httplib.UNAUTHORIZED, message.unauthorized())
    def test_projectCreateTokenUnauthorized(self):
        if 'X-Auth-Token' in self.headers:
            self.headers.pop('X-Auth-Token')
        return self.req_d

    @executor.create(httplib.OK, '_create_success')
    def test_projectCreateTokenSuccess(self):
        self.headers['X-Auth-Token'] = '12345'
        return self.req_d

    def _create_success(self, body):
        self.assertIn('CreateResponse', str(type(body)))
Example #5
0
 def test_projectDeleteTokenUnauthorized(self):
     self.headers['X-Auth-Token'] = '12345'
     self.create_d()
     self.headers.pop('X-Auth-Token')
     code, body = self.delete(self.req_d.name)
     self.assertEqual(code, httplib.UNAUTHORIZED)
     self.assertIn(message.unauthorized(), body)
Example #6
0
 def test_projectUpdateTokenUnauthorized(self):
     self.headers['X-Auth-Token'] = '12345'
     self.create_d()
     code, body = self.get(self.req_d.name)
     self.headers.pop('X-Auth-Token')
     req = project_models.ProjectUpdateRequest('newName', 'new description')
     code, body = self.update(req, self.req_d.name)
     self.assertEqual(code, httplib.UNAUTHORIZED)
     self.assertIn(message.unauthorized(), body)
Example #7
0
 def wrapper(self, *args, **kwargs):
     if self.auth:
         try:
             token = self.request.headers['X-Auth-Token']
         except KeyError:
             raises.Unauthorized(message.unauthorized())
         query = {'access_token': token}
         check = yield self._eval_db_find_one(query, 'tokens')
         if not check:
             raises.Forbidden(message.invalid_token())
     ret = yield gen.coroutine(method)(self, *args, **kwargs)
     raise gen.Return(ret)
 def _del(self):
     query = {'openid': self.json_args['reviewer_openid']}
     user = yield dbapi.db_find_one('users', query)
     if not user:
         raises.Forbidden(message.unauthorized())
     role = self.get_secure_cookie(auth_const.ROLE)
     if 'reviewer' not in role.split(','):
         raises.Unauthorized(message.no_auth())
     test = yield dbapi.db_find_one(
         'tests', {'id': self.json_args['test_id']})
     if test['owner'] == self.json_args['reviewer_openid']:
         self.finish_request({'code': 403,
                              'msg': 'No permision to review own results'})
         return
     query = {
         'reviewer_openid': self.json_args['reviewer_openid'],
         'test_id': self.json_args['test_id']
     }
     yield dbapi.db_delete(self.table, query)
     self.finish_request()
Example #9
0
 def test_projectCreateTokenUnauthorized(self):
     self.headers.pop('X-Auth-Token')
     code, body = self.create_d()
     self.assertEqual(code, httplib.UNAUTHORIZED)
     self.assertIn(message.unauthorized(), body)