Example #1
0
    def test_is_repo_committer_external_committer_restricted_not_member(self):
        """ Test is_repo_committer in pagure with EXTERNAL_COMMITTER
        configured to give access the provenpackager just for one repo
        """
        repo = pagure.lib.query._get_project(self.session, 'test')

        g = munch.Munch()
        g.fas_user = tests.FakeUser()
        g.authenticated = True
        g.session = self.session
        with mock.patch('flask.g', g):
            output = pagure.utils.is_repo_committer(repo)
            self.assertFalse(output)
Example #2
0
 def test_api_update_custom_fields(self):
     """ Test updating custom fields on a ticket. """
     user = tests.FakeUser(username='******')
     with tests.user_set(self.app.application, user):
         output = self.app.post('/api/0/test/issue/1/custom', data={})
         self.assertEqual(output.status_code, 401)
         data = json.loads(output.get_data(as_text=True))
         self.assertEqual(
             data, {
                 u'error':
                 u'The issue tracker of this project is read-only',
                 u'error_code': u'ETRACKERREADONLY'
             })
Example #3
0
    def test_plugin_mail_page(self):
        """ Test the default page of the pagure hook plugin. """

        user = tests.FakeUser(username='******')
        with tests.user_set(self.app.application, user):
            output = self.app.get('/test/settings/Pagure')
            self.assertEqual(output.status_code, 200)
            output_text = output.get_data(as_text=True)
            self.assertIn('<title>Settings Pagure - test - Pagure</title>',
                          output_text)
            self.assertIn(
                '<input class="form-check-input mt-2" id="active" name="active" '
                'type="checkbox" value="y">', output_text)
Example #4
0
 def test_drop_tags(self):
     """ Test dropping a ticket tag.
     """
     user = tests.FakeUser(username='******')
     with tests.user_set(self.app.application, user):
         output = self.app.post('/test/droptag/', data={})
         self.assertEqual(output.status_code, 401)
         output_text = output.get_data(as_text=True)
         self.assertIn('<title>Unauthorized :\'( - Pagure</title>',
                       output_text)
         self.assertIn(
             '<p>The issue tracker for this project is read-only</p>',
             output_text)
Example #5
0
    def test_is_repo_committer_external_committer_generic_no_member(self):
        """ Test is_repo_committer in pagure with EXTERNAL_COMMITTER
        configured to give access to all the provenpackager, but the user
        is not one.
        """
        repo = pagure.lib._get_project(self.session, 'test')

        user = tests.FakeUser()
        g = munch.Munch()
        g.fas_user = user
        with mock.patch('pagure.flask.g', g):
            output = pagure.is_repo_committer(repo)
            self.assertFalse(output)
    def test_admin_index(self):
        """ Test the admin_index endpoint. """

        output = self.app.get('/admin')
        self.assertEqual(output.status_code, 302)

        user = tests.FakeUser()
        with tests.user_set(pagure.APP, user):
            output = self.app.get('/admin', follow_redirects=True)
            self.assertEqual(output.status_code, 200)
            self.assertTrue(
                '<li class="error">Access restricted</li>' in output.data)

        user = tests.FakeUser(username='******',
                              groups=pagure.APP.config['ADMIN_GROUP'])
        with tests.user_set(pagure.APP, user):
            output = self.app.get('/admin', follow_redirects=True)
            self.assertEqual(output.status_code, 200)
            self.assertTrue('<h2>Admin section</h2>' in output.data)
            self.assertTrue('Re-generate gitolite ACLs file' in output.data)
            self.assertTrue(
                'Re-generate ssh authorized_key file' in output.data)
Example #7
0
    def test_is_repo_committer_external_committer_excluding_one(self):
        """ Test is_repo_committer in pagure with EXTERNAL_COMMITTER
        configured to give access to all the provenpackager but for this
        one repo
        """
        repo = pagure.lib._get_project(self.session, 'test')

        g = munch.Munch()
        g.fas_user = tests.FakeUser()
        g.fas_user.groups.append('provenpackager')
        with mock.patch('pagure.flask.g', g):
            output = pagure.is_repo_committer(repo)
            self.assertFalse(output)
Example #8
0
    def test_star_project_invalid_star(self):
        """ Test the star_project endpoint for invalid star """

        user = tests.FakeUser()
        user.username = "******"
        with tests.user_set(self.app.application, user):
            csrf_token = self.get_csrf()
            data = {"csrf_token": csrf_token}
            output = self.app.post("/test/star/2",
                                   data=data,
                                   follow_redirects=True)
            self.assertEqual(output.status_code, 400)
            self._check_star_count(data=data, stars=0)
Example #9
0
    def test_delete_fork_when_fork_and_project_off(self):
        """ Test the delete_repo endpoint for a fork when deleting fork and
        project is forbidden.
        """

        user = tests.FakeUser(username='******')
        with tests.user_set(self.app.application, user):
            output = self.app.post(
                '/fork/pingou/test/delete', follow_redirects=True)
            self.assertEqual(output.status_code, 404)

        projects = pagure.lib.search_projects(self.session)
        self.assertEqual(len(projects), 4)
    def test_star_project_no_csrf(self):
        """ Test the star_project endpoint for the case when there
        is no CSRF token given """

        user = tests.FakeUser()
        user.username = '******'
        with tests.user_set(self.app.application, user):

            data = {}
            output = self.app.post('/test/star/1',
                                   data=data,
                                   follow_redirects=True)
            self.assertEqual(output.status_code, 400)
Example #11
0
    def test_issue_list_admin(self):
        """ Test the list of issues when user is an admin of the project.
        """

        user = tests.FakeUser(username='******')
        with tests.user_set(self.app.application, user):
            output = self.app.get('/test/issues')
            self.assertEqual(output.status_code, 200)
            output_text = output.get_data(as_text=True)
            self.assertIn(
                '<title>Issues - test - Pagure</title>', output_text)
            self.assertIn(
                '<span class="fa fa-fw fa-exclamation-circle"></span> 2 Open Issues\n', output_text)
Example #12
0
    def test_is_repo_committer_logged_in_in_ticket_group(self):
        """ Test is_repo_committer in pagure with the appropriate user logged
        in. """
        # Create group
        msg = pagure.lib.query.add_group(
            self.session,
            group_name="packager",
            display_name="packager",
            description="The Fedora packager groups",
            group_type="user",
            user="******",
            is_admin=False,
            blacklist=[],
        )
        self.session.commit()
        self.assertEqual(msg, "User `pingou` added to the group `packager`.")

        # Add user to group
        group = pagure.lib.query.search_groups(self.session,
                                               group_name="packager")
        msg = pagure.lib.query.add_user_to_group(
            self.session,
            username="******",
            group=group,
            user="******",
            is_admin=True,
        )
        self.session.commit()
        self.assertEqual(msg, "User `foo` added to the group `packager`.")

        # Add group packager to project test
        project = pagure.lib.query._get_project(self.session, "test")
        msg = pagure.lib.query.add_group_to_project(
            self.session,
            project=project,
            new_group="packager",
            user="******",
            access="ticket",
        )
        self.session.commit()
        self.assertEqual(msg, "Group added")

        repo = pagure.lib.query._get_project(self.session, "test")

        g = munch.Munch()
        g.fas_user = tests.FakeUser(username="******")
        g.authenticated = True
        g.session = self.session
        with mock.patch("flask.g", g):
            output = pagure.utils.is_repo_committer(repo)
            self.assertFalse(output)
Example #13
0
    def test_confirm_email(self, ast):
        """ Test the confirm_email endpoint. """
        output = self.app.get('/settings/email/confirm/foobar')
        self.assertEqual(output.status_code, 302)

        ast.return_value = False

        # Add a pending email to pingou
        userobj = pagure.lib.search_user(self.session, username='******')

        self.assertEqual(len(userobj.emails), 2)

        email_pend = pagure.lib.model.UserEmailPending(
            user_id=userobj.id,
            email='[email protected]',
            token='abcdef',
        )
        self.session.add(email_pend)
        self.session.commit()

        user = tests.FakeUser()
        user.username = '******'
        with tests.user_set(pagure.APP, user):
            # Wrong token
            output = self.app.get(
                '/settings/email/confirm/foobar', follow_redirects=True)
            self.assertEqual(output.status_code, 200)
            self.assertIn(
                '<div class="card-header">\n          Basic Information\n'
                '      </div>', output.data)
            self.assertIn(
                '</button>\n                      No email associated with this token.',
                output.data)

            # Confirm email
            output = self.app.get(
                '/settings/email/confirm/abcdef', follow_redirects=True)
            self.assertEqual(output.status_code, 200)
            self.assertIn(
                '<div class="card-header">\n          Basic Information\n'
                '      </div>', output.data)
            self.assertIn(
                '</button>\n                      Email validated',
                output.data)

        userobj = pagure.lib.search_user(self.session, username='******')
        self.assertEqual(len(userobj.emails), 3)

        ast.return_value = True
        output = self.app.get('/settings/email/confirm/foobar')
        self.assertEqual(output.status_code, 302)
Example #14
0
    def test_plugin_mirror_invalid_target(self):
        """ Test the setting up the mirror plugin when there are the target
        provided is invalid.
        """

        user = tests.FakeUser(username='******')
        with tests.user_set(self.app.application, user):
            csrf_token = self.get_csrf()

            data = {
                'csrf_token': csrf_token,
                'active': True,
                'target': 'https://host.org/target',
            }

            # With the git repo
            output = self.app.post('/test/settings/Mirroring',
                                   data=data,
                                   follow_redirects=True)
            self.assertEqual(output.status_code, 200)
            output_text = output.get_data(as_text=True)
            self.assertIn('<title>Settings Mirroring - test - Pagure</title>',
                          output_text)
            if self.get_wtforms_version() >= (2, 2):
                self.assertIn(
                    '<div class="col-sm-10">\n        '
                    '<input class="form-control pl-0" id="target" name="target" '
                    'required type="text" value="https://host.org/target">\n'
                    '    </div>\n  '
                    '</div>\n      <div class="alert alert-danger">Invalid '
                    'input.</div>', output_text)
            else:
                self.assertIn(
                    '<div class="col-sm-10">\n        '
                    '<input class="form-control pl-0" id="target" name="target" '
                    'type="text" value="https://host.org/target">\n    </div>\n  '
                    '</div>\n      <div class="alert alert-danger">Invalid '
                    'input.</div>', output_text)

            output = self.app.get('/test/settings/Mirroring', data=data)
            output_text = output.get_data(as_text=True)
            self.assertIn('<title>Settings Mirroring - test - Pagure</title>',
                          output_text)
            self.assertIn(
                '<input class="form-check-input mt-2" id="active" name="active" '
                'type="checkbox" value="y">', output_text)

            self.assertFalse(
                os.path.exists(
                    os.path.join(self.path, 'repos', 'test.git', 'hooks',
                                 'post-receive.mirror')))
Example #15
0
    def test_index_admin_access_while_commit(self):
        """ Test the index endpoint filter for admin access only when user
        is an committer. """
        tests.create_projects(self.session)

        # Add a 3rd project just for foo
        item = pagure.lib.model.Project(
            user_id=2,  # foo
            name="test3",
            description="test project #3 with a very long description",
            hook_token="aaabbbeeefff",
        )
        self.session.add(item)
        self.session.commit()

        user = tests.FakeUser(username="******")
        with tests.user_set(self.app.application, user):
            # Before
            output = self.app.get("/dashboard/projects?acl=commit")
            self.assertEqual(output.status_code, 200)
            output_text = output.get_data(as_text=True)
            self.assertIn(
                '<h4 class="font-weight-bold mb-0">My Projects</h4>\n'
                '          <span class="btn btn-outline-secondary disabled'
                ' opacity-100 border-0 ml-auto font-weight-bold">1 Projects</span>\n',
                output_text,
            )

            # Add foo to test with commit level
            project = pagure.lib.query._get_project(self.session, "test")
            msg = pagure.lib.query.add_user_to_project(
                self.session,
                project=project,
                new_user="******",
                user="******",
                access="commit",
            )
            self.session.commit()
            self.assertEqual(msg, "User added")

            # After
            output = self.app.get("/dashboard/projects?acl=commit")
            self.assertEqual(output.status_code, 200)
            output_text = output.get_data(as_text=True)
            # The total number no longer changes
            self.assertIn(
                '<h4 class="font-weight-bold mb-0">My Projects</h4>\n'
                '          <span class="btn btn-outline-secondary disabled'
                ' opacity-100 border-0 ml-auto font-weight-bold">2 Projects</span>\n',
                output_text,
            )
    def test_view_issue_author(self):
        """ Test accessing a private ticket when user opened the ticket.
        """

        user = tests.FakeUser(username='******')
        with tests.user_set(self.app.application, user):
            output = self.app.get('/test/issue/1')
            self.assertEqual(output.status_code, 200)
            self.assertIn(
                u'div class="projectinfo m-t-1 m-b-1">\ntest project #1'
                u'      </div>', output.data)
            self.assertIn(
                u'<title>Issue #1: Test issue #1 - test - Pagure</title>',
                output.data)
    def test_delete_button_present(self):
        """ Test that the delete button is present when deletions are
        allowed.
        """

        user = tests.FakeUser(username='******')
        with tests.user_set(pagure.APP, user):
            output = self.app.get('/test/settings')
            self.assertEqual(output.status_code, 200)
            self.assertIn('<form action="/test/delete"', output.data)
            self.assertIn('&nbsp; Delete the test project', output.data)

        projects = pagure.lib.search_projects(self.session)
        self.assertEqual(len(projects), 4)
Example #18
0
    def test_get_ticket_template_no_csrf(self):
        """ Test the get_ticket_template endpoint when the project has no
        templates.
        """

        user = tests.FakeUser()
        with tests.user_set(self.app.application, user):
            output = self.app.post('/pv/test/issue/template')
            self.assertEqual(output.status_code, 400)
            data = json.loads(output.get_data(as_text=True))
            self.assertEqual(data, {
                "code": "ERROR",
                "message": "Invalid input submitted"
            })
Example #19
0
    def test_plugin_mail_page(self):
        """ Test the default page of the pagure hook plugin. """

        user = tests.FakeUser(username='******')
        with tests.user_set(self.app.application, user):
            output = self.app.get('/test/settings/Pagure')
            self.assertEqual(output.status_code, 200)
            self.assertIn(
                '<div class="projectinfo m-t-1 m-b-1">\n'
                'test project #1      </div>', output.data)
            self.assertTrue('<h3>Pagure settings</h3>' in output.data)
            self.assertTrue(
                '<input class="form-control" id="active" name="active" '
                'type="checkbox" value="y">' in output.data)
    def test_new_issue_no_template(self):
        """ Test the new_issue endpoint when the project has no templates.
        """

        user = tests.FakeUser()
        with tests.user_set(self.app.application, user):
            output = self.app.get("/test/new_issue")
            self.assertEqual(output.status_code, 200)
            output_text = output.get_data(as_text=True)
            self.assertIn(
                '<h4 class="font-weight-bold mb-4">New Issue</h4>\n',
                output_text,
            )
            self.assertNotIn("Issue Templates", output_text)
 def test_edit_tag(self):
     """ Test editing a ticket tag.
     """
     user = tests.FakeUser(username="******")
     with tests.user_set(self.app.application, user):
         output = self.app.post("/test/tag/tag1/edit", data={})
         self.assertEqual(output.status_code, 401)
         output_text = output.get_data(as_text=True)
         self.assertIn("<title>Unauthorized :'( - Pagure</title>",
                       output_text)
         self.assertIn(
             "<p>The issue tracker for this project is read-only</p>",
             output_text,
         )
Example #22
0
    def test_is_repo_committer_external_committer_restricting_to_one(self):
        """ Test is_repo_committer in pagure with EXTERNAL_COMMITTER
        configured to give access the provenpackager just for one repo
        """
        repo = pagure.lib.query._get_project(self.session, "test")

        g = munch.Munch()
        g.fas_user = tests.FakeUser(username="******")
        g.authenticated = True
        g.fas_user.groups.append("provenpackager")
        g.session = self.session
        with mock.patch("flask.g", g):
            output = pagure.utils.is_repo_committer(repo)
            self.assertTrue(output)
    def test_plugin_pagure_ticket_activate_w_no_repo(self):
        """ Test the pagure_ticket plugin on/off endpoint. """
        shutil.rmtree(os.path.join(self.path, "repos", "test.git"))

        user = tests.FakeUser(username="******")
        with tests.user_set(self.app.application, user):
            # Try re-activate hook w/o the git repo
            data = {"csrf_token": self.csrf_token, "active": "y"}

            output = self.app.post(
                "/test/settings/Prevent creating new branches by git push",
                data=data,
            )
            self.assertEqual(output.status_code, 404)
 def test_api_update_custom_field(self):
     """ Test updating a specific custom fields on a ticket. """
     user = tests.FakeUser(username="******")
     with tests.user_set(self.app.application, user):
         output = self.app.post("/api/0/test/issue/1/custom/foo", data={})
         self.assertEqual(output.status_code, 401)
         data = json.loads(output.get_data(as_text=True))
         self.assertEqual(
             data,
             {
                 "error": "The issue tracker of this project is read-only",
                 "error_code": "ETRACKERREADONLY",
             },
         )
Example #25
0
    def test_index_fork_without_parent(self):
        """ Test the index view: forks should display either their parent
        project or mention that it was deleted. """
        tests.create_projects(self.session)

        # Add a 3rd project just for foo
        item = pagure.lib.model.Project(
            user_id=2,  # foo
            name='test3',
            description='test project #3',
            hook_token='aaabbbeeefff',
            is_fork=True,
            parent_id=1,
        )
        self.session.add(item)
        self.session.commit()

        user = tests.FakeUser(username='******')
        with tests.user_set(self.app.application, user):
            # Before
            output = self.app.get('/')
            self.assertEqual(output.status_code, 200)

            self.assertIn(
                'My Forks <span class="label label-default">1</span>',
                output.data)
            segment = output.data.split('My Forks')[1].split('My Groups')[0]
            self.assertRegexpMatches(
                segment,
                r'foo/test3(\s*<[^>]+?>\s*)*?forked from(\s*<[^>]+?>\s*)*?test'
            )

            # Delete the parent (or fake it)
            proj = pagure.lib._get_project(self.session, 'test3', user='******')
            proj.parent_id = None
            self.session.add(proj)
            self.session.commit()

            # Check page again
            output = self.app.get('/')
            self.assertEqual(output.status_code, 200)

            self.assertIn(
                'My Forks <span class="label label-default">1</span>',
                output.data)
            segment = output.data.split('My Forks')[1].split('My Groups')[0]
            self.assertRegexpMatches(
                segment,
                r'foo/test3(\s*<[^>]+?>\s*)*?forked from a deleted repository'
            )
Example #26
0
    def test_is_repo_committer_external_committer_generic_member(self):
        """ Test is_repo_committer in pagure with EXTERNAL_COMMITTER
        configured to give access to all the provenpackager, and the user
        is one
        """
        repo = pagure.lib._get_project(self.session, 'test')

        g = munch.Munch()
        g.fas_user = tests.FakeUser()
        g.fas_user.groups.append('provenpackager')
        g.authenticated = True
        with mock.patch('pagure.flask_app.flask.g', g):
            output = pagure.utils.is_repo_committer(repo)
            self.assertTrue(output)
Example #27
0
 def test_pr_edit_pull_request_post_author_no_csrf_token(self):
     user = tests.FakeUser(username="******")
     with tests.user_set(self.app.application, user):
         data = {
             "title": "New title",
             "initial_comment": "New initial comment",
             "allow_rebase": False,
         }
         output = self.app.post(
             "/test/pull-request/1/edit", data=data, follow_redirects=True
         )
         self.assertEqual(output.status_code, 200)
         output_text = output.get_data(as_text=True)
         # Without CSRF token, we finish again on the form with new
         # values.
         self.assertIn(
             "<title>Edit PR#1: PR from the feature branch - test - "
             "Pagure</title>",
             output_text,
         )
         if self.get_wtforms_version() >= (2, 2):
             self.assertIn(
                 '<input class="form-control" id="title" name="title" '
                 'required type="text" value="New title">',
                 output_text,
             )
         else:
             self.assertIn(
                 '<input class="form-control" id="title" name="title" '
                 'type="text" value="New title">',
                 output_text,
             )
         self.assertIn(
             '<textarea class="form-control width-100per" '
             'id="initial_comment"\n                    '
             'name="initial_comment">New initial comment</textarea>',
             output_text,
         )
         self.assertIn(
             '<input id="allow_rebase" name="allow_rebase" type="checkbox"'
             ' value="y" checked>',
             output_text,
         )
         request = pagure.lib.query.search_pull_requests(
             self.session, project_id=1, requestid=1
         )
         # DB model has not been changed
         self.assertEqual("PR from the feature branch", request.title)
         self.assertEqual(None, request.initial_comment)
         self.assertEqual(True, request.allow_rebase)
    def test_star_project_invalid_star(self):
        """ Test the star_project endpoint for invalid star """

        user = tests.FakeUser()
        user.username = '******'
        with tests.user_set(pagure.APP, user):
            csrf_token = self.get_csrf()
            data = {
                'csrf_token': csrf_token,
            }
            output = self.app.post(
                '/test/star/2', data=data, follow_redirects=True)
            self.assertEqual(output.status_code, 400)
            self._check_star_count(data=data, stars=0)
Example #29
0
 def test_admin_session_timedout(self, session, g, flash):
     """ Test the call to admin_session_timedout. """
     lifetime = pagure.config.config.get("ADMIN_SESSION_LIFETIME",
                                         datetime.timedelta(minutes=15))
     td1 = datetime.timedelta(minutes=1)
     # session already expired
     user = tests.FakeUser(username="******")
     user.login_time = datetime.datetime.utcnow() - lifetime - td1
     g.fas_user = user
     self.assertTrue(pagure.flask_app.admin_session_timedout())
     # session did not expire
     user.login_time = datetime.datetime.utcnow() - lifetime + td1
     g.fas_user = user
     self.assertFalse(pagure.flask_app.admin_session_timedout())
 def test_api_subscribe_issue(self):
     """ Test subscribing to a ticket. """
     user = tests.FakeUser(username="******")
     with tests.user_set(self.app.application, user):
         output = self.app.post("/api/0/test/issue/1/subscribe", data={})
         self.assertEqual(output.status_code, 401)
         data = json.loads(output.get_data(as_text=True))
         self.assertEqual(
             data,
             {
                 "error": "The issue tracker of this project is read-only",
                 "error_code": "ETRACKERREADONLY",
             },
         )