def test_update_authorized(self): """Update an existing cover letter comment as an authorized user. To be authorized users must meet at least one of the following: - project maintainer, cover letter submitter, or cover letter comment submitter Ensure updates can only be performed by authorized users. """ # Update as maintainer person = create_person(user=self.user) resp = self._test_update(person=person) self.assertEqual(1, CoverComment.objects.all().count()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertTrue(resp.data['addressed']) # Update as cover letter submitter person = create_person(name='cover-submitter', user=create_user()) cover = create_cover(submitter=person) resp = self._test_update(person=person, cover=cover) self.assertEqual(2, CoverComment.objects.all().count()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertTrue(resp.data['addressed']) # Update as cover letter comment submitter person = create_person(name='comment-submitter', user=create_user()) cover = create_cover() resp = self._test_update(person=person, cover=cover, submitter=person) self.assertEqual(3, CoverComment.objects.all().count()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertTrue(resp.data['addressed'])
def test_update_other_user(self): """Update user as another, non-maintainer user.""" user_a = create_user() user_b = create_user() self.client.force_authenticate(user=user_a) resp = self.client.patch(self.api_url(user_b.id), {'first_name': 'Tan'}) self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
def test_update(self): """Ensure updates can be performed by maintainers.""" project = create_project() patch = create_patch(project=project) state = create_state() # anonymous user resp = self.client.patch(self.api_url(patch.id), {'state': state.name}) self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code) # authenticated user user = create_user() self.client.force_authenticate(user=user) resp = self.client.patch(self.api_url(patch.id), {'state': state.name}) self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code) # maintainer user = create_maintainer(project) self.client.force_authenticate(user=user) resp = self.client.patch(self.api_url(patch.id), { 'state': state.name, 'delegate': user.id}) self.assertEqual(status.HTTP_200_OK, resp.status_code, resp) self.assertEqual(Patch.objects.get(id=patch.id).state, state) self.assertEqual(Patch.objects.get(id=patch.id).delegate, user) # (who can unset fields too) # we need to send as JSON due to https://stackoverflow.com/q/30677216/ resp = self.client.patch(self.api_url(patch.id), {'delegate': None}, format='json') self.assertEqual(status.HTTP_200_OK, resp.status_code, resp) self.assertIsNone(Patch.objects.get(id=patch.id).delegate)
def test_patch_with_checks(self): user = create_user() patch = create_patch() check_a = create_check( patch=patch, user=user, context='foo', state=Check.STATE_FAIL, date=(dt.utcnow() - timedelta(days=1))) create_check( patch=patch, user=user, context='foo', state=Check.STATE_SUCCESS) check_b = create_check( patch=patch, user=user, context='bar', state=Check.STATE_PENDING) requested_url = reverse( 'patch-detail', kwargs={ 'project_id': patch.project.linkname, 'msgid': patch.url_msgid, }, ) response = self.client.get(requested_url) # the response should contain checks self.assertContains(response, '<h2>Checks</h2>') # and it should only show the unique checks self.assertEqual( 1, response.content.decode().count( f'<td>{check_a.user}/{check_a.context}</td>' )) self.assertEqual( 1, response.content.decode().count( f'<td>{check_b.user}/{check_b.context}</td>' ))
def setUp(self, count=3): self.user = create_user() self.client.login(username=self.user.username, password=self.user.username) self.bundle = create_bundle(owner=self.user) self.project = create_project() self.patches = create_patches(count, project=self.project)
def test_list(self): """Validate we can list a patch.""" resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(0, len(resp.data)) state_obj = create_state(name='Under Review') patch_obj = create_patch(state=state_obj) # anonymous user resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(1, len(resp.data)) patch_rsp = resp.data[0] self.assertSerialized(patch_obj, patch_rsp) self.assertNotIn('headers', patch_rsp) self.assertNotIn('content', patch_rsp) self.assertNotIn('diff', patch_rsp) # test filtering by state resp = self.client.get(self.api_url(), {'state': 'under-review'}) self.assertEqual([patch_obj.id], [x['id'] for x in resp.data]) resp = self.client.get(self.api_url(), {'state': 'missing-state'}) self.assertEqual(0, len(resp.data)) # authenticated user user = create_user() self.client.force_authenticate(user=user) resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(1, len(resp.data)) patch_rsp = resp.data[0] self.assertSerialized(patch_obj, patch_rsp)
def test_patch_submitter_expiry(self): # someone submits a patch... patch = create_patch() submitter = patch.submitter # ... then starts registration... date = ((datetime.datetime.utcnow() - EmailConfirmation.validity) - datetime.timedelta(hours=1)) user = create_user(link_person=False, email=submitter.email) user.is_active = False user.date_joined = user.last_login = date user.save() conf = EmailConfirmation(type='registration', user=user, email=user.email) conf.date = date conf.save() # ... which expires expire_notifications() # we should see no matching user self.assertFalse(User.objects.filter(email=patch.submitter.email) .exists()) # but the patch and person should still be present self.assertTrue(Person.objects.filter(pk=submitter.pk).exists()) self.assertTrue(Patch.objects.filter(pk=patch.pk).exists()) # and there should be no user associated with the person self.assertEqual(Person.objects.get(pk=submitter.pk).user, None)
def setUp(self): self.secondary_email = '*****@*****.**' self.user = create_user() self.client.login(username=self.user.username, password=self.user.username)
def setUp(self): self.default_state = create_state() self.nondefault_state = create_state() self.patch = read_patch(self.patch_filename) self.user = create_user() self.project = create_project()
def test_list(self): """Validate we can list bundles.""" resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(0, len(resp.data)) user = create_user() bundle_public = create_bundle(public=True, owner=user) bundle_private = create_bundle(public=False, owner=user) # anonymous users # should only see the public bundle resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(1, len(resp.data)) bundle_rsp = resp.data[0] self.assertSerialized(bundle_public, bundle_rsp) # authenticated user # should see the public and private bundle self.client.force_authenticate(user=user) resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(2, len(resp.data)) for bundle_rsp, bundle_obj in zip(resp.data, [bundle_public, bundle_private]): self.assertSerialized(bundle_obj, bundle_rsp)
def test_patch_submitter_expiry(self): # someone submits a patch... patch = create_patch() submitter = patch.submitter # ... then starts registration... date = ((datetime.datetime.utcnow() - EmailConfirmation.validity) - datetime.timedelta(hours=1)) user = create_user(link_person=False, email=submitter.email) user.is_active = False user.date_joined = user.last_login = date user.save() conf = EmailConfirmation(type='registration', user=user, email=user.email) conf.date = date conf.save() # ... which expires expire_notifications() # we should see no matching user self.assertFalse( User.objects.filter(email=patch.submitter.email).exists()) # but the patch and person should still be present self.assertTrue(Person.objects.filter(pk=submitter.pk).exists()) self.assertTrue(Patch.objects.filter(pk=patch.pk).exists()) # and there should be no user associated with the person self.assertEqual(Person.objects.get(pk=submitter.pk).user, None)
def setUp(self): self.user = create_user() self.password = User.objects.make_random_password() self.user.set_password(self.password) self.user.save() self.client.login(username=self.user.username, password=self.password)
def setUp(self): super(BundlePrivateViewTest, self).setUp() self.bundle.public = False self.bundle.save() self.bundle.append_patch(self.patches[0]) self.url = bundle_url(self.bundle) self.other_user = create_user()
def test_update(self): """Ensure updates can be performed by maintainers.""" project = create_project() data = {'web_url': 'TEST'} # an anonymous user resp = self.client.patch(self.api_url(project.id), data) self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code) # a normal user user = create_user() self.client.force_authenticate(user=user) resp = self.client.patch(self.api_url(project.id), data) self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code) # a maintainer user = create_maintainer(project) self.client.force_authenticate(user=user) resp = self.client.patch(self.api_url(project.id), data) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(resp.data['web_url'], 'TEST') # ...with the exception of some read-only fields resp = self.client.patch(self.api_url(project.id), { 'link_name': 'test'}) # NOTE(stephenfin): This actually returns HTTP 200 due to # https://github.com/encode/django-rest-framework/issues/1655 self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertNotEqual(resp.data['link_name'], 'test')
def test_unlink_another_user(self): other_user = create_user() self._test_unlink_post(other_user.email) person = Person.objects.get(email=other_user.email) self.assertIsNone(person.user)
def setUp(self): self.user = create_user() self.secondary_email = _generate_secondary_email(self.user) self.conf = EmailConfirmation(type='userperson', email=self.secondary_email, user=self.user) self.conf.save()
def testExistingUsername(self): user = create_user() data = self.default_data.copy() data['username'] = user.username response = self.client.post('/register/', data) self.assertEquals(response.status_code, 200) self.assertFormError(response, 'form', 'username', 'This username is already taken. Please choose another.')
def test_detail_authenticated(self): """Show user as authenticated user.""" user = create_user() self.client.force_authenticate(user=user) resp = self.client.get(self.api_url(user.id)) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertSerialized(user, resp.data)
def test_patchwork_delegate_header(self): """Validate inclusion of generated 'X-Patchwork-Delegate' header.""" user = create_user() patch = create_patch(delegate=user) response = self.client.get( reverse('patch-mbox', args=[patch.project.linkname, patch.url_msgid])) self.assertContains(response, 'X-Patchwork-Delegate: %s' % user.email)
def test_update_self(self): """Update user as self.""" user = create_user() self.client.force_authenticate(user=user) resp = self.client.patch(self.api_url(user.id), {'first_name': 'Tan'}) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertSerialized(user, resp.data)
def setUp(self): self.patch = read_patch(self.patch_filename) self.user = create_user() self.p1 = Project(linkname = 'test-project-1', name = 'Project 1', listid = '1.example.com', listemail='*****@*****.**') self.p1.save() self.default_state = get_default_initial_patch_state() self.nondefault_state = State.objects.get(name="Accepted")
def test_patch_delegated(self): # purposefully setting series to None to minimize additional events patch = utils.create_patch(series=None) delegate_a = utils.create_user() actor = utils.create_maintainer(project=patch.project) # None -> Delegate A patch.delegate = delegate_a self.assertTrue(patch.is_editable(actor)) patch.save() events = _get_events(patch=patch) self.assertEqual(events.count(), 2) # we don't care about the CATEGORY_PATCH_CREATED event here self.assertEqual(events[1].category, Event.CATEGORY_PATCH_DELEGATED) self.assertEqual(events[1].project, patch.project) self.assertEqual(events[1].actor, actor) self.assertEventFields(events[1], current_delegate=delegate_a) delegate_b = utils.create_user() # Delegate A -> Delegate B patch.delegate = delegate_b patch.save() events = _get_events(patch=patch) self.assertEqual(events.count(), 3) self.assertEqual(events[2].category, Event.CATEGORY_PATCH_DELEGATED) self.assertEventFields( events[2], previous_delegate=delegate_a, current_delegate=delegate_b, ) # Delegate B -> None patch.delegate = None patch.save() events = _get_events(patch=patch) self.assertEqual(events.count(), 4) self.assertEqual(events[3].category, Event.CATEGORY_PATCH_DELEGATED) self.assertEventFields(events[3], previous_delegate=delegate_b)
def test_create_non_maintainer(self): """Create a check as a non-maintainer. Ensure creations can only be performed by maintainers. """ user = create_user() resp = self._test_create(user=user) self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
def test_list_authenticated(self): """List users as authenticated user.""" user = create_user() self.client.force_authenticate(user=user) resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(1, len(resp.data)) self.assertSerialized(user, resp.data[0])
def _create_bundles(self): user = create_user(username='******') project = create_project(linkname='myproject') bundle_public = create_bundle(public=True, owner=user, project=project) bundle_private = create_bundle(public=False, owner=user, project=project) return user, project, bundle_public, bundle_private
def test_existing_username(self): user = create_user() data = self.default_data.copy() data['username'] = user.username response = self.client.post('/register/', data) self.assertEqual(response.status_code, 200) self.assertFormError( response, 'form', 'username', 'This username is already taken. Please choose another.')
def test_list_empty(self): """List people when none are present.""" # authentication is required user = create_user(link_person=False) self.client.force_authenticate(user=user) resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(0, len(resp.data))
def setUp(self, patch_count=3): self.user = create_user() self.client.login(username=self.user.username, password=self.user.username) defaults.project.save() self.bundle = Bundle(owner=self.user, project=defaults.project, name='testbundle') self.bundle.save() self.patches = create_patches(patch_count)
def test_detail_linked(self): """Show linked person as authenticated user.""" user = create_user(link_person=True) person = user.person_set.all().first() self.client.force_authenticate(user=user) resp = self.client.get(self.api_url(person.id)) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertSerialized(person, resp.data, has_user=True)
def test_detail_unlinked(self): """Show unlinked person as authenticted user.""" person = create_person() user = create_user(link_person=False) self.client.force_authenticate(user=user) resp = self.client.get(self.api_url(person.id)) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertSerialized(person, resp.data, has_user=False)
def testExistingEmail(self): user = create_user() data = self.default_data.copy() data['email'] = user.email response = self.client.post('/register/', data) self.assertEquals(response.status_code, 200) self.assertFormError(response, 'form', 'email', 'This email address is already in use ' + \ 'for the account "%s".\n' % user.username)
def test_authenticated_list(self): """This API requires authenticated users.""" user = create_user() self.client.force_authenticate(user=user) resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(1, len(resp.data)) self.assertEqual(user.username, resp.data[0]['name']) self.assertEqual(user.email, resp.data[0]['email']) self.assertIn('users/%d/' % user.id, resp.data[0]['user_url'])
def test_authenticated_list(self): """This API requires authenticated users.""" user = create_user() self.client.force_authenticate(user=user) resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(1, len(resp.data)) self.assertEqual(user.username, resp.data[0]['username']) self.assertNotIn('password', resp.data[0]) self.assertNotIn('is_superuser', resp.data[0])
def setUp(self): project = defaults.project defaults.project.save() defaults.patch_author_person.save() self.patch = Patch(project=project, msgid='x', name=defaults.patch_name, submitter=defaults.patch_author_person, diff='') self.patch.save() self.user = create_user()
def test_list_authenticated(self): """List people as an authenticated user.""" person = create_person() user = create_user(link_person=False) self.client.force_authenticate(user=user) resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(1, len(resp.data)) self.assertSerialized(person, resp.data[0])
def test_unlinked_user(self): defaults.patch_author_person.save() user = create_user() self.client.force_authenticate(user=user) resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(2, len(resp.data)) self.assertEqual(defaults.patch_author_person.name, resp.data[0]['name']) self.assertIsNone(resp.data[0]['user_url'])
def test_patch_delegated(self): # purposefully setting series to None to minimize additional events patch = utils.create_patch(series=None) delegate_a = utils.create_user() # None -> Delegate A patch.delegate = delegate_a patch.save() events = _get_events(patch=patch) self.assertEqual(events.count(), 2) # we don't care about the CATEGORY_PATCH_CREATED event here self.assertEqual(events[1].category, Event.CATEGORY_PATCH_DELEGATED) self.assertEqual(events[1].project, patch.project) self.assertEventFields(events[1], current_delegate=delegate_a) delegate_b = utils.create_user() # Delegate A -> Delegate B patch.delegate = delegate_b patch.save() events = _get_events(patch=patch) self.assertEqual(events.count(), 3) self.assertEqual(events[2].category, Event.CATEGORY_PATCH_DELEGATED) self.assertEventFields(events[2], previous_delegate=delegate_a, current_delegate=delegate_b) # Delegate B -> None patch.delegate = None patch.save() events = _get_events(patch=patch) self.assertEqual(events.count(), 4) self.assertEqual(events[3].category, Event.CATEGORY_PATCH_DELEGATED) self.assertEventFields(events[3], previous_delegate=delegate_b)
def register(self, date): user = create_user() user.is_active = False user.date_joined = user.last_login = date user.save() conf = EmailConfirmation(type="registration", user=user, email=user.email) conf.date = date conf.save() return (user, conf)