def _post(self):
query = {'openid': self.json_args['reviewer_openid']}
user = yield dbapi.db_find_one('users', query)
if not user:
raises.Forbidden(message.unauthorized())
role = self.get_secure_cookie(auth_const.ROLE)
if 'reviewer' not in role.split(','):
self.finish_request({'code': 403,
'msg': 'You do not have the reviewer '
'permision / role!'})
return
test = yield dbapi.db_find_one(
'tests', {'id': self.json_args['test_id']})
if test['owner'] == self.json_args['reviewer_openid']:
self.finish_request({'code': 403,
'msg': 'No permision to review own results'})
return
query = {
'reviewer_openid': self.json_args['reviewer_openid'],
'test_id': self.json_args['test_id']
}
review = yield dbapi.db_find_one(self.table, query)
if review:
if review['outcome'] != self.json_args['outcome']:
yield dbapi.db_update(self.table, query,
{'$set': {
'outcome': self.json_args['outcome'],
'creation_date': datetime.now()}})
self.finish_request()
else:
self.json_args['reviewer_name'] = user['fullname']
self.json_args['reviewer_email'] = user['email']
self._create(miss_fields=[], carriers=[])
class TestTokenCreateResult(test_result.TestResultBase):
def get_app(self):
from opnfv_testapi.router import url_mappings
return web.Application(
url_mappings.mappings,
db=fake_pymongo,
debug=True,
auth=True
)
def setUp(self):
super(TestTokenCreateResult, self).setUp()
fake_pymongo.tokens.insert({"access_token": "12345"})
@executor.create(httplib.FORBIDDEN, message.invalid_token())
def test_resultCreateTokenInvalid(self):
self.headers['X-Auth-Token'] = '1234'
return self.req_d
@executor.create(httplib.UNAUTHORIZED, message.unauthorized())
def test_resultCreateTokenUnauthorized(self):
if 'X-Auth-Token' in self.headers:
self.headers.pop('X-Auth-Token')
return self.req_d
@executor.create(httplib.OK, '_create_success')
def test_resultCreateTokenSuccess(self):
self.headers['X-Auth-Token'] = '12345'
return self.req_d
def _create_success(self, body):
self.assertIn('CreateResponse', str(type(body)))
class TestTokenUpdateProject(TestToken):
def setUp(self):
super(TestTokenUpdateProject, self).setUp()
self.req_d = project_models.ProjectCreateRequest('vping')
fake_pymongo.tokens.insert({"access_token": "12345"})
self.basePath = '/api/v1/projects'
self.headers['X-Auth-Token'] = '12345'
self.create_d()
@executor.update(httplib.FORBIDDEN, message.invalid_token())
def test_projectUpdateTokenIvalid(self):
self.headers['X-Auth-Token'] = '1234'
req = project_models.ProjectUpdateRequest('newName', 'new description')
return req, self.req_d.name
@executor.update(httplib.UNAUTHORIZED, message.unauthorized())
def test_projectUpdateTokenUnauthorized(self):
self.headers.pop('X-Auth-Token')
req = project_models.ProjectUpdateRequest('newName', 'new description')
return req, self.req_d.name
@executor.update(httplib.OK, '_update_success')
def test_projectUpdateTokenSuccess(self):
req = project_models.ProjectUpdateRequest('newName', 'new description')
return req, self.req_d.name
def _update_success(self, request, body):
self.assertIn(request.name, body)
class TestTokenCreateProject(TestToken):
def setUp(self):
super(TestTokenCreateProject, self).setUp()
self.req_d = project_models.ProjectCreateRequest('vping')
fake_pymongo.tokens.insert({"access_token": "12345"})
self.basePath = '/api/v1/projects'
@executor.create(httplib.FORBIDDEN, message.invalid_token())
def test_projectCreateTokenInvalid(self):
self.headers['X-Auth-Token'] = '1234'
return self.req_d
@executor.create(httplib.UNAUTHORIZED, message.unauthorized())
def test_projectCreateTokenUnauthorized(self):
if 'X-Auth-Token' in self.headers:
self.headers.pop('X-Auth-Token')
return self.req_d
@executor.create(httplib.OK, '_create_success')
def test_projectCreateTokenSuccess(self):
self.headers['X-Auth-Token'] = '12345'
return self.req_d
def _create_success(self, body):
self.assertIn('CreateResponse', str(type(body)))
def test_projectDeleteTokenUnauthorized(self):
self.headers['X-Auth-Token'] = '12345'
self.create_d()
self.headers.pop('X-Auth-Token')
code, body = self.delete(self.req_d.name)
self.assertEqual(code, httplib.UNAUTHORIZED)
self.assertIn(message.unauthorized(), body)
def test_projectUpdateTokenUnauthorized(self):
self.headers['X-Auth-Token'] = '12345'
self.create_d()
code, body = self.get(self.req_d.name)
self.headers.pop('X-Auth-Token')
req = project_models.ProjectUpdateRequest('newName', 'new description')
code, body = self.update(req, self.req_d.name)
self.assertEqual(code, httplib.UNAUTHORIZED)
self.assertIn(message.unauthorized(), body)
def wrapper(self, *args, **kwargs):
if self.auth:
try:
token = self.request.headers['X-Auth-Token']
except KeyError:
raises.Unauthorized(message.unauthorized())
query = {'access_token': token}
check = yield self._eval_db_find_one(query, 'tokens')
if not check:
raises.Forbidden(message.invalid_token())
ret = yield gen.coroutine(method)(self, *args, **kwargs)
raise gen.Return(ret)
def _del(self):
query = {'openid': self.json_args['reviewer_openid']}
user = yield dbapi.db_find_one('users', query)
if not user:
raises.Forbidden(message.unauthorized())
role = self.get_secure_cookie(auth_const.ROLE)
if 'reviewer' not in role.split(','):
raises.Unauthorized(message.no_auth())
test = yield dbapi.db_find_one(
'tests', {'id': self.json_args['test_id']})
if test['owner'] == self.json_args['reviewer_openid']:
self.finish_request({'code': 403,
'msg': 'No permision to review own results'})
return
query = {
'reviewer_openid': self.json_args['reviewer_openid'],
'test_id': self.json_args['test_id']
}
yield dbapi.db_delete(self.table, query)
self.finish_request()
def test_projectCreateTokenUnauthorized(self):
self.headers.pop('X-Auth-Token')
code, body = self.create_d()
self.assertEqual(code, httplib.UNAUTHORIZED)
self.assertIn(message.unauthorized(), body)
