示例#1
0
def api(request):
    try:
        access = Access.objects.get(user=request.user)
    except Access.DoesNotExist:
        access = None

    roles = request.amo_user.groups.all()
    if roles:
        messages.error(request, _('Users with roles cannot use the API.'))

    elif not request.amo_user.read_dev_agreement:
        messages.error(request, _('You must accept the terms of service.'))

    elif request.method == 'POST':
        if 'delete' in request.POST:
            if access:
                access.delete()
                messages.success(request, _('API key deleted.'))

        else:
            if not access:
                key = 'mkt:%s:%s' % (request.amo_user.pk,
                                     request.amo_user.email)
                access = Access.objects.create(key=key, user=request.user,
                                               secret=generate())
            else:
                access.update(secret=generate())
            messages.success(request, _('New API key generated.'))

        return redirect(reverse('mkt.developers.apps.api'))

    return jingo.render(request, 'developers/api.html',
                        {'consumer': access, 'profile': profile,
                         'roles': roles})
示例#2
0
 def test_bad_access_token(self):
     url = absolutify(reverse('app-list'))
     Token.generate_new(ACCESS_TOKEN, creds=self.access, user=self.user2)
     url, auth_header = self._oauth_request_info(
         url, client_key=self.access.key,
         client_secret=self.access.secret, resource_owner_key=generate(),
         resource_owner_secret=generate())
     auth = authentication.RestOAuthAuthentication()
     req = RequestFactory().get(
         url, HTTP_HOST='testserver',
         HTTP_AUTHORIZATION=auth_header)
     assert not auth.is_authenticated(req)
示例#3
0
 def test_bad_access_token(self):
     url = absolutify(reverse('app-list'))
     Token.generate_new(ACCESS_TOKEN, creds=self.access, user=self.user2)
     url, auth_header = self._oauth_request_info(
         url, client_key=self.access.key,
         client_secret=self.access.secret, resource_owner_key=generate(),
         resource_owner_secret=generate())
     auth = authentication.OAuthAuthentication()
     req = RequestFactory().get(
         url, HTTP_HOST='testserver',
         HTTP_AUTHORIZATION=auth_header)
     eq_(auth.is_authenticated(req).status_code, 401)
示例#4
0
 def test_bad_access_token(self):
     url = get_absolute_url(('api_dispatch_list', {'resource_name': 'app'}))
     Token.generate_new(ACCESS_TOKEN, creds=self.access, user=self.user2)
     url, auth_header = self._oauth_request_info(
         url, client_key=self.access.key,
         client_secret=self.access.secret, resource_owner_key=generate(),
         resource_owner_secret=generate())
     auth = authentication.OAuthAuthentication()
     req = RequestFactory().get(
         url, HTTP_HOST='testserver',
         HTTP_AUTHORIZATION=auth_header)
     eq_(auth.is_authenticated(req).status_code, 401)
示例#5
0
 def test_bad_access_request(self):
     t = Token.generate_new(REQUEST_TOKEN, self.access)
     url = urlparse.urljoin(settings.SITE_URL,
                            reverse('mkt.developers.oauth_access_request'))
     url, auth_header = self._oauth_request_info(
         url, client_key=t.key, client_secret=t.secret,
         resource_owner_key=generate(), resource_owner_secret=generate(),
         verifier=generate(), callback_uri=self.access.redirect_uri)
     res = self.client.get(url, HTTP_HOST='testserver',
                           HTTP_AUTHORIZATION=auth_header)
     eq_(res.status_code, 401)
     assert not Token.objects.filter(token_type=ACCESS_TOKEN).exists()
示例#6
0
 def test_bad_access_token(self):
     url = absolutify(reverse('app-list'))
     Token.generate_new(ACCESS_TOKEN, creds=self.access, user=self.user2)
     url, auth_header = self._oauth_request_info(
         url, client_key=self.access.key,
         client_secret=self.access.secret, resource_owner_key=generate(),
         resource_owner_secret=generate())
     auth = authentication.RestOAuthAuthentication()
     req = RequestFactory().get(
         url, HTTP_HOST='testserver',
         HTTP_AUTHORIZATION=auth_header)
     req.API = True
     RestOAuthMiddleware().process_request(req)
     assert not auth.authenticate(Request(req))
示例#7
0
 def test_bad_access_token(self):
     url = absolutify(reverse('app-list'))
     Token.generate_new(ACCESS_TOKEN, creds=self.access, user=self.user2)
     url, auth_header = self._oauth_request_info(
         url, client_key=self.access.key,
         client_secret=self.access.secret, resource_owner_key=generate(),
         resource_owner_secret=generate())
     auth = authentication.RestOAuthAuthentication()
     req = RequestFactory().get(
         url, HTTP_HOST='testserver',
         HTTP_AUTHORIZATION=auth_header)
     req.API = True
     req.user = AnonymousUser()
     RestOAuthMiddleware().process_request(req)
     ok_(not auth.authenticate(Request(req)))
     ok_(not req.user.is_authenticated())
示例#8
0
 def login_user(self):
     self.profile.update(read_dev_agreement=datetime.now())
     self.access = Access.objects.create(key='oauthClientKeyForTests',
                                         secret=generate(),
                                         user=self.user)
     self.client = RestOAuthClient(self.access)
     self.anon = RestOAuthClient(None)
示例#9
0
 def test_owner_still_non_reviewer_access(self):
     user = Webapp.objects.get(pk=337141).authors.all()[0]
     access = Access.objects.create(
         key='test_oauth_key_owner', secret=generate(), user=user)
     client = RestOAuthClient(access)
     res = client.get(self.url)
     eq_(res.status_code, 403)
示例#10
0
def api(request):
    roles = request.amo_user.groups.filter(name='Admins').exists()
    f = APIConsumerForm()
    if roles:
        messages.error(request,
                       _('Users with the admin role cannot use the API.'))

    elif request.method == 'POST':
        if 'delete' in request.POST:
            try:
                consumer = Access.objects.get(pk=request.POST.get('consumer'))
                consumer.delete()
            except Access.DoesNotExist:
                messages.error(request, _('No such API key.'))
        else:
            key = 'mkt:%s:%s:%s' % (
                request.amo_user.pk, request.amo_user.email,
                Access.objects.filter(user=request.user).count())
            access = Access.objects.create(key=key,
                                           user=request.user,
                                           secret=generate())
            f = APIConsumerForm(request.POST, instance=access)
            if f.is_valid():
                f.save()
                messages.success(request, _('New API key generated.'))
            else:
                access.delete()
    consumers = list(Access.objects.filter(user=request.user))
    return jingo.render(request, 'developers/api.html', {
        'consumers': consumers,
        'roles': roles,
        'form': f
    })
示例#11
0
    def setUp(self, api_name="apps"):
        self.user = User.objects.get(pk=2519)
        self.profile = self.user.get_profile()
        self.profile.update(read_dev_agreement=datetime.now())

        self.access = Access.objects.create(key="foo", secret=generate(), user=self.user)
        self.client = OAuthClient(self.access, api_name=api_name)
示例#12
0
 def test_owner_still_non_reviewer_access(self):
     user = Webapp.objects.get(pk=337141).authors.all()[0].user
     access = Access.objects.create(
         key='test_oauth_key_owner', secret=generate(), user=user)
     client = RestOAuthClient(access)
     res = client.get(self.url)
     eq_(res.status_code, 403)
示例#13
0
def api(request):
    roles = request.amo_user.groups.filter(name='Admins').exists()
    f = APIConsumerForm()
    if roles:
        messages.error(request,
                       _('Users with the admin role cannot use the API.'))

    elif request.method == 'POST':
        if 'delete' in request.POST:
            try:
                consumer = Access.objects.get(pk=request.POST.get('consumer'))
                consumer.delete()
            except Access.DoesNotExist:
                messages.error(request, _('No such API key.'))
        else:
            key = 'mkt:%s:%s:%s' % (
                request.amo_user.pk,
                request.amo_user.email,
                Access.objects.filter(user=request.user).count())
            access = Access.objects.create(key=key,
                                           user=request.user,
                                           secret=generate())
            f = APIConsumerForm(request.POST, instance=access)
            if f.is_valid():
                f.save()
                messages.success(request, _('New API key generated.'))
            else:
                access.delete()
    consumers = list(Access.objects.filter(user=request.user))
    return jingo.render(request, 'developers/api.html',
                        {'consumers': consumers, 'roles': roles, 'form': f})
示例#14
0
 def login_user(self):
     self.profile.update(read_dev_agreement=datetime.now())
     self.access = Access.objects.create(key='oauthClientKeyForTests',
                                         secret=generate(),
                                         user=self.user)
     self.client = RestOAuthClient(self.access)
     self.anon = RestOAuthClient(None)
示例#15
0
 def setUp(self):
     self.api_name = 'foo'
     self.auth = authentication.OAuthAuthentication()
     self.profile = UserProfile.objects.get(pk=2519)
     self.profile.update(read_dev_agreement=datetime.today())
     self.access = Access.objects.create(key='foo', secret=generate(),
                                         user=self.profile.user)
示例#16
0
 def setUp(self):
     self.user = User.objects.get(pk=2519)
     self.profile = self.user.get_profile()
     self.profile.update(read_dev_agreement=datetime.now())
     self.access = Access.objects.create(key="oauthClientKeyForTests", secret=generate(), user=self.user)
     self.client = RestOAuthClient(self.access)
     self.anon = RestOAuthClient(None)
示例#17
0
文件: views.py 项目: rskumar/zamboni
def api(request):
    roles = request.amo_user.groups.filter(name="Admins").exists()
    f = APIConsumerForm()
    if roles:
        messages.error(request, _("Users with the admin role cannot use the API."))

    elif request.method == "POST":
        if "delete" in request.POST:
            try:
                consumer = Access.objects.get(pk=request.POST.get("consumer"))
                consumer.delete()
            except Access.DoesNotExist:
                messages.error(request, _("No such API key."))
        else:
            key = "mkt:%s:%s:%s" % (
                request.amo_user.pk,
                request.amo_user.email,
                Access.objects.filter(user=request.user).count(),
            )
            access = Access.objects.create(key=key, user=request.user, secret=generate())
            f = APIConsumerForm(request.POST, instance=access)
            if f.is_valid():
                f.save()
                messages.success(request, _("New API key generated."))
            else:
                access.delete()
    consumers = list(Access.objects.filter(user=request.user))
    return jingo.render(
        request, "developers/api.html", {"consumers": consumers, "profile": profile, "roles": roles, "form": f}
    )
示例#18
0
 def setUp(self):
     self.api_name = 'foo'
     self.auth = authentication.OAuthAuthentication()
     self.profile = UserProfile.objects.get(pk=2519)
     self.profile.update(read_dev_agreement=datetime.today())
     self.access = Access.objects.create(key='test_oauth_key',
                                         secret=generate(),
                                         user=self.profile.user)
示例#19
0
 def setUp(self, api_name='apps'):
     self.profile = self.user = UserProfile.objects.get(pk=2519)
     self.profile.update(read_dev_agreement=datetime.now())
     self.access = Access.objects.create(key='oauthClientKeyForTests',
                                         secret=generate(),
                                         user=self.user)
     self.client = OAuthClient(self.access, api_name=api_name)
     self.anon = OAuthClient(None, api_name=api_name)
示例#20
0
 def setUp(self):
     self.api_name = "foo"
     self.profile = UserProfile.objects.get(pk=2519)
     self.profile.update(read_dev_agreement=datetime.today())
     self.access = Access.objects.create(key="test_oauth_key", secret=generate(), user=self.profile.user)
     self.auth = authentication.RestOAuthAuthentication()
     self.middlewares = [RedirectPrefixedURIMiddleware, RestOAuthMiddleware]
     unpin_this_thread()
示例#21
0
 def test_reviewer_get(self):
     self.create_app()
     editor = UserProfile.objects.get(email="*****@*****.**")
     g = Group.objects.create(rules="Apps:Review,Reviews:Edit")
     GroupUser.objects.create(group=g, user=editor)
     ac = Access.objects.create(key="adminOauthKey", secret=generate(), user=editor.user)
     client = RestOAuthClient(ac)
     r = client.get(self.get_url)
     eq_(r.status_code, 200)
示例#22
0
 def test_admin_get(self):
     self.create_app()
     admin = UserProfile.objects.get(email="*****@*****.**")
     g = Group.objects.create(rules="*:*")
     GroupUser.objects.create(group=g, user=admin)
     ac = Access.objects.create(key="adminOauthKey", secret=generate(), user=admin.user)
     client = RestOAuthClient(ac)
     r = client.get(self.get_url)
     eq_(r.status_code, 200)
示例#23
0
    def test_bad_token_request(self):
        url = settings.SITE_URL + reverse("mkt.developers.oauth_token_request")
        url, auth_header = self._oauth_request_info(
            url, client_key=self.access.key, client_secret=generate(), callback_uri=self.access.redirect_uri
        )

        res = self.client.get(url, HTTP_HOST="testserver", HTTP_AUTHORIZATION=auth_header)
        eq_(res.status_code, 401)
        assert not Token.objects.filter(token_type=REQUEST_TOKEN).exists()
示例#24
0
    def setUp(self):
        self.user = User.objects.get(pk=2519)
        self.profile = self.user.get_profile()
        self.profile.update(read_dev_agreement=datetime.now())

        self.access = Access.objects.create(key='foo',
                                            secret=generate(),
                                            user=self.user)
        self.client = OAuthClient(self.access)
示例#25
0
 def setUp(self):
     self.user = User.objects.get(pk=2519)
     self.profile = self.user.get_profile()
     self.profile.update(read_dev_agreement=datetime.now())
     self.access = Access.objects.create(key='oauthClientKeyForTests',
                                         secret=generate(),
                                         user=self.user)
     self.client = RestOAuthClient(self.access)
     self.anon = RestOAuthClient(None)
示例#26
0
 def setUp(self, api_name='apps'):
     self.profile = self.user = UserProfile.objects.get(pk=2519)
     self.profile.update(read_dev_agreement=datetime.now())
     self.app_name = 'Mkt Test App'
     self.redirect_uri = 'https://example.com/redirect_target'
     self.access = Access.objects.create(key='oauthClientKeyForTests',
                                         secret=generate(),
                                         user=self.user,
                                         redirect_uri=self.redirect_uri,
                                         app_name=self.app_name)
示例#27
0
 def test_admin_get(self):
     self.create_app()
     admin = UserProfile.objects.get(email='*****@*****.**')
     g = Group.objects.create(rules='*:*')
     GroupUser.objects.create(group=g, user=admin)
     ac = Access.objects.create(key='adminOauthKey', secret=generate(),
                                user=admin.user)
     client = OAuthClient(ac, api_name='apps')
     r = client.get(self.get_url)
     eq_(r.status_code, 200)
 def setUp(self):
     self.api_name = 'foo'
     self.profile = UserProfile.objects.get(pk=2519)
     self.profile.update(read_dev_agreement=datetime.today())
     self.access = Access.objects.create(key='test_oauth_key',
                                         secret=generate(),
                                         user=self.profile)
     self.auth = authentication.RestOAuthAuthentication()
     self.middlewares = [APIBaseMiddleware, RestOAuthMiddleware]
     unpin_this_thread()
示例#29
0
 def setUp(self, api_name='apps'):
     self.profile = self.user = UserProfile.objects.get(pk=2519)
     self.profile.update(read_dev_agreement=datetime.now())
     self.app_name = 'Mkt Test App'
     self.redirect_uri = 'https://example.com/redirect_target'
     self.access = Access.objects.create(key='oauthClientKeyForTests',
                                         secret=generate(),
                                         user=self.user,
                                         redirect_uri=self.redirect_uri,
                                         app_name=self.app_name)
示例#30
0
 def setUp(self):
     self.api_name = 'foo'
     self.profile = UserProfile.objects.get(pk=2519)
     self.profile.update(read_dev_agreement=datetime.today())
     self.access = Access.objects.create(key='test_oauth_key',
                                         secret=generate(),
                                         user=self.profile.user)
     self.auth = authentication.RestOAuthAuthentication()
     self.middlewares = [RedirectPrefixedURIMiddleware, RestOAuthMiddleware]
     unpin_this_thread()
示例#31
0
 def test_reviewer_get(self):
     self.create_app()
     editor = UserProfile.objects.get(email='*****@*****.**')
     g = Group.objects.create(rules='Apps:Review,Reviews:Edit')
     GroupUser.objects.create(group=g, user=editor)
     ac = Access.objects.create(key='adminOauthKey', secret=generate(),
                                user=editor.user)
     client = OAuthClient(ac, api_name='apps')
     r = client.get(self.get_url)
     eq_(r.status_code, 200)
示例#32
0
    def test_bad_token_request(self):
        url = settings.SITE_URL + reverse('mkt.developers.oauth_token_request')
        url, auth_header = self._oauth_request_info(
            url,
            client_key=self.access.key,
            client_secret=generate(),
            callback_uri=self.access.redirect_uri)

        res = self.client.get(url,
                              HTTP_HOST='testserver',
                              HTTP_AUTHORIZATION=auth_header)
        eq_(res.status_code, 401)
        assert not Token.objects.filter(token_type=REQUEST_TOKEN).exists()
示例#33
0
文件: views.py 项目: flyun/zamboni
def api(request):
    try:
        access = Access.objects.get(user=request.user)
    except Access.DoesNotExist:
        access = None

    roles = request.amo_user.groups.filter(name='Admins').exists()
    if roles:
        messages.error(request,
                       _('Users with the admin role cannot use the API.'))

    elif not request.amo_user.read_dev_agreement:
        messages.error(request, _('You must accept the terms of service.'))

    elif request.method == 'POST':
        if 'delete' in request.POST:
            if access:
                access.delete()
                messages.success(request, _('API key deleted.'))

        else:
            if not access:
                key = 'mkt:%s:%s' % (request.amo_user.pk,
                                     request.amo_user.email)
                access = Access.objects.create(key=key,
                                               user=request.user,
                                               secret=generate())
            else:
                access.update(secret=generate())
            messages.success(request, _('New API key generated.'))

        return redirect(reverse('mkt.developers.apps.api'))

    return jingo.render(request, 'developers/api.html', {
        'consumer': access,
        'profile': profile,
        'roles': roles
    })
示例#34
0
    def setUp(self, api_name="apps"):
        self.user = User.objects.get(pk=2519)
        self.profile = self.user.get_profile()
        self.profile.update(read_dev_agreement=datetime.now())
        self.grant_permission(self.profile, "Apps:Review")

        self.access = Access.objects.create(key="foo", secret=generate(), user=self.user)
        self.client = OAuthClient(self.access, api_name=api_name)
        self.url = list_url("search")

        self.webapp = Webapp.objects.get(pk=337141)
        self.category = Category.objects.create(name="test", type=amo.ADDON_WEBAPP)
        self.webapp.save()
        self.refresh()
示例#35
0
 def setUp(self, api_name="apps"):
     self.user = User.objects.get(pk=2519)
     self.user2 = User.objects.get(pk=999)
     self.profile = self.user.get_profile()
     self.profile.update(read_dev_agreement=datetime.now())
     self.app_name = "Mkt Test App"
     self.redirect_uri = "https://example.com/redirect_target"
     self.access = Access.objects.create(
         key="oauthClientKeyForTests",
         secret=generate(),
         user=self.user,
         redirect_uri=self.redirect_uri,
         app_name=self.app_name,
     )
示例#36
0
    def setUp(self):
        super(TestApiReviewer, self).setUp()
        self.user = User.objects.get(pk=2519)
        self.profile = self.user.get_profile()
        self.profile.update(read_dev_agreement=datetime.now())
        self.grant_permission(self.profile, "Apps:Review")

        self.access = Access.objects.create(key="test_oauth_key", secret=generate(), user=self.user)
        self.url = reverse("reviewers-search-api")

        self.webapp = Webapp.objects.get(pk=337141)
        self.category = Category.objects.create(name="test", type=amo.ADDON_WEBAPP)

        self.webapp.update(status=amo.STATUS_PENDING)
        self.refresh("webapp")
    def setUp(self):
        super(TestApiReviewer, self).setUp()
        self.user = UserProfile.objects.get(pk=2519)
        self.profile = self.user
        self.profile.update(read_dev_agreement=datetime.now())
        self.grant_permission(self.profile, 'Apps:Review')

        self.access = Access.objects.create(
            key='test_oauth_key', secret=generate(), user=self.user)
        self.url = reverse('reviewers-search-api')

        self.webapp = Webapp.objects.get(pk=337141)

        self.webapp.update(status=amo.STATUS_PENDING)
        self.refresh('webapp')
示例#38
0
文件: test_api.py 项目: flyun/zamboni
    def setUp(self, api_name='apps'):
        self.user = User.objects.get(pk=2519)
        self.profile = self.user.get_profile()
        self.profile.update(read_dev_agreement=datetime.now())
        self.grant_permission(self.profile, 'Apps:Review')

        self.access = Access.objects.create(key='foo', secret=generate(),
                                            user=self.user)
        self.client = OAuthClient(self.access, api_name=api_name)
        self.list_url = ('api_dispatch_list', {'resource_name': 'search'})

        self.webapp = Webapp.objects.get(pk=337141)
        self.category = Category.objects.create(name='test',
                                                type=amo.ADDON_WEBAPP)
        self.webapp.save()
        self.refresh()
示例#39
0
    def test_admin_get(self):
        app = self.create_app()
        data = self.base_data()
        self.client.put(self.get_url, data=json.dumps(data))

        admin = UserProfile.objects.get(email="*****@*****.**")
        g = Group.objects.create(rules="*:*")
        GroupUser.objects.create(group=g, user=admin)
        ac = Access.objects.create(key="adminOauthKey", secret=generate(), user=admin)
        client = RestOAuthClient(ac)
        r = client.get(self.get_url)
        eq_(r.status_code, 200)

        res = client.get(reverse("app-privacy-policy-detail", args=[app.pk]))
        eq_(r.status_code, 200)
        eq_(res.json["privacy_policy"], data["privacy_policy"])
示例#40
0
    def setUp(self):
        super(TestApiReviewer, self).setUp()
        self.user = UserProfile.objects.get(pk=2519)
        self.profile = self.user
        self.profile.update(read_dev_agreement=datetime.now())
        self.grant_permission(self.profile, 'Apps:Review')

        self.access = Access.objects.create(key='test_oauth_key',
                                            secret=generate(),
                                            user=self.user)
        self.url = reverse('reviewers-search-api')

        self.webapp = Webapp.objects.get(pk=337141)

        self.webapp.update(status=amo.STATUS_PENDING)
        self.refresh('webapp')
示例#41
0
    def setUp(self, api_name='apps'):
        self.user = User.objects.get(pk=2519)
        self.profile = self.user.get_profile()
        self.profile.update(read_dev_agreement=datetime.now())
        self.grant_permission(self.profile, 'Apps:Review')

        self.access = Access.objects.create(key='foo',
                                            secret=generate(),
                                            user=self.user)
        self.client = OAuthClient(self.access, api_name=api_name)
        self.list_url = ('api_dispatch_list', {'resource_name': 'search'})

        self.webapp = Webapp.objects.get(pk=337141)
        self.category = Category.objects.create(name='test',
                                                type=amo.ADDON_WEBAPP)
        self.webapp.save()
        self.refresh()
示例#42
0
    def test_reviewer_get(self):
        app = self.create_app()
        data = self.base_data()
        self.client.put(self.get_url, data=json.dumps(data))

        editor = UserProfile.objects.get(email='*****@*****.**')
        g = Group.objects.create(rules='Apps:Review,Reviews:Edit')
        GroupUser.objects.create(group=g, user=editor)
        ac = Access.objects.create(key='adminOauthKey', secret=generate(),
                                   user=editor.user)
        client = RestOAuthClient(ac)
        r = client.get(self.get_url)
        eq_(r.status_code, 200)

        res = client.get(reverse('app-privacy-policy-detail',
                                 args=[app.pk]))
        eq_(r.status_code, 200)
        eq_(res.json['privacy_policy'], data['privacy_policy'])
示例#43
0
    def setUp(self, api_name='reviewers'):
        super(TestApiReviewer, self).setUp(api_name=api_name)
        self.user = User.objects.get(pk=2519)
        self.profile = self.user.get_profile()
        self.profile.update(read_dev_agreement=datetime.now())
        self.grant_permission(self.profile, 'Apps:Review')

        self.access = Access.objects.create(
            key='test_oauth_key', secret=generate(), user=self.user)
        self.client = OAuthClient(self.access, api_name=api_name)
        self.url = list_url('search')

        self.webapp = Webapp.objects.get(pk=337141)
        self.category = Category.objects.create(name='test',
                                                type=amo.ADDON_WEBAPP)

        self.webapp.update(status=amo.STATUS_PENDING)
        self.refresh('webapp')
示例#44
0
    def setUp(self, api_name='reviewers'):
        super(TestApiReviewer, self).setUp(api_name=api_name)
        self.user = User.objects.get(pk=2519)
        self.profile = self.user.get_profile()
        self.profile.update(read_dev_agreement=datetime.now())
        self.grant_permission(self.profile, 'Apps:Review')

        self.access = Access.objects.create(
            key='test_oauth_key', secret=generate(), user=self.user)
        self.client = OAuthClient(self.access, api_name=api_name)
        self.url = list_url('search')

        self.webapp = Webapp.objects.get(pk=337141)
        self.category = Category.objects.create(name='test',
                                                type=amo.ADDON_WEBAPP)

        self.webapp.update(status=amo.STATUS_PENDING)
        self.refresh('webapp')
示例#45
0
    def test_admin_get(self):
        app = self.create_app()
        data = self.base_data()
        self.client.put(self.get_url, data=json.dumps(data))

        admin = UserProfile.objects.get(email='*****@*****.**')
        g = Group.objects.create(rules='*:*')
        GroupUser.objects.create(group=g, user=admin)
        ac = Access.objects.create(key='adminOauthKey', secret=generate(),
                                   user=admin.user)
        client = RestOAuthClient(ac)
        r = client.get(self.get_url)
        eq_(r.status_code, 200)

        res = client.get(reverse('app-privacy-policy-detail',
                                 args=[app.pk]))
        eq_(r.status_code, 200)
        eq_(res.json['privacy_policy'], data['privacy_policy'])
示例#46
0
 def test_owner_still_non_reviewer_access(self):
     user = Webapp.objects.get(pk=337141).authors.all()[0].user
     access = Access.objects.create(key="test_oauth_key_owner", secret=generate(), user=user)
     client = OAuthClient(access, api_name="reviewers")
     res = client.get(self.url)
     eq_(res.status_code, 401)
示例#47
0
 def setup_client(self, user):
     access = Access.objects.create(key='test_oauth_key_owner',
                                    secret=generate(),
                                    user=user)
     return RestOAuthClient(access)
示例#48
0
 def setup_client(self, user):
     access = Access.objects.create(key='test_oauth_key_owner',
                                    secret=generate(), user=user)
     return RestOAuthClient(access)