diff options
author | Jessica Tallon <jessica@megworld.co.uk> | 2014-07-10 18:17:47 +0100 |
---|---|---|
committer | Jessica Tallon <jessica@megworld.co.uk> | 2014-07-22 23:13:16 +0100 |
commit | 967df5eff0c00fe7cd860ebfb297ee1f2e0bcdaf (patch) | |
tree | 5b6bfb599e283b7b8dbc6f79e1e8472edca6f95b /mediagoblin/tests | |
parent | ee9956c3de39854f32207789b223f09eb7bbb20b (diff) | |
download | mediagoblin-967df5eff0c00fe7cd860ebfb297ee1f2e0bcdaf.tar.lz mediagoblin-967df5eff0c00fe7cd860ebfb297ee1f2e0bcdaf.tar.xz mediagoblin-967df5eff0c00fe7cd860ebfb297ee1f2e0bcdaf.zip |
Require uploader privileges to upload media to API
Diffstat (limited to 'mediagoblin/tests')
-rw-r--r-- | mediagoblin/tests/test_api.py | 43 | ||||
-rw-r--r-- | mediagoblin/tests/test_oauth1.py | 9 |
2 files changed, 28 insertions, 24 deletions
diff --git a/mediagoblin/tests/test_api.py b/mediagoblin/tests/test_api.py index e1ca688b..21222304 100644 --- a/mediagoblin/tests/test_api.py +++ b/mediagoblin/tests/test_api.py @@ -19,21 +19,16 @@ import json import pytest import mock +from webtest import AppError + from mediagoblin import mg_globals from .resources import GOOD_JPG +from mediagoblin.db.models import User from mediagoblin.tests.tools import fixture_add_user from mediagoblin.moderation.tools import take_away_privileges from .resources import GOOD_JPG, GOOD_PNG, EVIL_FILE, EVIL_JPG, EVIL_PNG, \ BIG_BLUE -def mocked_oauth_required(*args, **kwargs): - """ Mocks mediagoblin.decorator.oauth_required to always validate """ - - def oauth_required(controller): - return controller - - return oauth_required - class TestAPI(object): @pytest.fixture(autouse=True) @@ -42,6 +37,18 @@ class TestAPI(object): self.db = mg_globals.database self.user = fixture_add_user(privileges=[u'active', u'uploader']) + def mocked_oauth_required(self, *args, **kwargs): + """ Mocks mediagoblin.decorator.oauth_required to always validate """ + + def fake_controller(controller, request, *args, **kwargs): + request.user = User.query.filter_by(id=self.user.id).first() + return controller(request, *args, **kwargs) + + def oauth_required(c): + return lambda *args, **kwargs: fake_controller(c, *args, **kwargs) + + return oauth_required + def test_can_post_image(self, test_app): """ Tests that an image can be posted to the API """ # First request we need to do is to upload the image @@ -52,7 +59,7 @@ class TestAPI(object): } - with mock.patch("mediagoblin.decorators.oauth_required", new_callable=mocked_oauth_required): + with mock.patch("mediagoblin.decorators.oauth_required", new_callable=self.mocked_oauth_required): response = test_app.post( "/api/user/{0}/uploads".format(self.user.username), data, @@ -98,15 +105,13 @@ class TestAPI(object): "Content-Length": str(len(data)), } - with mock.patch("mediagoblin.decorators.oauth_required", new_callable=mocked_oauth_required): - response = test_app.post( - "/api/user/{0}/uploads".format(self.user.username), - data, - headers=headers - ) - - error = json.loads(response.body) + with mock.patch("mediagoblin.decorators.oauth_required", new_callable=self.mocked_oauth_required): + with pytest.raises(AppError) as excinfo: + response = test_app.post( + "/api/user/{0}/uploads".format(self.user.username), + data, + headers=headers + ) # Assert that we've got a 403 - assert response.status_code == 403 - assert "error" in error + assert "403 FORBIDDEN" in excinfo.value.message diff --git a/mediagoblin/tests/test_oauth1.py b/mediagoblin/tests/test_oauth1.py index 073c2884..568036e5 100644 --- a/mediagoblin/tests/test_oauth1.py +++ b/mediagoblin/tests/test_oauth1.py @@ -52,8 +52,8 @@ class TestOAuth(object): def register_client(self, **kwargs): """ Regiters a client with the API """ - - kwargs["type"] = "client_associate" + + kwargs["type"] = "client_associate" kwargs["application_type"] = kwargs.get("application_type", "native") return self.test_app.post("/api/client/register", kwargs) @@ -63,7 +63,7 @@ class TestOAuth(object): client_info = response.json client = self.db.Client.query.filter_by(id=client_info["client_id"]).first() - + assert response.status_int == 200 assert client is not None @@ -81,7 +81,7 @@ class TestOAuth(object): client_info = response.json client = self.db.Client.query.filter_by(id=client_info["client_id"]).first() - + assert client is not None assert client.secret == client_info["client_secret"] assert client.application_type == query["application_type"] @@ -163,4 +163,3 @@ class TestOAuth(object): assert request_token.client == client.id assert request_token.used == False assert request_token.callback == request_query["oauth_callback"] - |