From patchwork Tue Oct 30 11:31:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Finucane X-Patchwork-Id: 990755 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42kq8b0jQZz9s7W for ; Tue, 30 Oct 2018 22:33:03 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=that.guru Authentication-Results: ozlabs.org; dkim=fail reason="key not found in DNS" (0-bit key; unprotected) header.d=that.guru header.i=@that.guru header.b="gbGZrjpb"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 42kq8Z5kstzF1PT for ; Tue, 30 Oct 2018 22:33:02 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=that.guru Authentication-Results: lists.ozlabs.org; dkim=fail reason="key not found in DNS" (0-bit key; unprotected) header.d=that.guru header.i=@that.guru header.b="gbGZrjpb"; dkim-atps=neutral X-Original-To: patchwork@lists.ozlabs.org Delivered-To: patchwork@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (mailfrom) smtp.mailfrom=that.guru (client-ip=185.234.75.12; helo=relay012.mxrelay.co; envelope-from=stephen@that.guru; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=that.guru Authentication-Results: lists.ozlabs.org; dkim=fail reason="key not found in DNS" (0-bit key; unprotected) header.d=that.guru header.i=@that.guru header.b="gbGZrjpb"; dkim-atps=neutral Received: from relay012.mxrelay.co (relay012.mxrelay.co [185.234.75.12]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 42kq7z45b4zF1Q6 for ; Tue, 30 Oct 2018 22:32:31 +1100 (AEDT) Received: from filter002.mxroute.com (unknown [185.133.192.179]) by relay012.mxrelay.co (Postfix) with ESMTP id 4D1CC3F727 for ; Tue, 30 Oct 2018 11:31:59 +0000 (UTC) Received: from one.mxroute.com (one.mxroute.com [195.201.59.211]) by filter002.mxroute.com (Postfix) with ESMTPS id 26D5A3F546 for ; Tue, 30 Oct 2018 11:31:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=that.guru; s=default; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=1oJEqYTf848MXIcRRVnZS0AhfsPn4d+hK9UGVYqYNkU=; b=gbGZrjpbp5lztsnhrrlPcILgpm WPmYUO5OpLF7rq4Ykl/8IBB6zc2gQgyY0wWGM3aI0PILRinlpRr+1+8sgNgi8kQX57il/gL6eC3uf o2SRqzu7Ry2kJjQMdd8nKY7k9dpzy8++E92HKnM0zioZiAFIySQX/RrTsxEdM3FFLcQbV9/SyrPWG 2oMsvY8F21witWtKtXNJlog7HwoF7TYDUxI3DOOdsIonBHprdLjvW4/DZOIoxfK+bqfMrR5NYPukb xQ2Zc27n2Me9IKwHwcYkh2n6HWKpgdYKixjB/Pekp4vRj4EyBHXRZ2RsBwc6H66SimT15wEHytrpQ wUFZz0/g==; From: Stephen Finucane To: patchwork@lists.ozlabs.org Subject: [PATCH 02/13] tests: Add 'store_samples' decorator to 'test_bundle' Date: Tue, 30 Oct 2018 11:31:42 +0000 Message-Id: <20181030113153.7855-3-stephen@that.guru> X-Mailer: git-send-email 2.17.2 In-Reply-To: <20181030113153.7855-1-stephen@that.guru> References: <20181030113153.7855-1-stephen@that.guru> X-AuthUser: stephen@that.guru X-BeenThere: patchwork@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Patchwork development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Patchwork" Add the decorator to the 'test_bundle' test class. This involves splitting up the test cases so that each test case we care about makes only a single request. We also add a missing test to ensure private bundles cannot be shown by anyone but the owner. Signed-off-by: Stephen Finucane --- patchwork/tests/api/test_bundle.py | 76 ++++++++++++++++++++++++++---- 1 file changed, 67 insertions(+), 9 deletions(-) diff --git a/patchwork/tests/api/test_bundle.py b/patchwork/tests/api/test_bundle.py index 2de4f99d..e33c25ef 100644 --- a/patchwork/tests/api/test_bundle.py +++ b/patchwork/tests/api/test_bundle.py @@ -8,6 +8,7 @@ import unittest from django.conf import settings from django.urls import reverse +from patchwork.tests.api import utils from patchwork.tests.utils import create_bundle from patchwork.tests.utils import create_maintainer from patchwork.tests.utils import create_project @@ -53,12 +54,13 @@ class TestBundleAPI(APITestCase): self.assertEqual(bundle_obj.project.id, bundle_json['project']['id']) - def test_list(self): - """Validate we can list bundles.""" + def test_list_empty(self): + """List bundles when none are present.""" resp = self.client.get(self.api_url()) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertEqual(0, len(resp.data)) + def _create_bundles(self): user = create_user(username='myuser') project = create_project(linkname='myproject') bundle_public = create_bundle(public=True, owner=user, @@ -66,6 +68,12 @@ class TestBundleAPI(APITestCase): bundle_private = create_bundle(public=False, owner=user, project=project) + return user, project, bundle_public, bundle_private + + def test_list_anonymous(self): + """List bundles as anonymous user.""" + user, project, bundle_public, _ = self._create_bundles() + # anonymous users # should only see the public bundle resp = self.client.get(self.api_url()) @@ -74,6 +82,11 @@ class TestBundleAPI(APITestCase): bundle_rsp = resp.data[0] self.assertSerialized(bundle_public, bundle_rsp) + @utils.store_samples('bundle-list') + def test_list_authenticated(self): + """List bundles as an authenticated user.""" + user, project, bundle_public, bundle_private = self._create_bundles() + # authenticated user # should see the public and private bundle self.client.force_authenticate(user=user) @@ -84,14 +97,24 @@ class TestBundleAPI(APITestCase): resp.data, [bundle_public, bundle_private]): self.assertSerialized(bundle_obj, bundle_rsp) + def test_list_filter_project(self): + """Filter bundles by project.""" + user, project, bundle_public, bundle_private = self._create_bundles() + # test filtering by project + self.client.force_authenticate(user=user) resp = self.client.get(self.api_url(), {'project': 'myproject'}) self.assertEqual([bundle_public.id, bundle_private.id], [x['id'] for x in resp.data]) resp = self.client.get(self.api_url(), {'project': 'invalidproject'}) self.assertEqual(0, len(resp.data)) + def test_list_filter_owner(self): + """Filter bundles by owner.""" + user, project, bundle_public, bundle_private = self._create_bundles() + # test filtering by owner, both ID and username + self.client.force_authenticate(user=user) resp = self.client.get(self.api_url(), {'owner': user.id}) self.assertEqual([bundle_public.id, bundle_private.id], [x['id'] for x in resp.data]) @@ -101,28 +124,63 @@ class TestBundleAPI(APITestCase): resp = self.client.get(self.api_url(), {'owner': 'otheruser'}) self.assertEqual(0, len(resp.data)) + @utils.store_samples('bundle-list-1.0') def test_list_version_1_0(self): - """Validate that newer fields are dropped for older API versions.""" - create_bundle(public=True) + """List bundles using API v1.0. + + Validate that newer fields are dropped for older API versions. + """ + user, _, _, _ = self._create_bundles() + self.client.force_authenticate(user=user) resp = self.client.get(self.api_url(version='1.0')) self.assertEqual(status.HTTP_200_OK, resp.status_code) - self.assertEqual(1, len(resp.data)) + self.assertEqual(2, len(resp.data)) self.assertIn('url', resp.data[0]) self.assertNotIn('web_url', resp.data[0]) - def test_detail(self): - """Validate we can get a specific bundle.""" - bundle = create_bundle(public=True) + def test_detail_anonymous_public(self): + """Show public bundle as anonymous user. + + Validate we can get a public bundle. + """ + user, _, bundle, _ = self._create_bundles() resp = self.client.get(self.api_url(bundle.id)) self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertSerialized(bundle, resp.data) + @utils.store_samples('bundle-detail-error-not-found') + def test_detail_anonymous_private(self): + """Show private bundle as anonymous user. + + Validate we cannot get a private bundle if we're not the owner. + """ + user, _, _, bundle = self._create_bundles() + + resp = self.client.get(self.api_url(bundle.id)) + self.assertEqual(status.HTTP_404_NOT_FOUND, resp.status_code) + + @utils.store_samples('bundle-detail') + def test_detail_authenticated(self): + """Show private bundle as authenticated user. + + Validate we can get a private bundle if we're the owner. + """ + user, _, _, bundle = self._create_bundles() + + self.client.force_authenticate(user=user) + resp = self.client.get(self.api_url(bundle.id)) + self.assertEqual(status.HTTP_200_OK, resp.status_code) + self.assertSerialized(bundle, resp.data) + + @utils.store_samples('bundle-detail-1.0') def test_detail_version_1_0(self): - bundle = create_bundle(public=True) + """Show bundle using API v1.0.""" + user, _, bundle, _ = self._create_bundles() resp = self.client.get(self.api_url(bundle.id, version='1.0')) + self.assertEqual(status.HTTP_200_OK, resp.status_code) self.assertIn('url', resp.data) self.assertNotIn('web_url', resp.data)