From 31215f8e4714137a804d265cc4d7ca2e2abd261c Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Apr 21 2017 15:33:57 +0000 Subject: Add unit-tests to update_enforced_flags Signed-off-by: Pierre-Yves Chibon --- diff --git a/tests/test_pagure_flask_ui_required_flags.py b/tests/test_pagure_flask_ui_required_flags.py new file mode 100644 index 0000000..a77ee0b --- /dev/null +++ b/tests/test_pagure_flask_ui_required_flags.py @@ -0,0 +1,409 @@ +# -*- coding: utf-8 -*- + +""" + (c) 2017 - Copyright Red Hat Inc + + Authors: + Pierre-Yves Chibon + +""" + +__requires__ = ['SQLAlchemy >= 0.8'] +import pkg_resources + +import datetime +import json +import unittest +import shutil +import sys +import tempfile +import os + +import pygit2 +from mock import patch, MagicMock + +sys.path.insert(0, os.path.join(os.path.dirname( + os.path.abspath(__file__)), '..')) + +import pagure.lib +import tests +from pagure.lib.repo import PagureRepo + + +class PagureFlaskRoadmaptests(tests.Modeltests): + """ Tests for the pagure's roadmap """ + + @patch('pagure.lib.notify.send_email', MagicMock(return_value=True)) + def setUp(self): + """ Set up the environnment, ran before every tests. """ + super(PagureFlaskRoadmaptests, self).setUp() + + pagure.APP.config['TESTING'] = True + pagure.SESSION = self.session + pagure.ui.SESSION = self.session + pagure.ui.app.SESSION = self.session + pagure.ui.filters.SESSION = self.session + pagure.ui.repo.SESSION = self.session + pagure.ui.issues.SESSION = self.session + + pagure.APP.config['GIT_FOLDER'] = self.path + pagure.APP.config['REQUESTS_FOLDER'] = os.path.join( + self.path, 'requests') + pagure.APP.config['TICKETS_FOLDER'] = os.path.join( + self.path, 'tickets') + pagure.APP.config['DOCS_FOLDER'] = os.path.join( + self.path, 'docs') + self.app = pagure.APP.test_client() + + tests.create_projects(self.session) + tests.create_projects_git(os.path.join(self.path), bare=True) + + # Create the pull-request to close + repo = pagure.get_authorized_project(self.session, 'test') + req = pagure.lib.new_pull_request( + session=self.session, + repo_from=repo, + branch_from='feature', + repo_to=repo, + branch_to='master', + title='test pull-request', + user='pingou', + requestfolder=None, + ) + self.session.commit() + self.assertEqual(req.id, 1) + self.assertEqual(req.title, 'test pull-request') + + # Add an API token to flag PR + msg = pagure.lib.add_token_to_user( + self.session, + repo, + description='Flag PR', + acls=['pull_request_flag'], + username='pingou', + ) + self.assertEqual(msg, 'Token created') + self.good_token = repo.tokens[0].id + self.assertEqual(len(self.good_token), 64) + + # Add an API token to comment on PR + msg = pagure.lib.add_token_to_user( + self.session, + repo, + description='Flag PR', + acls=['pull_request_comment'], + username='pingou', + ) + self.assertEqual(msg, 'Token created') + + self.bad_token = repo.tokens[1].id + self.assertEqual(len(self.bad_token), 64) + + self.assertTrue(self.bad_token != self.good_token) + + def test_update_enforced_flags_invalid_token(self): + """ Test update_enforced_flags of a repo. """ + + # Set some required flags + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + user = tests.FakeUser() + user.username = 'pingou' + with tests.user_set(pagure.APP, user): + + # Get the CSRF token + output = self.app.get('/test/settings') + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + + csrf_token = output.data.split( + 'name="csrf_token" type="hidden" value="')[1].split('">')[0] + + data = { + 'token': 1, + 'title': 'Tomorrow', + } + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + # Check the redirect + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn('

Settings for test

', output.data) + + # Check the result of the action -- None, no CSRF + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + data = { + 'token': 1, + 'title': 'Tomorrow', + 'csrf_token': csrf_token, + } + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + self.assertIn( + u'No token 1 found associated with this project', + output.data) + + # Check the result of the action -- None, invalid token + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + def test_update_enforced_flags_no_token(self): + """ Test update_enforced_flags of a repo. """ + + # Set some required flags + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + user = tests.FakeUser() + user.username = 'pingou' + with tests.user_set(pagure.APP, user): + + # Get the CSRF token + output = self.app.get('/test/settings') + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + + csrf_token = output.data.split( + 'name="csrf_token" type="hidden" value="')[1].split('">')[0] + + data = { + 'title': 'Tomorrow', + } + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + # Check the redirect + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn('

Settings for test

', output.data) + + # Check the result of the action -- None, no CSRF + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + data = { + 'title': 'Tomorrow', + 'csrf_token': csrf_token, + } + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + self.assertIn( + u'The number of tokens and titles provided do not match', + output.data) + + # Check the result of the action -- None, invalid token + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + def test_update_enforced_flags_good_token_bad_acl(self): + """ Test update_enforced_flags of a repo. """ + + # Set some required flags + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + user = tests.FakeUser() + user.username = 'pingou' + with tests.user_set(pagure.APP, user): + + # Get the CSRF token + output = self.app.get('/test/settings') + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + + csrf_token = output.data.split( + 'name="csrf_token" type="hidden" value="')[1].split('">')[0] + + data = { + 'token': self.bad_token, + 'title': 'jenkins', + } + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + # Check the redirect + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn('

Settings for test

', output.data) + + # Check the result of the action -- None, no CSRF + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + data = { + 'token': self.bad_token, + 'title': 'jenkins', + 'csrf_token': csrf_token, + } + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + self.assertIn( + u'Token %s does not have the permission to flag a ' + 'pull-request.' % self.bad_token, output.data) + + # Check the result of the action -- None, token exists but has + # the wrong ACL + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + def test_update_enforced_flags(self): + """ Test update_enforced_flags of a repo. """ + + # Set some required flags + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + user = tests.FakeUser() + user.username = 'pingou' + with tests.user_set(pagure.APP, user): + + # Get the CSRF token + output = self.app.get('/test/settings') + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + + csrf_token = output.data.split( + 'name="csrf_token" type="hidden" value="')[1].split('">')[0] + + data = { + 'token': self.good_token, + 'title': 'jenkins', + } + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + # Check the redirect + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn('

Settings for test

', output.data) + + # Check the result of the action -- None, no CSRF + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + data = { + 'token': self.good_token, + 'title': 'jenkins', + 'csrf_token': csrf_token, + } + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + self.assertIn(u'Enforced flags updated', output.data) + + # Check the result of the action -- Saved + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual( + repo.enforced_flags, {self.good_token: u'jenkins'}) + + # Test re-sending the same data + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + self.assertIn(u'Enforced flags updated', output.data) + + # Check the result of the action -- Saved + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual( + repo.enforced_flags, {self.good_token: u'jenkins'}) + + # Test clearing the data + data = {'csrf_token': csrf_token} + output = self.app.post( + '/test/update/enforced_flags', data=data, follow_redirects=True) + self.assertEqual(output.status_code, 200) + self.assertIn( + u'Settings - test - Pagure', output.data) + self.assertIn(u'

Settings for test

', output.data) + self.assertIn(u'Enforced flags updated', output.data) + + # Check the result of the action -- nothing saved now + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + def test_update_enforced_flags_invalid_project(self): + """ Test update_enforced_flags of a repo. """ + + # Set some required flags + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + user = tests.FakeUser() + user.username = 'pingou' + with tests.user_set(pagure.APP, user): + + # Check for an invalid project + output = self.app.post( + '/foo/update/enforced_flags', data={}) + self.assertEqual(output.status_code, 404) + + def test_update_enforced_flags_pr_disabled(self): + """ Test update_enforced_flags of a repo when the project disabled + PR. """ + + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + user = tests.FakeUser() + user.username = 'pingou' + with tests.user_set(pagure.APP, user): + + # Check the behavior if the project disabled the issue tracker + settings = repo.settings + settings['pull_requests'] = False + repo.settings = settings + self.session.add(repo) + self.session.commit() + + output = self.app.post( + '/test/update/enforced_flags', data={}) + self.assertEqual(output.status_code, 404) + + def test_update_enforced_flags_non_admin(self): + """ Test update_enforced_flags of a repo with a non-autorized user. + """ + repo = pagure.get_authorized_project(self.session, 'test') + self.assertEqual(repo.enforced_flags, {}) + + user = tests.FakeUser() + + # Check for a non-admin user + user.username = 'ralph' + with tests.user_set(pagure.APP, user): + output = self.app.post( + '/test/update/enforced_flags', data={}) + self.assertEqual(output.status_code, 403) + + +if __name__ == '__main__': + unittest.main(verbosity=2)