feat: delete OAuth2.0 app view and tests
parent
8c272baff4
commit
ee855924ad
|
@ -17,6 +17,7 @@ from django.urls import reverse
|
||||||
from django.test import TestCase, Client, override_settings
|
from django.test import TestCase, Client, override_settings
|
||||||
|
|
||||||
from .views import CREATE_APP_CTX
|
from .views import CREATE_APP_CTX
|
||||||
|
from .models import OauthIntegration
|
||||||
|
|
||||||
|
|
||||||
class CreateNewAppTests(TestCase):
|
class CreateNewAppTests(TestCase):
|
||||||
|
@ -106,3 +107,106 @@ class CreateNewAppTests(TestCase):
|
||||||
|
|
||||||
resp = c.get(reverse("oauth.integrations.new_app"))
|
resp = c.get(reverse("oauth.integrations.new_app"))
|
||||||
self.assertEqual(resp.status_code, 200)
|
self.assertEqual(resp.status_code, 200)
|
||||||
|
|
||||||
|
|
||||||
|
class DeleteAppTest(TestCase):
|
||||||
|
"""
|
||||||
|
Tests create delete app view
|
||||||
|
"""
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
self.password = "password121231"
|
||||||
|
self.user = get_user_model().objects.create_user(
|
||||||
|
username="delete_app_tests",
|
||||||
|
email="delete_app_tests@example.org",
|
||||||
|
password=self.password,
|
||||||
|
)
|
||||||
|
|
||||||
|
self.superuser = get_user_model().objects.create_superuser(
|
||||||
|
username="delete_app_tests_superuser",
|
||||||
|
email="delete_app_tests_superuser@example.org",
|
||||||
|
password=self.password,
|
||||||
|
)
|
||||||
|
payload = {
|
||||||
|
"name": "test_deletebmission",
|
||||||
|
"redirect_uri": "https://test_deletebmission.example.org",
|
||||||
|
}
|
||||||
|
self.integration = OauthIntegration(
|
||||||
|
owned_by=self.superuser,
|
||||||
|
name_text=payload["name"],
|
||||||
|
redirect_uri=payload["redirect_uri"],
|
||||||
|
)
|
||||||
|
self.integration2 = OauthIntegration(
|
||||||
|
owned_by=self.user,
|
||||||
|
name_text=payload["name"],
|
||||||
|
redirect_uri="http://test_deletebmission_2.example.org",
|
||||||
|
)
|
||||||
|
|
||||||
|
self.integration.save()
|
||||||
|
self.integration2.save()
|
||||||
|
self.path = reverse(
|
||||||
|
"oauth.integrations.del_app",
|
||||||
|
kwargs={"client_id": self.integration.client_id_uuid},
|
||||||
|
)
|
||||||
|
self.path2 = reverse(
|
||||||
|
"oauth.integrations.del_app",
|
||||||
|
kwargs={"client_id": self.integration2.client_id_uuid},
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_delete_app_unauthenticated_user(self):
|
||||||
|
"""
|
||||||
|
Tests if delete accessible only when user is authenticated
|
||||||
|
"""
|
||||||
|
resp = self.client.post(self.path)
|
||||||
|
self.assertEqual(resp.status_code, 302)
|
||||||
|
|
||||||
|
def test_view_is_restricted_to_super_user(self):
|
||||||
|
"""
|
||||||
|
Tests if view is only accessible from superuser accounts
|
||||||
|
"""
|
||||||
|
c = Client()
|
||||||
|
c.login(username=self.user.username, password=self.password)
|
||||||
|
c.session.save()
|
||||||
|
|
||||||
|
resp = c.post(self.path)
|
||||||
|
self.assertEqual(resp.status_code, 404)
|
||||||
|
|
||||||
|
def test_delete_works(self):
|
||||||
|
"""
|
||||||
|
Tests delete works render
|
||||||
|
"""
|
||||||
|
|
||||||
|
c = Client()
|
||||||
|
c.login(username=self.superuser.username, password=self.password)
|
||||||
|
c.session.save()
|
||||||
|
resp = c.post(self.path)
|
||||||
|
self.assertEqual(resp.status_code, 200)
|
||||||
|
|
||||||
|
def test_method_unavailable(self):
|
||||||
|
"""
|
||||||
|
Test delete app using unsupported HTTP method
|
||||||
|
"""
|
||||||
|
c = Client()
|
||||||
|
c.login(username=self.superuser.username, password=self.password)
|
||||||
|
c.session.save()
|
||||||
|
|
||||||
|
resp = c.head(self.path)
|
||||||
|
self.assertEqual(resp.status_code, 405)
|
||||||
|
|
||||||
|
@override_settings(RESTRICT_NEW_INTEGRATION_INSTALLATION=False)
|
||||||
|
def test_unrestricted_app_deletion(self):
|
||||||
|
"""
|
||||||
|
Test delete app using unsupported HTTP method
|
||||||
|
"""
|
||||||
|
c = Client()
|
||||||
|
|
||||||
|
# user != owned_by
|
||||||
|
c.login(username=self.superuser.username, password=self.password)
|
||||||
|
c.session.save()
|
||||||
|
resp = c.post(self.path2)
|
||||||
|
self.assertEqual(resp.status_code, 404)
|
||||||
|
|
||||||
|
c.login(username=self.user.username, password=self.password)
|
||||||
|
c.session.save()
|
||||||
|
resp = c.post(self.path2)
|
||||||
|
self.assertEqual(resp.status_code, 200)
|
||||||
|
|
|
@ -19,4 +19,5 @@ from . import views
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path("new/", views.new_app, name="oauth.integrations.new_app"),
|
path("new/", views.new_app, name="oauth.integrations.new_app"),
|
||||||
|
path("delete/<str:client_id>/", views.del_app, name="oauth.integrations.del_app"),
|
||||||
]
|
]
|
||||||
|
|
|
@ -13,8 +13,9 @@
|
||||||
# You should have received a copy of the GNU Affero General Public License
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
from django.shortcuts import render
|
from django.shortcuts import render, get_object_or_404
|
||||||
from django.http import HttpResponse, HttpResponseNotFound
|
from django.http import HttpResponse, HttpResponseNotFound
|
||||||
|
from django.views.decorators.http import require_POST
|
||||||
from django.contrib.auth import authenticate
|
from django.contrib.auth import authenticate
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
@ -57,3 +58,21 @@ def new_app(request):
|
||||||
return HttpResponse("OK")
|
return HttpResponse("OK")
|
||||||
|
|
||||||
return HttpResponseNotFound("Method not supported")
|
return HttpResponseNotFound("Method not supported")
|
||||||
|
|
||||||
|
|
||||||
|
@login_required
|
||||||
|
@csrf_protect
|
||||||
|
@require_POST
|
||||||
|
def del_app(request, client_id):
|
||||||
|
"""
|
||||||
|
Delete OAuth App
|
||||||
|
"""
|
||||||
|
if settings.RESTRICT_NEW_INTEGRATION_INSTALLATION:
|
||||||
|
if not request.user.is_superuser:
|
||||||
|
return HttpResponseNotFound("Page not Found")
|
||||||
|
|
||||||
|
app = get_object_or_404(
|
||||||
|
OauthIntegration, client_id_uuid=client_id, owned_by=request.user
|
||||||
|
)
|
||||||
|
app.delete()
|
||||||
|
return HttpResponse("OK")
|
||||||
|
|
Loading…
Reference in New Issue