dashboard: add test_renew_post_by_anon_w_expired_key

6dfa952b · Őry Máté · 1825ccc2 · 6dfa952b · 6dfa952b · 6dfa952b
Commit 6dfa952b authored Mar 12, 2014 by Őry Máté
Hide whitespace changes
Inline Side-by-side

Showing with 68 additions and 9 deletions

circle/dashboard/fixtures/test-vm-fixture.json
+29 -0

circle/dashboard/tests/test_views.py
+16 -4

circle/dashboard/views.py
+23 -5

No files found.
--- a/circle/dashboard/fixtures/test-vm-fixture.json
+++ b/circle/dashboard/fixtures/test-vm-fixture.json
@@ -1372,6 +1372,35 @@
  }
 },
 {
+  "pk": 12, 
+  "model": "vm.instance", 
+  "fields": {
+    "destroyed": null, 
+    "disks": [], 
+    "boot_menu": false, 
+    "owner": 1, 
+    "time_of_delete": null, 
+    "max_ram_size": 200, 
+    "pw": "ads", 
+    "time_of_suspend": null, 
+    "ram_size": 200, 
+    "priority": 4, 
+    "active_since": null, 
+    "template": null, 
+    "access_method": "nx", 
+    "lease": 1, 
+    "node": null, 
+    "description": "", 
+    "arch": "x86_64", 
+    "name": "vanneve", 
+    "created": "2013-09-16T09:05:59.991Z", 
+    "raw_data": "", 
+    "vnc_port": 1235, 
+    "num_cores": 2, 
+    "modified": "2013-10-14T07:27:38.192Z"
+  }
+},
+{
    "pk": 1, 
    "model": "firewall.domain", 
    "fields": {

--- a/circle/dashboard/tests/test_views.py
+++ b/circle/dashboard/tests/test_views.py
@@ -2,6 +2,7 @@ from django.test import TestCase
 from django.test.client import Client
 from django.contrib.auth.models import User, Group
 from django.core.exceptions import SuspiciousOperation
+from django.core.urlresolvers import reverse
 from vm.models import Instance, InstanceTemplate, Lease, Node
 from ..models import Profile
@@ -385,23 +386,21 @@ class RenewViewTest(LoginMixin, TestCase):
    def test_renew_get_by_nonowner_w_key(self):
        key = VmRenewView.get_token_url(Instance.objects.get(pk=1), self.u2)
        c = Client()
-        self.login(c, 'user2')
        response = c.get(key)
        self.assertEquals(response.status_code, 200)
-    def test_renew_post_by_nonowner_w_key(self):
+    def test_renew_post_by_anon_w_key(self):
        key = VmRenewView.get_token_url(Instance.objects.get(pk=1), self.u2)
        ct = Instance.objects.get(pk=1).activity_log.\
            filter(activity_code__endswith='renew').count()
        c = Client()
-        self.login(c, 'user2')
        response = c.post(key)
        self.assertEquals(response.status_code, 302)
        ct2 = Instance.objects.get(pk=1).activity_log.\
            filter(activity_code__endswith='renew').count()
        self.assertEquals(ct + 1, ct2)
-    def test_renew_post_by_nonowner_w_invalid_key(self):
+    def test_renew_post_by_anon_w_invalid_key(self):
        class Mockinst(object):
            pk = 2
        key = VmRenewView.get_token_url(Mockinst(), self.u2)
@@ -414,3 +413,16 @@ class RenewViewTest(LoginMixin, TestCase):
        ct2 = Instance.objects.get(pk=1).activity_log.\
            filter(activity_code__endswith='renew').count()
        self.assertEquals(ct, ct2)
+    def test_renew_post_by_anon_w_expired_key(self):
+        key = reverse(VmRenewView.url_name, args=(
+            12, 'WzEyLDFd:1WLbSi:2zIb8SUNAIRIOMTmSmKSSit2gpY'))
+        ct = Instance.objects.get(pk=12).activity_log.\
+            filter(activity_code__endswith='renew').count()
+        c = Client()
+        self.login(c, 'user2')
+        response = c.post(key)
+        self.assertEquals(response.status_code, 403)
+        ct2 = Instance.objects.get(pk=12).activity_log.\
+            filter(activity_code__endswith='renew').count()
+        self.assertEquals(ct, ct2)
--- a/circle/dashboard/views.py
+++ b/circle/dashboard/views.py
@@ -1602,13 +1602,31 @@ class AbstractVmFunctionView(AccessMixin, View):
                      self.get_context(instance))
    def post(self, request, pk, key=None, *args, **kwargs):
+        class LoginNeeded(Exception):
+            pass
        pk = int(pk)
        instance = get_object_or_404(Instance, pk=pk)
-        if key:
-            user = self.validate_key(pk, key)
+        try:
-        else:
+            if not request.user.is_authenticated() and key:
-            user = request.user
+                try:
-            self.check_acl(instance, user)
+                    user = self.validate_key(pk, key)
+                except signing.SignatureExpired:
+                    messages.error(request, _(
+                        'The token has expired, please log in.'))
+                    raise LoginNeeded()
+                self.key = key
+            else:
+                user = request.user
+                self.check_acl(instance, request.user)
+        except LoginNeeded:
+            return redirect_to_login(request.get_full_path(),
+                                     self.get_login_url(),
+                                     self.get_redirect_field_name())
+        except SuspiciousOperation as e:
+            messages.error(request, _('This token is invalid.'))
+            logger.warning('This token %s is invalid. %s', key, unicode(e))
+            raise PermissionDenied()
        if self.do_action(instance, user):
            messages.success(request, self.success_message)