Commit 6dfa952b by Őry Máté

dashboard: add test_renew_post_by_anon_w_expired_key

parent 1825ccc2
...@@ -1372,6 +1372,35 @@ ...@@ -1372,6 +1372,35 @@
} }
}, },
{ {
"pk": 12,
"model": "vm.instance",
"fields": {
"destroyed": null,
"disks": [],
"boot_menu": false,
"owner": 1,
"time_of_delete": null,
"max_ram_size": 200,
"pw": "ads",
"time_of_suspend": null,
"ram_size": 200,
"priority": 4,
"active_since": null,
"template": null,
"access_method": "nx",
"lease": 1,
"node": null,
"description": "",
"arch": "x86_64",
"name": "vanneve",
"created": "2013-09-16T09:05:59.991Z",
"raw_data": "",
"vnc_port": 1235,
"num_cores": 2,
"modified": "2013-10-14T07:27:38.192Z"
}
},
{
"pk": 1, "pk": 1,
"model": "firewall.domain", "model": "firewall.domain",
"fields": { "fields": {
......
...@@ -2,6 +2,7 @@ from django.test import TestCase ...@@ -2,6 +2,7 @@ from django.test import TestCase
from django.test.client import Client from django.test.client import Client
from django.contrib.auth.models import User, Group from django.contrib.auth.models import User, Group
from django.core.exceptions import SuspiciousOperation from django.core.exceptions import SuspiciousOperation
from django.core.urlresolvers import reverse
from vm.models import Instance, InstanceTemplate, Lease, Node from vm.models import Instance, InstanceTemplate, Lease, Node
from ..models import Profile from ..models import Profile
...@@ -385,23 +386,21 @@ class RenewViewTest(LoginMixin, TestCase): ...@@ -385,23 +386,21 @@ class RenewViewTest(LoginMixin, TestCase):
def test_renew_get_by_nonowner_w_key(self): def test_renew_get_by_nonowner_w_key(self):
key = VmRenewView.get_token_url(Instance.objects.get(pk=1), self.u2) key = VmRenewView.get_token_url(Instance.objects.get(pk=1), self.u2)
c = Client() c = Client()
self.login(c, 'user2')
response = c.get(key) response = c.get(key)
self.assertEquals(response.status_code, 200) self.assertEquals(response.status_code, 200)
def test_renew_post_by_nonowner_w_key(self): def test_renew_post_by_anon_w_key(self):
key = VmRenewView.get_token_url(Instance.objects.get(pk=1), self.u2) key = VmRenewView.get_token_url(Instance.objects.get(pk=1), self.u2)
ct = Instance.objects.get(pk=1).activity_log.\ ct = Instance.objects.get(pk=1).activity_log.\
filter(activity_code__endswith='renew').count() filter(activity_code__endswith='renew').count()
c = Client() c = Client()
self.login(c, 'user2')
response = c.post(key) response = c.post(key)
self.assertEquals(response.status_code, 302) self.assertEquals(response.status_code, 302)
ct2 = Instance.objects.get(pk=1).activity_log.\ ct2 = Instance.objects.get(pk=1).activity_log.\
filter(activity_code__endswith='renew').count() filter(activity_code__endswith='renew').count()
self.assertEquals(ct + 1, ct2) self.assertEquals(ct + 1, ct2)
def test_renew_post_by_nonowner_w_invalid_key(self): def test_renew_post_by_anon_w_invalid_key(self):
class Mockinst(object): class Mockinst(object):
pk = 2 pk = 2
key = VmRenewView.get_token_url(Mockinst(), self.u2) key = VmRenewView.get_token_url(Mockinst(), self.u2)
...@@ -414,3 +413,16 @@ class RenewViewTest(LoginMixin, TestCase): ...@@ -414,3 +413,16 @@ class RenewViewTest(LoginMixin, TestCase):
ct2 = Instance.objects.get(pk=1).activity_log.\ ct2 = Instance.objects.get(pk=1).activity_log.\
filter(activity_code__endswith='renew').count() filter(activity_code__endswith='renew').count()
self.assertEquals(ct, ct2) self.assertEquals(ct, ct2)
def test_renew_post_by_anon_w_expired_key(self):
key = reverse(VmRenewView.url_name, args=(
12, 'WzEyLDFd:1WLbSi:2zIb8SUNAIRIOMTmSmKSSit2gpY'))
ct = Instance.objects.get(pk=12).activity_log.\
filter(activity_code__endswith='renew').count()
c = Client()
self.login(c, 'user2')
response = c.post(key)
self.assertEquals(response.status_code, 403)
ct2 = Instance.objects.get(pk=12).activity_log.\
filter(activity_code__endswith='renew').count()
self.assertEquals(ct, ct2)
...@@ -1602,13 +1602,31 @@ class AbstractVmFunctionView(AccessMixin, View): ...@@ -1602,13 +1602,31 @@ class AbstractVmFunctionView(AccessMixin, View):
self.get_context(instance)) self.get_context(instance))
def post(self, request, pk, key=None, *args, **kwargs): def post(self, request, pk, key=None, *args, **kwargs):
class LoginNeeded(Exception):
pass
pk = int(pk) pk = int(pk)
instance = get_object_or_404(Instance, pk=pk) instance = get_object_or_404(Instance, pk=pk)
if key:
try:
if not request.user.is_authenticated() and key:
try:
user = self.validate_key(pk, key) user = self.validate_key(pk, key)
except signing.SignatureExpired:
messages.error(request, _(
'The token has expired, please log in.'))
raise LoginNeeded()
self.key = key
else: else:
user = request.user user = request.user
self.check_acl(instance, user) self.check_acl(instance, request.user)
except LoginNeeded:
return redirect_to_login(request.get_full_path(),
self.get_login_url(),
self.get_redirect_field_name())
except SuspiciousOperation as e:
messages.error(request, _('This token is invalid.'))
logger.warning('This token %s is invalid. %s', key, unicode(e))
raise PermissionDenied()
if self.do_action(instance, user): if self.do_action(instance, user):
messages.success(request, self.success_message) messages.success(request, self.success_message)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment