diff options
author | Milo Casagrande <milo.casagrande@linaro.org> | 2014-12-05 16:24:17 +0100 |
---|---|---|
committer | Milo Casagrande <milo.casagrande@linaro.org> | 2014-12-05 16:24:17 +0100 |
commit | 1a01b51cb4fa0fe9f07599a69596d4fccb2f330c (patch) | |
tree | 5cf8799e34cdafecc51d812199871de5cbbaba65 | |
parent | 9375fc64dc4e9984ad2a10ab7dc2c40ab9cbaf81 (diff) |
Add new boot and general token validation.
Change-Id: I957313bba2cc462c341f6c3c1415ee9766135e95
-rw-r--r-- | app/handlers/common.py | 29 | ||||
-rw-r--r-- | app/handlers/tests/test_handlers_common.py | 18 |
2 files changed, 45 insertions, 2 deletions
diff --git a/app/handlers/common.py b/app/handlers/common.py index 4560ff9..f3fc7cd 100644 --- a/app/handlers/common.py +++ b/app/handlers/common.py @@ -561,6 +561,9 @@ def get_skip_and_limit(query_args_func): def valid_token_general(token, method): """Make sure the token can be used for an HTTP method. + For DELETE requests, if the token is a lab token, the request will be + refused. The lab token can be used only to delete boot reports. + :param token: The Token object to validate. :param method: The HTTP verb this token is being validated for. :return True or False. @@ -571,7 +574,29 @@ def valid_token_general(token, method): valid_token = True elif method == "POST" and token.is_post_token: valid_token = True - elif method == "DELETE" and token.is_delete_token: + elif all([method == "DELETE", token.is_delete_token]): + if not token.is_lab_token: + valid_token = True + + return valid_token + + +def valid_token_bh(token, method): + """Make sure the token is a valid token for the `BootHandler`. + + This is a special case to handle a lab token (token associeated with a lab) + + :param token: The Token object to validate. + :param method: The HTTP verb this token is being validated for. + :return True or False. + """ + valid_token = False + + if all([method == "GET", token.is_get_token]): + valid_token = True + elif all([method == "POST", token.is_post_token]): + valid_token = True + elif all([method == "DELETE", token.is_delete_token]): valid_token = True return valid_token @@ -591,7 +616,7 @@ def valid_token_th(token, method): if token.is_admin: valid_token = True - elif token.is_superuser and method == "GET": + elif all([token.is_superuser, method == "GET"]): valid_token = True return valid_token diff --git a/app/handlers/tests/test_handlers_common.py b/app/handlers/tests/test_handlers_common.py index 969f870..5b18bd5 100644 --- a/app/handlers/tests/test_handlers_common.py +++ b/app/handlers/tests/test_handlers_common.py @@ -386,12 +386,30 @@ class TestHandlersCommon(unittest.TestCase): token.is_get_token = True token.is_post_token = True token.is_delete_token = True + token.is_lab_token = False + self.assertFalse(token.is_lab_token) self.assertTrue(valid_token_general(token, "GET")) self.assertTrue(valid_token_general(token, "POST")) self.assertTrue(valid_token_general(token, "DELETE")) @patch("models.token.Token", spec=True) + def test_valid_token_general_lab_token(self, mock_class): + token = mock_class.return_value + + self.assertIsInstance(token, Token) + + token.is_get_token = False + token.is_post_token = True + token.is_delete_token = True + token.is_lab_token = True + + self.assertTrue(token.is_lab_token) + self.assertFalse(valid_token_general(token, "GET")) + self.assertTrue(valid_token_general(token, "POST")) + self.assertFalse(valid_token_general(token, "DELETE")) + + @patch("models.token.Token", spec=True) def test_valid_token_general_false(self, mock_class): token = mock_class.return_value |