aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndy Doan <andy.doan@linaro.org>2014-09-04 22:02:36 +0000
committerLinaro Code Review <review@review.linaro.org>2014-09-04 22:02:36 +0000
commitfe4d8d49d8abe690696aa25bf50e7a0bbd6553d1 (patch)
tree4c9b42595c5b0823cbafbe232f3fcd6f9a887e6f
parent9fb12a0392122d61e0000e08cf37123811359766 (diff)
parent05644cccf341847073b93c084e851671fc724445 (diff)
downloadlinaro-license-protection-fe4d8d49d8abe690696aa25bf50e7a0bbd6553d1.tar.gz
Merge "api: remove the key management api"
-rw-r--r--license_protected_downloads/api/v1.py73
-rw-r--r--license_protected_downloads/tests/test_api_v1.py82
-rw-r--r--urls.py9
3 files changed, 10 insertions, 154 deletions
diff --git a/license_protected_downloads/api/v1.py b/license_protected_downloads/api/v1.py
index 79fcb15..139cc9e 100644
--- a/license_protected_downloads/api/v1.py
+++ b/license_protected_downloads/api/v1.py
@@ -1,13 +1,10 @@
import json
import os
-import random
-import shutil
from django.views.decorators.csrf import csrf_exempt
from django.http import (
Http404,
HttpResponse,
- HttpResponseForbidden,
HttpResponseServerError
)
from django.conf import settings
@@ -77,76 +74,6 @@ def file_server_post(request, path):
return HttpResponse("OK")
-def api_request_key(request):
- APILog.mark(request, 'REQUEST_KEY')
- if("key" in request.GET and
- request.GET["key"] == settings.MASTER_API_KEY and
- settings.MASTER_API_KEY):
-
- # Generate a new, random key.
- key = "%030x" % random.randrange(256 ** 15)
- while APIKeyStore.objects.filter(key=key):
- key = "%030x" % random.randrange(256 ** 15)
-
- # Look for a hint of sanity in the value given to public, but don't
- # care about it too much.
- yes = ["", "y", "yes", "true", "1"]
- if "public" in request.GET:
- public = request.GET["public"].lower() in yes
- else:
- public = False
-
- api_key = APIKeyStore(key=key, public=public)
- api_key.save()
- return HttpResponse(key)
-
- return HttpResponseForbidden()
-
-
-def api_delete_key(request):
- APILog.mark(request, 'DELETE_KEY')
- if "key" not in request.GET:
- return HttpResponseServerError("Invalid key")
-
- key = request.GET["key"]
- api_key = APIKeyStore.objects.filter(key=key)
-
- if not api_key:
- return HttpResponseServerError("Invalid key")
-
- # Delete key from database and all files associated with it
- api_key.delete()
- shutil.rmtree(os.path.join(settings.UPLOAD_PATH, key))
-
- return HttpResponse("OK")
-
-
-def api_push_to_server(request):
- # TODO: Upload files from this machine to another linaro-licence-protection
- # node.
- """
- Something like:
-
- if request.GET["target"] in settings.REMOTE_SERVERS:
- remote_server = settings.REMOTE_SERVERS[request.GET["target"]]
-
- remote_server should contain:
- {
- "key": "...",
- "url": "...",
- }
-
- now just POST files from this machine to the specified URL/KEY.
-
- Possibly add some magic to POST endpoint (file_server_post) to allow
- (some users??) uploads to a public path:
-
- POST snapshots.linaro.org/path/to/file?key="key"&public=true
-
- """
- pass
-
-
def list_files_api(request, path):
path = iri_to_uri(path)
url = path
diff --git a/license_protected_downloads/tests/test_api_v1.py b/license_protected_downloads/tests/test_api_v1.py
index 6b0cb24..6124375 100644
--- a/license_protected_downloads/tests/test_api_v1.py
+++ b/license_protected_downloads/tests/test_api_v1.py
@@ -35,10 +35,10 @@ class APITests(TestCase):
self.addCleanup(m.stop)
m.start()
- m = mock.patch('django.conf.settings.MASTER_API_KEY',
- new_callable=lambda: '1234abcd')
- self.addCleanup(m.stop)
- m.start()
+ self.pub_key = APIKeyStore.objects.create(
+ key='pubkey', public=True).key
+ self.priv_key = APIKeyStore.objects.create(
+ key='prikey', public=False).key
self.tmpdir = tempfile.mkdtemp()
self.addCleanup(shutil.rmtree, self.tmpdir)
@@ -168,21 +168,6 @@ class APITests(TestCase):
response = self.client.get(url)
self.assertEqual(response.status_code, 404)
- def test_get_key(self):
- response = self.client.get("http://testserver/api/request_key",
- data={"key": settings.MASTER_API_KEY})
-
- self.assertEqual(response.status_code, 200)
- # Don't care what the key is, as long as it isn't blank
- self.assertRegexpMatches(response.content, "\S+")
-
- def test_get_key_api_disabled(self):
- settings.MASTER_API_KEY = ""
- response = self.client.get("http://testserver/api/request_key",
- data={"key": settings.MASTER_API_KEY})
-
- self.assertEqual(response.status_code, 403)
-
def _send_file(self, url, apikey, content, resp_code=200):
f = StringIO.StringIO(content)
f.name = 'name' # to fool django's client.post
@@ -190,13 +175,7 @@ class APITests(TestCase):
self.assertEqual(response.status_code, resp_code)
def test_get_key_post_and_get_file(self):
- response = self.client.get("http://testserver/api/request_key",
- data={"key": settings.MASTER_API_KEY})
-
- self.assertEqual(response.status_code, 200)
- # Don't care what the key is, as long as it isn't blank
- self.assertRegexpMatches(response.content, "\S+")
- key = response.content
+ key = self.priv_key
last_used = APIKeyStore.objects.get(key=key).last_used
file_content = "test_get_key_post_and_get_file"
@@ -223,14 +202,7 @@ class APITests(TestCase):
APIKeyStore.objects.get(key=key).last_used, last_used)
def test_get_public_key_post_and_get_file(self):
- response = self.client.get("http://testserver/api/request_key",
- data={"key": settings.MASTER_API_KEY,
- "public": ""})
-
- self.assertEqual(response.status_code, 200)
- # Don't care what the key is, as long as it isn't blank
- self.assertRegexpMatches(response.content, "\S+")
- key = response.content
+ key = self.pub_key
# Now write a file so we can upload it
file_content = "test_get_key_post_and_get_file"
@@ -258,13 +230,7 @@ class APITests(TestCase):
def test_post_empty_file(self):
'''Ensure we accept zero byte files'''
- response = self.client.get("http://testserver/api/request_key",
- data={"key": settings.MASTER_API_KEY})
-
- self.assertEqual(response.status_code, 200)
- # Don't care what the key is, as long as it isn't blank
- self.assertRegexpMatches(response.content, "\S+")
- key = response.content
+ key = self.priv_key
file_content = ""
self._send_file('http://testserver/file_name', key, file_content)
@@ -280,16 +246,8 @@ class APITests(TestCase):
self.assertNotEqual(response.status_code, 200)
def test_post_no_file(self):
- response = self.client.get("http://testserver/api/request_key",
- data={"key": settings.MASTER_API_KEY})
-
- self.assertEqual(response.status_code, 200)
- # Don't care what the key is, as long as it isn't blank
- self.assertRegexpMatches(response.content, "\S+")
- key = response.content
-
response = self.client.post(
- "http://testserver/file_name", data={"key": key})
+ "http://testserver/file_name", data={"key": self.priv_key})
self.assertEqual(response.status_code, 500)
def test_post_file_no_key(self):
@@ -302,27 +260,3 @@ class APITests(TestCase):
key = "%030x" % random.randrange(256 ** 15)
file_content = "test_post_file_random_key"
self._send_file("http://testserver/file_name", key, file_content, 500)
-
- def test_api_delete_key(self):
- response = self.client.get("http://testserver/api/request_key",
- data={"key": settings.MASTER_API_KEY})
-
- self.assertEqual(response.status_code, 200)
- # Don't care what the key is, as long as it isn't blank
- self.assertRegexpMatches(response.content, "\S+")
- key = response.content
-
- file_content = "test_api_delete_key"
- self._send_file("http://testserver/file_name", key, file_content)
-
- # Release the key, the files should be deleted
- response = self.client.get("http://testserver/api/delete_key",
- data={"key": key})
- self.assertEqual(response.status_code, 200)
- self.assertFalse(os.path.isfile(
- os.path.join(settings.UPLOAD_PATH, key, "file_name")))
-
- # Key shouldn't work after released
- response = self.client.get("http://testserver/file_name",
- data={"key": key})
- self.assertNotEqual(response.status_code, 200)
diff --git a/urls.py b/urls.py
index e79ec72..9678369 100644
--- a/urls.py
+++ b/urls.py
@@ -6,7 +6,8 @@ from django.contrib import admin
admin.autodiscover()
-urlpatterns = patterns('',
+urlpatterns = patterns(
+ '',
url(r'^admin/', include(admin.site.urls)),
# Use "linaro-openid" to allow peaceful coexistence of both
@@ -52,12 +53,6 @@ urlpatterns = patterns('',
url(r'^api/license/(?P<path>.*)$',
'license_protected_downloads.api.v1.get_license_api'),
- url(r'^api/request_key$',
- 'license_protected_downloads.api.v1.api_request_key'),
-
- url(r'^api/delete_key$',
- 'license_protected_downloads.api.v1.api_delete_key'),
-
# Catch-all. We always return a file (or try to) if it exists.
# This handler does that.
url(r'(?P<path>.*)', 'license_protected_downloads.views.file_server'),