#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
import urllib
+import json
import pytest
import mock
-from oauthlib.oauth1 import Client
-
from mediagoblin import mg_globals
-from mediagoblin.tests.tools import fixture_add_user
from .resources import GOOD_JPG
+from mediagoblin.tests.tools import fixture_add_user
+from mediagoblin.moderation.tools import take_away_privileges
+from .resources import GOOD_JPG, GOOD_PNG, EVIL_FILE, EVIL_JPG, EVIL_PNG, \
+ BIG_BLUE
+
+def mocked_oauth_required(*args, **kwargs):
+ """ Mocks mediagoblin.decorator.oauth_required to always validate """
+
+ def oauth_required(controller):
+ return controller
+
+ return oauth_required
class TestAPI(object):
- def setup(self):
+ @pytest.fixture(autouse=True)
+ def setup(self, test_app):
+ self.test_app = test_app
self.db = mg_globals.database
- self.user = fixture_add_user()
-
- def test_profile_endpoint(self, test_app):
- """ Test that you can successfully get the profile of a user """
- @mock.patch("mediagoblin.decorators.oauth_required")
- def _real_test(*args, **kwargs):
- profile = test_app.get(
- "/api/user/{0}/profile".format(self.user.username)
- ).json
-
- assert profile["preferredUsername"] == self.user.username
- assert profile["objectType"] == "person"
-
- _real_test()
-
- def test_upload_file(self, test_app):
- """ Test that i can upload a file """
- context = {
- "title": "Rel",
- "description": "ayRel sunu oeru",
- "qqfile": "my_picture.jpg",
+ self.user = fixture_add_user(privileges=[u'active', u'uploader'])
+
+ def test_can_post_image(self, test_app):
+ """ Tests that an image can be posted to the API """
+ # First request we need to do is to upload the image
+ data = open(GOOD_JPG, "rb").read()
+ headers = {
+ "Content-Type": "image/jpeg",
+ "Content-Length": str(len(data))
}
- encoded_context = urllib.urlencode(context)
- response = test_app.post(
- "/api/user/{0}/uploads?{1}".format(
- self.user.username,
- encoded_context[1:]
+
+
+ with mock.patch("mediagoblin.decorators.oauth_required", new_callable=mocked_oauth_required):
+ response = test_app.post(
+ "/api/user/{0}/uploads".format(self.user.username),
+ data,
+ headers=headers
)
- )
+ image = json.loads(response.body)
- picture = self.db.MediaEntry.query.filter_by(title=context["title"])
- picture = picture.first()
- assert response.status_int == 200
- assert picture
- raise Exception(str(dir(picture)))
- assert picture.description == context["description"]
+ # I should have got certain things back
+ assert response.status_code == 200
+
+ assert "id" in image
+ assert "fullImage" in image
+ assert "url" in image["fullImage"]
+ assert "url" in image
+ assert "author" in image
+ assert "published" in image
+ assert "updated" in image
+ assert image["objectType"] == "image"
+
+ # Now post this to the feed
+ activity = {
+ "verb": "post",
+ "object": image,
+ }
+ response = test_app.post(
+ "/api/user/{0}/feed".format(self.user.username),
+ activity
+ )
+
+ # Check that we got the response we're expecting
+ assert response.status_code == 200
+
+ def test_only_uploaders_post_image(self, test_app):
+ """ Test that only uploaders can upload images """
+ # Remove uploader permissions from user
+ take_away_privileges(self.user.username, u"uploader")
+
+ # Now try and upload a image
+ data = open(GOOD_JPG, "rb").read()
+ headers = {
+ "Content-Type": "image/jpeg",
+ "Content-Length": str(len(data)),
+ }
+
+ with mock.patch("mediagoblin.decorators.oauth_required", new_callable=mocked_oauth_required):
+ response = test_app.post(
+ "/api/user/{0}/uploads".format(self.user.username),
+ data,
+ headers=headers
+ )
+ error = json.loads(response.body)
+ # Assert that we've got a 403
+ assert response.status_code == 403
+ assert "error" in error
projects / mediagoblin.git / commitdiff