From ee9956c3de39854f32207789b223f09eb7bbb20b Mon Sep 17 00:00:00 2001
From: Jessica Tallon <jessica@megworld.co.uk>
Date: Thu, 10 Jul 2014 17:47:54 +0100
Subject: [PATCH] Remove unneeded oauth fixtures and add test for image
 submission

---
 mediagoblin/tests/test_api.py | 118 +++++++++++++++++++++++-----------
 1 file changed, 80 insertions(+), 38 deletions(-)

diff --git a/mediagoblin/tests/test_api.py b/mediagoblin/tests/test_api.py
index 0ba8a424..e1ca688b 100644
--- a/mediagoblin/tests/test_api.py
+++ b/mediagoblin/tests/test_api.py
@@ -13,58 +13,100 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
 import urllib
+import json
 
 import pytest
 import mock
 
-from oauthlib.oauth1 import Client
-
 from mediagoblin import mg_globals
-from mediagoblin.tests.tools import fixture_add_user
 from .resources import GOOD_JPG
+from mediagoblin.tests.tools import fixture_add_user
+from mediagoblin.moderation.tools import take_away_privileges
+from .resources import GOOD_JPG, GOOD_PNG, EVIL_FILE, EVIL_JPG, EVIL_PNG, \
+    BIG_BLUE
+
+def mocked_oauth_required(*args, **kwargs):
+    """ Mocks mediagoblin.decorator.oauth_required to always validate """
+
+    def oauth_required(controller):
+        return controller
+
+    return oauth_required
 
 class TestAPI(object):
 
-    def setup(self):
+    @pytest.fixture(autouse=True)
+    def setup(self, test_app):
+        self.test_app = test_app
         self.db = mg_globals.database
-        self.user = fixture_add_user()
-
-    def test_profile_endpoint(self, test_app):
-        """ Test that you can successfully get the profile of a user """
-        @mock.patch("mediagoblin.decorators.oauth_required")
-        def _real_test(*args, **kwargs):
-            profile = test_app.get(
-                "/api/user/{0}/profile".format(self.user.username)
-            ).json
-
-            assert profile["preferredUsername"] == self.user.username
-            assert profile["objectType"] == "person"
-
-        _real_test()
-
-    def test_upload_file(self, test_app):
-        """ Test that i can upload a file """
-        context = {
-            "title": "Rel",
-            "description": "ayRel sunu oeru",
-            "qqfile": "my_picture.jpg",
+        self.user = fixture_add_user(privileges=[u'active', u'uploader'])
+
+    def test_can_post_image(self, test_app):
+        """ Tests that an image can be posted to the API """
+        # First request we need to do is to upload the image
+        data = open(GOOD_JPG, "rb").read()
+        headers = {
+            "Content-Type": "image/jpeg",
+            "Content-Length": str(len(data))
         }
-        encoded_context = urllib.urlencode(context)
-        response = test_app.post(
-            "/api/user/{0}/uploads?{1}".format(
-                self.user.username,
-                encoded_context[1:]
+
+
+        with mock.patch("mediagoblin.decorators.oauth_required", new_callable=mocked_oauth_required):
+            response = test_app.post(
+                "/api/user/{0}/uploads".format(self.user.username),
+                data,
+                headers=headers
             )
-        )
+            image = json.loads(response.body)
 
-        picture = self.db.MediaEntry.query.filter_by(title=context["title"])
-        picture = picture.first()
 
-        assert response.status_int == 200
-        assert picture
-        raise Exception(str(dir(picture)))
-        assert picture.description == context["description"]
+            # I should have got certain things back
+            assert response.status_code == 200
+
+            assert "id" in image
+            assert "fullImage" in image
+            assert "url" in image["fullImage"]
+            assert "url" in image
+            assert "author" in image
+            assert "published" in image
+            assert "updated" in image
+            assert image["objectType"] == "image"
+
+            # Now post this to the feed
+            activity = {
+                "verb": "post",
+                "object": image,
+            }
+            response = test_app.post(
+                "/api/user/{0}/feed".format(self.user.username),
+                activity
+            )
+
+            # Check that we got the response we're expecting
+            assert response.status_code == 200
+
+    def test_only_uploaders_post_image(self, test_app):
+        """ Test that only uploaders can upload images """
+        # Remove uploader permissions from user
+        take_away_privileges(self.user.username, u"uploader")
+
+        # Now try and upload a image
+        data = open(GOOD_JPG, "rb").read()
+        headers = {
+            "Content-Type": "image/jpeg",
+            "Content-Length": str(len(data)),
+        }
+
+        with mock.patch("mediagoblin.decorators.oauth_required", new_callable=mocked_oauth_required):
+            response = test_app.post(
+                "/api/user/{0}/uploads".format(self.user.username),
+                data,
+                headers=headers
+            )
 
+            error = json.loads(response.body)
 
+            # Assert that we've got a 403
+            assert response.status_code == 403
+            assert "error" in error
-- 
2.25.1