Beispiel #1
0
func (s *S) TestAppInfoNotMember(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	t := account.Team{Name: "example"}
	t.Create(alice)
	app.Create(alice, t)

	defer func() {
		ap, _ := s.store.FindAppByClientId(app.ClientId)
		s.store.DeleteApp(ap)
		s.store.DeleteTeamByAlias(t.Alias)
		alice.Delete()
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusForbidden,
		Method:         "GET",
		Path:           fmt.Sprintf("/api/apps/%s", app.ClientId),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
Beispiel #2
0
func (s *S) TestUpdateServiceNotMember(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	t := account.Team{Name: "example"}
	t.Create(alice)
	service.Create(alice, t)
	defer func() {
		serv, _ := s.store.FindServiceBySubdomain(service.Subdomain)
		s.store.DeleteService(serv)
		s.store.DeleteTeamByAlias(t.Alias)
		alice.Delete()
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusOK,
		Method:         "PUT",
		Path:           fmt.Sprintf("/api/services/%s", service.Subdomain),
		Body:           `{}`,
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
Beispiel #3
0
func (s *AuthenticatableSuite) TestAuthenticateWithInvalidCredentials(c *C) {
	user := account.User{Name: "Alice", Email: "*****@*****.**", Password: "******"}
	user.Create()
	defer user.Delete()

	_, ok := s.Auth.Authenticate(user.Email, "invalid-password")
	c.Assert(ok, Equals, false)
}
Beispiel #4
0
func (s *S) TestDeleteAppWithoutPermission(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	defer alice.Delete()

	app.Create(alice, team)
	defer func() {
		ap, _ := s.store.FindAppByClientId(app.ClientId)
		s.store.DeleteApp(ap)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusForbidden,
		Method:         "DELETE",
		Path:           fmt.Sprintf("/api/apps/%s", app.ClientId),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"Only the owner has permission to perform this operation."}`)
}
Beispiel #5
0
func (s *S) TestTeamInfoWithoutPermission(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	defer alice.Delete()

	team := account.Team{Name: "Backstage Team", Alias: "backstage"}
	team.Create(alice)
	defer func() {
		s.store.DeleteTeamByAlias(team.Alias)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusForbidden,
		Method:         "GET",
		Path:           fmt.Sprintf("/api/teams/%s", team.Alias),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
Beispiel #6
0
func (s *S) TestRemoveUser(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	defer alice.Delete()

	team := account.Team{Name: "Backstage Team", Alias: "backstage", Users: []string{alice.Email}}
	team.Create(user)
	defer func() {
		s.store.DeleteTeamByAlias(team.Alias)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusOK,
		Method:         "DELETE",
		Path:           fmt.Sprintf("/api/teams/%s/users", team.Alias),
		Headers:        http.Header{"Authorization": {s.authHeader}},
		Body:           fmt.Sprintf(`{"users": ["%s"]}`, alice.Email),
	})

	c.Assert(code, Equals, http.StatusOK)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"name":"Backstage Team","alias":"backstage","users":["*****@*****.**"],"owner":"*****@*****.**"}`)
}