示例#1
0
func (s *S) TestAppInfoNotMember(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	t := account.Team{Name: "example"}
	t.Create(alice)
	app.Create(alice, t)

	defer func() {
		ap, _ := s.store.FindAppByClientId(app.ClientId)
		s.store.DeleteApp(ap)
		s.store.DeleteTeamByAlias(t.Alias)
		alice.Delete()
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusForbidden,
		Method:         "GET",
		Path:           fmt.Sprintf("/api/apps/%s", app.ClientId),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
示例#2
0
func (s *S) TestUpdateServiceNotMember(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	t := account.Team{Name: "example"}
	t.Create(alice)
	service.Create(alice, t)
	defer func() {
		serv, _ := s.store.FindServiceBySubdomain(service.Subdomain)
		s.store.DeleteService(serv)
		s.store.DeleteTeamByAlias(t.Alias)
		alice.Delete()
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusOK,
		Method:         "PUT",
		Path:           fmt.Sprintf("/api/services/%s", service.Subdomain),
		Body:           `{}`,
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
示例#3
0
文件: suite.go 项目: sinzone/apihub
func (s *AuthenticatableSuite) TestAuthenticateWithInvalidCredentials(c *C) {
	user := account.User{Name: "Alice", Email: "*****@*****.**", Password: "******"}
	user.Create()
	defer user.Delete()

	_, ok := s.Auth.Authenticate(user.Email, "invalid-password")
	c.Assert(ok, Equals, false)
}
示例#4
0
文件: users.go 项目: sinzone/apihub
func (api *Api) userSignup(rw http.ResponseWriter, r *http.Request) {
	user := account.User{}
	if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
		handleError(rw, errors.ErrBadRequest)
		return
	}

	if err := user.Create(); err != nil {
		handleError(rw, err)
		return
	}
	// Remove hashed-password from response.
	user.Password = ""

	Created(rw, user)
}
示例#5
0
func (s *S) TestDeleteAppWithoutPermission(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	defer alice.Delete()

	app.Create(alice, team)
	defer func() {
		ap, _ := s.store.FindAppByClientId(app.ClientId)
		s.store.DeleteApp(ap)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusForbidden,
		Method:         "DELETE",
		Path:           fmt.Sprintf("/api/apps/%s", app.ClientId),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"Only the owner has permission to perform this operation."}`)
}
示例#6
0
func (s *S) TestTeamInfoWithoutPermission(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	defer alice.Delete()

	team := account.Team{Name: "ApiHub Team", Alias: "apihub"}
	team.Create(alice)
	defer func() {
		s.store.DeleteTeamByAlias(team.Alias)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusForbidden,
		Method:         "GET",
		Path:           fmt.Sprintf("/api/teams/%s", team.Alias),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
示例#7
0
func (s *S) TestRemoveUser(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	defer alice.Delete()

	team := account.Team{Name: "ApiHub Team", Alias: "apihub", Users: []string{alice.Email}}
	team.Create(user)
	defer func() {
		s.store.DeleteTeamByAlias(team.Alias)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusOK,
		Method:         "DELETE",
		Path:           fmt.Sprintf("/api/teams/%s/users", team.Alias),
		Headers:        http.Header{"Authorization": {s.authHeader}},
		Body:           fmt.Sprintf(`{"users": ["%s"]}`, alice.Email),
	})

	c.Assert(code, Equals, http.StatusOK)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"name":"ApiHub Team","alias":"apihub","users":["*****@*****.**"],"owner":"*****@*****.**"}`)
}
示例#8
0
func (s *S) TestCreateUserWithoutRequiredFields(c *C) {
	user := account.User{}
	err := user.Create()
	_, ok := err.(errors.ValidationError)
	c.Assert(ok, Equals, true)
}
示例#9
0
文件: teams.go 项目: sinzone/apihub
func (api *Api) teamList(rw http.ResponseWriter, r *http.Request, user *account.User) {
	teams, _ := user.Teams()
	Ok(rw, CollectionSerializer{Items: teams, Count: len(teams)})
}
示例#10
0
func (api *Api) serviceList(rw http.ResponseWriter, r *http.Request, user *account.User) {
	services, _ := user.Services()
	Ok(rw, CollectionSerializer{Items: services, Count: len(services)})
}