/files: make tests more robust

2023-04-27 21:16:10 -04:00 · 2023-04-27 21:16:10 -04:00 · 30899847fb
commit 30899847fb
parent f97cfbbe33
5 changed files with 48 additions and 19 deletions
--- a/sachet/server/admin/views.py
+++ b/sachet/server/admin/views.py
@ -1,6 +1,6 @@
 from flask import Blueprint, request, jsonify
 from flask.views import MethodView
-from sachet.server.models import ServerSettings, Permissions
+from sachet.server.models import ServerSettings, get_settings, Permissions
 from sachet.server import db
 from sachet.server.views_common import auth_required, ModelAPI

@ -9,28 +9,19 @@ admin_blueprint = Blueprint("admin_blueprint", __name__)


 class ServerSettingsAPI(ModelAPI):
-    def get_settings(self):
-        rows = ServerSettings.query.all()
-        if len(rows) == 0:
-            settings = ServerSettings()
-            db.session.add(settings)
-            db.session.commit()
-            return settings
-        return rows[-1]
-
    @auth_required(required_permissions=(Permissions.ADMIN,))
    def get(self, auth_user=None):
-        settings = self.get_settings()
+        settings = get_settings()
        return super().get(settings)

    @auth_required(required_permissions=(Permissions.ADMIN,))
    def patch(self, auth_user=None):
-        settings = self.get_settings()
+        settings = get_settings()
        return super().patch(settings)

    @auth_required(required_permissions=(Permissions.ADMIN,))
    def put(self, auth_user=None):
-        settings = self.get_settings()
+        settings = get_settings()
        return super().put(settings)


--- a/sachet/server/models.py
+++ b/sachet/server/models.py
@ -192,6 +192,17 @@ class ServerSettings(db.Model):
        return Schema()


+def get_settings():
+    """Return server settings, and create them if they don't exist."""
+    rows = ServerSettings.query.all()
+    if len(rows) == 0:
+        settings = ServerSettings()
+        db.session.add(settings)
+        db.session.commit()
+        return settings
+    return rows[-1]
+
+
 class Share(db.Model):
    """Share for a single file.

--- a/sachet/server/views_common.py
+++ b/sachet/server/views_common.py
@ -1,6 +1,6 @@
 from flask import request, jsonify
 from flask.views import MethodView
-from sachet.server.models import Permissions, User, BlacklistToken, ServerSettings
+from sachet.server.models import Permissions, User, BlacklistToken, get_settings
 from sachet.server import db
 from functools import wraps
 from marshmallow import ValidationError
@ -40,7 +40,7 @@ def auth_required(func=None, *, required_permissions=(), allow_anonymous=False):

            if not token:
                if allow_anonymous:
-                    server_settings = ServerSettings.query.first()
+                    server_settings = get_settings()
                    if (
                        Bitmask(AllFlags=Permissions, *required_permissions)
                        not in server_settings.default_permissions
@ -52,7 +52,7 @@ def auth_required(func=None, *, required_permissions=(), allow_anonymous=False):
                                    "message": "Missing permissions to access this page.",
                                }
                            ),
-                            403,
+                            401,
                        )
                    kwargs["auth_user"] = None
                    return f(*args, **kwargs)
@ -101,7 +101,6 @@ def auth_required(func=None, *, required_permissions=(), allow_anonymous=False):

 def patch(orig, diff):
    """Patch the dictionary orig recursively with the dictionary diff."""
-
    # if we get to a leaf node, just replace it
    if not isinstance(orig, dict) or not isinstance(diff, dict):
        return diff
@ -267,8 +266,14 @@ class ModelListAPI(MethodView):
            Number of next page (if this is not the last).
        """
        json_data = request.get_json()
-        per_page = int(json_data.get("per_page", 15))
-        page = int(json_data.get("page", 1))
+        try:
+            per_page = int(json_data.get("per_page", 15))
+            page = int(json_data.get("page", 1))
+        except ValueError as e:
+            return jsonify(dict(
+                status="fail",
+                message=str(e),
+            )), 400

        page_data = ModelClass.query.paginate(page=page, per_page=per_page)
        data = [model.get_schema().dump(model) for model in page_data]
--- a/tests/test_anonymous.py
+++ b/tests/test_anonymous.py
@ -70,6 +70,12 @@ def test_files(client, auth, rand):
        url,
        json={"file_name": "new_bin.bin"},
    )
+    # set read perm for anon users
+    resp = client.patch(
+        "/admin/settings",
+        headers=auth("administrator"),
+        json={"default_permissions": ["READ"]},
+    )
    assert resp.status_code == 200
    resp = client.get(
        url + "/content",
@ -110,6 +116,13 @@ def test_files(client, auth, rand):
    )
    assert resp.status_code == 200

+    # set delete perm for anon users
+    resp = client.patch(
+        "/admin/settings",
+        headers=auth("administrator"),
+        json={"default_permissions": ["READ"]},
+    )
+    assert resp.status_code == 200
    # file shouldn't exist anymore
    resp = client.get(
        url + "/content",
--- a/tests/test_pagination.py
+++ b/tests/test_pagination.py
@ -75,3 +75,12 @@ def test_files(client, users, auth):

    end_page = paginate(forwards=True)
    paginate(forwards=False, page=end_page)
+
+
+def test_invalid(client, auth):
+    """Test invalid requests to pagination."""
+
+    resp = client.get(
+        "/files", headers=auth("jeff"), json=dict(page="one", per_page="two")
+    )
+    assert resp.status_code == 400