Ratings and Reviews server

Merge lp:~ricardokirkner/rnr-server/review-crud-api-with-macaroons into lp:rnr-server

review-crud-api-with-macaroons
Merge into trunk

Proposed by Ricardo Kirkner on 2016-05-17

Status:	Merged
Approved by:	Ricardo Kirkner on 2016-05-20
Approved revision:	334
Merged at revision:	318
Proposed branch:	lp:~ricardokirkner/rnr-server/review-crud-api-with-macaroons
Merge into:	lp:rnr-server
Diff against target:	611 lines (+172/-107) 4 files modified src/clickreviews/api/urls.py (+3/-1) src/clickreviews/tests/test_handlers.py (+160/-65) src/reviewsapp/api/urls.py (+2/-3) src/reviewsapp/tests/test_handlers.py (+7/-38)
To merge this branch:	bzr merge lp:~ricardokirkner/rnr-server/review-crud-api-with-macaroons
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Fabián Ezequiel Gallina (community)		2016-05-17	Approve on 2016-05-20
Review via email: mp+294951@code.launchpad.net

Commit message

add macaroons support for review CRUD apis

Revision history for this message

Fabián Ezequiel Gallina (fgallina) wrote on 2016-05-18:

Looking good, added few comments.

Revision history for this message

Ricardo Kirkner (ricardokirkner) on 2016-05-20:

lp:~ricardokirkner/rnr-server/review-crud-api-with-macaroons updated on 2016-05-20

332. By Ricardo Kirkner on 2016-05-20: use public names for helper methods
333. By Ricardo Kirkner on 2016-05-20: refactor to avoid duplication
334. By Ricardo Kirkner on 2016-05-20: assert changes on db when deleting a review

Revision history for this message

Fabián Ezequiel Gallina (fgallina) wrote on 2016-05-20:

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Kiwinote

Michael Vogt

Ricardo Kirkner

 === modified file 'src/clickreviews/api/urls.py'
 --- src/clickreviews/api/urls.py	2014-11-21 20:27:01 +0000
 +++ src/clickreviews/api/urls.py	2016-05-20 13:59:57 +0000
@@ -9,6 +9,7 @@
  from piston.resource import Resource
  from core.api.auth import (
      DelegatedSSOAuthentication,
++    MacaroonsAuthentication,
      SSOOAuthAuthentication,
+ )
  from core.api.decorators import gzip_content, vary_only_on_headers
@@ -24,9 +25,10 @@
  auth = SSOOAuthAuthentication(realm="Ratings and Reviews")
++macaroons_auth = MacaroonsAuthentication(realm="Ratings and Reviews")
  review_resource = CSRFExemptResource(handler=ClickReviewHandler,
--                                     authentication=auth)
++                                     authentication=(macaroons_auth, auth))
  review_resource.callmap['PATCH'] = 'patch'
  review_resource = never_cache(review_resource)
 === modified file 'src/clickreviews/tests/test_handlers.py'
 --- src/clickreviews/tests/test_handlers.py	2015-04-22 14:04:11 +0000
 +++ src/clickreviews/tests/test_handlers.py	2016-05-20 13:59:57 +0000
@@ -12,6 +12,7 @@
  from django.core.cache import cache
  from django.core.serializers.json import DateTimeAwareJSONEncoder
  from django.core.urlresolvers import reverse
++from mock import patch
  from clickreviews.api.urls import sca_delegated_sso_auth
  from clickreviews.models import (
@@ -23,10 +24,28 @@
+ )
  from clickreviews.tests.factory import TestCaseWithFactory
  from core.models import BaseModeration
--from core.tests.helpers import SSOTestCaseMixin, assert_no_extra_queries_after
--
--
--class ClickReviewsHandlerTestCase(TestCaseWithFactory):
++from core.tests.doubles import SCADouble
++from core.tests.helpers import (
++    RequestsDoubleTestCaseMixin,
++    SSOTestCaseMixin,
++    assert_no_extra_queries_after,
++)
++
++
++class MacaroonsAuthenticatedTestCase(TestCaseWithFactory,
++                                     RequestsDoubleTestCaseMixin):
++
++    def setUp(self):
++        super(MacaroonsAuthenticatedTestCase, self).setUp()
++
++        self.patch_requests()
++        self.sca_double = SCADouble(self.requests_double)
++        p = patch('core.utilities.web_services', new=self.sca_double)
++        p.start()
++        self.addCleanup(p.stop)
++
++
++class ClickReviewsHandlerTestCase(MacaroonsAuthenticatedTestCase):
      def setUp(self):
          super(ClickReviewsHandlerTestCase, self).setUp()
@@ -58,36 +77,38 @@
              'arch_tag': 'i386',
+         }
--    def _post_new_review(self, data, user=None, verify_result=True):
++    def post_new_review(self, data, user=None, verify_result=True,
++                        auth='oauth'):
          # Post a review as an authenticated user.
          url = reverse('click-api-reviews')
--        if user is None:
--            user = self.factory.makeUser()
--        self.client.login(username=user.username, password='test')
++        headers = {}
++        if auth == 'macaroon':
++            authorization = 'Macaroon root="%s", discharge="%s"' % (
++                'root-macaroon-data', 'discharge-macaroon-data')
++            headers['HTTP_AUTHORIZATION'] = authorization
++        else:
++            if user is None:
++                user = self.factory.makeUser()
++            self.client.login(username=user.username, password='test')
          response = self.client.post(
--            url, data=data, content_type='application/json')
++            url, data=data, content_type='application/json', **headers)
          return response
--    def test_create(self):
--        data = self.make_data(package_name='com.example.me.myapp',
--                              rating=5)
--
--        response = self._post_new_review(json.dumps(data))
--
++    def assert_review_created(self, response, expected):
          # Piston uses 200, rather than 201.
          self.assertEqual(httplib.OK, response.status_code)
          self.assertEqual('application/json; charset=utf-8',
                           response['content-type'])
          reviews = ClickPackageReview.objects.filter(
--            click_package__package_name='com.example.me.myapp')
++            click_package__package_name=expected['package_name'])
          self.assertEqual(1, reviews.count())
          review = reviews[0]
          response_dict = json.loads(response.content)
          self.assertEqual({
              'id': review.id,
--            'package_name': 'com.example.me.myapp',
--            'language': data['language'],
++            'package_name': expected['package_name'],
++            'language': expected['language'],
              'date_created': DateTimeAwareJSONEncoder().encode(
                  review.date_created).strip('"'),
              'rating': 5,
@@ -102,10 +123,27 @@
              'usefulness_favorable': 0,
          }, response_dict)
++    def test_create(self):
++        data = self.make_data(package_name='com.example.me.myapp',
++                              rating=5)
++
++        response = self.post_new_review(json.dumps(data))
++        self.assert_review_created(response, data)
++
++    def test_create_using_macaroon_auth(self):
++        user = self.factory.makeUser()
++        account = self.make_account_data(user)
++        self.sca_double.set_verify_acl_response(account=account)
++        data = self.make_data(package_name='com.example.me.myapp',
++                              rating=5)
++        response = self.post_new_review(
++            json.dumps(data), user=user, auth='macaroon')
++        self.assert_review_created(response, data)
++
      def test_invalid_rating(self):
          data = self.make_data(rating=6)
--        response = self._post_new_review(json.dumps(data))
++        response = self.post_new_review(json.dumps(data))
          self.assertEqual(httplib.BAD_REQUEST, response.status_code)
@@ -116,7 +154,7 @@
              data = valid_data.copy()
              del data[key]
--            response = self._post_new_review(json.dumps(data))
++            response = self.post_new_review(json.dumps(data))
              self.assertEqual(httplib.BAD_REQUEST, response.status_code)
@@ -127,13 +165,13 @@
          click_package = ClickPackage.objects.create(
              package_name='com.example.me.myapp')
--        self._post_new_review(json.dumps(data))
++        self.post_new_review(json.dumps(data))
          click_package = ClickPackage.objects.get(id=click_package.id)
          self.assertEqual(1, click_package.ratings_total)
          self.assertEqual(5, click_package.ratings_average)
--    def _get_reviews(self, data=None):
++    def get_reviews(self, data=None):
          url = reverse('click-api-reviews')
          kwargs = {}
          if data is not None:
@@ -146,7 +184,7 @@
          for _ in range(5):
              self.factory.makeClickPackageReview(click_package=package)
--        json_result = self._get_reviews(data={
++        json_result = self.get_reviews(data={
              'package_name': package.package_name,
          })
@@ -163,7 +201,7 @@
              version='0.1.1', date_created=datetime(
 , 1, 15, 11, 13, 55, 123456, tzinfo=pytz.UTC))
--        json_result = self._get_reviews(data={
++        json_result = self.get_reviews(data={
              'package_name': package.package_name,
          })
          self.assertEqual(200, json_result.status_code)
@@ -190,7 +228,7 @@
          }, result_review)
      def test_must_filter_by_packagename(self):
--        result = self._get_reviews()
++        result = self.get_reviews()
          self.assertEqual(400, result.status_code)
          self.assertEqual(['package_name'],
@@ -202,7 +240,7 @@
              click_package=package,
              deleted=True)
--        json_result = self._get_reviews(data={
++        json_result = self.get_reviews(data={
              'package_name': package.package_name,
          })
          self.assertEqual(200, json_result.status_code)
@@ -213,7 +251,7 @@
          package = self.factory.makeClickPackage()
          self.factory.makeClickPackageReview(click_package=package, hide=True)
--        json_result = self._get_reviews(data={
++        json_result = self.get_reviews(data={
              'package_name': package.package_name,
          })
          self.assertEqual(200, json_result.status_code)
@@ -240,7 +278,7 @@
              reviews[2].id,
+         ]
--        json_result = self._get_reviews(data={
++        json_result = self.get_reviews(data={
              'package_name': package.package_name,
          })
          self.assertEqual(200, json_result.status_code)
@@ -255,33 +293,63 @@
              self.factory.makeClickPackageReview(click_package=package)
          assert_no_extra_queries_after(
              lambda: self.factory.makeClickPackageReview(click_package=package),
--            self._get_reviews, data={'package_name': package.package_name}
++            self.get_reviews, data={'package_name': package.package_name}
+         )
--    def _update_review(self, review, data, user=None):
++    def update_review(self, review, data, user=None, auth='oauth'):
          # Post a review as an authenticated user.
          url = reverse('click-api-reviews', args=(review.pk,))
--        if user is None:
--            user = review.reviewer
--        self.client.login(username=user.username, password='test')
++        headers = {}
++        if auth == 'macaroon':
++            authorization = 'Macaroon root="%s", discharge="%s"' % (
++                'root-macaroon-data', 'discharge-macaroon-data')
++            headers['HTTP_AUTHORIZATION'] = authorization
++        else:
++            if user is None:
++                user = review.reviewer
++            self.client.login(username=user.username, password='test')
          response = self.client.put(
--            url, data=json.dumps(data), content_type='application/json')
++            url, data=json.dumps(data), content_type='application/json',
++            **headers)
          return response
++    def assert_review_updated(self, response, expected):
++        self.assertEqual(response.status_code, httplib.OK)
++        review = json.loads(response.content)
++        for key, value in expected.items():
++            self.assertEqual(review[key], value)
++
      def test_update_review(self):
          review = self.factory.makeClickPackageReview()
          data = {'summary': 'New summary',
                  'review_text': 'Review text',
                  'rating': 5}
--        response = self._update_review(review, data)
--        self.assertEqual(response.status_code, httplib.OK)
--        review = json.loads(response.content)
--        for key, value in data.items():
--            self.assertEqual(review[key], data[key])
++        response = self.update_review(review, data)
++        self.assert_review_updated(response, data)
++
++    def make_account_data(self, user):
++        return {
++            'verified': True,
++            'openid': user.useropenid_set.first().claimed_id.split('/')[-1],
++            'email': user.email,
++            'displayname': user.username,
++        }
++
++    def test_update_review_using_macaroon_auth(self):
++        user = self.factory.makeUser()
++        account = self.make_account_data(user)
++        self.sca_double.set_verify_acl_response(account=account)
++        review = self.factory.makeClickPackageReview(reviewer=user)
++        data = {'summary': 'New summary',
++                'review_text': 'Review text',
++                'rating': 5}
++        response = self.update_review(
++            review, data, user=user, auth='macaroon')
++        self.assert_review_updated(response, data)
      def test_update_review_missing_data(self):
          review = self.factory.makeClickPackageReview()
--        response = self._update_review(review, {})
++        response = self.update_review(review, {})
          self.assertEqual(response.status_code, httplib.BAD_REQUEST)
          errors = json.loads(response.content)
          expected = {'errors':
@@ -293,45 +361,72 @@
      def test_update_review_wrong_user(self):
          review = self.factory.makeClickPackageReview()
          user = self.factory.makeUser()
--        response = self._update_review(review, {}, user)
++        response = self.update_review(review, {}, user)
          self.assertEqual(response.status_code, httplib.NOT_FOUND)
--    def _delete_review(self, review, user=None):
++    def delete_review(self, review, user=None, auth='oauth'):
          # Delete a review as an authenticated user.
          url = reverse('click-api-reviews', args=(review.pk,))
--        if user is None:
--            user = review.reviewer
--        self.client.login(username=user.username, password='test')
--        response = self.client.delete(url)
++        headers = {}
++        if auth == 'macaroon':
++            authorization = 'Macaroon root="%s", discharge="%s"' % (
++                'root-macaroon-data', 'discharge-macaroon-data')
++            headers['HTTP_AUTHORIZATION'] = authorization
++        else:
++            if user is None:
++                user = review.reviewer
++            self.client.login(username=user.username, password='test')
++        response = self.client.delete(url, **headers)
          return response
++    def assert_review_deleted(self, response):
++        self.assertEqual(response.status_code, httplib.OK)
++        review = json.loads(response.content)
++        db_review = ClickPackageReview.objects.get(id=review['id'])
++        self.assertTrue(db_review.hide)
++        self.assertIsNotNone(db_review.date_deleted)
++        # XXX: ignore time differences at the microsecond level
++        date_deleted = db_review.date_deleted
++        parsed = datetime.strptime(
++            review['date_deleted'], '%Y-%m-%dT%H:%M:%S.%fZ')
++        self.assertEqual(
++            date_deleted.replace(microsecond=0),
++            parsed.replace(microsecond=0, tzinfo=date_deleted.tzinfo))
++
      def test_delete_review(self):
          review = self.factory.makeClickPackageReview()
--        response = self._delete_review(review)
--        self.assertEqual(response.status_code, httplib.OK)
--        review = json.loads(response.content)
++        response = self.delete_review(review)
++        self.assert_review_deleted(response)
++
++    def test_delete_review_using_macaroon_auth(self):
++        user = self.factory.makeUser()
++        account = self.make_account_data(user)
++        self.sca_double.set_verify_acl_response(account=account)
++        review = self.factory.makeClickPackageReview(reviewer=user)
++        response = self.delete_review(review, auth='macaroon')
++        self.assert_review_deleted(response)
      def test_delete_review_wrong_id(self):
          review = self.factory.makeClickPackageReview()
          ClickPackageReview.objects.all().delete()
--        response = self._delete_review(review)
++        response = self.delete_review(review)
          self.assertEqual(response.status_code, httplib.NOT_FOUND)
      def test_delete_already_deleted(self):
          review = self.factory.makeClickPackageReview()
          review.delete()
--        response = self._delete_review(review)
++        response = self.delete_review(review)
          self.assertEqual(response.status_code, httplib.NOT_FOUND)
      def test_delete_hidden_review(self):
          review = self.factory.makeClickPackageReview(hide=True)
--        response = self._delete_review(review)
++        response = self.delete_review(review)
          self.assertEqual(response.status_code, httplib.NOT_FOUND)
      def test_delete_review_wrong_user(self):
          review = self.factory.makeClickPackageReview()
          user = self.factory.makeUser()
--        response = self._delete_review(review, user=user)
++        response = self.delete_review(review, user=user)
          self.assertEqual(response.status_code, httplib.NOT_FOUND)
@@ -368,7 +463,7 @@
          cache._cache.clear()
          cache._expire_info.clear()
--    def _request_stats(self, data=None, headers=None, **kwargs):
++    def request_stats(self, data=None, headers=None, **kwargs):
          url = reverse(
              'click-api-reviews-stats', kwargs=kwargs)
          if data is None:
@@ -385,7 +480,7 @@
              click_package=self.factory.makeClickPackage('package_bar'),
              language='de')
--        response = self._request_stats()
++        response = self.request_stats()
          reviews = json.loads(response.content)
          foo = foo_review.click_package
@@ -405,7 +500,7 @@
              click_package=self.factory.makeClickPackage('package_bar'),
              language='de')
--        response = self._request_stats(package_name='package_foo')
++        response = self.request_stats(package_name='package_foo')
          reviews = json.loads(response.content)
          foo = foo_review.click_package
@@ -413,12 +508,12 @@
              pk=foo.pk, package_name=foo.package_name))
      def test_read_for_missing_package(self):
--        response = self._request_stats(package_name='not_found')
++        response = self.request_stats(package_name='not_found')
          self.assertEqual(response.status_code, 404)
      def test_request_cached_with_extra_headers(self):
          # Requests for server status are never cached.
--        response = self._request_stats()
++        response = self.request_stats()
          self.assertEqual(
              'max-age={0}'.format(settings.CACHE_REVIEW_STATS_SECONDS),
@@ -427,13 +522,13 @@
          # A subsequent call will not hit the view.
          handler = 'clickreviews.api.handlers.ClickReviewsStatsHandler.read'
          with mock.patch(handler) as mock_read:
--            response = self._request_stats()
++            response = self.request_stats()
              self.assertFalse(mock_read.called)
      def test_cannot_request_with_get_params(self):
          # Requesting the un-cached response (by adding get params) is
          # not allowed.
--        response = self._request_stats(data=dict(foo='bar'))
++        response = self.request_stats(data=dict(foo='bar'))
          self.assertEqual(400, response.status_code)
@@ -447,7 +542,7 @@
              click_package=self.factory.makeClickPackage('package_bar'),
              language='de')
--        response = self._request_stats(
++        response = self.request_stats(
              headers={'HTTP_ACCEPT_ENCODING': 'gzip, deflate'})
          fileobj = BytesIO()
@@ -468,7 +563,7 @@
                  pk=bar.pk, package_name=bar.package_name)])
      def test_vary_headers(self):
--        response = self._request_stats()
++        response = self.request_stats()
          self.assertEqual(200, response.status_code)
          self.assertTrue(response.has_header('vary'))
          vary = response['vary']
@@ -692,7 +787,7 @@
          self.addCleanup(p.stop)
          self.patch_sso()
--    def _make_delegated_sso_signed_headers(self, url, data=None):
++    def make_delegated_sso_signed_headers(self, url, data=None):
          if data is None:
              data = ''
          url = 'http://testserver' + url
@@ -705,7 +800,7 @@
      def request_get(self, url, authenticated=True, **headers):
          if authenticated:
--            headers.update(self._make_delegated_sso_signed_headers(url))
++            headers.update(self.make_delegated_sso_signed_headers(url))
          return self.client.get(url, **headers)
      def request_patch(
@@ -714,7 +809,7 @@
          if data is None:
              data = ''
          if authenticated:
--            headers.update(self._make_delegated_sso_signed_headers(url, data))
++            headers.update(self.make_delegated_sso_signed_headers(url, data))
          return self.client.patch(
              url, data=data, content_type=content_type, **headers)
 === modified file 'src/reviewsapp/api/urls.py'
 --- src/reviewsapp/api/urls.py	2016-05-16 14:32:26 +0000
 +++ src/reviewsapp/api/urls.py	2016-05-20 13:59:57 +0000
@@ -22,7 +22,7 @@
+ )
  from piston.resource import Resource
--from core.api.auth import MacaroonsAuthentication, SSOOAuthAuthentication
++from core.api.auth import SSOOAuthAuthentication
  from core.api.decorators import (
      gzip_content,
      vary_only_on_accept,
@@ -44,7 +44,6 @@
+ )
  auth = SSOOAuthAuthentication(realm="Ratings and Reviews")
--macaroons_auth = MacaroonsAuthentication(realm="Ratings and Reviews")
  # The server status resource should never be cached.
@@ -101,7 +100,7 @@
  # The following POST handlers have POST data and will not be cached.
  # The .__name__ hack is needed to support Django 1.1
  submit_review_resource = CSRFExemptResource(
--    handler=SubmitReviewHandler, authentication=(macaroons_auth, auth))
++    handler=SubmitReviewHandler, authentication=auth)
  modify_review_resource = CSRFExemptResource(handler=ModifyReviewHandler,
                                              authentication=auth)
  flag_review_resource = CSRFExemptResource(handler=FlagReviewHandler,
 === modified file 'src/reviewsapp/tests/test_handlers.py'
 --- src/reviewsapp/tests/test_handlers.py	2016-05-16 14:32:26 +0000
 +++ src/reviewsapp/tests/test_handlers.py	2016-05-20 13:59:57 +0000
@@ -56,11 +56,7 @@
  from piston.emitters import Emitter
  from piston.handler import typemapper
--from core.tests.doubles import SCADouble
--from core.tests.helpers import (
--    RequestsDoubleTestCaseMixin,
--    assert_no_extra_queries_after,
--)
++from core.tests.helpers import assert_no_extra_queries_after
  from reviewsapp.api.handlers import (
      Django13JSONEncoder,
      Django13JSONEmitter,
@@ -987,8 +983,7 @@
          self.assertEqual(response['vary'], 'Accept')
--class SubmitReviewHandlerTestCase(TestCaseWithFactory,
--                                  RequestsDoubleTestCaseMixin):
++class SubmitReviewHandlerTestCase(TestCaseWithFactory):
      def setUp(self):
          super(SubmitReviewHandlerTestCase, self).setUp()
@@ -1005,26 +1000,13 @@
+         }
          self.factory.makeArch('i386')
--        self.patch_requests()
--        self.sca_double = SCADouble(self.requests_double)
--        p = patch('core.utilities.web_services', new=self.sca_double)
--        p.start()
--        self.addCleanup(p.stop)
--
--    def _post_new_review(self, data, user=None, verify_result=True,
--                         auth='oauth'):
++    def _post_new_review(self, data, user=None, verify_result=True):
          # Post a review as an authenticated user.
          url = reverse('rnr-api-reviews')
--        headers = {}
--        if auth == 'macaroon':
--            authorization = 'Macaroon root="%s", discharge="%s"' % (
--                'root-macaroon-data', 'discharge-macaroon-data')
--            headers['HTTP_AUTHORIZATION'] = authorization
--        else:
--            if user is None:
--                user = self.factory.makeUser()
--            self.client.login(username=user.username, password='test')
++        if user is None:
++            user = self.factory.makeUser()
++        self.client.login(username=user.username, password='test')
          # Ensure we don't hit the network for our tests.
          is_authed_fn = ('core.api.auth.SSOOAuthAuthentication.'
@@ -1040,8 +1022,7 @@
                  with patch(sca_verify_fn) as mock_sca_verify_method:
                      mock_sca_verify_method.return_value = verify_result
                      response = self.client.post(
--                        url, data=data, content_type='application/json',
--                        **headers)
++                        url, data=data, content_type='application/json')
          return response
      def test_bogus_data(self):
@@ -1077,18 +1058,6 @@
          response_dict = simplejson.loads(response.content)
          self.assertEqual('inkscape', response_dict['package_name'])
--    def test_create_using_macaroon_auth(self):
--        self.sca_double.set_verify_acl_response(
--            is_verified=True, openid='oid1234',
--            email='user@example.com', displayname='user1234')
--        response = self._post_new_review(simplejson.dumps(self.required_data),
--                                         auth='macaroon')
--        self.assertEqual(httplib.OK, response.status_code)
--        self.assertEqual('application/json; charset=utf-8',
--                         response['content-type'])
--        response_dict = simplejson.loads(response.content)
--        self.assertEqual('inkscape', response_dict['package_name'])
--
      def test_creates_repository_and_software_item(self):
          # Submitting a review for a software item or repository of which
          # we don't yet have a record will create those records (after

Ratings and Reviews server

Merge lp:~ricardokirkner/rnr-server/review-crud-api-with-macaroons into lp:rnr-server

Commit message

Description of the change

Preview Diff

Subscribers