0001-WIP-api-add-category-creation-24624.patch
tests/test_api.py | ||
---|---|---|
134 | 134 |
signature = urllib.quote( |
135 | 135 |
base64.b64encode( |
136 | 136 |
hmac.new('1234', |
137 |
'format=json&orig=coucou&algo=sha1',
|
|
137 |
'format=json&orig=coucou&algo=sha1', |
|
138 | 138 |
hashlib.sha1).digest())) |
139 | 139 |
output = get_app(pub).get('/api/user/?format=json&orig=coucou&algo=sha1&signature=%s' % signature, status=403) |
140 | 140 |
assert output.json['err_desc'] == 'missing/multiple timestamp field' |
... | ... | |
145 | 145 |
signature = urllib.quote( |
146 | 146 |
base64.b64encode( |
147 | 147 |
hmac.new('1234', |
148 |
query,
|
|
148 |
query, |
|
149 | 149 |
hashlib.sha1).digest())) |
150 | 150 |
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403) |
151 | 151 |
assert output.json['err_desc'] == 'no user specified' |
... | ... | |
196 | 196 |
signature = urllib.quote( |
197 | 197 |
base64.b64encode( |
198 | 198 |
hmac.new('1234', |
199 |
query,
|
|
199 |
query, |
|
200 | 200 |
hashlib.sha1).digest())) |
201 | 201 |
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature)) |
202 | 202 |
assert output.json['user_display_name'] == u'Jean Darmette' |
... | ... | |
207 | 207 |
signature = urllib.quote( |
208 | 208 |
base64.b64encode( |
209 | 209 |
hmac.new('1234', |
210 |
query,
|
|
210 |
query, |
|
211 | 211 |
hashlib.sha1).digest())) |
212 | 212 |
output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403) |
213 | 213 |
assert output.json['err_desc'] == 'invalid signature' |
... | ... | |
989 | 989 |
assert resp.json['data'][0]['forms'][0]['title'] == 'test' |
990 | 990 |
assert resp.json['data'][0]['forms'][1]['title'] == 'test 2' |
991 | 991 | |
992 |
def test_categories_post(pub, local_user): |
|
993 |
test_categories(pub) |
|
994 |
resp = get_app(pub).get('/api/categories/') |
|
995 |
assert len(resp.json['data']) == 1 |
|
996 |
resp = get_app(pub).post_json(sign_uri('/api/categories/', local_user), |
|
997 |
{'data': {'name': 'foo', 'description': 'bar', 'position': 0, |
|
998 |
'redirect_url': 'https://www.entrouvert.org'}}) |
|
999 |
assert resp.json['data'].get('id') == '2' |
|
1000 |
resp = get_app(pub).get('/api/categories/') |
|
1001 |
assert len(resp.json['data']) == 2 |
|
1002 | ||
992 | 1003 |
def test_formdata(pub, local_user): |
993 | 1004 |
NamedDataSource.wipe() |
994 | 1005 |
data_source = NamedDataSource(name='foobar') |
wcs/api.py | ||
---|---|---|
487 | 487 |
pass |
488 | 488 | |
489 | 489 |
def _q_index(self): |
490 |
if get_request().get_method() == 'POST': |
|
491 |
return self.post() |
|
490 | 492 |
try: |
491 | 493 |
user = get_user_from_api_query_string() or get_request().user |
492 | 494 |
except UnknownNameIdAccessForbiddenError: |
... | ... | |
530 | 532 |
except KeyError: |
531 | 533 |
raise TraversalError() |
532 | 534 | |
535 |
def post(self): |
|
536 |
get_response().set_content_type('application/json') |
|
537 |
if not is_url_signed() or not get_user_from_api_query_string(): |
|
538 |
raise AccessForbiddenError('unsigned API call or not signed in') |
|
539 |
json_input = get_request().json |
|
540 |
category = Category() |
|
541 |
attributes = ['name', 'description', 'position', 'redirect_url'] |
|
542 |
if not 'data' in json_input: |
|
543 |
return json.dumps({'err': 1, 'data': {}}) |
|
544 |
data = json_input.get('data') |
|
545 |
for a in attributes: |
|
546 |
if not a in data: |
|
547 |
return json.dumps({'err': 1, 'data': {}}) |
|
548 |
category.name = data['name'] |
|
549 |
category.description = data['description'] |
|
550 |
category.position = data['position'] |
|
551 |
category.redirect_url = data['redirect_url'] |
|
552 |
category.store() |
|
553 |
return json.dumps({'err': 0, 'data': {'id': category.id}}) |
|
533 | 554 | |
534 | 555 |
class ApiUserDirectory(Directory): |
535 | 556 |
_q_exports = ['', 'forms', 'drafts'] |
536 |
- |