Projet

Général

Profil

0001-wf-jump-respond-404-on-non-existing-trigger-on-all-H.patch

Thomas Noël, 29 octobre 2021 12:08

Télécharger (2,41 ko)

Voir les différences: 

Subject: [PATCH] wf/jump: respond 404 on non-existing trigger, on all HTTP
 methods (#58226)


 tests/api/test_workflow.py | 10 ++++++++++
 wcs/wf/jump.py             |  5 ++---
 2 files changed, 12 insertions(+), 3 deletions(-)
tests/api/test_workflow.py
108 108 
    get_app(pub).post(sign_uri(formdata.get_url() + 'jump/trigger/XXX/'), status=200)
109 109 
    assert formdef.data_class().get(formdata.id).status == 'wf-st2'
110 110 

  		




  
  111
  
    
    # verify trigger presence (not-404 response)

  		




  
  112
  
    
    formdata.store()  # reset

  		




  
  113
  
    
    get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=403)  # not 404: ok

  		




  
  114
  
    
    assert formdef.data_class().get(formdata.id).status == 'wf-st1'

  		




  
  115
  
    
    get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/ABC'), status=404)

  		




  
  116
  
    
    # jump and test trigger is not available anymore

  		




  
  117
  
    
    get_app(pub).post(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=200)

  		




  
  118
  
    
    assert formdef.data_class().get(formdata.id).status == 'wf-st2'

  		




  
  119
  
    
    get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=404)

  		




  
  120
  
    

  		




  111
  121
  
    
    pub.role_class.wipe()

  		




  112
  122
  
    
    role = pub.role_class(name='xxx')

  		




  113
  123
  
    
    role.store()

  		












  

    
      wcs/wf/jump.py
    
  





  71
  71
  
    
        if get_request().is_json():

  		




  72
  72
  
    
            get_response().set_content_type('application/json')

  		




  73
  73
  
    

  		




  74
  
  
    
        if not get_request().get_method() == 'POST':

  		




  75
  
  
    
            raise errors.AccessForbiddenError()

  		




  76
  
  
    

  		




  77
  74
  
    
        signed_request = is_url_signed()

  		




  78
  75
  
    
        user = get_user_from_api_query_string() or get_request().user

  		




  79
  76
  
    
        for item in self.wfstatus.items:

  		




  ......




  82
  79
  
    
            if not hasattr(item, 'trigger'):

  		




  83
  80
  
    
                continue

  		




  84
  81
  
    
            if component == item.trigger:

  		




  
  82
  
    
                if not get_request().get_method() == 'POST':

  		




  
  83
  
    
                    raise errors.AccessForbiddenError()

  		




  85
  84
  
    
                if signed_request and not item.by:

  		




  86
  85
  
    
                    pass

  		




  87
  86
  
    
                elif not item.check_auth(self.formdata, user):

  		




  88
  
  
    
-