paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-05 22:43:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

coverage: Add test for REST requests to /json API unauthed.

Browse Source
This commit is contained in:
Tim Abbott
2017-03-05 00:39:36 -08:00
parent c8e38aaa55
commit 2f8bb1b1cd
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
zerver/lib/rest.py
View File

@@ -104,6 +104,7 @@ def rest_dispatch(request, **kwargs):
# If this looks like a request from a top-level page in a # If this looks like a request from a top-level page in a
# browser, send the user to the login page # browser, send the user to the login page
if 'text/html' in request.META.get('HTTP_ACCEPT', ''): if 'text/html' in request.META.get('HTTP_ACCEPT', ''):
# TODO: It seems like the `?next=` part is unlikely to be helpful
return HttpResponseRedirect('%s/?next=%s' % (settings.HOME_NOT_LOGGED_IN, request.path)) return HttpResponseRedirect('%s/?next=%s' % (settings.HOME_NOT_LOGGED_IN, request.path))
# Ask for basic auth (email:apiKey) # Ask for basic auth (email:apiKey)
elif request.path.startswith("/api"): elif request.path.startswith("/api"):

7
zerver/tests/test_decorators.py
View File

@@ -1023,3 +1023,10 @@ class RestAPITest(ZulipTestCase):
result = self.client_options('/json/streams/15') result = self.client_options('/json/streams/15')
self.assertEqual(result.status_code, 204) self.assertEqual(result.status_code, 204)
self.assertEqual(str(result['Allow']), 'DELETE, PATCH') self.assertEqual(str(result['Allow']), 'DELETE, PATCH')
def test_http_accept_redirect(self):
# type: () -> None
result = self.client_get('/json/users',
HTTP_ACCEPT='text/html')
self.assertEqual(result.status_code, 302)
self.assertTrue(result["Location"].endswith("/login/?next=/json/users"))