nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
Browse Source

When client GETs instead of POSTs, return HTTP 400

pull/109/head
Pēteris Caune 8 years ago
parent
d9171adb1d
commit
5a533441b5
7 changed files with 48 additions and 6 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -0
      hc/front/tests/test_add_check.py
  2. +6
    -0
      hc/front/tests/test_pause.py
  3. +6
    -0
      hc/front/tests/test_remove_channel.py
  4. +6
    -0
      hc/front/tests/test_remove_check.py
  5. +6
    -0
      hc/front/tests/test_update_name.py
  6. +6
    -0
      hc/front/tests/test_update_timeout.py
  7. +12
    -6
      hc/front/views.py

+ 6
- 0
hc/front/tests/test_add_check.py View File

@ -19,3 +19,9 @@ class AddCheckTestCase(BaseTestCase):
check = Check.objects.get()
# Added by bob, but should belong to alice (bob has team access)
self.assertEqual(check.user, self.alice)
def test_it_rejects_get(self):
url = "/checks/add/"
self.client.login(username="[email protected]", password="password")
r = self.client.get(url)
self.assertEqual(r.status_code, 400)

+ 6
- 0
hc/front/tests/test_pause.py View File

@ -18,3 +18,9 @@ class PauseTestCase(BaseTestCase):
self.check.refresh_from_db()
self.assertEqual(self.check.status, "paused")
def test_it_rejects_get(self):
url = "/checks/%s/pause/" % self.check.code
self.client.login(username="[email protected]", password="password")
r = self.client.get(url)
self.assertEqual(r.status_code, 400)

+ 6
- 0
hc/front/tests/test_remove_channel.py View File

@ -47,3 +47,9 @@ class RemoveChannelTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password")
r = self.client.post(url)
assert r.status_code == 302
def test_it_rejects_get(self):
url = "/integrations/%s/remove/" % self.channel.code
self.client.login(username="[email protected]", password="password")
r = self.client.get(url)
self.assertEqual(r.status_code, 400)

+ 6
- 0
hc/front/tests/test_remove_check.py View File

@ -48,3 +48,9 @@ class RemoveCheckTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password")
r = self.client.post(url)
assert r.status_code == 404
def test_it_rejects_get(self):
url = "/checks/%s/remove/" % self.check.code
self.client.login(username="[email protected]", password="password")
r = self.client.get(url)
self.assertEqual(r.status_code, 400)

+ 6
- 0
hc/front/tests/test_update_name.py View File

@ -66,3 +66,9 @@ class UpdateNameTestCase(BaseTestCase):
check = Check.objects.get(id=self.check.id)
self.assertEqual(check.tags, "foo bar baz")
def test_it_rejects_get(self):
url = "/checks/%s/name/" % self.check.code
self.client.login(username="[email protected]", password="password")
r = self.client.get(url)
self.assertEqual(r.status_code, 400)

+ 6
- 0
hc/front/tests/test_update_timeout.py View File

@ -102,3 +102,9 @@ class UpdateTimeoutTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password")
r = self.client.post(url, data=payload)
assert r.status_code == 403
def test_it_rejects_get(self):
url = "/checks/%s/timeout/" % self.check.code
self.client.login(username="[email protected]", password="password")
r = self.client.get(url)
self.assertEqual(r.status_code, 400)

+ 12
- 6
hc/front/views.py View File

@ -127,7 +127,8 @@ def about(request):
@login_required
def add_check(request):
assert request.method == "POST"
if request.method != "POST":
return HttpResponseBadRequest()
check = Check(user=request.team.user)
check.save()
@ -140,7 +141,8 @@ def add_check(request):
@login_required
@uuid_or_400
def update_name(request, code):
assert request.method == "POST"
if request.method != "POST":
return HttpResponseBadRequest()
check = get_object_or_404(Check, code=code)
if check.user_id != request.team.user.id:
@ -158,7 +160,8 @@ def update_name(request, code):
@login_required
@uuid_or_400
def update_timeout(request, code):
assert request.method == "POST"
if request.method != "POST":
return HttpResponseBadRequest()
check = get_object_or_404(Check, code=code)
if check.user != request.team.user:
@ -183,7 +186,8 @@ def update_timeout(request, code):
@login_required
@uuid_or_400
def pause(request, code):
assert request.method == "POST"
if request.method != "POST":
return HttpResponseBadRequest()
check = get_object_or_404(Check, code=code)
if check.user_id != request.team.user.id:
@ -198,7 +202,8 @@ def pause(request, code):
@login_required
@uuid_or_400
def remove_check(request, code):
assert request.method == "POST"
if request.method != "POST":
return HttpResponseBadRequest()
check = get_object_or_404(Check, code=code)
if check.user != request.team.user:
@ -318,7 +323,8 @@ def verify_email(request, code, token):
@login_required
@uuid_or_400
def remove_channel(request, code):
assert request.method == "POST"
if request.method != "POST":
return HttpResponseBadRequest()
# user may refresh the page during POST and cause two deletion attempts
channel = Channel.objects.filter(code=code).first()


Write Preview
Loading…
Cancel
Save