nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
Browse Source

Don't redirect to /integrations/, redirect to /project/<uuid>/integrations/

pull/340/head
Pēteris Caune 5 years ago
parent
7060d49306
commit
f2375f9f45
No known key found for this signature in database GPG Key ID: E28D7679E9A9EDE2
6 changed files with 58 additions and 45 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      hc/front/tests/test_channel_checks.py
  2. +3
    -3
      hc/front/tests/test_remove_channel.py
  3. +8
    -3
      hc/front/tests/test_send_test_notification.py
  4. +12
    -12
      hc/front/tests/test_update_channel.py
  5. +2
    -2
      hc/front/tests/test_update_channel_name.py
  6. +31
    -23
      hc/front/views.py

+ 2
- 2
hc/front/tests/test_channel_checks.py View File

@ -31,7 +31,7 @@ class ChannelChecksTestCase(BaseTestCase):
url = "/integrations/%s/checks/" % self.channel.code url = "/integrations/%s/checks/" % self.channel.code
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(url) r = self.client.get(url)
assert r.status_code == 403
self.assertEqual(r.status_code, 404)
def test_missing_channel(self): def test_missing_channel(self):
# Valid UUID but there is no channel for it: # Valid UUID but there is no channel for it:
@ -39,4 +39,4 @@ class ChannelChecksTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.get(url) r = self.client.get(url)
assert r.status_code == 404
self.assertEqual(r.status_code, 404)

+ 3
- 3
hc/front/tests/test_remove_channel.py View File

@ -14,7 +14,7 @@ class RemoveChannelTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(url) r = self.client.post(url)
self.assertRedirects(r, "/integrations/")
self.assertRedirects(r, self.channels_url)
assert Channel.objects.count() == 0 assert Channel.objects.count() == 0
@ -37,7 +37,7 @@ class RemoveChannelTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(url) r = self.client.post(url)
assert r.status_code == 403
self.assertEqual(r.status_code, 404)
def test_it_handles_missing_uuid(self): def test_it_handles_missing_uuid(self):
# Valid UUID but there is no channel for it: # Valid UUID but there is no channel for it:
@ -45,7 +45,7 @@ class RemoveChannelTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(url) r = self.client.post(url)
assert r.status_code == 302
self.assertEqual(r.status_code, 404)
def test_it_rejects_get(self): def test_it_rejects_get(self):
url = "/integrations/%s/remove/" % self.channel.code url = "/integrations/%s/remove/" % self.channel.code


+ 8
- 3
hc/front/tests/test_send_test_notification.py View File

@ -20,7 +20,7 @@ class SendTestNotificationTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, {}, follow=True) r = self.client.post(self.url, {}, follow=True)
self.assertRedirects(r, "/integrations/")
self.assertRedirects(r, self.channels_url)
self.assertContains(r, "Test notification sent!") self.assertContains(r, "Test notification sent!")
# And email should have been sent # And email should have been sent
@ -52,7 +52,7 @@ class SendTestNotificationTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, {}, follow=True) r = self.client.post(self.url, {}, follow=True)
self.assertRedirects(r, "/integrations/")
self.assertRedirects(r, self.channels_url)
self.assertContains(r, "Test notification sent!") self.assertContains(r, "Test notification sent!")
def test_it_handles_webhooks_with_no_urls(self): def test_it_handles_webhooks_with_no_urls(self):
@ -73,5 +73,10 @@ class SendTestNotificationTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, {}, follow=True) r = self.client.post(self.url, {}, follow=True)
self.assertRedirects(r, "/integrations/")
self.assertRedirects(r, self.channels_url)
self.assertContains(r, "Could not send a test notification") self.assertContains(r, "Could not send a test notification")
def test_it_checks_channel_ownership(self):
self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, {}, follow=True)
self.assertEqual(r.status_code, 404)

+ 12
- 12
hc/front/tests/test_update_channel.py View File

@ -16,8 +16,8 @@ class UpdateChannelTestCase(BaseTestCase):
payload = {"channel": self.channel.code, "check-%s" % self.check.code: True} payload = {"channel": self.channel.code, "check-%s" % self.check.code: True}
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post("/integrations/", data=payload)
self.assertRedirects(r, "/integrations/")
r = self.client.post(self.channels_url, data=payload)
self.assertRedirects(r, self.channels_url)
channel = Channel.objects.get(code=self.channel.code) channel = Channel.objects.get(code=self.channel.code)
checks = channel.checks.all() checks = channel.checks.all()
@ -30,19 +30,19 @@ class UpdateChannelTestCase(BaseTestCase):
# Logging in as bob, not alice. Bob has team access so this # Logging in as bob, not alice. Bob has team access so this
# should work. # should work.
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post("/integrations/", data=payload, follow=True)
r = self.client.post(self.channels_url, data=payload, follow=True)
self.assertEqual(r.status_code, 200) self.assertEqual(r.status_code, 200)
def test_it_checks_channel_user(self): def test_it_checks_channel_user(self):
payload = {"channel": self.channel.code} payload = {"channel": self.channel.code}
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post("/integrations/", data=payload)
r = self.client.post(self.channels_url, data=payload)
# self.channel does not belong to charlie, this should fail-- # self.channel does not belong to charlie, this should fail--
assert r.status_code == 403
self.assertEqual(r.status_code, 404)
def test_it_checks_check_user(self):
def test_it_checks_check_owner(self):
charlies_project = Project.objects.create(owner=self.charlie) charlies_project = Project.objects.create(owner=self.charlie)
charlies_channel = Channel(project=charlies_project, kind="email") charlies_channel = Channel(project=charlies_project, kind="email")
charlies_channel.email = "[email protected]" charlies_channel.email = "[email protected]"
@ -50,18 +50,18 @@ class UpdateChannelTestCase(BaseTestCase):
payload = {"channel": charlies_channel.code, "check-%s" % self.check.code: True} payload = {"channel": charlies_channel.code, "check-%s" % self.check.code: True}
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post("/integrations/", data=payload)
r = self.client.post(self.channels_url, data=payload)
# mc belongs to charlie but self.check does not-- # mc belongs to charlie but self.check does not--
assert r.status_code == 403
self.assertEqual(r.status_code, 404)
def test_it_handles_missing_channel(self): def test_it_handles_missing_channel(self):
# Correct UUID but there is no channel for it: # Correct UUID but there is no channel for it:
payload = {"channel": "6837d6ec-fc08-4da5-a67f-08a9ed1ccf62"} payload = {"channel": "6837d6ec-fc08-4da5-a67f-08a9ed1ccf62"}
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post("/integrations/", data=payload)
assert r.status_code == 400
r = self.client.post(self.channels_url, data=payload)
self.assertEqual(r.status_code, 400)
def test_it_handles_missing_check(self): def test_it_handles_missing_check(self):
# check- key has a correct UUID but there's no check object for it # check- key has a correct UUID but there's no check object for it
@ -71,5 +71,5 @@ class UpdateChannelTestCase(BaseTestCase):
} }
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post("/integrations/", data=payload)
assert r.status_code == 400
r = self.client.post(self.channels_url, data=payload)
self.assertEqual(r.status_code, 400)

+ 2
- 2
hc/front/tests/test_update_channel_name.py View File

@ -15,7 +15,7 @@ class UpdateChannelNameTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, data=payload) r = self.client.post(self.url, data=payload)
self.assertRedirects(r, "/integrations/")
self.assertRedirects(r, self.channels_url)
self.channel.refresh_from_db() self.channel.refresh_from_db()
self.assertEqual(self.channel.name, "My work email") self.assertEqual(self.channel.name, "My work email")
@ -36,7 +36,7 @@ class UpdateChannelNameTestCase(BaseTestCase):
self.client.login(username="[email protected]", password="password") self.client.login(username="[email protected]", password="password")
r = self.client.post(self.url, data=payload) r = self.client.post(self.url, data=payload)
self.assertEqual(r.status_code, 403)
self.assertEqual(r.status_code, 404)
def test_it_handles_missing_uuid(self): def test_it_handles_missing_uuid(self):
# Valid UUID but there is no check for it: # Valid UUID but there is no check for it:


+ 31
- 23
hc/front/views.py View File

@ -95,10 +95,10 @@ def _get_check_for_user(request, code):
if not request.user.is_authenticated: if not request.user.is_authenticated:
raise Http404("not found") raise Http404("not found")
if request.user.is_superuser:
q = Check.objects
else:
q = request.profile.checks_from_all_projects()
q = Check.objects
if not request.user.is_superuser:
project_ids = request.profile.projects().values("id")
q = q.filter(project_id__in=project_ids)
try: try:
return q.get(code=code) return q.get(code=code)
@ -106,6 +106,23 @@ def _get_check_for_user(request, code):
raise Http404("not found") raise Http404("not found")
def _get_channel_for_user(request, code):
""" Return specified channel if current user has access to it. """
if not request.user.is_authenticated:
raise Http404("not found")
q = Channel.objects
if not request.user.is_superuser:
project_ids = request.profile.projects().values("id")
q = q.filter(project_id__in=project_ids)
try:
return q.get(code=code)
except Channel.DoesNotExist:
raise Http404("not found")
def _get_project_for_user(request, project_code): def _get_project_for_user(request, project_code):
""" Return true if current user has access to the specified account. """ """ Return true if current user has access to the specified account. """
@ -662,7 +679,7 @@ def channels(request, code=None):
new_checks.append(check) new_checks.append(check)
channel.checks.set(new_checks) channel.checks.set(new_checks)
return redirect("hc-channels")
return redirect("hc-p-channels", project.code)
channels = Channel.objects.filter(project=project) channels = Channel.objects.filter(project=project)
channels = channels.order_by("created") channels = channels.order_by("created")
@ -693,9 +710,7 @@ def channels(request, code=None):
@login_required @login_required
def channel_checks(request, code): def channel_checks(request, code):
channel = get_object_or_404(Channel, code=code)
if channel.project_id != request.project.id:
return HttpResponseForbidden()
channel = _get_channel_for_user(request, code)
assigned = set(channel.checks.values_list("code", flat=True).distinct()) assigned = set(channel.checks.values_list("code", flat=True).distinct())
checks = Check.objects.filter(project=request.project).order_by("created") checks = Check.objects.filter(project=request.project).order_by("created")
@ -708,16 +723,14 @@ def channel_checks(request, code):
@require_POST @require_POST
@login_required @login_required
def update_channel_name(request, code): def update_channel_name(request, code):
channel = get_object_or_404(Channel, code=code)
if channel.project_id != request.project.id:
return HttpResponseForbidden()
channel = _get_channel_for_user(request, code)
form = ChannelNameForm(request.POST) form = ChannelNameForm(request.POST)
if form.is_valid(): if form.is_valid():
channel.name = form.cleaned_data["name"] channel.name = form.cleaned_data["name"]
channel.save() channel.save()
return redirect("hc-channels")
return redirect("hc-p-channels", channel.project.code)
def verify_email(request, code, token): def verify_email(request, code, token):
@ -768,9 +781,7 @@ def unsubscribe_email(request, code, signed_token):
@require_POST @require_POST
@login_required @login_required
def send_test_notification(request, code): def send_test_notification(request, code):
channel = get_object_or_404(Channel, code=code)
if channel.project_id != request.project.id:
return HttpResponseForbidden()
channel = _get_channel_for_user(request, code)
dummy = Check(name="TEST", status="down") dummy = Check(name="TEST", status="down")
dummy.last_ping = timezone.now() - td(days=1) dummy.last_ping = timezone.now() - td(days=1)
@ -792,20 +803,17 @@ def send_test_notification(request, code):
else: else:
messages.success(request, "Test notification sent!") messages.success(request, "Test notification sent!")
return redirect("hc-channels")
return redirect("hc-p-channels", channel.project.code)
@require_POST @require_POST
@login_required @login_required
def remove_channel(request, code): def remove_channel(request, code):
# user may refresh the page during POST and cause two deletion attempts
channel = Channel.objects.filter(code=code).first()
if channel:
if channel.project_id != request.project.id:
return HttpResponseForbidden()
channel.delete()
channel = _get_channel_for_user(request, code)
project = channel.project
channel.delete()
return redirect("hc-channels")
return redirect("hc-p-channels", project.code)
@login_required @login_required


Write Preview
Loading…
Cancel
Save