ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

require an active pseudonym (in the applicable account) for API requests 

test plan:
 * issue an access_token
 * delete the user's pseudonym(s)
 * the access token should no longer work

Change-Id: Ib4ecee6b3713827dd997e06481ddae1175042a9b
Reviewed-on: https://gerrit.instructure.com/7637
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
This commit is contained in:
Cody Cutrer 2011-12-21 11:59:05 -07:00
parent 95235f3e2c
commit 0b15b31cff
6 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/authentication_methods.rb
View File

@ -58,8 +58,8 @@ module AuthenticationMethods
return false return false
end end
@current_user = @access_token.user @current_user = @access_token.user
@current_pseudonym = @current_user.pseudonym @current_pseudonym = @current_user.find_pseudonym_for_account(@domain_root_account)
unless @current_user unless @current_user && @current_pseudonym
render :json => {:errors => "Invalid access token"}, :status => :bad_request render :json => {:errors => "Invalid access token"}, :status => :bad_request
return false return false
end end

1
spec/apis/api_spec_helper.rb
View File

@ -70,6 +70,7 @@ def raw_api_call(method, path, params, body_params = {}, headers = {}, opts = {}
token = @user.access_tokens.first token = @user.access_tokens.first
token ||= @user.access_tokens.create!(:purpose => 'test') token ||= @user.access_tokens.create!(:purpose => 'test')
params[:access_token] = token.token params[:access_token] = token.token
@user.pseudonyms.create!(:unique_id => "#{@user.id}@example.com", :account => opts[:domain_root_account]) unless @user.pseudonym(true)
end end
LoadAccount.stubs(:default_domain_root_account).returns(opts[:domain_root_account]) if opts.has_key?(:domain_root_account) LoadAccount.stubs(:default_domain_root_account).returns(opts[:domain_root_account]) if opts.has_key?(:domain_root_account)

2
spec/apis/v1/account_authorization_configs_api_spec.rb
View File

@ -20,8 +20,8 @@ require File.expand_path(File.dirname(__FILE__) + '/../api_spec_helper')
describe "AccountAuthorizationConfigs API", :type => :integration do describe "AccountAuthorizationConfigs API", :type => :integration do
before do before do
user_with_pseudonym(:active_all => true)
@account = account_model(:name => 'root') @account = account_model(:name => 'root')
user_with_pseudonym(:active_all => true, :account => @account)
@account.add_user(@user) @account.add_user(@user)
end end

1
spec/apis/v1/accounts_api_spec.rb
View File

@ -20,6 +20,7 @@ require File.expand_path(File.dirname(__FILE__) + '/../api_spec_helper')
describe "Accounts API", :type => :integration do describe "Accounts API", :type => :integration do
before do before do
Pseudonym.any_instance.stubs(:works_for_account?).returns(true)
user_with_pseudonym(:active_all => true) user_with_pseudonym(:active_all => true)
@a1 = account_model(:name => 'root') @a1 = account_model(:name => 'root')
@a1.add_user(@user) @a1.add_user(@user)

15
spec/apis/v1/general_auth_spec.rb
View File

@ -27,6 +27,7 @@ describe CoursesController, :type => :integration do
end end
it "should accept access_token" do it "should accept access_token" do
@user.pseudonyms.create!(:unique_id => 'test@example.com')
@token = @user.access_tokens.create!(:purpose => "test") @token = @user.access_tokens.create!(:purpose => "test")
@token.last_used_at.should be_nil @token.last_used_at.should be_nil
@ -42,6 +43,7 @@ describe CoursesController, :type => :integration do
end end
it "should not accept an invalid access_token" do it "should not accept an invalid access_token" do
@user.pseudonyms.create!(:unique_id => 'test@example.com')
@token = @user.access_tokens.create!(:purpose => "test") @token = @user.access_tokens.create!(:purpose => "test")
raw_api_call(:get, "/api/v1/courses/#{@course2.id}/students.json?access_token=1234", raw_api_call(:get, "/api/v1/courses/#{@course2.id}/students.json?access_token=1234",
@ -52,6 +54,7 @@ describe CoursesController, :type => :integration do
end end
it "should not accept an expired access_token" do it "should not accept an expired access_token" do
@user.pseudonyms.create!(:unique_id => 'test@example.com')
@token = @user.access_tokens.create!(:purpose => "test", :expires_at => 2.weeks.ago) @token = @user.access_tokens.create!(:purpose => "test", :expires_at => 2.weeks.ago)
raw_api_call(:get, "/api/v1/courses/#{@course2.id}/students.json?access_token=#{@token.token}", raw_api_call(:get, "/api/v1/courses/#{@course2.id}/students.json?access_token=#{@token.token}",
@ -61,6 +64,18 @@ describe CoursesController, :type => :integration do
json['errors'].should == "Invalid access token" json['errors'].should == "Invalid access token"
end end
it "should require an active pseudonym" do
@token = @user.access_tokens.create!(:purpose => "test")
@token.last_used_at.should be_nil
raw_api_call(:get, "/api/v1/courses/#{@course2.id}/students.json?access_token=#{@token.token}",
{ :access_token => @token.token, :controller => 'courses', :action => 'students', :course_id => @course2.id.to_s, :format => 'json' })
response.status.to_i.should == 400
json = JSON.parse(response.body)
json['errors'].should == "Invalid access token"
end
it "should allow as_user_id" do it "should allow as_user_id" do
account_admin_user(:account => Account.site_admin) account_admin_user(:account => Account.site_admin)
user_with_pseudonym(:user => @user) user_with_pseudonym(:user => @user)

2
spec/apis/v1/sis_imports_api_spec.rb
View File

@ -20,7 +20,7 @@ require File.expand_path(File.dirname(__FILE__) + '/../api_spec_helper')
describe SisImportsApiController, :type => :integration do describe SisImportsApiController, :type => :integration do
before do before do
@user = user :active_all => true @user = user_with_pseudonym :active_all => true
user_session @user user_session @user
@account = Account.default @account = Account.default
@account.allow_sis_import = true @account.allow_sis_import = true