Fix tests and change two places where Forbidden is more accurate than Unauthorized.

2026-04-05 03:38:12 +08:00 · 2017-03-14 13:40:53 +01:00
parent a4763ee316
commit 34c8cc833a
4 changed files with 15 additions and 15 deletions
--- a/module_build_service/auth.py
+++ b/module_build_service/auth.py
@@ -109,7 +109,7 @@ def get_user(request):
        raise Unauthorized("OIDC token invalid or expired.")

    if not "OIDC_REQUIRED_SCOPE" in app.config:
-        raise Unauthorized("OIDC_REQUIRED_SCOPE must be set in server config.")
+        raise Forbidden("OIDC_REQUIRED_SCOPE must be set in server config.")

    presented_scopes = data['scope'].split(' ')
    required_scopes = [
@@ -119,7 +119,7 @@ def get_user(request):
    ]
    for scope in required_scopes:
        if scope not in presented_scopes:
-            raise Forbidden("Required OIDC scope %r not present: %r" % (
+            raise Unauthorized("Required OIDC scope %r not present: %r" % (
                scope, presented_scopes))

    try:
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -109,7 +109,7 @@ class TestAuthModule(unittest.TestCase):
    @patch('module_build_service.auth.client_secrets', None)
    def test_misconfiguring_oidc_client_secrets_should_be_failed(self):
        request = mock.MagicMock()
-        with self.assertRaises(module_build_service.errors.Unauthorized) as cm:
+        with self.assertRaises(module_build_service.errors.Forbidden) as cm:
            module_build_service.auth.get_user(request)

        self.assertEquals(str(cm.exception),
@@ -165,7 +165,7 @@ class TestAuthModule(unittest.TestCase):
            request.headers.__setitem__.side_effect = headers.__setitem__
            request.headers.__contains__.side_effect = headers.__contains__

-            with self.assertRaises(module_build_service.errors.Unauthorized) as cm:
+            with self.assertRaises(module_build_service.errors.Forbidden) as cm:
                result = module_build_service.auth.get_user(request)

            self.assertEquals(str(cm.exception),
--- a/tests/test_build/test_build.py
+++ b/tests/test_build/test_build.py
@@ -310,7 +310,7 @@ class TestBuild(unittest.TestCase):
        with patch("module_build_service.config.Config.yaml_submit_allowed",
                new_callable=PropertyMock, return_value = False):
            data = submit()
-            self.assertEqual(data['status'], 401)
+            self.assertEqual(data['status'], 403)
            self.assertEqual(data['message'], 'YAML submission is not enabled')

    @timed(30)
--- a/tests/test_views/test_views.py
+++ b/tests/test_views/test_views.py
@@ -389,8 +389,8 @@ class TestViews(unittest.TestCase):
        data = json.loads(rv.data)
        self.assertEquals(data['message'], 'The submitted scmurl '
            'git://badurl.com is not allowed')
-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')

    @patch('module_build_service.auth.get_user', return_value=user)
    def test_submit_build_scm_url_without_hash(self, mocked_get_user):
@@ -401,8 +401,8 @@ class TestViews(unittest.TestCase):
        self.assertEquals(data['message'], 'The submitted scmurl '
            'git://pkgs.stg.fedoraproject.org/modules/testmodule.git '
            'is not valid')
-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')

    @patch('module_build_service.auth.get_user', return_value=user)
    @patch('module_build_service.scm.SCM')
@@ -521,8 +521,8 @@ class TestViews(unittest.TestCase):
                'testmodule.git?#68931c90de214d9d13feefbd35246a81b6cb8d49'}))
        data = json.loads(rv.data)

-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')

    @patch('module_build_service.auth.get_user', return_value=other_user)
    def test_cancel_build(self, mocked_get_user):
@@ -539,8 +539,8 @@ class TestViews(unittest.TestCase):
                               data=json.dumps({'state': 'failed'}))
        data = json.loads(rv.data)

-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')

    @patch('module_build_service.auth.get_user', return_value=other_user)
    def test_cancel_build_wrong_param(self, mocked_get_user):
@@ -577,8 +577,8 @@ class TestViews(unittest.TestCase):
                "The submitted scmurl {} is not valid".format(scmurl),
            )
        )
-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')

    @patch('module_build_service.auth.get_user', return_value=user)
    @patch('module_build_service.scm.SCM')