Use Project.badge_key in api.views.badge

2019-01-12 22:28:23 +02:00 · 2019-01-12 22:28:23 +02:00 · 46c00e31a6
commit 46c00e31a6
parent b5df5b3c6e
3 changed files with 12 additions and 16 deletions
--- a/hc/api/tests/test_badge.py
+++ b/hc/api/tests/test_badge.py
@ -15,13 +15,13 @@ class BadgeTestCase(BaseTestCase):
        self.check = Check.objects.create(user=self.alice, project=self.project,
                                          tags="foo bar")

-        sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
+        sig = base64_hmac(str(self.project.badge_key), "foo", settings.SECRET_KEY)
        sig = sig[:8]
-        self.svg_url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
-        self.json_url = "/badge/%s/%s/foo.json" % (self.alice.username, sig)
+        self.svg_url = "/badge/%s/%s/foo.svg" % (self.project.badge_key, sig)
+        self.json_url = "/badge/%s/%s/foo.json" % (self.project.badge_key, sig)

    def test_it_rejects_bad_signature(self):
-        r = self.client.get("/badge/%s/12345678/foo.svg" % self.alice.username)
+        r = self.client.get("/badge/%s/12345678/foo.svg" % self.project.badge_key)
        assert r.status_code == 404

    def test_it_returns_svg(self):
@ -30,11 +30,7 @@ class BadgeTestCase(BaseTestCase):
        self.assertContains(r, "#4c1")

    def test_it_handles_options(self):
-        sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
-        sig = sig[:8]
-        url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
-
-        r = self.client.options(url)
+        r = self.client.options(self.svg_url)
        self.assertEqual(r.status_code, 204)
        self.assertEqual(r["Access-Control-Allow-Origin"], "*")

--- a/hc/api/urls.py
+++ b/hc/api/urls.py
@ -17,16 +17,16 @@ urlpatterns = [
    path('api/v1/channels/', views.channels),


-    path('badge/<slug:username>/<slug:signature>/<slug:tag>.svg', views.badge,
+    path('badge/<slug:badge_key>/<slug:signature>/<slug:tag>.svg', views.badge,
         name="hc-badge"),

-    path('badge/<slug:username>/<slug:signature>.svg', views.badge,
+    path('badge/<slug:badge_key>/<slug:signature>.svg', views.badge,
         {"tag": "*"}, name="hc-badge-all"),

-    path('badge/<slug:username>/<slug:signature>/<slug:tag>.json', views.badge,
+    path('badge/<slug:badge_key>/<slug:signature>/<slug:tag>.json', views.badge,
         {"format": "json"}, name="hc-badge-json"),

-    path('badge/<slug:username>/<slug:signature>.json', views.badge,
+    path('badge/<slug:badge_key>/<slug:signature>.json', views.badge,
         {"format": "json", "tag": "*"}, name="hc-badge-json-all"),

    path('api/v1/status/', views.status),
--- a/hc/api/views.py
+++ b/hc/api/views.py
@ -198,12 +198,12 @@ def pause(request, code):

@never_cache
@cors("GET")
-def badge(request, username, signature, tag, format="svg"):
-    if not check_signature(username, tag, signature):
+def badge(request, badge_key, signature, tag, format="svg"):
+    if not check_signature(badge_key, tag, signature):
        return HttpResponseNotFound()

    status = "up"
-    q = Check.objects.filter(project__owner__username=username)
+    q = Check.objects.filter(project__badge_key=badge_key)
    if tag != "*":
        q = q.filter(tags__contains=tag)
        label = tag