harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity

Use Project.badge_key in api.views.badge

Browse Source
This commit is contained in:
Pēteris Caune 2019-01-12 22:28:23 +02:00
parent b5df5b3c6e
commit 46c00e31a6
No known key found for this signature in database
GPG Key ID: E28D7679E9A9EDE2
3 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hc/api/tests/test_badge.py
View File

@ -15,13 +15,13 @@ class BadgeTestCase(BaseTestCase):
self.check = Check.objects.create(user=self.alice, project=self.project, self.check = Check.objects.create(user=self.alice, project=self.project,
tags="foo bar") tags="foo bar")
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) sig = base64_hmac(str(self.project.badge_key), "foo", settings.SECRET_KEY)
sig = sig[:8] sig = sig[:8]
self.svg_url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig) self.svg_url = "/badge/%s/%s/foo.svg" % (self.project.badge_key, sig)
self.json_url = "/badge/%s/%s/foo.json" % (self.alice.username, sig) self.json_url = "/badge/%s/%s/foo.json" % (self.project.badge_key, sig)
def test_it_rejects_bad_signature(self): def test_it_rejects_bad_signature(self):
r = self.client.get("/badge/%s/12345678/foo.svg" % self.alice.username) r = self.client.get("/badge/%s/12345678/foo.svg" % self.project.badge_key)
assert r.status_code == 404 assert r.status_code == 404
def test_it_returns_svg(self): def test_it_returns_svg(self):
@ -30,11 +30,7 @@ class BadgeTestCase(BaseTestCase):
self.assertContains(r, "#4c1") self.assertContains(r, "#4c1")
def test_it_handles_options(self): def test_it_handles_options(self):
sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY) r = self.client.options(self.svg_url)
sig = sig[:8]
url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
r = self.client.options(url)
self.assertEqual(r.status_code, 204) self.assertEqual(r.status_code, 204)
self.assertEqual(r["Access-Control-Allow-Origin"], "*") self.assertEqual(r["Access-Control-Allow-Origin"], "*")

8
hc/api/urls.py
View File

@ -17,16 +17,16 @@ urlpatterns = [
path('api/v1/channels/', views.channels), path('api/v1/channels/', views.channels),
path('badge/<slug:username>/<slug:signature>/<slug:tag>.svg', views.badge, path('badge/<slug:badge_key>/<slug:signature>/<slug:tag>.svg', views.badge,
name="hc-badge"), name="hc-badge"),
path('badge/<slug:username>/<slug:signature>.svg', views.badge, path('badge/<slug:badge_key>/<slug:signature>.svg', views.badge,
{"tag": "*"}, name="hc-badge-all"), {"tag": "*"}, name="hc-badge-all"),
path('badge/<slug:username>/<slug:signature>/<slug:tag>.json', views.badge, path('badge/<slug:badge_key>/<slug:signature>/<slug:tag>.json', views.badge,
{"format": "json"}, name="hc-badge-json"), {"format": "json"}, name="hc-badge-json"),
path('badge/<slug:username>/<slug:signature>.json', views.badge, path('badge/<slug:badge_key>/<slug:signature>.json', views.badge,
{"format": "json", "tag": "*"}, name="hc-badge-json-all"), {"format": "json", "tag": "*"}, name="hc-badge-json-all"),
path('api/v1/status/', views.status), path('api/v1/status/', views.status),

6
hc/api/views.py
View File

@ -198,12 +198,12 @@ def pause(request, code):
@never_cache @never_cache
@cors("GET") @cors("GET")
def badge(request, username, signature, tag, format="svg"): def badge(request, badge_key, signature, tag, format="svg"):
if not check_signature(username, tag, signature): if not check_signature(badge_key, tag, signature):
return HttpResponseNotFound() return HttpResponseNotFound()
status = "up" status = "up"
q = Check.objects.filter(project__owner__username=username) q = Check.objects.filter(project__badge_key=badge_key)
if tag != "*": if tag != "*":
q = q.filter(tags__contains=tag) q = q.filter(tags__contains=tag)
label = tag label = tag