Merge "Reapprove now clears old tokens"

2017-09-01 01:45:05 +00:00 · 2017-09-01 01:45:05 +00:00 · 1600a7bdf6
commit 1600a7bdf6
parent 27ec9402c5 5d287f101b
2 changed files with 49 additions and 0 deletions
--- a/adjutant/api/v1/tests/test_api_admin.py
+++ b/adjutant/api/v1/tests/test_api_admin.py
@ -625,6 +625,51 @@ class AdminAPITests(APITestCase):
        response = self.client.post(url, data, format='json')
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

+    def test_reapprove_task_delete_tokens(self):
+        """
+        Tests that a reapproved task will delete all of it's previous tokens.
+        """
+
+        setup_temp_cache({}, {})
+
+        url = "/v1/actions/CreateProject"
+        data = {'project_name': "test_project", 'email': "test@example.com"}
+        response = self.client.post(url, data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        headers = {
+            'project_name': "test_project",
+            'project_id': "test_project_id",
+            'roles': "admin,_member_",
+            'username': "test@example.com",
+            'user_id': "test_user_id",
+            'authenticated': True
+        }
+        new_task = Task.objects.all()[0]
+        url = "/v1/tasks/" + new_task.uuid
+        response = self.client.post(url, {'approved': True}, format='json',
+                                    headers=headers)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(len(Token.objects.all()), 1)
+
+        new_token = Token.objects.all()[0]
+        url = "/v1/tokens/" + new_token.token
+        response = self.client.get(url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        # Reapprove
+        url = "/v1/tasks/" + new_task.uuid
+        response = self.client.post(url, {'approved': True}, format='json',
+                                    headers=headers)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        # Old token no longer found
+        url = "/v1/tokens/" + new_token.token
+        response = self.client.get(url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+        self.assertEqual(len(Token.objects.all()), 1)
+
    def test_task_update_unapprove(self):
        """
        Ensure task update doesn't work for approved actions.
--- a/adjutant/api/v1/views.py
+++ b/adjutant/api/v1/views.py
@ -386,6 +386,10 @@ class TaskDetail(APIViewWithLogger):
                     'Update data and rerun pre_approve.']},
                status=400)

+        if task.approved:
+            # Expire previously in use tokens
+            Token.objects.filter(task=task.uuid).delete()
+
        # We approve the task before running actions,
        # that way if something goes wrong we know if it was approved,
        # when it was approved, and who approved it last. Subsequent