From bd226c46d82b31158c2862342f6f1ae613212442 Mon Sep 17 00:00:00 2001 From: Amelia Cordwell Date: Thu, 8 Jun 2017 16:11:07 +1200 Subject: [PATCH] Check action validity on submit before returning If an action becomes invalid after during submit, currently a user will get an OK response and an email stating the completion of the action. Now returns 400 in this case and does not send the email. Change-Id: I4b998742cd2dfbafd40ff277a68ce9aca45b7872 --- adjutant/api/v1/tests/test_api_taskview.py | 38 ++++++++++++++++++++++ adjutant/api/v1/views.py | 8 +++++ 2 files changed, 46 insertions(+) diff --git a/adjutant/api/v1/tests/test_api_taskview.py b/adjutant/api/v1/tests/test_api_taskview.py index ab0ad7b..8cbef41 100644 --- a/adjutant/api/v1/tests/test_api_taskview.py +++ b/adjutant/api/v1/tests/test_api_taskview.py @@ -284,6 +284,44 @@ class TaskViewTests(AdjutantAPITestCase): response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) + def test_new_project_invalid_on_submit(self): + """ + Ensures that when a project becomes invalid at the submit stage + that the a 400 is recieved and no final emails are sent. + """ + + setup_temp_cache({}, {}) + + url = "/v1/actions/CreateProject" + data = {'project_name': "test_project", 'email': "test@example.com"} + response = self.client.post(url, data, format='json') + self.assertEqual(response.status_code, status.HTTP_200_OK) + + headers = { + 'project_name': "test_project", + 'project_id': "test_project_id", + 'roles': "admin,_member_", + 'username': "test@example.com", + 'user_id': "test_user_id", + 'authenticated': True + } + new_task = Task.objects.all()[0] + url = "/v1/tasks/" + new_task.uuid + response = self.client.post(url, {'approved': True}, format='json', + headers=headers) + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertEqual( + response.data, + {'notes': ['created token']} + ) + tests.temp_cache['projects'] = {} + + new_token = Token.objects.all()[0] + url = "/v1/tokens/" + new_token.token + data = {'password': 'testpassword'} + response = self.client.post(url, data, format='json') + self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) + def test_new_project_existing(self): """ Test to ensure validation marks actions as invalid diff --git a/adjutant/api/v1/views.py b/adjutant/api/v1/views.py index 92d3393..087c123 100644 --- a/adjutant/api/v1/views.py +++ b/adjutant/api/v1/views.py @@ -751,9 +751,14 @@ class TokenDetail(APIViewWithLogger): if errors: return Response({"errors": errors}, status=400) + valid = True for action in actions: try: action.submit(data) + + if not action.valid: + valid = False + except Exception as e: notes = { 'errors': @@ -781,6 +786,9 @@ class TokenDetail(APIViewWithLogger): token.task.save() token.delete() + if not valid: + return Response({"errors": ["Actions invalid"]}, status=400) + # Sending confirmation email: class_conf = settings.TASK_SETTINGS.get( token.task.task_type, settings.DEFAULT_TASK_SETTINGS)