diff --git a/seahub/api2/urls.py b/seahub/api2/urls.py index a8e84a88fb..8bb800abaf 100644 --- a/seahub/api2/urls.py +++ b/seahub/api2/urls.py @@ -53,7 +53,7 @@ urlpatterns = patterns('', url(r'^repos/(?P[-0-9-a-f]{36})/dir/sub_repo/$', DirSubRepoView.as_view()), url(r'^repos/(?P[-0-9-a-f]{36})/dir/share/$', DirShareView.as_view()), url(r'^repos/(?P[-0-9-a-f]{36})/dir/shared_items/$', DirSharedItemsEndpoint.as_view(), name="api2-dir-shared-items"), - url(r'^repos/(?P[-0-9-a-f]{36})/dir/download/$', DirDownloadView.as_view()), + url(r'^repos/(?P[-0-9-a-f]{36})/dir/download/$', DirDownloadView.as_view(), name='api2-dir-download'), url(r'^repos/(?P[-0-9-a-f]{36})/thumbnail/$', ThumbnailView.as_view(), name='api2-thumbnail'), url(r'^starredfiles/', StarredFileView.as_view(), name='starredfiles'), url(r'^shared-repos/$', SharedRepos.as_view(), name='sharedrepos'), diff --git a/seahub/api2/views.py b/seahub/api2/views.py index 90117907e8..2a587cc6d6 100644 --- a/seahub/api2/views.py +++ b/seahub/api2/views.py @@ -966,7 +966,8 @@ class Repo(APIView): try: seafile_api.check_passwd(repo.id, magic) - except SearpcError, e: + except SearpcError as e: + logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, "SearpcError:" + e.msg) return Response("success") @@ -2530,7 +2531,7 @@ class DirView(APIView): return reloaddir_if_necessary(request, repo, parent_dir_utf8) class DirDownloadView(APIView): - authentication_classes = (TokenAuthentication, ) + authentication_classes = (TokenAuthentication, SessionAuthentication ) permission_classes = (IsAuthenticated,) throttle_classes = (UserRateThrottle, ) diff --git a/tests/api/test_dir_download.py b/tests/api/test_dir_download.py new file mode 100644 index 0000000000..2d377d5598 --- /dev/null +++ b/tests/api/test_dir_download.py @@ -0,0 +1,55 @@ +"""seahub/api2/views.py::Repo api tests. +""" +import json +from tests.common.utils import randstring +from django.core.urlresolvers import reverse +from seaserv import seafile_api +from seahub.test_utils import BaseTestCase +try: + from seahub.settings import LOCAL_PRO_DEV_ENV +except ImportError: + LOCAL_PRO_DEV_ENV = False + +class DirDownloadTest(BaseTestCase): + def setUp(self): + self.folder_path = self.folder + self.user2 = self.create_user('test2@test.com') + + def tearDown(self): + self.remove_repo() + self.remove_user(self.user.username) + self.remove_user(self.user2.username) + + def test_can_download(self): + self.login_as(self.user) + + dl_url = reverse('api2-dir-download', args=[self.repo.id]) + '?p=' + self.folder_path + resp = self.client.get(dl_url) + self.assertEqual(200, resp.status_code) + assert '8082/files/' in resp.content + + def test_library_not_found(self): + self.login_as(self.user) + invalid_repo_id = self.repo.id[:-4] + '1234' + + dl_url = reverse('api2-dir-download', args=[invalid_repo_id]) + '?p=' + self.folder_path + resp = self.client.get(dl_url) + self.assertEqual(404, resp.status_code) + + def test_path_is_missing(self): + self.login_as(self.user) + + dl_url = reverse('api2-dir-download', args=[self.repo.id]) + resp = self.client.get(dl_url) + self.assertEqual(400, resp.status_code) + + dl_url = reverse('api2-dir-download', args=[self.repo.id]) + '?pa=' + self.folder_path + resp = self.client.get(dl_url) + self.assertEqual(400, resp.status_code) + + def test_wrong_path(self): + self.login_as(self.user) + + dl_url = reverse('api2-dir-download', args=[self.repo.id]) + '?p=' + self.folder_path + '/asf/' + resp = self.client.get(dl_url) + self.assertEqual(404, resp.status_code) diff --git a/tests/api/test_html_repo_history_changes.py b/tests/api/test_html_repo_history_changes.py new file mode 100644 index 0000000000..3f1ea7e093 --- /dev/null +++ b/tests/api/test_html_repo_history_changes.py @@ -0,0 +1,20 @@ +from django.test import RequestFactory + +from seahub.api2.views import html_repo_history_changes +from seahub.test_utils import BaseTestCase + +class RepoTest(BaseTestCase): + def setUp(self): + # Every test needs access to the request factory. + self.factory = RequestFactory() + + # Create an instance of a GET request. + self.request = self.factory.get('/foo/') + + self.request.user = self.user + self.request.cloud_mode = False + + def test_can_not_get_without_commit_id(self): + repo = self.repo + resp = html_repo_history_changes(self.request, repo.id) + self.assertEqual(400, resp.status_code) diff --git a/tests/api/test_repo.py b/tests/api/test_repo.py index 9f07107b79..4e2d1380f8 100644 --- a/tests/api/test_repo.py +++ b/tests/api/test_repo.py @@ -51,3 +51,9 @@ class RepoTest(BaseTestCase): assert len(FileShare.objects.all()) == 0 assert len(UploadLinkShare.objects.all()) == 0 + + def test_invalid_magic_argu(self): + self.login_as(self.user) + + resp = self.client.post(reverse('api2-repo', args=[self.repo.id])+'?op=checkpassword&magic=123') + self.assertEqual(500, resp.status_code)