Add Ponos task authentication to CreateTask API endpoint

67da8467 · ml bonhomme · Erwan Rouchet · bf875555 · 67da8467 · 67da8467
Commit 67da8467 authored 1 year ago by ml bonhomme Committed by Erwan Rouchet 1 year ago
--- a/arkindex/ponos/api.py
+++ b/arkindex/ponos/api.py
@@ -29,6 +29,7 @@ from arkindex.ponos.permissions import (
    IsAgentOrTaskAdmin,
    IsAgentOrTaskAdminOrReadOnly,
    IsAssignedAgentOrReadOnly,
+    IsTask,
 )
 from arkindex.ponos.renderers import PublicKeyPEMRenderer
 from arkindex.ponos.serializers import (
@@ -311,6 +312,8 @@ class TaskCreate(CreateAPIView):
    Create a task with a parent
    """

+    authentication_classes = (TaskAuthentication, )
+    permission_classes = (IsTask, )
    serializer_class = NewTaskSerializer



--- a/arkindex/ponos/tests/test_api.py
+++ b/arkindex/ponos/tests/test_api.py
@@ -1467,8 +1467,34 @@ class TestAPI(FixtureAPITestCase):
            )
        )

-    def test_task_create_empty_body(self):
+    def test_task_create_requires_task_auth(self):
        response = self.client.post(reverse("api:task-create"))
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.assertDictEqual(
+            response.json(),
+            {'detail': 'Authentication credentials were not provided.'}
+        )
+
+    def test_task_create_user_forbidden(self):
+        self.client.force_login(self.user)
+        response = self.client.post(reverse("api:task-create"))
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.assertDictEqual(
+            response.json(),
+            {'detail': 'Authentication credentials were not provided.'}
+        )
+
+    def test_task_create_agent_forbidden(self):
+        self.client.force_login(self.user)
+        response = self.client.post(reverse("api:task-create"), HTTP_AUTHORIZATION=f'Bearer {self.agent.token}')
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.assertDictEqual(
+            response.json(),
+            {'detail': 'Authentication credentials were not provided.'}
+        )
+
+    def test_task_create_empty_body(self):
+        response = self.client.post(reverse("api:task-create"), HTTP_AUTHORIZATION=f'Ponos {self.task1.token}')
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
        self.assertDictEqual(
            response.json(),
@@ -1489,6 +1515,7 @@ class TestAPI(FixtureAPITestCase):
                "image": "registry.gitlab.com/test",
                "parents": [],
            },
+            HTTP_AUTHORIZATION=f'Ponos {self.task1.token}',
            format="json",
        )
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -1517,6 +1544,7 @@ class TestAPI(FixtureAPITestCase):
                "image": "registry.gitlab.com/test",
                "parents": [str(self.task1.id), str(self.task2.id), str(task3.id)],
            },
+            HTTP_AUTHORIZATION=f'Ponos {task3.token}',
            format="json",
        )
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -1545,6 +1573,7 @@ class TestAPI(FixtureAPITestCase):
                "image": "registry.gitlab.com/test",
                "parents": [str(self.task1.id), str(self.task2.id), str(task3.id)],
            },
+            HTTP_AUTHORIZATION=f'Ponos {task3.token}',
            format="json",
        )
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -1558,7 +1587,7 @@ class TestAPI(FixtureAPITestCase):
        )

    def test_task_create_duplicate(self):
-        self.process.tasks.create(
+        task = self.process.tasks.create(
            run=0,
            depth=3,
            slug="sibling",
@@ -1573,6 +1602,7 @@ class TestAPI(FixtureAPITestCase):
                "image": "registry.gitlab.com/test",
                "parents": [str(self.task1.id), str(self.task2.id)],
            },
+            HTTP_AUTHORIZATION=f'Ponos {task.token}',
            format="json",
        )
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -1593,7 +1623,7 @@ class TestAPI(FixtureAPITestCase):
            image="registry.gitlab.com/test",
        )

-        with self.assertNumQueries(8):
+        with self.assertNumQueries(9):
            response = self.client.post(
                reverse("api:task-create"),
                data={
@@ -1604,6 +1634,7 @@ class TestAPI(FixtureAPITestCase):
                    "command": "echo Test",
                    "env": {"test": "test", "test2": "test2"},
                },
+                HTTP_AUTHORIZATION=f'Ponos {task3.token}',
                format="json",
            )
            self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@@ -1643,7 +1674,7 @@ class TestAPI(FixtureAPITestCase):
            image="registry.gitlab.com/test",
        )

-        with self.assertNumQueries(8):
+        with self.assertNumQueries(9):
            response = self.client.post(
                reverse("api:task-create"),
                data={
@@ -1655,6 +1686,7 @@ class TestAPI(FixtureAPITestCase):
                    "env": {"test": "test", "test2": "test2"},
                    "has_docker_socket": True,
                },
+                HTTP_AUTHORIZATION=f'Ponos {task3.token}',
                format="json",
            )
            self.assertEqual(response.status_code, status.HTTP_201_CREATED)