Merge branch 'fix-hook-endpoint-error' into 'master'

Return a 403 when there are no OAuthCredentials for the push hook

Closes #609

See merge request !1244

arkindex/dataimport/api.py

@@ -505,7 +505,8 @@ class GitRepositoryImportHook(APIView):
 
     def post(self, request, pk=None, **kwargs):
         repo = get_object_or_404(Repository, id=pk)
-        assert repo.enabled, 'No credentials available'
+        if not repo.enabled:
+            raise PermissionDenied(detail='No credentials available for this repository.')
         repo.provider_class(credentials=repo.credentials).handle_webhook(repo, request)
         return Response(status=status.HTTP_204_NO_CONTENT)
 

arkindex/dataimport/tests/test_providers.py

@@ -33,6 +33,15 @@ class TestProviders(FixtureAPITestCase):
         glp = GitLabProvider(credentials=self.creds, url='something')
         self.assertEqual(glp.url, 'something')
 
+    @patch('arkindex.dataimport.api.Repository.provider_class')
+    def test_webhook_no_credentials(self, provider_class):
+        self.client.force_login(self.user)
+        self.repo.credentials = None
+        self.repo.save()
+        response = self.client.post(reverse('api:import-hook', kwargs={'pk': self.repo.id}))
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertDictEqual(response.json(), {'detail': 'No credentials available for this repository.'})
+
     @patch('arkindex.dataimport.api.Repository.provider_class')
     def test_webhook(self, provider_class):
         self.client.force_login(self.user)