Browse Source

Issue #24: Introduce app ownership validation in Runnable controller

Fixes: #24
Denis Makogon 2 years ago
parent
commit
262903983f

+ 12
- 2
picasso/api/controllers/runnable.py View File

@@ -139,9 +139,19 @@ class RunnableV1Controller(controller.ServiceController,
139 139
             "200":
140 140
                 description: successful operation. Return "runnable" JSON
141 141
             "404":
142
-                description: App does not exist
142
+                description: App not found
143 143
             "404":
144
-                description: App route does not exist
144
+                description: App route not found
145 145
         """
146
+        app = request.match_info.get('app')
147
+        project_id = request.match_info.get('project_id')
148
+
149
+        if not (await app_model.Apps.exists(app, project_id)):
150
+            return web.json_response(data={
151
+                "error": {
152
+                    "message": "App {0} not found".format(app),
153
+                }
154
+            }, status=404)
155
+
146 156
         return await super(RunnableV1Controller,
147 157
                            self).run(request, **kwargs)

+ 10
- 0
picasso/tests/common/routes.py View File

@@ -223,3 +223,13 @@ class AppRoutesTestSuite(object):
223 223
                 )
224 224
             )
225 225
             self.assertEqual(403, status)
226
+
227
+    def fail_to_run_app_from_other_project(self):
228
+        with setup_execute(self, "fail_to_run_app_"
229
+                                 "from_other_project") as app_name:
230
+            _, status = self.testloop.run_until_complete(
231
+                self.other_test_client.routes.execute_public(
232
+                    app_name, self.route_data["path"]
233
+                )
234
+            )
235
+            self.assertEqual(404, status)

+ 5
- 0
picasso/tests/functional/base.py View File

@@ -74,12 +74,17 @@ class FunctionalTestsBase(base.PicassoTestsBase, testtools.TestCase):
74 74
         )
75 75
 
76 76
         self.project_id = str(uuid.uuid4()).replace("-", "")
77
+        self.other_project_id = str(uuid.uuid4()).replace("-", "")
78
+
77 79
         self.test_client = client.ProjectBoundTestClient(
78 80
             self.testapp, self.project_id)
81
+        self.other_test_client = client.ProjectBoundTestClient(
82
+            self.testapp, self.other_project_id)
79 83
 
80 84
         self.testloop.run_until_complete(self.test_client.start_server())
81 85
         super(FunctionalTestsBase, self).setUp()
82 86
 
83 87
     def tearDown(self):
84 88
         self.testloop.run_until_complete(self.test_client.close())
89
+        self.testloop.run_until_complete(self.other_test_client.close())
85 90
         super(FunctionalTestsBase, self).tearDown()

+ 4
- 0
picasso/tests/functional/test_routes.py View File

@@ -52,3 +52,7 @@ class TestAppRoutes(base.FunctionalTestsBase,
52 52
 
53 53
     def test_fail_to_execute_private_route(self):
54 54
         super(TestAppRoutes, self).fail_to_execute_private_as_public()
55
+
56
+    def test_fail_to_run_app_from_other_project(self):
57
+        super(TestAppRoutes,
58
+              self).fail_to_run_app_from_other_project()

Loading…
Cancel
Save