Controlling blocked projects for github, gitlab and bitbucket hooks

2016-01-27 12:48:38 +01:00 · 2016-01-27 12:48:38 +01:00 · a263e79e39
parent 53ad5fb9fc
commit a263e79e39
4 changed files with 64 additions and 0 deletions
--- a/taiga/hooks/api.py
+++ b/taiga/hooks/api.py
@ -64,6 +64,9 @@ class BaseWebhookApiViewSet(GenericViewSet):
        if not self._validate_signature(project, request):
            raise exc.BadRequest(_("Bad signature"))

+        if project.blocked_code is not None:
+            raise exc.Blocked(_("Blocked element"))
+
        event_name = self._get_event_name(request)

        payload = self._get_payload(request)
--- a/tests/integration/test_hooks_bitbucket.py
+++ b/tests/integration/test_hooks_bitbucket.py
@ -11,6 +11,7 @@ from taiga.base.utils import json
 from taiga.hooks.bitbucket import event_hooks
 from taiga.hooks.bitbucket.api import BitBucketViewSet
 from taiga.hooks.exceptions import ActionSyntaxException
+from taiga.projects import choices as project_choices
 from taiga.projects.issues.models import Issue
 from taiga.projects.tasks.models import Task
 from taiga.projects.userstories.models import UserStory
@ -80,6 +81,26 @@ def test_ok_signature_ip_in_network(client):
    assert response.status_code == 204


+def test_blocked_project(client):
+    project = f.ProjectFactory(blocked_code=project_choices.BLOCKED_BY_STAFF)
+    f.ProjectModulesConfigFactory(project=project, config={
+        "bitbucket": {
+            "secret": "tpnIwJDz4e"
+        }
+    })
+
+    url = reverse("bitbucket-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
+    response = client.post(url,
+                           data,
+                           content_type="application/json",
+                           HTTP_X_EVENT_KEY="repo:push",
+                           REMOTE_ADDR=settings.BITBUCKET_VALID_ORIGIN_IPS[0])
+
+    assert response.status_code == 451
+
+
 def test_invalid_ip(client):
    project = f.ProjectFactory()
    f.ProjectModulesConfigFactory(project=project, config={
--- a/tests/integration/test_hooks_github.py
+++ b/tests/integration/test_hooks_github.py
@ -9,6 +9,7 @@ from taiga.base.utils import json
 from taiga.hooks.github import event_hooks
 from taiga.hooks.github.api import GitHubViewSet
 from taiga.hooks.exceptions import ActionSyntaxException
+from taiga.projects import choices as project_choices
 from taiga.projects.issues.models import Issue
 from taiga.projects.tasks.models import Task
 from taiga.projects.userstories.models import UserStory
@ -53,6 +54,24 @@ def test_ok_signature(client):
    assert response.status_code == 204


+def test_blocked_project(client):
+    project = f.ProjectFactory(blocked_code=project_choices.BLOCKED_BY_STAFF)
+    f.ProjectModulesConfigFactory(project=project, config={
+        "github": {
+            "secret": "tpnIwJDz4e"
+        }
+    })
+
+    url = reverse("github-hook-list")
+    url = "%s?project=%s" % (url, project.id)
+    data = {"test:": "data"}
+    response = client.post(url, json.dumps(data),
+                           HTTP_X_HUB_SIGNATURE="sha1=3c8e83fdaa266f81c036ea0b71e98eb5e054581a",
+                           content_type="application/json")
+
+    assert response.status_code == 451
+
+
 def test_push_event_detected(client):
    project = f.ProjectFactory()
    url = reverse("github-hook-list")
--- a/tests/integration/test_hooks_gitlab.py
+++ b/tests/integration/test_hooks_gitlab.py
@ -9,6 +9,7 @@ from taiga.base.utils import json
 from taiga.hooks.gitlab import event_hooks
 from taiga.hooks.gitlab.api import GitLabViewSet
 from taiga.hooks.exceptions import ActionSyntaxException
+from taiga.projects import choices as project_choices
 from taiga.projects.issues.models import Issue
 from taiga.projects.tasks.models import Task
 from taiga.projects.userstories.models import UserStory
@ -79,6 +80,26 @@ def test_ok_signature_ip_in_network(client):
    assert response.status_code == 204


+def test_blocked_project(client):
+    project = f.ProjectFactory(blocked_code=project_choices.BLOCKED_BY_STAFF)
+    f.ProjectModulesConfigFactory(project=project, config={
+        "gitlab": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["111.111.111.111"],
+        }
+    })
+
+    url = reverse("gitlab-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = {"test:": "data"}
+    response = client.post(url,
+                           json.dumps(data),
+                           content_type="application/json",
+                           REMOTE_ADDR="111.111.111.111")
+
+    assert response.status_code == 451
+
+
 def test_invalid_ip(client):
    project = f.ProjectFactory()
    f.ProjectModulesConfigFactory(project=project, config={