From fe635f244b704b299702b4d1feb76342990e8d6d Mon Sep 17 00:00:00 2001
From: Vokhmin Alexey V <avokhmin@gmail.com>
Date: Tue, 2 Jul 2013 22:13:00 +0400
Subject: [PATCH] #192: updated and added new specs, updated models

---
 .../api/v1/platforms_controller.rb            |  4 +--
 app/models/platform.rb                        |  3 +-
 app/models/token.rb                           |  1 +
 .../api/v1/platforms_controller_spec.rb       | 31 +++++++++++++------
 4 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/app/controllers/api/v1/platforms_controller.rb b/app/controllers/api/v1/platforms_controller.rb
index 72ca1d092..06e919d31 100644
--- a/app/controllers/api/v1/platforms_controller.rb
+++ b/app/controllers/api/v1/platforms_controller.rb
@@ -7,7 +7,7 @@ class Api::V1::PlatformsController < Api::V1::BaseController
   load_and_authorize_resource :except => :allowed
 
   def allowed
-    platform_name = (params[:path] || '').match(/^\/[\w]+\//)
+    platform_name = (params[:path] || '').match(/^\/#{Platform::NAME_PATTERN}\//)
     render(:inline => 'true') && return unless platform_name
     platform_name = platform_name[0].gsub(/\//, '')
 
@@ -21,7 +21,7 @@ class Api::V1::PlatformsController < Api::V1::BaseController
       render(:inline => 'false', :status => 403) && return
     end
 
-    render(:inline => 'true') && return if platform.tokens.where(:authentication_token => token).exists?
+    render(:inline => 'true') && return if platform.tokens.by_active.where(:authentication_token => token).exists?
 
     user = User.find_by_authentication_token token
     @current_ability, @current_user = nil, user
diff --git a/app/models/platform.rb b/app/models/platform.rb
index 4cca33b68..71186790f 100644
--- a/app/models/platform.rb
+++ b/app/models/platform.rb
@@ -1,6 +1,7 @@
 # -*- encoding : utf-8 -*-
 class Platform < ActiveRecord::Base
   VISIBILITIES = %w(open hidden)
+  NAME_PATTERN = /[a-zA-Z0-9_\-\.]+/
 
   belongs_to :parent, :class_name => 'Platform', :foreign_key => 'parent_platform_id'
   belongs_to :owner, :polymorphic => true
@@ -21,7 +22,7 @@ class Platform < ActiveRecord::Base
 
   validates :description, :presence => true
   validates :visibility, :presence => true, :inclusion => {:in => VISIBILITIES}
-  validates :name, :uniqueness => {:case_sensitive => false}, :presence => true, :format => { :with => /\A[a-zA-Z0-9_\-\.]+\z/ }
+  validates :name, :uniqueness => {:case_sensitive => false}, :presence => true, :format => { :with => /\A#{NAME_PATTERN}\z/ }
   validates :distrib_type, :presence => true, :inclusion => {:in => APP_CONFIG['distr_types']}
   validate lambda {
     if released_was && !released
diff --git a/app/models/token.rb b/app/models/token.rb
index 3172036fd..b41879458 100644
--- a/app/models/token.rb
+++ b/app/models/token.rb
@@ -8,6 +8,7 @@ class Token < ActiveRecord::Base
   validates :authentication_token, :presence => true, :uniqueness => {:case_sensitive => true}
 
   default_scope order("#{table_name}.created_at desc")
+  scope :by_active, where(:status => 'active')
 
   before_validation :generate_token, :on => :create
 
diff --git a/spec/controllers/api/v1/platforms_controller_spec.rb b/spec/controllers/api/v1/platforms_controller_spec.rb
index a77325374..20e43832c 100644
--- a/spec/controllers/api/v1/platforms_controller_spec.rb
+++ b/spec/controllers/api/v1/platforms_controller_spec.rb
@@ -249,49 +249,60 @@ describe Api::V1::PlatformsController do
 
 
     context 'perform allowed action' do
-      it 'ensures that status 403 if no url' do
+      it 'ensures that status 200 if platform empty' do
         get :allowed
-        response.status.should == 403
+        response.status.should == 200
       end
 
       it 'ensures that status 403 if platform does not exist' do
-        get :allowed, :url => "#{APP_CONFIG['downloads_url']}/rosa-server/repository/SRPMS/base/release/repodata/"
+        get :allowed, :path => "/rosa-server/repository/SRPMS/base/release/repodata/"
         response.status.should == 403
       end
 
       it 'ensures that status 200 if platform open' do
-        get :allowed, :url => "#{APP_CONFIG['downloads_url']}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
+        get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
         response.status.should == 200
       end
 
       context 'for hidden platform' do
-        let(:downloads_url) { APP_CONFIG['downloads_url'].gsub(/^http\:\/\//, '') }
         before { @platform.change_visibility }
 
         it 'ensures that status 403 if no token' do
-          get :allowed, :url => "#{APP_CONFIG['downloads_url']}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
+          get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
           response.status.should == 403
         end
 
         it 'ensures that status 403 if wrong token' do
-          get :allowed, :url => "http://KuKu:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
+          @request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64("KuKu:password")
+          get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
           response.status.should == 403
         end
 
         it 'ensures that status 200 if token correct' do
           token = FactoryGirl.create(:platform_token, :subject => @platform)
-          get :allowed, :url => "http://#{token.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
+          @request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(token.authentication_token + ':')
+          get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
           response.status.should == 200
         end
 
+        it 'ensures that status 403 if token correct but blocked' do
+          token = FactoryGirl.create(:platform_token, :subject => @platform)
+          token.block
+          @request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(token.authentication_token + ':')
+          get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
+          response.status.should == 403
+        end
+
         it 'ensures that status 200 if user token correct and user has ability to read platform' do
-          get :allowed, :url => "http://#{@platform.owner.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
+          @request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(@platform.owner.authentication_token + ':')
+          get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
           response.status.should == 200
         end
 
         it 'ensures that status 403 if user token correct but user has no ability to read platform' do
           user = FactoryGirl.create(:user)
-          get :allowed, :url => "http://#{user.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
+          @request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(user.authentication_token + ':')
+          get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
           response.status.should == 403
         end
       end