From 7b1d87342470143b696364cba362b0ad06bd0700 Mon Sep 17 00:00:00 2001 From: Joseph Rhoads Date: Thu, 4 Jun 2026 20:00:19 +0200 Subject: [PATCH] Refactor: Change IndexData and IndexDataDump to POST (#535) --- rorapi/common/views.py | 4 +- rorapi/tests/tests_unit/tests_views_v2.py | 50 +++++++++++++++++++---- 2 files changed, 45 insertions(+), 9 deletions(-) diff --git a/rorapi/common/views.py b/rorapi/common/views.py index 557965a..332ad9c 100644 --- a/rorapi/common/views.py +++ b/rorapi/common/views.py @@ -266,7 +266,7 @@ def get(self, request, version=REST_FRAMEWORK["DEFAULT_VERSION"]): class IndexData(APIView): permission_classes = [OurTokenPermission] - def get(self, request, branch, version=REST_FRAMEWORK["DEFAULT_VERSION"]): + def post(self, request, branch, version=REST_FRAMEWORK["DEFAULT_VERSION"]): st = 200 msg = process_files(branch, 'v2') if msg["status"] == "ERROR": @@ -276,7 +276,7 @@ def get(self, request, branch, version=REST_FRAMEWORK["DEFAULT_VERSION"]): class IndexDataDump(APIView): permission_classes = [OurTokenPermission] - def get(self, request, filename, dataenv, version=REST_FRAMEWORK["DEFAULT_VERSION"]): + def post(self, request, filename, dataenv, version=REST_FRAMEWORK["DEFAULT_VERSION"]): # Always use v2 schema - v1 indexing support has been removed schema = 2 testdata = True diff --git a/rorapi/tests/tests_unit/tests_views_v2.py b/rorapi/tests/tests_unit/tests_views_v2.py index 88649e0..12da4a1 100644 --- a/rorapi/tests/tests_unit/tests_views_v2.py +++ b/rorapi/tests/tests_unit/tests_views_v2.py @@ -354,7 +354,7 @@ def setUp(self): def test_index_ror_success(self, index_mock, permission_mock): index_mock.return_value = self.success_msg permission_mock.return_value = True - response = self.client.get('/v2/indexdata/foo') + response = self.client.post('/v2/indexdata/foo') self.assertEquals(response.status_code, 200) @mock.patch('rorapi.common.views.OurTokenPermission.has_permission') @@ -362,15 +362,33 @@ def test_index_ror_success(self, index_mock, permission_mock): def test_index_ror_fail_error(self, index_mock, permission_mock): index_mock.return_value = self.error_msg permission_mock.return_value = True - response = self.client.get('/v2/indexdata/foo') + response = self.client.post('/v2/indexdata/foo') self.assertEquals(response.status_code, 400) @mock.patch('rorapi.common.views.OurTokenPermission.has_permission') def test_index_ror_fail_no_permission(self, permission_mock): permission_mock.return_value = False - response = self.client.get('/v2/indexdata/foo') + response = self.client.post('/v2/indexdata/foo') self.assertEquals(response.status_code, 403) + @mock.patch.dict(os.environ, {"TOKEN": "token-value", "ROUTE_USER": "route-user"}, clear=False) + @mock.patch('rorapi.common.views.process_files') + def test_index_ror_fail_no_auth_headers(self, index_mock): + index_mock.return_value = self.success_msg + response = self.client.post('/v2/indexdata/foo') + self.assertEquals(response.status_code, 403) + + @mock.patch.dict(os.environ, {"TOKEN": "token-value", "ROUTE_USER": "route-user"}, clear=False) + @mock.patch('rorapi.common.views.process_files') + def test_index_ror_success_with_auth_headers(self, index_mock): + index_mock.return_value = self.success_msg + response = self.client.post( + '/v2/indexdata/foo', + HTTP_TOKEN='token-value', + HTTP_ROUTE_USER='route-user' + ) + self.assertEquals(response.status_code, 200) + class HeartbeatViewTestCase(SimpleTestCase): def setUp(self): with open( @@ -446,7 +464,7 @@ def setUp(self): def test_index_ror_success(self, index_mock, permission_mock): index_mock.return_value = self.success_msg permission_mock.return_value = True - response = self.client.get('/v2/indexdatadump/v1.1-1111-11-11-ror-data/prod') + response = self.client.post('/v2/indexdatadump/v1.1-1111-11-11-ror-data/prod') self.assertEquals(response.status_code, 200) @mock.patch('rorapi.common.views.OurTokenPermission.has_permission') @@ -454,11 +472,29 @@ def test_index_ror_success(self, index_mock, permission_mock): def test_index_ror_fail_error(self, index_mock, permission_mock): index_mock.return_value = self.error_msg permission_mock.return_value = True - response = self.client.get('/v2/indexdatadump/v1.1-1111-11-11-ror-data/prod') + response = self.client.post('/v2/indexdatadump/v1.1-1111-11-11-ror-data/prod') self.assertEquals(response.status_code, 400) @mock.patch('rorapi.common.views.OurTokenPermission.has_permission') def test_index_ror_fail_no_permission(self, permission_mock): permission_mock.return_value = False - response = self.client.get('/v2/indexdatadump/v1.1-1111-11-11-ror-data/prod') - self.assertEquals(response.status_code, 403) \ No newline at end of file + response = self.client.post('/v2/indexdatadump/v1.1-1111-11-11-ror-data/prod') + self.assertEquals(response.status_code, 403) + + @mock.patch.dict(os.environ, {"TOKEN": "token-value", "ROUTE_USER": "route-user"}, clear=False) + @mock.patch('django.core.management.call_command') + def test_index_ror_dump_fail_no_auth_headers(self, index_mock): + index_mock.return_value = self.success_msg + response = self.client.post('/v2/indexdatadump/v1.1-1111-11-11-ror-data/prod') + self.assertEquals(response.status_code, 403) + + @mock.patch.dict(os.environ, {"TOKEN": "token-value", "ROUTE_USER": "route-user"}, clear=False) + @mock.patch('django.core.management.call_command') + def test_index_ror_dump_success_with_auth_headers(self, index_mock): + index_mock.return_value = self.success_msg + response = self.client.post( + '/v2/indexdatadump/v1.1-1111-11-11-ror-data/prod', + HTTP_TOKEN='token-value', + HTTP_ROUTE_USER='route-user' + ) + self.assertEquals(response.status_code, 200) \ No newline at end of file