54 lines
1.6 KiB
Python
54 lines
1.6 KiB
Python
import os
|
|
|
|
import pytest
|
|
from django.urls import reverse
|
|
|
|
from funkwhale_api.music import views
|
|
|
|
DATA_DIR = os.path.dirname(os.path.abspath(__file__))
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"route,method",
|
|
[
|
|
("api:v1:tags-list", "get"),
|
|
("api:v1:tracks-list", "get"),
|
|
("api:v1:artists-list", "get"),
|
|
("api:v1:albums-list", "get"),
|
|
],
|
|
)
|
|
def test_can_restrict_api_views_to_authenticated_users(
|
|
db, route, method, preferences, client
|
|
):
|
|
url = reverse(route)
|
|
preferences["common__api_authentication_required"] = True
|
|
response = getattr(client, method)(url)
|
|
assert response.status_code == 401
|
|
|
|
|
|
def test_upload_url_is_restricted_to_authenticated_users(
|
|
api_client, factories, preferences
|
|
):
|
|
preferences["common__api_authentication_required"] = True
|
|
upload = factories["music.Upload"](library__privacy_level="instance")
|
|
assert upload.audio_file is not None
|
|
url = upload.track.listen_url
|
|
response = api_client.get(url)
|
|
assert response.status_code == 401
|
|
|
|
|
|
def test_upload_url_is_accessible_to_authenticated_users(
|
|
logged_in_api_client, factories, preferences
|
|
):
|
|
actor = logged_in_api_client.user.create_actor()
|
|
preferences["common__api_authentication_required"] = True
|
|
upload = factories["music.Upload"](library__actor=actor, import_status="finished")
|
|
assert upload.audio_file is not None
|
|
url = upload.track.listen_url
|
|
response = logged_in_api_client.get(url)
|
|
|
|
assert response.status_code == 200
|
|
assert response["X-Accel-Redirect"] == "/_protected{}".format(
|
|
views.strip_absolute_media_url(upload.audio_file.url)
|
|
)
|