allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kentontay...@apache.org
Subject [1/2] allura git commit: Better bearer token https check; Unauthorized instead of Forbidden. Details:
Date Tue, 30 Jan 2018 14:57:59 GMT
Repository: allura
Updated Branches:
  refs/heads/master 9a30fec1a -> 8666cbb17


Better bearer token https check; Unauthorized instead of Forbidden. Details:

* widen the https check logic, in case app is running behind a reverse proxy
* change various auth responses from 403 -> 401 to reflect unauth'd better
* stricter status check in test helper (and update a lot of tests to match)


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/4a5d2002
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/4a5d2002
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/4a5d2002

Branch: refs/heads/master
Commit: 4a5d2002607b6c13cfe466c082295a96aacd88d9
Parents: f5443b8
Author: Dave Brondsema <dave@brondsema.net>
Authored: Fri Jan 26 14:24:00 2018 -0500
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Fri Jan 26 14:45:26 2018 -0500

----------------------------------------------------------------------
 Allura/allura/controllers/rest.py               | 35 ++++++++---------
 Allura/allura/tests/functional/test_admin.py    | 28 +++++---------
 Allura/allura/tests/functional/test_auth.py     | 14 +++----
 Allura/allura/tests/functional/test_home.py     |  5 +--
 Allura/allura/tests/functional/test_rest.py     | 40 +++++++++-----------
 Allura/allura/tests/test_webhooks.py            |  3 +-
 AlluraTest/alluratest/controller.py             |  2 +-
 .../forgeblog/tests/functional/test_rest.py     |  6 +--
 .../forgeblog/tests/functional/test_root.py     |  1 -
 .../tests/functional/test_import.py             |  4 +-
 .../tests/functional/test_controllers.py        |  2 -
 .../forgewiki/tests/functional/test_rest.py     |  3 +-
 12 files changed, 61 insertions(+), 82 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 915517c..2913bee 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -135,13 +135,17 @@ class OAuthNegotiator(object):
             # skip https check if auth invoked from tests
             testing = request.environ.get('paste.testing', False)
             debug = asbool(config.get('debug', False))
-            if not testing and request.scheme != 'https' and not debug:
+            if not any((testing,
+                        request.scheme == 'https',
+                        request.environ.get('HTTP_X_FORWARDED_SSL') == 'on',
+                        request.environ.get('HTTP_X_FORWARDED_PROTO') == 'https',
+                        debug)):
                 request.environ['pylons.status_code_redirect'] = True
-                raise exc.HTTPForbidden
+                raise exc.HTTPUnauthorized('HTTPS is required to use bearer tokens %s' %
request.environ)
             access_token = M.OAuthAccessToken.query.get(api_key=access_token)
             if not (access_token and access_token.is_bearer):
                 request.environ['pylons.status_code_redirect'] = True
-                raise exc.HTTPForbidden
+                raise exc.HTTPUnauthorized
             return access_token
         req = oauth.Request.from_request(
             request.method,
@@ -150,23 +154,20 @@ class OAuthNegotiator(object):
             parameters=dict(request.params),
             query_string=request.query_string
         )
-        consumer_token = M.OAuthConsumerToken.query.get(
-            api_key=req['oauth_consumer_key'])
-        access_token = M.OAuthAccessToken.query.get(
-            api_key=req['oauth_token'])
+        consumer_token = M.OAuthConsumerToken.query.get(api_key=req['oauth_consumer_key'])
+        access_token = M.OAuthAccessToken.query.get(api_key=req['oauth_token'])
         if consumer_token is None:
             log.error('Invalid consumer token')
             return None
-            raise exc.HTTPForbidden
         if access_token is None:
             log.error('Invalid access token')
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         consumer = consumer_token.consumer
         try:
             self.server.verify_request(req, consumer, access_token.as_token())
         except:
             log.error('Invalid signature')
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         return access_token
 
     @expose()
@@ -182,13 +183,13 @@ class OAuthNegotiator(object):
             api_key=req['oauth_consumer_key'])
         if consumer_token is None:
             log.error('Invalid consumer token')
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         consumer = consumer_token.consumer
         try:
             self.server.verify_request(req, consumer, None)
         except:
             log.error('Invalid signature')
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         req_token = M.OAuthRequestToken(
             consumer_token_id=consumer_token._id,
             callback=req.get('oauth_callback', 'oob')
@@ -203,7 +204,7 @@ class OAuthNegotiator(object):
         rtok = M.OAuthRequestToken.query.get(api_key=oauth_token)
         if rtok is None:
             log.error('Invalid token %s', oauth_token)
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         rtok.user_id = c.user._id
         return dict(
             oauth_token=oauth_token,
@@ -245,14 +246,14 @@ class OAuthNegotiator(object):
             api_key=req['oauth_token'])
         if consumer_token is None:
             log.error('Invalid consumer token')
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         if request_token is None:
             log.error('Invalid request token')
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         pin = req['oauth_verifier']
         if pin != request_token.validation_pin:
             log.error('Invalid verifier')
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         rtok = request_token.as_token()
         rtok.set_verifier(pin)
         consumer = consumer_token.consumer
@@ -260,7 +261,7 @@ class OAuthNegotiator(object):
             self.server.verify_request(req, consumer, rtok)
         except:
             log.error('Invalid signature')
-            raise exc.HTTPForbidden
+            raise exc.HTTPUnauthorized
         acc_token = M.OAuthAccessToken(
             consumer_token_id=consumer_token._id,
             request_token_id=request_token._id,

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/functional/test_admin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_admin.py b/Allura/allura/tests/functional/test_admin.py
index c7136ae..4fc0023 100644
--- a/Allura/allura/tests/functional/test_admin.py
+++ b/Allura/allura/tests/functional/test_admin.py
@@ -1338,32 +1338,27 @@ class TestRestInstallTool(TestRestApiBase):
 
 class TestRestAdminOptions(TestRestApiBase):
     def test_no_mount_point(self):
-        r = self.api_get('/rest/p/test/admin/admin_options/')
-        assert_equals(r.status, '400 Bad Request')
+        r = self.api_get('/rest/p/test/admin/admin_options/', status=400)
         assert_in('Must provide a mount point', r.body)
 
     def test_invalid_mount_point(self):
-        r = self.api_get('/rest/p/test/admin/admin_options/?mount_point=asdf')
-        assert_equals(r.status, '400 Bad Request')
+        r = self.api_get('/rest/p/test/admin/admin_options/?mount_point=asdf', status=400)
         assert_in('The mount point you provided was invalid', r.body)
 
     @td.with_tool('test', 'Git', 'git')
     def test_valid_mount_point(self):
-        r = self.api_get('/rest/p/test/admin/admin_options/?mount_point=git')
-        assert_equals(r.status, '200 OK')
+        r = self.api_get('/rest/p/test/admin/admin_options/?mount_point=git', status=200)
         assert_is_not_none(r.json['options'])
 
 
 class TestRestMountOrder(TestRestApiBase):
     def test_no_kw(self):
-        r = self.api_post('/rest/p/test/admin/mount_order/')
-        assert_equals(r.status, '400 Bad Request')
+        r = self.api_post('/rest/p/test/admin/mount_order/', status=400)
         assert_in('Expected kw params in the form of "ordinal: mount_point"', r.body)
 
     def test_invalid_kw(self):
         data = {'1': 'git', 'two': 'admin'}
-        r = self.api_post('/rest/p/test/admin/mount_order/', **data)
-        assert_equals(r.status, '400 Bad Request')
+        r = self.api_post('/rest/p/test/admin/mount_order/', status=400, **data)
         assert_in('Invalid kw: expected "ordinal: mount_point"', r.body)
 
     @td.with_wiki
@@ -1408,8 +1403,8 @@ class TestRestMountOrder(TestRestApiBase):
 class TestRestToolGrouping(TestRestApiBase):
     def test_invalid_grouping_threshold(self):
         for invalid_value in ('100', 'asdf'):
-            r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold=invalid_value)
-            assert_equals(r.status, '400 Bad Request')
+            r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold=invalid_value,
+                              status=400)
             assert_in('Invalid threshold. Expected a value between 1 and 10', r.body)
 
     @td.with_wiki
@@ -1417,16 +1412,14 @@ class TestRestToolGrouping(TestRestApiBase):
     @td.with_tool('test', 'Wiki', 'wiki3')
     def test_valid_grouping_threshold(self):
         # Set threshold to 2
-        r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold='2')
-        assert_equals(r.status, '200 OK')
+        r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold='2',
status=200)
 
         # The 'wiki' mount_point should not exist at the top level
         result1 = self.app.get('/p/test/_nav.json')
         assert_not_in('wiki', [tool['mount_point'] for tool in result1.json['menu']])
 
         # Set threshold to 3
-        r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold='3')
-        assert_equals(r.status, '200 OK')
+        r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold='3',
status=200)
 
         # The wiki mount_point should now be at the top level of the menu
         result2 = self.app.get('/p/test/_nav.json')
@@ -1435,6 +1428,5 @@ class TestRestToolGrouping(TestRestApiBase):
 
 class TestInstallableTools(TestRestApiBase):
     def test_installable_tools_response(self):
-        r = self.api_get('/rest/p/test/admin/installable_tools')
-        assert_equals(r.status, '200 OK')
+        r = self.api_get('/rest/p/test/admin/installable_tools', status=200)
         assert_in('External Link', [tool['tool_label'] for tool in r.json['tools']])

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 780e1cf..54e2dff 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -1597,7 +1597,7 @@ class TestOAuth(TestController):
         Request.from_request.return_value = {
             'oauth_consumer_key': 'api_key'}
         self.app.post('/rest/oauth/request_token',
-                      params={'key': 'value'}, status=403)
+                      params={'key': 'value'}, status=401)
 
     @mock.patch('allura.controllers.rest.oauth.Server')
     @mock.patch('allura.controllers.rest.oauth.Request')
@@ -1611,7 +1611,7 @@ class TestOAuth(TestController):
         )
         ThreadLocalORMSession.flush_all()
         Request.from_request.return_value = {'oauth_consumer_key': 'api_key'}
-        self.app.post('/rest/oauth/request_token', params={'key': 'value'}, status=403)
+        self.app.post('/rest/oauth/request_token', params={'key': 'value'}, status=401)
 
     def test_authorize_ok(self):
         user = M.User.by_username('test-admin')
@@ -1632,7 +1632,7 @@ class TestOAuth(TestController):
         assert_in('api_key', r.body)
 
     def test_authorize_invalid(self):
-        self.app.post('/rest/oauth/authorize', params={'oauth_token': 'api_key'}, status=403)
+        self.app.post('/rest/oauth/authorize', params={'oauth_token': 'api_key'}, status=401)
 
     def test_do_authorize_no(self):
         user = M.User.by_username('test-admin')
@@ -1710,7 +1710,7 @@ class TestOAuth(TestController):
             'oauth_token': 'api_key',
             'oauth_verifier': 'good',
         }
-        self.app.get('/rest/oauth/access_token', status=403)
+        self.app.get('/rest/oauth/access_token', status=401)
 
     @mock.patch('allura.controllers.rest.oauth.Request')
     def test_access_token_no_request(self, Request):
@@ -1726,7 +1726,7 @@ class TestOAuth(TestController):
             description='ctok_desc',
         )
         ThreadLocalORMSession.flush_all()
-        self.app.get('/rest/oauth/access_token', status=403)
+        self.app.get('/rest/oauth/access_token', status=401)
 
     @mock.patch('allura.controllers.rest.oauth.Request')
     def test_access_token_bad_pin(self, Request):
@@ -1749,7 +1749,7 @@ class TestOAuth(TestController):
             validation_pin='good',
         )
         ThreadLocalORMSession.flush_all()
-        self.app.get('/rest/oauth/access_token', status=403)
+        self.app.get('/rest/oauth/access_token', status=401)
 
     @mock.patch('allura.controllers.rest.oauth.Server')
     @mock.patch('allura.controllers.rest.oauth.Request')
@@ -1774,7 +1774,7 @@ class TestOAuth(TestController):
         )
         ThreadLocalORMSession.flush_all()
         Server().verify_request.side_effect = ValueError
-        self.app.get('/rest/oauth/access_token', status=403)
+        self.app.get('/rest/oauth/access_token', status=401)
 
     @mock.patch('allura.controllers.rest.oauth.Server')
     @mock.patch('allura.controllers.rest.oauth.Request')

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/functional/test_home.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_home.py b/Allura/allura/tests/functional/test_home.py
index f3d2197..e8eb577 100644
--- a/Allura/allura/tests/functional/test_home.py
+++ b/Allura/allura/tests/functional/test_home.py
@@ -258,10 +258,7 @@ class TestProjectHome(TestController):
         })
 
         # Try to access the  installed tool as anon.
-        r = self.app.get('/p/test/test-mount/test-sub/',
-        extra_environ = dict(username='*anonymous'),
-        status=404)
-        assert (r.status_int == 403 or r.status_int == 404)
+        r = self.app.get('/p/test/test-mount/test-sub/', extra_environ=dict(username='*anonymous'),
status=404)
 
         # Try to access the installed tool as Admin.
         r = self.app.get('/p/test/test-mount/test-sub/').follow()

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_rest.py b/Allura/allura/tests/functional/test_rest.py
index 6a54972..306cdbc 100644
--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -21,6 +21,7 @@ from pylons import app_globals as g
 import mock
 from nose.tools import assert_equal, assert_in, assert_not_in
 from ming.odm import ThreadLocalODMSession
+from tg import config
 
 from allura.tests import decorators as td
 from alluratest.controller import TestRestApiBase
@@ -45,8 +46,7 @@ class TestRestHome(TestRestApiBase):
         self._patch_token(OAuthAccessToken)
         access_token = OAuthAccessToken.query.get.return_value
         access_token.is_bearer = False
-        r = self.api_post('/rest/p/test/wiki', access_token='foo')
-        assert_equal(r.status_int, 403)
+        r = self.api_post('/rest/p/test/wiki', access_token='foo', status=401)
         OAuthAccessToken.query.get.assert_called_once_with(api_key='foo')
 
     @mock.patch('allura.controllers.rest.M.OAuthAccessToken')
@@ -57,8 +57,7 @@ class TestRestHome(TestRestApiBase):
         request.scheme = 'https'
         self._patch_token(OAuthAccessToken)
         OAuthAccessToken.query.get.return_value = None
-        r = self.api_post('/rest/p/test/wiki', access_token='foo')
-        assert_equal(r.status_int, 403)
+        r = self.api_post('/rest/p/test/wiki', access_token='foo', status=401)
 
     @mock.patch('allura.controllers.rest.request')
     @td.with_wiki
@@ -98,8 +97,7 @@ class TestRestHome(TestRestApiBase):
         self._patch_token(OAuthAccessToken)
         access_token = OAuthAccessToken.query.get.return_value
         access_token.is_bearer = False
-        r = self.api_post('/rest/p/test/wiki', access_token='foo')
-        assert_equal(r.status_int, 403)
+        r = self.api_post('/rest/p/test/wiki', access_token='foo', status=401)
         OAuthAccessToken.query.get.assert_called_once_with(api_key='foo')
 
     @mock.patch('allura.controllers.rest.M.OAuthAccessToken')
@@ -111,11 +109,11 @@ class TestRestHome(TestRestApiBase):
         request.scheme = 'https'
         self._patch_token(OAuthAccessToken)
         OAuthAccessToken.query.get.return_value = None
-        r = self.api_post('/rest/p/test/wiki', access_token='foo')
-        assert_equal(r.status_int, 403)
+        r = self.api_post('/rest/p/test/wiki', access_token='foo', status=401)
 
     @mock.patch('allura.controllers.rest.request')
     @td.with_wiki
+    @mock.patch.dict(config, debug=False)
     def test_bearer_token_valid_via_headers(self, request):
         user = M.User.by_username('test-admin')
         consumer_token = M.OAuthConsumerToken(
@@ -141,20 +139,20 @@ class TestRestHome(TestRestApiBase):
             'Authorization': 'Bearer {}'.format(token)
         }
         request.scheme = 'https'
-        r = self.api_post('/rest/p/test/wiki', access_token='foo')
-        assert_equal(r.status_int, 200)
+        r = self.api_post('/rest/p/test/wiki', access_token='foo', status=200)
+        # reverse proxy situation
+        request.scheme = 'http'
+        request.environ['paste.testing'] = False
+        request.environ['HTTP_X_FORWARDED_PROTOx'] = 'https'
+        r = self.api_post('/rest/p/test/wiki', access_token='foo', status=200)
 
     def test_bad_path(self):
-        r = self.api_post('/rest/1/test/wiki/')
-        assert r.status_int == 404
-        r = self.api_post('/rest/p/1223/wiki/')
-        assert r.status_int == 404
-        r = self.api_post('/rest/p/test/12wiki/')
-        assert r.status_int == 404
+        r = self.api_post('/rest/1/test/wiki/', status=404)
+        r = self.api_post('/rest/p/1223/wiki/', status=404)
+        r = self.api_post('/rest/p/test/12wiki/', status=404)
 
     def test_no_api(self):
-        r = self.api_post('/rest/p/test/admin/')
-        assert r.status_int == 404
+        r = self.api_post('/rest/p/test/admin/', status=404)
 
     @td.with_wiki
     def test_project_ping(self):
@@ -256,8 +254,7 @@ class TestRestHome(TestRestApiBase):
         assert_equal(r.status_int, 200)
         assert_equal(r.json['title'], 'Home')
 
-        r = self.api_get('/rest/p/admin/installable_tools')
-        assert_equal(r.status_int, 403)
+        r = self.api_get('/rest/p/admin/installable_tools', status=403)
 
         r = self.api_get('/rest/p/admin/installable_tools', user='root')
         assert_equal(r.status_int, 200)
@@ -365,8 +362,7 @@ class TestRestHome(TestRestApiBase):
         with mock.patch('allura.lib.plugin.ProjectRegistrationProvider') as Provider:
             Provider.get().shortname_validator.to_python.side_effect = Invalid(
                 'name', 'value', {})
-            r = self.api_get('/rest/p/test/')
-            assert r.status_int == 404
+            r = self.api_get('/rest/p/test/', status=404)
 
     @td.with_wiki
     def test_cors_POST_req_blocked_by_csrf(self):

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/test_webhooks.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_webhooks.py b/Allura/allura/tests/test_webhooks.py
index d7fb75c..5b8df07 100644
--- a/Allura/allura/tests/test_webhooks.py
+++ b/Allura/allura/tests/test_webhooks.py
@@ -714,8 +714,7 @@ class TestWebhookRestController(TestRestApiBase):
         dd.assert_equal(r.json, expected)
 
     def test_webhook_GET_404(self):
-        r = self.api_get(self.url + '/repo-push/invalid')
-        assert_equal(r.status_int, 404)
+        r = self.api_get(self.url + '/repo-push/invalid', status=404)
 
     def test_webhook_GET(self):
         webhook = self.webhooks[0]

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/AlluraTest/alluratest/controller.py
----------------------------------------------------------------------
diff --git a/AlluraTest/alluratest/controller.py b/AlluraTest/alluratest/controller.py
index 1f9ade5..b28af46 100644
--- a/AlluraTest/alluratest/controller.py
+++ b/AlluraTest/alluratest/controller.py
@@ -253,7 +253,7 @@ class TestRestApiBase(TestController):
         if wrap_args:
             params = {wrap_args: params}
         if status is None:
-            status = [200, 201, 301, 302, 400, 403, 404]
+            status = [200, 201, 301, 302]
         params = variabledecode.variable_encode(params, add_repetitions=False)
 
         token = self.token(user).api_key

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeBlog/forgeblog/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/tests/functional/test_rest.py b/ForgeBlog/forgeblog/tests/functional/test_rest.py
index 8acdd87..157b387 100644
--- a/ForgeBlog/forgeblog/tests/functional/test_rest.py
+++ b/ForgeBlog/forgeblog/tests/functional/test_rest.py
@@ -95,12 +95,10 @@ class TestBlogApi(TestRestApiBase):
         assert_equal(r.status_int, 201)
         url = '/rest' + BM.BlogPost.query.find().first().url()
         self.api_post(url, delete='')
-        r = self.api_get(url)
-        assert_equal(r.status_int, 404)
+        r = self.api_get(url, status=404)
 
     def test_post_does_not_exist(self):
-        r = self.api_get('/rest/p/test/blog/2013/07/fake/')
-        assert_equal(r.status_int, 404)
+        r = self.api_get('/rest/p/test/blog/2013/07/fake/', status=404)
 
     def test_read_permissons(self):
         self.api_post('/rest/p/test/blog/', title='test',

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeBlog/forgeblog/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/tests/functional/test_root.py b/ForgeBlog/forgeblog/tests/functional/test_root.py
index 500b835..22a8fa3 100644
--- a/ForgeBlog/forgeblog/tests/functional/test_root.py
+++ b/ForgeBlog/forgeblog/tests/functional/test_root.py
@@ -193,7 +193,6 @@ class Test(TestController):
 
     def test_invalid_lookup(self):
         r = self.app.get('/blog/favicon.ico', status=404)
-        assert_equal(r.status_int, 404)
 
     def test_index_bad_url_params(self):
         self.app.get('/blog/?limit=blah&page=2x', status=200)

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
index 73b0a8f..38290e8 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
@@ -40,8 +40,8 @@ class TestImportController(TestRestApiBase):  # TestController):
     def test_no_capability(self):
         with h.push_config(config, **{'oauth.can_import_forum': 'some,fake,tokens'}):
             resp = self.api_post('/rest/p/test/discussion/perform_import',
-                                 doc=self.json_text)
-            assert resp.status_int == 403
+                                 doc=self.json_text,
+                                 status=403)
 
         with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
             resp = self.api_post('/rest/p/test/discussion/perform_import',

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeGit/forgegit/tests/functional/test_controllers.py
----------------------------------------------------------------------
diff --git a/ForgeGit/forgegit/tests/functional/test_controllers.py b/ForgeGit/forgegit/tests/functional/test_controllers.py
index dc888ff..b4b6f9b 100644
--- a/ForgeGit/forgegit/tests/functional/test_controllers.py
+++ b/ForgeGit/forgegit/tests/functional/test_controllers.py
@@ -255,9 +255,7 @@ class TestRootController(_TestCase):
     def test_tree_invalid(self):
         ci = self._get_ci()
         resp = self.app.get(ci + 'tree/foo', status=404)
-        assert_equal(resp.status_int, 404)
         resp = self.app.get(ci + 'tree/foo/bar', status=404)
-        assert_equal(resp.status_int, 404)
 
     def test_file(self):
         ci = self._get_ci()

http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeWiki/forgewiki/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeWiki/forgewiki/tests/functional/test_rest.py b/ForgeWiki/forgewiki/tests/functional/test_rest.py
index 85602c7..053d2a4 100644
--- a/ForgeWiki/forgewiki/tests/functional/test_rest.py
+++ b/ForgeWiki/forgewiki/tests/functional/test_rest.py
@@ -61,8 +61,7 @@ class TestWikiApi(TestRestApiBase):
         assert_equal(len(r['attachments']), 2)
 
     def test_page_does_not_exist(self):
-        r = self.api_get('/rest/p/test/wiki/fake/')
-        assert_equal(r.status_int, 404)
+        r = self.api_get('/rest/p/test/wiki/fake/', status=404)
 
     def test_update_page(self):
         data = {


Mime
View raw message