Repository: allura
Updated Branches:
refs/heads/master 9a30fec1a -> 8666cbb17
Better bearer token https check; Unauthorized instead of Forbidden. Details:
* widen the https check logic, in case app is running behind a reverse proxy
* change various auth responses from 403 -> 401 to reflect unauth'd better
* stricter status check in test helper (and update a lot of tests to match)
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/4a5d2002
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/4a5d2002
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/4a5d2002
Branch: refs/heads/master
Commit: 4a5d2002607b6c13cfe466c082295a96aacd88d9
Parents: f5443b8
Author: Dave Brondsema <dave@brondsema.net>
Authored: Fri Jan 26 14:24:00 2018 -0500
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Fri Jan 26 14:45:26 2018 -0500
----------------------------------------------------------------------
Allura/allura/controllers/rest.py | 35 ++++++++---------
Allura/allura/tests/functional/test_admin.py | 28 +++++---------
Allura/allura/tests/functional/test_auth.py | 14 +++----
Allura/allura/tests/functional/test_home.py | 5 +--
Allura/allura/tests/functional/test_rest.py | 40 +++++++++-----------
Allura/allura/tests/test_webhooks.py | 3 +-
AlluraTest/alluratest/controller.py | 2 +-
.../forgeblog/tests/functional/test_rest.py | 6 +--
.../forgeblog/tests/functional/test_root.py | 1 -
.../tests/functional/test_import.py | 4 +-
.../tests/functional/test_controllers.py | 2 -
.../forgewiki/tests/functional/test_rest.py | 3 +-
12 files changed, 61 insertions(+), 82 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 915517c..2913bee 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -135,13 +135,17 @@ class OAuthNegotiator(object):
# skip https check if auth invoked from tests
testing = request.environ.get('paste.testing', False)
debug = asbool(config.get('debug', False))
- if not testing and request.scheme != 'https' and not debug:
+ if not any((testing,
+ request.scheme == 'https',
+ request.environ.get('HTTP_X_FORWARDED_SSL') == 'on',
+ request.environ.get('HTTP_X_FORWARDED_PROTO') == 'https',
+ debug)):
request.environ['pylons.status_code_redirect'] = True
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized('HTTPS is required to use bearer tokens %s' %
request.environ)
access_token = M.OAuthAccessToken.query.get(api_key=access_token)
if not (access_token and access_token.is_bearer):
request.environ['pylons.status_code_redirect'] = True
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
return access_token
req = oauth.Request.from_request(
request.method,
@@ -150,23 +154,20 @@ class OAuthNegotiator(object):
parameters=dict(request.params),
query_string=request.query_string
)
- consumer_token = M.OAuthConsumerToken.query.get(
- api_key=req['oauth_consumer_key'])
- access_token = M.OAuthAccessToken.query.get(
- api_key=req['oauth_token'])
+ consumer_token = M.OAuthConsumerToken.query.get(api_key=req['oauth_consumer_key'])
+ access_token = M.OAuthAccessToken.query.get(api_key=req['oauth_token'])
if consumer_token is None:
log.error('Invalid consumer token')
return None
- raise exc.HTTPForbidden
if access_token is None:
log.error('Invalid access token')
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
consumer = consumer_token.consumer
try:
self.server.verify_request(req, consumer, access_token.as_token())
except:
log.error('Invalid signature')
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
return access_token
@expose()
@@ -182,13 +183,13 @@ class OAuthNegotiator(object):
api_key=req['oauth_consumer_key'])
if consumer_token is None:
log.error('Invalid consumer token')
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
consumer = consumer_token.consumer
try:
self.server.verify_request(req, consumer, None)
except:
log.error('Invalid signature')
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
req_token = M.OAuthRequestToken(
consumer_token_id=consumer_token._id,
callback=req.get('oauth_callback', 'oob')
@@ -203,7 +204,7 @@ class OAuthNegotiator(object):
rtok = M.OAuthRequestToken.query.get(api_key=oauth_token)
if rtok is None:
log.error('Invalid token %s', oauth_token)
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
rtok.user_id = c.user._id
return dict(
oauth_token=oauth_token,
@@ -245,14 +246,14 @@ class OAuthNegotiator(object):
api_key=req['oauth_token'])
if consumer_token is None:
log.error('Invalid consumer token')
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
if request_token is None:
log.error('Invalid request token')
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
pin = req['oauth_verifier']
if pin != request_token.validation_pin:
log.error('Invalid verifier')
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
rtok = request_token.as_token()
rtok.set_verifier(pin)
consumer = consumer_token.consumer
@@ -260,7 +261,7 @@ class OAuthNegotiator(object):
self.server.verify_request(req, consumer, rtok)
except:
log.error('Invalid signature')
- raise exc.HTTPForbidden
+ raise exc.HTTPUnauthorized
acc_token = M.OAuthAccessToken(
consumer_token_id=consumer_token._id,
request_token_id=request_token._id,
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/functional/test_admin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_admin.py b/Allura/allura/tests/functional/test_admin.py
index c7136ae..4fc0023 100644
--- a/Allura/allura/tests/functional/test_admin.py
+++ b/Allura/allura/tests/functional/test_admin.py
@@ -1338,32 +1338,27 @@ class TestRestInstallTool(TestRestApiBase):
class TestRestAdminOptions(TestRestApiBase):
def test_no_mount_point(self):
- r = self.api_get('/rest/p/test/admin/admin_options/')
- assert_equals(r.status, '400 Bad Request')
+ r = self.api_get('/rest/p/test/admin/admin_options/', status=400)
assert_in('Must provide a mount point', r.body)
def test_invalid_mount_point(self):
- r = self.api_get('/rest/p/test/admin/admin_options/?mount_point=asdf')
- assert_equals(r.status, '400 Bad Request')
+ r = self.api_get('/rest/p/test/admin/admin_options/?mount_point=asdf', status=400)
assert_in('The mount point you provided was invalid', r.body)
@td.with_tool('test', 'Git', 'git')
def test_valid_mount_point(self):
- r = self.api_get('/rest/p/test/admin/admin_options/?mount_point=git')
- assert_equals(r.status, '200 OK')
+ r = self.api_get('/rest/p/test/admin/admin_options/?mount_point=git', status=200)
assert_is_not_none(r.json['options'])
class TestRestMountOrder(TestRestApiBase):
def test_no_kw(self):
- r = self.api_post('/rest/p/test/admin/mount_order/')
- assert_equals(r.status, '400 Bad Request')
+ r = self.api_post('/rest/p/test/admin/mount_order/', status=400)
assert_in('Expected kw params in the form of "ordinal: mount_point"', r.body)
def test_invalid_kw(self):
data = {'1': 'git', 'two': 'admin'}
- r = self.api_post('/rest/p/test/admin/mount_order/', **data)
- assert_equals(r.status, '400 Bad Request')
+ r = self.api_post('/rest/p/test/admin/mount_order/', status=400, **data)
assert_in('Invalid kw: expected "ordinal: mount_point"', r.body)
@td.with_wiki
@@ -1408,8 +1403,8 @@ class TestRestMountOrder(TestRestApiBase):
class TestRestToolGrouping(TestRestApiBase):
def test_invalid_grouping_threshold(self):
for invalid_value in ('100', 'asdf'):
- r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold=invalid_value)
- assert_equals(r.status, '400 Bad Request')
+ r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold=invalid_value,
+ status=400)
assert_in('Invalid threshold. Expected a value between 1 and 10', r.body)
@td.with_wiki
@@ -1417,16 +1412,14 @@ class TestRestToolGrouping(TestRestApiBase):
@td.with_tool('test', 'Wiki', 'wiki3')
def test_valid_grouping_threshold(self):
# Set threshold to 2
- r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold='2')
- assert_equals(r.status, '200 OK')
+ r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold='2',
status=200)
# The 'wiki' mount_point should not exist at the top level
result1 = self.app.get('/p/test/_nav.json')
assert_not_in('wiki', [tool['mount_point'] for tool in result1.json['menu']])
# Set threshold to 3
- r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold='3')
- assert_equals(r.status, '200 OK')
+ r = self.api_post('/rest/p/test/admin/configure_tool_grouping/', grouping_threshold='3',
status=200)
# The wiki mount_point should now be at the top level of the menu
result2 = self.app.get('/p/test/_nav.json')
@@ -1435,6 +1428,5 @@ class TestRestToolGrouping(TestRestApiBase):
class TestInstallableTools(TestRestApiBase):
def test_installable_tools_response(self):
- r = self.api_get('/rest/p/test/admin/installable_tools')
- assert_equals(r.status, '200 OK')
+ r = self.api_get('/rest/p/test/admin/installable_tools', status=200)
assert_in('External Link', [tool['tool_label'] for tool in r.json['tools']])
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 780e1cf..54e2dff 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -1597,7 +1597,7 @@ class TestOAuth(TestController):
Request.from_request.return_value = {
'oauth_consumer_key': 'api_key'}
self.app.post('/rest/oauth/request_token',
- params={'key': 'value'}, status=403)
+ params={'key': 'value'}, status=401)
@mock.patch('allura.controllers.rest.oauth.Server')
@mock.patch('allura.controllers.rest.oauth.Request')
@@ -1611,7 +1611,7 @@ class TestOAuth(TestController):
)
ThreadLocalORMSession.flush_all()
Request.from_request.return_value = {'oauth_consumer_key': 'api_key'}
- self.app.post('/rest/oauth/request_token', params={'key': 'value'}, status=403)
+ self.app.post('/rest/oauth/request_token', params={'key': 'value'}, status=401)
def test_authorize_ok(self):
user = M.User.by_username('test-admin')
@@ -1632,7 +1632,7 @@ class TestOAuth(TestController):
assert_in('api_key', r.body)
def test_authorize_invalid(self):
- self.app.post('/rest/oauth/authorize', params={'oauth_token': 'api_key'}, status=403)
+ self.app.post('/rest/oauth/authorize', params={'oauth_token': 'api_key'}, status=401)
def test_do_authorize_no(self):
user = M.User.by_username('test-admin')
@@ -1710,7 +1710,7 @@ class TestOAuth(TestController):
'oauth_token': 'api_key',
'oauth_verifier': 'good',
}
- self.app.get('/rest/oauth/access_token', status=403)
+ self.app.get('/rest/oauth/access_token', status=401)
@mock.patch('allura.controllers.rest.oauth.Request')
def test_access_token_no_request(self, Request):
@@ -1726,7 +1726,7 @@ class TestOAuth(TestController):
description='ctok_desc',
)
ThreadLocalORMSession.flush_all()
- self.app.get('/rest/oauth/access_token', status=403)
+ self.app.get('/rest/oauth/access_token', status=401)
@mock.patch('allura.controllers.rest.oauth.Request')
def test_access_token_bad_pin(self, Request):
@@ -1749,7 +1749,7 @@ class TestOAuth(TestController):
validation_pin='good',
)
ThreadLocalORMSession.flush_all()
- self.app.get('/rest/oauth/access_token', status=403)
+ self.app.get('/rest/oauth/access_token', status=401)
@mock.patch('allura.controllers.rest.oauth.Server')
@mock.patch('allura.controllers.rest.oauth.Request')
@@ -1774,7 +1774,7 @@ class TestOAuth(TestController):
)
ThreadLocalORMSession.flush_all()
Server().verify_request.side_effect = ValueError
- self.app.get('/rest/oauth/access_token', status=403)
+ self.app.get('/rest/oauth/access_token', status=401)
@mock.patch('allura.controllers.rest.oauth.Server')
@mock.patch('allura.controllers.rest.oauth.Request')
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/functional/test_home.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_home.py b/Allura/allura/tests/functional/test_home.py
index f3d2197..e8eb577 100644
--- a/Allura/allura/tests/functional/test_home.py
+++ b/Allura/allura/tests/functional/test_home.py
@@ -258,10 +258,7 @@ class TestProjectHome(TestController):
})
# Try to access the installed tool as anon.
- r = self.app.get('/p/test/test-mount/test-sub/',
- extra_environ = dict(username='*anonymous'),
- status=404)
- assert (r.status_int == 403 or r.status_int == 404)
+ r = self.app.get('/p/test/test-mount/test-sub/', extra_environ=dict(username='*anonymous'),
status=404)
# Try to access the installed tool as Admin.
r = self.app.get('/p/test/test-mount/test-sub/').follow()
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_rest.py b/Allura/allura/tests/functional/test_rest.py
index 6a54972..306cdbc 100644
--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -21,6 +21,7 @@ from pylons import app_globals as g
import mock
from nose.tools import assert_equal, assert_in, assert_not_in
from ming.odm import ThreadLocalODMSession
+from tg import config
from allura.tests import decorators as td
from alluratest.controller import TestRestApiBase
@@ -45,8 +46,7 @@ class TestRestHome(TestRestApiBase):
self._patch_token(OAuthAccessToken)
access_token = OAuthAccessToken.query.get.return_value
access_token.is_bearer = False
- r = self.api_post('/rest/p/test/wiki', access_token='foo')
- assert_equal(r.status_int, 403)
+ r = self.api_post('/rest/p/test/wiki', access_token='foo', status=401)
OAuthAccessToken.query.get.assert_called_once_with(api_key='foo')
@mock.patch('allura.controllers.rest.M.OAuthAccessToken')
@@ -57,8 +57,7 @@ class TestRestHome(TestRestApiBase):
request.scheme = 'https'
self._patch_token(OAuthAccessToken)
OAuthAccessToken.query.get.return_value = None
- r = self.api_post('/rest/p/test/wiki', access_token='foo')
- assert_equal(r.status_int, 403)
+ r = self.api_post('/rest/p/test/wiki', access_token='foo', status=401)
@mock.patch('allura.controllers.rest.request')
@td.with_wiki
@@ -98,8 +97,7 @@ class TestRestHome(TestRestApiBase):
self._patch_token(OAuthAccessToken)
access_token = OAuthAccessToken.query.get.return_value
access_token.is_bearer = False
- r = self.api_post('/rest/p/test/wiki', access_token='foo')
- assert_equal(r.status_int, 403)
+ r = self.api_post('/rest/p/test/wiki', access_token='foo', status=401)
OAuthAccessToken.query.get.assert_called_once_with(api_key='foo')
@mock.patch('allura.controllers.rest.M.OAuthAccessToken')
@@ -111,11 +109,11 @@ class TestRestHome(TestRestApiBase):
request.scheme = 'https'
self._patch_token(OAuthAccessToken)
OAuthAccessToken.query.get.return_value = None
- r = self.api_post('/rest/p/test/wiki', access_token='foo')
- assert_equal(r.status_int, 403)
+ r = self.api_post('/rest/p/test/wiki', access_token='foo', status=401)
@mock.patch('allura.controllers.rest.request')
@td.with_wiki
+ @mock.patch.dict(config, debug=False)
def test_bearer_token_valid_via_headers(self, request):
user = M.User.by_username('test-admin')
consumer_token = M.OAuthConsumerToken(
@@ -141,20 +139,20 @@ class TestRestHome(TestRestApiBase):
'Authorization': 'Bearer {}'.format(token)
}
request.scheme = 'https'
- r = self.api_post('/rest/p/test/wiki', access_token='foo')
- assert_equal(r.status_int, 200)
+ r = self.api_post('/rest/p/test/wiki', access_token='foo', status=200)
+ # reverse proxy situation
+ request.scheme = 'http'
+ request.environ['paste.testing'] = False
+ request.environ['HTTP_X_FORWARDED_PROTOx'] = 'https'
+ r = self.api_post('/rest/p/test/wiki', access_token='foo', status=200)
def test_bad_path(self):
- r = self.api_post('/rest/1/test/wiki/')
- assert r.status_int == 404
- r = self.api_post('/rest/p/1223/wiki/')
- assert r.status_int == 404
- r = self.api_post('/rest/p/test/12wiki/')
- assert r.status_int == 404
+ r = self.api_post('/rest/1/test/wiki/', status=404)
+ r = self.api_post('/rest/p/1223/wiki/', status=404)
+ r = self.api_post('/rest/p/test/12wiki/', status=404)
def test_no_api(self):
- r = self.api_post('/rest/p/test/admin/')
- assert r.status_int == 404
+ r = self.api_post('/rest/p/test/admin/', status=404)
@td.with_wiki
def test_project_ping(self):
@@ -256,8 +254,7 @@ class TestRestHome(TestRestApiBase):
assert_equal(r.status_int, 200)
assert_equal(r.json['title'], 'Home')
- r = self.api_get('/rest/p/admin/installable_tools')
- assert_equal(r.status_int, 403)
+ r = self.api_get('/rest/p/admin/installable_tools', status=403)
r = self.api_get('/rest/p/admin/installable_tools', user='root')
assert_equal(r.status_int, 200)
@@ -365,8 +362,7 @@ class TestRestHome(TestRestApiBase):
with mock.patch('allura.lib.plugin.ProjectRegistrationProvider') as Provider:
Provider.get().shortname_validator.to_python.side_effect = Invalid(
'name', 'value', {})
- r = self.api_get('/rest/p/test/')
- assert r.status_int == 404
+ r = self.api_get('/rest/p/test/', status=404)
@td.with_wiki
def test_cors_POST_req_blocked_by_csrf(self):
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/Allura/allura/tests/test_webhooks.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_webhooks.py b/Allura/allura/tests/test_webhooks.py
index d7fb75c..5b8df07 100644
--- a/Allura/allura/tests/test_webhooks.py
+++ b/Allura/allura/tests/test_webhooks.py
@@ -714,8 +714,7 @@ class TestWebhookRestController(TestRestApiBase):
dd.assert_equal(r.json, expected)
def test_webhook_GET_404(self):
- r = self.api_get(self.url + '/repo-push/invalid')
- assert_equal(r.status_int, 404)
+ r = self.api_get(self.url + '/repo-push/invalid', status=404)
def test_webhook_GET(self):
webhook = self.webhooks[0]
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/AlluraTest/alluratest/controller.py
----------------------------------------------------------------------
diff --git a/AlluraTest/alluratest/controller.py b/AlluraTest/alluratest/controller.py
index 1f9ade5..b28af46 100644
--- a/AlluraTest/alluratest/controller.py
+++ b/AlluraTest/alluratest/controller.py
@@ -253,7 +253,7 @@ class TestRestApiBase(TestController):
if wrap_args:
params = {wrap_args: params}
if status is None:
- status = [200, 201, 301, 302, 400, 403, 404]
+ status = [200, 201, 301, 302]
params = variabledecode.variable_encode(params, add_repetitions=False)
token = self.token(user).api_key
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeBlog/forgeblog/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/tests/functional/test_rest.py b/ForgeBlog/forgeblog/tests/functional/test_rest.py
index 8acdd87..157b387 100644
--- a/ForgeBlog/forgeblog/tests/functional/test_rest.py
+++ b/ForgeBlog/forgeblog/tests/functional/test_rest.py
@@ -95,12 +95,10 @@ class TestBlogApi(TestRestApiBase):
assert_equal(r.status_int, 201)
url = '/rest' + BM.BlogPost.query.find().first().url()
self.api_post(url, delete='')
- r = self.api_get(url)
- assert_equal(r.status_int, 404)
+ r = self.api_get(url, status=404)
def test_post_does_not_exist(self):
- r = self.api_get('/rest/p/test/blog/2013/07/fake/')
- assert_equal(r.status_int, 404)
+ r = self.api_get('/rest/p/test/blog/2013/07/fake/', status=404)
def test_read_permissons(self):
self.api_post('/rest/p/test/blog/', title='test',
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeBlog/forgeblog/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/tests/functional/test_root.py b/ForgeBlog/forgeblog/tests/functional/test_root.py
index 500b835..22a8fa3 100644
--- a/ForgeBlog/forgeblog/tests/functional/test_root.py
+++ b/ForgeBlog/forgeblog/tests/functional/test_root.py
@@ -193,7 +193,6 @@ class Test(TestController):
def test_invalid_lookup(self):
r = self.app.get('/blog/favicon.ico', status=404)
- assert_equal(r.status_int, 404)
def test_index_bad_url_params(self):
self.app.get('/blog/?limit=blah&page=2x', status=200)
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
index 73b0a8f..38290e8 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
@@ -40,8 +40,8 @@ class TestImportController(TestRestApiBase): # TestController):
def test_no_capability(self):
with h.push_config(config, **{'oauth.can_import_forum': 'some,fake,tokens'}):
resp = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text)
- assert resp.status_int == 403
+ doc=self.json_text,
+ status=403)
with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
resp = self.api_post('/rest/p/test/discussion/perform_import',
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeGit/forgegit/tests/functional/test_controllers.py
----------------------------------------------------------------------
diff --git a/ForgeGit/forgegit/tests/functional/test_controllers.py b/ForgeGit/forgegit/tests/functional/test_controllers.py
index dc888ff..b4b6f9b 100644
--- a/ForgeGit/forgegit/tests/functional/test_controllers.py
+++ b/ForgeGit/forgegit/tests/functional/test_controllers.py
@@ -255,9 +255,7 @@ class TestRootController(_TestCase):
def test_tree_invalid(self):
ci = self._get_ci()
resp = self.app.get(ci + 'tree/foo', status=404)
- assert_equal(resp.status_int, 404)
resp = self.app.get(ci + 'tree/foo/bar', status=404)
- assert_equal(resp.status_int, 404)
def test_file(self):
ci = self._get_ci()
http://git-wip-us.apache.org/repos/asf/allura/blob/4a5d2002/ForgeWiki/forgewiki/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeWiki/forgewiki/tests/functional/test_rest.py b/ForgeWiki/forgewiki/tests/functional/test_rest.py
index 85602c7..053d2a4 100644
--- a/ForgeWiki/forgewiki/tests/functional/test_rest.py
+++ b/ForgeWiki/forgewiki/tests/functional/test_rest.py
@@ -61,8 +61,7 @@ class TestWikiApi(TestRestApiBase):
assert_equal(len(r['attachments']), 2)
def test_page_does_not_exist(self):
- r = self.api_get('/rest/p/test/wiki/fake/')
- assert_equal(r.status_int, 404)
+ r = self.api_get('/rest/p/test/wiki/fake/', status=404)
def test_update_page(self):
data = {
|