Home Explore Help
Sign In
SMusatov
/
sentry
mirror of https://github.com/getsentry/sentry
1
0
Fork 0
Files
Browse Source

test(auth): Improve rotate secret tests (#53198)

Ensures we return a 403 if someone tries to rotate the secret for an
`ApiApplication` they don't own, and also gives a better name to the
unauthenticated test.
Eric Hasegawa 1 year ago
parent
4378a55641
commit
fe437c6d37
1 changed files with 13 additions and 1 deletions
Split View Show Diff Stats
  1. 13 1
      tests/sentry/api/endpoints/test_api_application_rotate_secrets.py

+ 13 - 1
tests/sentry/api/endpoints/test_api_application_rotate_secrets.py
View File 

@@ -11,10 +11,22 @@ class ApiApplicationRotateSecretTest(APITestCase):
 
         self.app = ApiApplication.objects.create(owner=self.user, name="a")
 
         self.path = reverse("sentry-api-0-api-application-rotate-secret", args=[self.app.client_id])
 
 
-    def test_unauthorized_call(self):
 
+    def test_unauthenticated_call(self):
 
         response = self.client.post(self.path)
 
         assert response.status_code == 403
 
 
+    def test_non_owner_call(self):
 
+        """
 
+        Tests that an authenticated user cannot rotate the secret for an ApiApplication they don't own.
 
+        """
 
+        self.login_as(self.user)
 
+        other_user = self.create_user()
 
+        other_app = ApiApplication.objects.create(owner=other_user, name="b")
 
+        response = self.client.post(
 
+            reverse("sentry-api-0-api-application-rotate-secret", args=[other_app.client_id])
 
+        )
 
+        assert response.status_code == 404
 
+
 
     def test_invalid_app_id(self):
 
         self.login_as(self.user)
 
         path_with_invalid_id = reverse("sentry-api-0-api-application-rotate-secret", args=["abc"])