Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

22.07 #141

Merged
merged 17 commits into from
Jul 14, 2022
Merged

22.07 #141

merged 17 commits into from
Jul 14, 2022

Conversation

HadleyKing
Copy link
Collaborator

No description provided.

HadleyKing and others added 17 commits May 26, 2022 12:19
@HadleyKing
Add bulk validation endpoint
a1a9f18 
	modified:   api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   api/urls.py
	renamed:    api/validation_definitions/IEEE/IEEE2791-2020.schema -> api/validation_definitions/IEEE/2791object.json
	modified:   api/views.py
@HadleyKing
Completed Bulk BCO validation
e91ac51 
	modified:   bco_api/api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   bco_api/api/views.py
@HadleyKing
Validator (#123)
4e05014 
* Add bulk validation endpoint
	modified:   api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   api/urls.py
	renamed:    api/validation_definitions/IEEE/IEEE2791-2020.schema -> api/validation_definitions/IEEE/2791object.json
	modified:   api/views.py

* Completed Bulk BCO validation
	modified:   bco_api/api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   bco_api/api/views.py

* Update configs for debug testing

Changes to be committed:
	modified:   api/urls.py
	modified:   bco_api/settings.py
	modified:   server.conf
@HadleyKing @syntheticgio
104 unit testing for api (#125)
53c5b0b 
* prefix and prefix table tests

* WIP: run at testing the API via the Client library; so far not working although its not explicitly failing the unit tests

* WIP: Added in initial tet for group post API; needs asserts still.

* WIP: Group API Calls, being implemented; currently the delete test doesn't have appropriate permissions, but test is implemented

* WIP: Fixed permission, but issue with missing bulk param.

* Changed delete in groups slightly; test now works; added additional error handling in groups.py

* fix so doesn't pass as string (pass as dict)

* changes for testing

Co-authored-by: John Torcivia <[email protected]>
Co-authored-by: John Torcivia <[email protected]>
@HadleyKing
Linting with [BLACK](https://github.com/psf/black)
dabe291 
Changes to be committed:
	modified:   apitests.py
	modified:   apitests_new.py
	modified:   bco_api/api/apps.py
	modified:   bco_api/api/migrations/0001_initial.py
	modified:   bco_api/api/migrations/0002_auto_20220124_2356.py
	modified:   bco_api/api/migrations/0003_rename_meta_table_prefix_table.py
	modified:   bco_api/api/migrations/0004_rename_group_info_groupinfo.py
	modified:   bco_api/api/migrations/0005_rename_prefixes_prefix.py
	modified:   bco_api/api/model/groups.py
	modified:   bco_api/api/model/prefix.py
	modified:   bco_api/api/models.py
	modified:   bco_api/api/permissions.py
	modified:   bco_api/api/scripts/method_specific/GET_activate_account.py
	modified:   bco_api/api/scripts/method_specific/GET_draft_object_by_id.py
	modified:   bco_api/api/scripts/method_specific/GET_published_object_by_id.py
	modified:   bco_api/api/scripts/method_specific/GET_published_object_by_id_with_version.py
	modified:   bco_api/api/scripts/method_specific/GET_retrieve_available_schema.py
	modified:   bco_api/api/scripts/method_specific/POST_api_accounts_describe.py
	modified:   bco_api/api/scripts/method_specific/POST_api_accounts_new.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_create.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_delete.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_modify.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_permissions.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_permissions_set.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_publish.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_read.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_token.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_publish.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_published.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_search.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_token.py
	modified:   bco_api/api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   bco_api/api/scripts/utilities/DbUtils.py
	modified:   bco_api/api/scripts/utilities/FileUtils.py
	modified:   bco_api/api/scripts/utilities/JsonUtils.py
	modified:   bco_api/api/scripts/utilities/RequestUtils.py
	modified:   bco_api/api/scripts/utilities/ResponseUtils.py
	modified:   bco_api/api/scripts/utilities/SettingsUtils.py
	modified:   bco_api/api/scripts/utilities/UserUtils.py
	modified:   bco_api/api/serializers.py
	modified:   bco_api/api/signals.py
	modified:   bco_api/api/tests/test_forms.py
	modified:   bco_api/api/tests/test_group_post_api.py
	modified:   bco_api/api/tests/test_model_bco.py
	modified:   bco_api/api/tests/test_model_groups.py
	modified:   bco_api/api/tests/test_model_new_user.py
	modified:   bco_api/api/tests/test_model_prefix.py
	modified:   bco_api/api/tests/test_prefix_post_api.py
	modified:   bco_api/api/tests/test_views.py
	modified:   bco_api/api/tests_automated.py
	modified:   bco_api/api/urls.py
	modified:   bco_api/api/views.py
	modified:   bco_api/bco_api/asgi.py
	modified:   bco_api/bco_api/settings.py
	modified:   bco_api/bco_api/urls.py
	modified:   bco_api/bco_api/wsgi.py
	modified:   bco_api/manage.py
@HadleyKing
Fixes for unit tests
e120a4b 
Update user utils and unit test to fix failing tests
Changes to be committed:
	modified:   api/model/prefix.py
	modified:   api/scripts/utilities/UserUtils.py
	modified:   api/tests/test_group_post_api.py
	modified:   api/tests/test_prefix_post_api.py
@HadleyKing
update tests
4b7e7da 
Changes to be committed:
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_create.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_publish.py
	modified:   bco_api/api/tests/test_group_post_api.py
@HadleyKing
Added a 207 response
42abcf5 
207 response means invalid object in payload, 200 means all valid.
Changes to be committed:
	modified:   bco_api/api/scripts/method_specific/POST_validate_payload_against_schema.py
@HadleyKing
Update prefix publishing messaging
d1f43bf 
Changes to be committed:
	modified:   admin_only/db.sqlite3.dev
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_publish.py
	modified:   bco_api/api/scripts/utilities/DbUtils.py
@HadleyKing
Fix #131
779722b 
update search parameters for prefix permissions.
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_create.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_search.py
@HadleyKing
Unit test updates
8a3e02a 
Changes to be committed:
	modified:   api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   api/scripts/utilities/UserUtils.py
	modified:   api/tests/test_bcos.json
	modified:   api/tests/test_model_groups.py
	deleted:    api/tests/test_model_new_user.py
	modified:   api/tests/test_model_prefix.py
	new file:   api/tests/test_model_user.py
	modified:   api/views.py
@HadleyKing
Update to debugging db
ab106cc 
Changes to be committed:
	modified:   ../admin_only/db.sqlite3.dev
@HadleyKing
merge (#136) (#137)
a5d6597 
* Enabled the direct publish API endpoint
Changes to be committed:
	modified:   admin_only/db.sqlite3.dev
	modified:   bco_api/api/model/prefix.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_publish.py
	modified:   bco_api/api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   bco_api/api/scripts/utilities/DbUtils.py
	modified:   bco_api/api/scripts/utilities/UserUtils.py
	modified:   bco_api/api/views.py
	modified:   requirements.txt

* Publish direct (#135)

* Enabled the direct publish API endpoint
Changes to be committed:
	modified:   admin_only/db.sqlite3.dev
	modified:   bco_api/api/model/prefix.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_publish.py
	modified:   bco_api/api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   bco_api/api/scripts/utilities/DbUtils.py
	modified:   bco_api/api/scripts/utilities/UserUtils.py
	modified:   bco_api/api/views.py
	modified:   requirements.txt

* Enable DRAFT direct publish

enabled the use of a predetermined object_id for the draft
Changes to be committed:
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_create.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_publish.py

* Fix user_name in prefix.py
Changes to be committed:
	modified:   api/model/prefix.py

* Fix name at prefix.py, line 346
Changes to be committed:
	modified:   api/model/prefix.py
@HadleyKing
Testing and Black linting
61d37b9 
Changes to be committed:
	modified:   api/scripts/method_specific/POST_api_objects_search.py
	modified:   api/tests/test_prefix_post_api.py
@HadleyKing
Abstract validation and added to publish call
4057e90 
Changes to be committed:
	modified:   api/model/prefix.py
	modified:   api/scripts/method_specific/POST_api_objects_drafts_create.py
	modified:   api/scripts/method_specific/POST_api_objects_publish.py
	modified:   api/scripts/method_specific/POST_validate_payload_against_schema.py
	modified:   api/scripts/utilities/JsonUtils.py
	modified:   api/views.py
@HadleyKing
Cleaning Utils code
9ff6cd0 
Changes to be committed:
	modified:   api/scripts/utilities/DbUtils.py
	modified:   api/scripts/utilities/UserUtils.py
@HadleyKing
Merge branch 'main' into 22.07
9026ad5
@HadleyKing HadleyKing merged commit 0701ad9 into main Jul 14, 2022
@HadleyKing HadleyKing deleted the 22.07 branch July 14, 2022 13:07
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 14, 2022
View reviewed changes
bco_api/api/scripts/method_specific/POST_api_objects_drafts_create.py
any_failed = True

if any_failed:
return Response(status=status.HTTP_207_MULTI_STATUS, data=returning)

return Response(status = status.HTTP_200_OK, data = returning)
return Response(status=status.HTTP_200_OK, data=returning)

Check warning

Code scanning / CodeQL

Reflected server-side cross-site scripting

Cross-site scripting vulnerability due to [a user-provided value](1). Cross-site scripting vulnerability due to [a user-provided value](2). Cross-site scripting vulnerability due to [a user-provided value](3). Cross-site scripting vulnerability due to [a user-provided value](4). Cross-site scripting vulnerability due to [a user-provided value](5). Cross-site scripting vulnerability due to [a user-provided value](6). Cross-site scripting vulnerability due to [a user-provided value](7). Cross-site scripting vulnerability due to [a user-provided value](8). Cross-site scripting vulnerability due to [a user-provided value](9). Cross-site scripting vulnerability due to [a user-provided value](10). Cross-site scripting vulnerability due to [a user-provided value](11). Cross-site scripting vulnerability due to [a user-provided value](12). Cross-site scripting vulnerability due to [a user-provided value](13). Cross-site scripting vulnerability due to [a user-provided value](14). Cross-site scripting vulnerability due to [a user-provided value](15). Cross-site scripting vulnerability due to [a user-provided value](16). Cross-site scripting vulnerability due to [a user-provided value](17). Cross-site scripting vulnerability due to [a user-provided value](18).
bco_api/api/scripts/method_specific/POST_api_objects_drafts_modify.py
return Response(status=status.HTTP_403_FORBIDDEN, data=returning)
else:
return Response(status=status.HTTP_300_MULTIPLE_CHOICES, data=returning)
if any_failed and len(returning) > 1:
return Response(status=status.HTTP_300_MULTIPLE_CHOICES, data=returning)
else:
return Response(status = status.HTTP_200_OK, data = returning)
return Response(status=status.HTTP_200_OK, data=returning)

Check warning

Code scanning / CodeQL

Reflected server-side cross-site scripting

Cross-site scripting vulnerability due to [a user-provided value](1). Cross-site scripting vulnerability due to [a user-provided value](2). Cross-site scripting vulnerability due to [a user-provided value](3). Cross-site scripting vulnerability due to [a user-provided value](4). Cross-site scripting vulnerability due to [a user-provided value](5). Cross-site scripting vulnerability due to [a user-provided value](6). Cross-site scripting vulnerability due to [a user-provided value](7). Cross-site scripting vulnerability due to [a user-provided value](8). Cross-site scripting vulnerability due to [a user-provided value](9). Cross-site scripting vulnerability due to [a user-provided value](10). Cross-site scripting vulnerability due to [a user-provided value](11). Cross-site scripting vulnerability due to [a user-provided value](12). Cross-site scripting vulnerability due to [a user-provided value](13). Cross-site scripting vulnerability due to [a user-provided value](14). Cross-site scripting vulnerability due to [a user-provided value](15). Cross-site scripting vulnerability due to [a user-provided value](16). Cross-site scripting vulnerability due to [a user-provided value](17). Cross-site scripting vulnerability due to [a user-provided value](18). Cross-site scripting vulnerability due to [a user-provided value](1). Cross-site scripting vulnerability due to [a user-provided value](2). Cross-site scripting vulnerability due to [a user-provided value](3). Cross-site scripting vulnerability due to [a user-provided value](4). Cross-site scripting vulnerability due to [a user-provided value](5). Cross-site scripting vulnerability due to [a user-provided value](6). Cross-site scripting vulnerability due to [a user-provided value](7). Cross-site scripting vulnerability due to [a user-provided value](8). Cross-site scripting vulnerability due to [a user-provided value](9). Cross-site scripting vulnerability due to [a user-provided value](10). Cross-site scripting vulnerability due to [a user-provided value](11). Cross-site scripting vulnerability due to [a user-provided value](12). Cross-site scripting vulnerability due to [a user-provided value](13). Cross-site scripting vulnerability due to [a user-provided value](14). Cross-site scripting vulnerability due to [a user-provided value](15). Cross-site scripting vulnerability due to [a user-provided value](16). Cross-site scripting vulnerability due to [a user-provided value](17). Cross-site scripting vulnerability due to [a user-provided value](18).
bco_api/api/scripts/method_specific/POST_api_objects_drafts_read.py
status=status.HTTP_200_OK,
data=returning
)
return Response(status=status.HTTP_300_MULTIPLE_CHOICES, data=returning)

Check warning

Code scanning / CodeQL

Reflected server-side cross-site scripting

Cross-site scripting vulnerability due to [a user-provided value](1). Cross-site scripting vulnerability due to [a user-provided value](2). Cross-site scripting vulnerability due to [a user-provided value](3). Cross-site scripting vulnerability due to [a user-provided value](4). Cross-site scripting vulnerability due to [a user-provided value](5). Cross-site scripting vulnerability due to [a user-provided value](6). Cross-site scripting vulnerability due to [a user-provided value](7). Cross-site scripting vulnerability due to [a user-provided value](8). Cross-site scripting vulnerability due to [a user-provided value](9). Cross-site scripting vulnerability due to [a user-provided value](10). Cross-site scripting vulnerability due to [a user-provided value](11). Cross-site scripting vulnerability due to [a user-provided value](12). Cross-site scripting vulnerability due to [a user-provided value](13). Cross-site scripting vulnerability due to [a user-provided value](14). Cross-site scripting vulnerability due to [a user-provided value](15). Cross-site scripting vulnerability due to [a user-provided value](16). Cross-site scripting vulnerability due to [a user-provided value](17). Cross-site scripting vulnerability due to [a user-provided value](18).
bco_api/api/scripts/method_specific/POST_api_objects_drafts_read.py
data=returning
)
return Response(status=status.HTTP_300_MULTIPLE_CHOICES, data=returning)
return Response(status=status.HTTP_200_OK, data=returning)

Check warning

Code scanning / CodeQL

Reflected server-side cross-site scripting

Cross-site scripting vulnerability due to [a user-provided value](1). Cross-site scripting vulnerability due to [a user-provided value](2). Cross-site scripting vulnerability due to [a user-provided value](3). Cross-site scripting vulnerability due to [a user-provided value](4). Cross-site scripting vulnerability due to [a user-provided value](5). Cross-site scripting vulnerability due to [a user-provided value](6). Cross-site scripting vulnerability due to [a user-provided value](7). Cross-site scripting vulnerability due to [a user-provided value](8). Cross-site scripting vulnerability due to [a user-provided value](9). Cross-site scripting vulnerability due to [a user-provided value](10). Cross-site scripting vulnerability due to [a user-provided value](11). Cross-site scripting vulnerability due to [a user-provided value](12). Cross-site scripting vulnerability due to [a user-provided value](13). Cross-site scripting vulnerability due to [a user-provided value](14). Cross-site scripting vulnerability due to [a user-provided value](15). Cross-site scripting vulnerability due to [a user-provided value](16). Cross-site scripting vulnerability due to [a user-provided value](17). Cross-site scripting vulnerability due to [a user-provided value](18).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@HadleyKing