Merge c0abc7b into 20f956f

pybossa/api/task_run.py

@@ -23,6 +23,7 @@
 
 """
 import json
+import time
 from flask import request, Response, current_app
 from flask.ext.login import current_user
 from pybossa.model.task_run import TaskRun
@@ -105,10 +106,10 @@ def _file_upload(self, data):
                     data[key] = json.loads(request.form[key])
                 else:
                     data[key] = request.form[key]
-
             # inst = self._create_instance_from_request(data)
             data = self.hateoas.remove_links(data)
             inst = self.__class__(**data)
+            self._add_user_info(inst)
             is_authorized(current_user, 'create', inst)
             upload_method = current_app.config.get('UPLOAD_METHOD')
             if request.files.get('file') is None:
@@ -118,6 +119,8 @@ def _file_upload(self, data):
                 container = "user_%s" % current_user.id
             else:
                 container = "anonymous"
+            if _file.filename == 'blob' or _file.filename is None:
+                _file.filename = "%s.png" % time.time()
             uploader.upload_file(_file,
                                  container=container)
             avatar_absolute = current_app.config.get('AVATAR_ABSOLUTE')

pybossa/auth/taskrun.py

@@ -48,6 +48,7 @@ def _create(self, user, taskrun):
             user_id=taskrun.user_id,
             user_ip=taskrun.user_ip,
             external_uid=taskrun.external_uid) <= 0
+
         if not authorized:
             raise abort(403)
         return authorized

setup.py

@@ -69,7 +69,7 @@
 
 setup(
     name = 'pybossa',
-    version = '2.10.0',
+    version = '2.10.1',
     packages = find_packages(),
     install_requires = requirements,
     # only needed when installing directly from setup.py (PyPi, eggs?) and pointing to e.g. a git repo.

test/test_api/test_taskrun_api.py

@@ -1203,26 +1203,6 @@ def test_taskrun_post_file(self):
         res = self.app.delete(url)
         assert_equal(res.status, '204 NO CONTENT', res.data)
 
-        # With no info data
-        img = (io.BytesIO(b'test'), 'test_file.jpg')
-
-        payload = dict(project_id=project.id,
-                       task_id=task.id,
-                       file=img)
-
-        res = self.app.get('/api/project/%s/newtask?api_key=%s' % (project.id,
-                                                                   user.api_key))
-        url = '/api/taskrun?api_key=%s' % user.api_key
-        res = self.app.post(url, data=payload,
-                            content_type="multipart/form-data")
-        data = json.loads(res.data)
-        assert res.status_code == 200, data
-        fname = '%s/%s/%s' % (self.flask_app.config['UPLOAD_FOLDER'],
-                              data['info']['container'],
-                              data['info']['file_name'])
-        assert os.path.isfile(fname) is True, fname
-        assert data['info']['container'] == 'user_%s' % user.id, data
-
         # wrong project_id
         img = (io.BytesIO(b'test'), 'test_file.jpg')
 
@@ -1336,32 +1316,113 @@ def test_taskrun_post_file_anon(self):
         data = json.loads(res.data)
         assert res.status_code == 403, data
 
-        # Wrong attribute
+
+        # reserved key 
         img = (io.BytesIO(b'test'), 'test_file.jpg')
 
+        payload = dict(project_id=project.id,
+                       file=img)
+
+
+    @with_context
+    def test_taskrun_post_no_filename(self):
+        """Test API TASKRUN post file without a name."""
+        # Succeeds after requesting a task
+        admin, owner, user = UserFactory.create_batch(3)
+        project = ProjectFactory.create(owner=owner)
+        project2 = ProjectFactory.create(owner=user)
+        task = TaskFactory.create(project=project)
+
+        img = (io.BytesIO(b'test'), 'blob')
+
         payload = dict(project_id=project.id,
                        task_id=task.id,
                        info=json.dumps(dict(foo="bar")),
-                       wrong=img)
+                       file=img)
 
+        res = self.app.get('/api/project/%s/newtask' % project.id)
         url = '/api/taskrun'
         res = self.app.post(url, data=payload,
                             content_type="multipart/form-data")
         data = json.loads(res.data)
-        assert res.status_code == 415, data
+        assert res.status_code == 200, data
+        fname = '%s/%s/%s' % (self.flask_app.config['UPLOAD_FOLDER'],
+                              data['info']['container'],
+                              data['info']['file_name'])
+        assert os.path.isfile(fname) is True, fname
+        assert data['info']['container'] == 'anonymous', data
+        assert 'blob' not in data['media_url']
 
-        # reserved key 
+    @with_context
+    def test_taskrun_post_no_info(self):
+        """Test API TASKRUN post file without info."""
+        # Succeeds after requesting a task
+        admin, owner, user = UserFactory.create_batch(3)
+        project = ProjectFactory.create(owner=owner)
+        project2 = ProjectFactory.create(owner=user)
+        task = TaskFactory.create(project=project)
+
+        # With no info data
         img = (io.BytesIO(b'test'), 'test_file.jpg')
 
         payload = dict(project_id=project.id,
+                       task_id=task.id,
                        file=img)
 
+        res = self.app.get('/api/project/%s/newtask?api_key=%s' % (project.id,
+                                                                   user.api_key))
+        url = '/api/taskrun?api_key=%s' % user.api_key
+        res = self.app.post(url, data=payload,
+                            content_type="multipart/form-data")
+        data = json.loads(res.data)
+        assert res.status_code == 200, data
+        fname = '%s/%s/%s' % (self.flask_app.config['UPLOAD_FOLDER'],
+                              data['info']['container'],
+                              data['info']['file_name'])
+        assert os.path.isfile(fname) is True, fname
+        assert data['info']['container'] == 'user_%s' % user.id, data
+
+    @with_context
+    def test_taskrun_post_anon_no_info(self):
+        """Test API TASKRUN post file without info."""
+        # Succeeds after requesting a task
+        admin, owner, user = UserFactory.create_batch(3)
+        project = ProjectFactory.create(owner=owner)
+        project2 = ProjectFactory.create(owner=user)
+        task = TaskFactory.create(project=project)
+
+        # Wrong attribute
+        img = (io.BytesIO(b'test'), 'test_file.jpg')
+
+        payload = dict(project_id=project.id,
+                       task_id=task.id,
+                       info=json.dumps(dict(foo="bar")),
+                       wrong=img)
+
+        url = '/api/taskrun'
+        res = self.app.post(url, data=payload,
+                            content_type="multipart/form-data")
+        data = json.loads(res.data)
+        assert res.status_code == 415, data
+
+    @with_context
+    def test_taskrun_post_anon_reserved(self):
+        """Test API TASKRUN post file reserved keys in payload."""
+        # Succeeds after requesting a task
+        admin, owner, user = UserFactory.create_batch(3)
+        project = ProjectFactory.create(owner=owner)
+        project2 = ProjectFactory.create(owner=user)
+        task = TaskFactory.create(project=project)
+
+        img = (io.BytesIO(b'test'), 'test_file.jpg')
+
         payload = dict(project_id=project.id,
                        task_id=task.id,
                        info=json.dumps(dict(foo="bar")),
                        file=img,
                        id=3)
 
+
         url = '/api/taskrun'
         res = self.app.post(url, data=payload,
                             content_type="multipart/form-data")