From 81d8b84adfb77c0b3c5edc02dc6d4ae9971e3fe1 Mon Sep 17 00:00:00 2001 From: Leonard Techel Date: Sat, 5 Feb 2022 20:28:23 +0100 Subject: [PATCH] fix(backend): Allow unauthorized requests to the Game Manifest API --- backend/dpt_app/trails/api.py | 3 +-- backend/dpt_app/trails/tests.py | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/backend/dpt_app/trails/api.py b/backend/dpt_app/trails/api.py index 8523f3a..1dab7d3 100644 --- a/backend/dpt_app/trails/api.py +++ b/backend/dpt_app/trails/api.py @@ -138,7 +138,7 @@ def inner(request: HttpRequest, *args, **kwargs): request.player = request.game.player.get(bearer=bearer) return func(request, *args, **kwargs) - except Player.DoesNotExist: + except (KeyError, Player.DoesNotExist): raise PlayerNotAuthorized() return inner @@ -159,7 +159,6 @@ def serialize_game(game: Game): @api.get("games/{str:gameId}", response=GameSchema, url_name="gameManifest") @wrap_get_game -@wrap_get_player def get_game(request: HttpRequest, gameId: str): return serialize_game(request.game) diff --git a/backend/dpt_app/trails/tests.py b/backend/dpt_app/trails/tests.py index e437507..2af1cbc 100644 --- a/backend/dpt_app/trails/tests.py +++ b/backend/dpt_app/trails/tests.py @@ -217,6 +217,24 @@ def test_game_clock_duration_when_value_zero(self): self.assertEqual(self.param.value_at(duration_when_zero), 0) +class GameApiTest(GameTestCase): + def test_get(self): + url = reverse("api-1.0.0:gameManifest", args=(self.game.slug,)) + res = self.client.get(url) + + self.assertEqual(res.status_code, 200) + self.assertEqual(res.json(), { + "data": { + "type": "game", + "id": self.game.slug, + "attributes": { + "hasMessages": self.game.hasMessages, + "hasUserParameterScope": self.game.hasUserParameterScope + } + } + }) + + class PlayerApiTest(GameTestCase): def test_put(self): bearer = "Bearer test54321"