require ToS for api (bug 777114)

2012-08-14 11:08:15 -07:00 · 2012-08-14 11:08:15 -07:00 · 9ad966ae8c
--- a/docs/topics/api.rst
+++ b/docs/topics/api.rst
@ -30,6 +30,13 @@ For more information on creating an OAuth token, contact the `marketplace
 team`_, letting them know which Marketplace user account you would like to use
 for authentication. Changing this later will give problems accessing old data.

+The user account that is used **must** accept the Terms of Service for the
+marketplace by logging into the Marketplace, viewing the terms and accepting
+them.
+
+TODO: add in URL once https://bugzilla.mozilla.org/show_bug.cgi?id=772295 is
+done.
+
 Once you've got your token, you will need to ensure that the OAuth token is
 sent correctly in each request.

--- a/mkt/api/authentication.py
+++ b/mkt/api/authentication.py
@ -80,6 +80,13 @@ class MarketplaceAuthentication(Authentication):
            return False

        ACLMiddleware().process_request(request)
+
+        # Do not allow access without agreeing to the dev agreement.
+        if not request.amo_user.read_dev_agreement:
+            log.info(u'Attempt to use API without dev agreement: %s'
+                     % request.amo_user.pk)
+            return False
+
        # Do not allow any user with any roles to use the API.
        # Just in case.
        if request.amo_user.groups.all():
--- a/mkt/api/tests/test_handlers.py
+++ b/mkt/api/tests/test_handlers.py
@ -164,6 +164,13 @@ class TestAppCreateHandler(CreateHandler, AMOPaths):
        self.create_app()
        self._allowed_verbs(self.get_url, ['get', 'put'])

+    def test_not_accepted_tos(self):
+        self.user.update(read_dev_agreement=False)
+        obj = self.create()
+        res = self.client.post(self.list_url,
+                               data=json.dumps({'manifest': obj.uuid}))
+        eq_(res.status_code, 401)
+
    def test_not_valid(self):
        obj = self.create()
        obj.update(valid=False)
--- a/mkt/api/tests/test_oauth.py
+++ b/mkt/api/tests/test_oauth.py
@ -123,6 +123,7 @@ class BaseOAuth(TestCase):

    def setUp(self):
        self.user = User.objects.get(pk=2519)
+        self.user.get_profile().update(read_dev_agreement=True)

        for status in ('accepted', 'pending', 'canceled', ):
            c = Consumer(name='a', status=status, user=self.user)
@ -171,6 +172,10 @@ class TestBaseOAuth(BaseOAuth):
    def test_accepted(self):
        eq_(self.client.get(self.url).status_code, 200)

+    def test_no_agreement(self):
+        self.user.get_profile().update(read_dev_agreement=False)
+        eq_(self.client.get(self.url).status_code, 401)
+
    def test_cancelled(self):
        self.client = OAuthClient(self.canceled_consumer)
        eq_(self.client.get(self.url).status_code, 401)