Merge pull request #1165 from deis/554-client-version

feat(client): check client version against the server

Author: Matthew Fisher

client/deis.py

@@ -362,18 +362,25 @@ def __init__(self):
         self._session = Session()
         self._settings = Settings()
 
-    def _dispatch(self, method, path, body=None,
-                  headers={'content-type': 'application/json'}, **kwargs):
+    def _dispatch(self, method, path, body=None, **kwargs):
         """
         Dispatch an API request to the active Deis controller
         """
+        headers = {
+            'content-type': 'application/json',
+            'X-Deis-Version': __version__.rsplit('.', 1)[0],
+        }
         func = getattr(self._session, method.lower())
         controller = self._settings['controller']
         if not controller:
             raise EnvironmentError(
                 'No active controller. Use `deis login` or `deis register` to get started.')
         url = urlparse.urljoin(controller, path, **kwargs)
         response = func(url, data=body, headers=headers)
+        # check for errors
+        if response.json().get('error') is not None:
+            print(response.json()['error'])
+            sys.exit(1)
         return response
 
     def apps(self, args):
@@ -1605,7 +1612,7 @@ def main():
     call the appropriate method on the client.
     """
     cli = DeisClient()
-    args = docopt(__doc__, version='Deis CLI {}'.format(__version__),
+    args = docopt(__doc__, version=__version__,
                   options_first=True)
     cmd = args['<command>']
     cmd, help_flag = parse_args(cmd)

controller/api/middleware.py

@@ -0,0 +1,28 @@
+import json
+
+from django.http import HttpResponse
+from rest_framework import status
+
+from deis import __version__
+
+
+class VersionMiddleware:
+
+    def process_request(self, request):
+        try:
+            # server and client version must match "x.y"
+            client_version = request.META['HTTP_X_DEIS_VERSION']
+            server_version = __version__.rsplit('.', 1)[0]
+            if client_version != server_version:
+                message = {
+                    'error': 'Client and server versions do not match.\n' +
+                    'Client version: {}\n'.format(client_version) +
+                    'Server version: {}'.format(server_version)
+                }
+                return HttpResponse(
+                    json.dumps(message),
+                    content_type='application/json',
+                    status=status.HTTP_405_METHOD_NOT_ALLOWED
+                )
+        except KeyError:
+            pass

controller/api/tests/__init__.py

@@ -41,6 +41,7 @@ def run_tests(self, test_labels, extra_tests=None, **kwargs):
             test_labels, extra_tests, **kwargs)
 
 
+from .test_api_middleware import *  # noqa
 from .test_app import *  # noqa
 from .test_auth import *  # noqa
 from .test_build import *  # noqa

controller/api/tests/test_api_middleware.py

@@ -0,0 +1,48 @@
+"""
+Unit tests for the Deis api app.
+
+Run the tests with "./manage.py test api"
+"""
+from __future__ import unicode_literals
+
+from django.test import TestCase
+
+from deis import __version__
+
+
+class APIMiddlewareTest(TestCase):
+
+    """Tests middleware.py's business logic"""
+
+    fixtures = ['tests.json']
+
+    def setUp(self):
+        self.assertTrue(
+            self.client.login(username='autotest', password='password'))
+
+    def test_x_deis_version_header_good(self):
+        """
+        Test that when the version header is sent, the request is accepted.
+        """
+        response = self.client.get(
+            '/api/apps',
+            HTTP_X_DEIS_VERSION=__version__.rsplit('.', 1)[0]
+        )
+        self.assertEqual(response.status_code, 200)
+
+    def test_x_deis_version_header_bad(self):
+        """
+        Test that when an improper version header is sent, the request is declined.
+        """
+        response = self.client.get(
+            '/api/apps',
+            HTTP_X_DEIS_VERSION='1234.5678'
+        )
+        self.assertEqual(response.status_code, 405)
+
+    def test_x_deis_version_header_not_present(self):
+        """
+        Test that when the version header is not present, the request is accepted.
+        """
+        response = self.client.get('/api/apps')
+        self.assertEqual(response.status_code, 200)

controller/deis/settings.py

@@ -108,6 +108,7 @@
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
+    'api.middleware.VersionMiddleware',
     # Uncomment the next line for simple clickjacking protection:
     # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 )