def test2_ok_users(self):
application.connect_db()
for user in test_normal_users:
response = yield self.post_user(user)
#
# 'user_was_created' is the anchor,
# that is rendered special for testing in
# case of successfull user creation,
# @sa users_management.html file.
#
self.assertIn('user_was_created', response)
logger.info('ok - permit normal users')
def test2_insert_reports(self):
application.connect_db()
tx = yield application.begin()
user = test_users[-1]
logged = yield self.login_user(user['email'], user['password'])
self.assertEqual(logged['name'], user['name'])
for path, dirs_list, files_list in os.walk('../test_reports'):
for f_name in files_list:
if not '.xl' in f_name:
continue
file_path = os.path.join(path, f_name)
yield self.post_file(logged, file_path)
def test4_delete_user(self):
application.connect_db()
logged = yield self.get_logged()
client = self.get_client()
headers = logged['headers']
user = test_normal_users[0]
tx = yield application.begin()
id = yield get_user_by_email(tx, [
'id',
], user['email'])
id = id['id']
url = '{}?id={}&action=delete'\
.format(self.get_url('/users_management'), id)
response = yield client.fetch(url, headers=headers, method='GET')
body = response.body.decode('utf-8')
self.assertIn('user_was_deleted', body)
self.assertNotIn(user['email'], body)
yield tx.commit()
logger.info('ok - user was deleted')
#
# Recreate the deleted user.
#
yield self.post_user(user)
def test1_create_users(self):
application.connect_db()
tx = yield application.begin()
yield prepare_tests(tx, sc.db_name, sc.test_db_name)
#
# Insert users to testing and ensure the
# correctness of the insert.
#
for user in test_users:
passwd = user['password']
salt, pass_hash = sc.generate_password_hash(passwd)
yield insert_user(tx, user['email'], pass_hash, salt, user['name'],
user['rights'])
for i, user in enumerate(test_users):
cols = ['id', 'email', 'name', 'rights']
db_user = yield get_user_by_email(tx, cols, user['email'])
self.assertEqual(db_user['id'], i + 1)
self.assertEqual(db_user['email'], user['email'])
self.assertEqual(db_user['name'], user['name'])
self.assertEqual(db_user['rights'], user['rights'])
tx.commit()
def test5_edit_user(self):
application.connect_db()
logged = yield self.get_logged()
client = self.get_client()
headers = logged['headers']
user = test_normal_users[0]
self.assertEqual(user['name'], 'John Doe 1')
self.assertEqual(user['email'], '*****@*****.**')
post = dict(user)
#
# Edit email
#
tx = yield application.begin()
id = yield get_user_by_email(tx, [
'id',
], user['email'])
yield tx.commit()
id = id['id']
post['email'] = '*****@*****.**'
post['action'] = 'edit'
post['id'] = id
post['password'] = ''
post['password-repeat'] = ''
body = urllib.parse.urlencode(post)
response = yield client.fetch(self.get_url('/users_management'),
headers=headers,
method='POST',
body=body)
body = response.body.decode('utf-8')
self.assertIn('user_was_edited', body)
self.assertIn(post['email'], body)
logger.info("ok - user's email is edited")
user['email'] = post['email']
#
# Change email to the existing email. Also we try
# to change the password, but is must not happen,
# since the duplicate error occures.
#
self.assertGreaterEqual(len(test_normal_users), 1)
another_user = test_normal_users[1]
post['email'] = another_user['email']
post['password'] = '******'
post['password-repeat'] = 'new_password'
body = urllib.parse.urlencode(post)
response = yield client.fetch(self.get_url('/users_management'),
headers=headers,
method='POST',
body=body)
body = response.body.decode('utf-8')
self.assertNotIn('user_was_edited', body)
self.assertIn(ERR_INSERT, body)
#
# The user still can login with the old password.
#
response = yield self.login_user(user['email'], user['password'])
self.assertNotIn('error', response)
self.assertIn('headers', response)
logger.info("ok - it is forbidden to choose the existing email"\
" during an user editing")
#
# Send the old password as edited.
#
post = dict(user)
post['action'] = 'edit'
post['id'] = id
body = urllib.parse.urlencode(post)
response = yield client.fetch(self.get_url('/users_management'),
headers=headers,
method='POST',
body=body)
body = response.body.decode('utf-8')
self.assertIn('user_was_edited', body)
self.assertIn(post['email'], body)
#
# The user still can login.
#
response = yield self.login_user(user['email'], user['password'])
self.assertNotIn('error', response)
self.assertIn('headers', response)
logger.info('ok - an user can keep the old password')
#
# Try to set incorrect passwords.
#
post['password'] = '' # password-repeat remains.
body = urllib.parse.urlencode(post)
response = yield client.fetch(self.get_url('/users_management'),
headers=headers,
method='POST',
body=body)
body = response.body.decode('utf-8')
self.assertNotIn('user_was_edited', body)
self.assertIn(ERR_PASSWORD_ABSENSE, body)
post['password'] = '******' # too short password.
post['password-repeat'] = '123'
body = urllib.parse.urlencode(post)
response = yield client.fetch(self.get_url('/users_management'),
headers=headers,
method='POST',
body=body)
body = response.body.decode('utf-8')
self.assertNotIn('user_was_edited', body)
self.assertIn(ERR_PASSWORD_LENGTH, body)
# Password differs from password-repeat.
post['password'] = '******'
post['password-repeat'] = '1234567'
body = urllib.parse.urlencode(post)
response = yield client.fetch(self.get_url('/users_management'),
headers=headers,
method='POST',
body=body)
body = response.body.decode('utf-8')
self.assertNotIn('user_was_edited', body)
self.assertIn(ERR_PASSWORD_MATCH, body)
logger.info('ok - new password can not be invalid')
#
# Edit the current user.
#
post = {}
post['email'] = logged['email']
post['action'] = 'edit'
post['id'] = logged['id']
post['see_reports'] = 'on'
post['upload_reports'] = 'on'
post['delete_reports'] = 'on'
post['see_users'] = 'on'
post['edit_users'] = 'on'
self.assertNotEqual('Great Admin', logged['name'])
post['name'] = 'Great Admin'
body = urllib.parse.urlencode(post)
response = yield client.fetch(self.get_url('/users_management'),
headers=headers,
method='POST',
body=body)
body = response.body.decode('utf-8')
self.assertIn('user_was_edited', body)
self.assertIn('Вы вошли как <b>%s</b>' % post['name'], body)
logger.info('ok - edit the current user')
def test3_test_users_show(self):
application.connect_db()
#
# First, we test the users management page under
# the admin account.
#
logged = yield self.get_logged()
client = self.get_client()
headers = logged['headers']
response = yield client.fetch(self.get_url('/users_management'),
headers=headers,
method='GET')
body = response.body.decode('utf-8')
#
# The user with right on users edit must see the
# following labels on the page.
#
self.assertIn('Управление пользователями', body)
self.assertNotIn('user_was_created', body)
self.assertNotIn('user_was_deleted', body)
self.assertNotIn('user_was_edited', body)
self.assertIn('Добавить пользователя', body)
self.assertIn('modal fade user-modal-window', body)
self.assertIn('Вперед <span aria-hidden="true">→</span>', body)
self.assertNotIn('<span aria-hidden="true">←</span> Назад', body)
logger.info('ok - header of users page, if the current user '\
'can edit')
# Check that on the page the correct list of users
# is showed.
#
all_inserted = list(test_normal_users)
all_inserted.extend(test_users)
self.assertEqual(len(all_inserted), 12)
key = lambda x: (not x['name'], x['name'], x['email'])
all_inserted = sorted(all_inserted, key=key)
for i, user in enumerate(all_inserted):
if i >= USERS_ON_PAGE:
break
self.assertIn('<td>%s</td>' % user['email'], body)
logger.info('ok - first page of users list')
#
# Try to get the second page.
#
url = '%s?page=2' % self.get_url('/users_management')
response = yield client.fetch(url, headers=headers, method='GET')
body = response.body.decode('utf-8')
self.assertNotIn('Вперед <span aria-hidden="true">→</span>', body)
self.assertIn('<span aria-hidden="true">←</span> Назад', body)
for i, user in enumerate(all_inserted):
if i < USERS_ON_PAGE:
continue
if i >= USERS_ON_PAGE * 2:
break
self.assertIn('<td>%s</td>' % user['email'], body)
logger.info('ok - second page of users list')
#
# Get incorrect page.
#
url = self.get_url('/users_management')
urls = ['%s?page=-1' % url, '%s?page=abc' % url, '%s?page=1000' % url]
for url in urls:
response = yield client.fetch(url, headers=headers, method='GET')
body = response.body.decode('utf-8')
self.assertIn(ERR_PAGE_NUMBER, body)
logger.info('ok - incorrect page numbers')
#
# Make incorrect action.
#
url = self.get_url('/users_management')
urls = [
'%s?action=del' % url,
'%s?action=create' % url,
'%s?action=edit' % url,
'%s?action=^' % url,
'%s?action=123' % url
]
for url in urls:
response = yield client.fetch(url, headers=headers, method='GET')
body = response.body.decode('utf-8')
self.assertIn(ERR_ACTION, body)
logger.info('ok - incorrect actions')
def test1_error_users(self):
application.connect_db()
for user in test_error_users:
response = yield self.post_user(user)
self.assertIn(user['error'], response)
logger.info('ok - reject invalid users')
idle = secret_conf.db_idle_seconds
conn_timeout = secret_conf.db_connection_timeout
db_name = secret_conf.db_name
if args.test:
db_name = secret_conf.test_db_name
application.connect_db_args = {
'max_connections': max_conn,
'idle_seconds': idle,
'wait_connection_timeout': conn_timeout,
'host': secret_conf.db_host,
'user': secret_conf.db_user,
'passwd': secret_conf.db_passwd,
'db': db_name,
'charset': secret_conf.db_charset
}
application.connect_db()
application.handlers_list = [
(r'/', MainHandler), (r'/upload', UploadHandler),
(r'/show_table', ShowHandler), (r'/login', LoginHandler),
(r'/logout', LogoutHandler), (r'/drop_report', DropHandler),
(r'/water_consum', WaterConsumHandler),
(r'/year_plot', YearPlotHandler),
(r'/get_year_parameter', GetYearParameterHandler),
(r'/temperature', TemperatureHandler),
(r'/get_month_parameter', GetMonthParameterHandler),
(r'/users_management', UsersManagementHandler)
]
application.template_path = 'templates/'
application.static_path = 'static/'
application.login_url = '/login'
logger.setLevel(logging.DEBUG)