Beispiel #1
0
def test_get_user_by_name(user_factory):
    user = user_factory(name="name", email="email")
    db.session.add(user)
    db.session.flush()
    with pytest.raises(users.UserNotFoundError):
        assert users.get_user_by_name("non-existing")
    with pytest.raises(users.UserNotFoundError):
        assert users.get_user_by_name("email")
    assert users.get_user_by_name("name") is user
    assert users.get_user_by_name("NAME") is user
Beispiel #2
0
def test_get_user_by_name(user_factory):
    user = user_factory(name='name', email='email')
    db.session.add(user)
    db.session.flush()
    with pytest.raises(users.UserNotFoundError):
        assert users.get_user_by_name('non-existing')
    with pytest.raises(users.UserNotFoundError):
        assert users.get_user_by_name('email')
    assert users.get_user_by_name('name') is user
    assert users.get_user_by_name('NAME') is user
Beispiel #3
0
def test_get_user_by_name(user_factory):
    user = user_factory(name='name', email='email')
    db.session.add(user)
    db.session.flush()
    with pytest.raises(users.UserNotFoundError):
        assert users.get_user_by_name('non-existing')
    with pytest.raises(users.UserNotFoundError):
        assert users.get_user_by_name('email')
    assert users.get_user_by_name('name') is user
    assert users.get_user_by_name('NAME') is user
Beispiel #4
0
 def delete(self, ctx, user_name):
     user = users.get_user_by_name(user_name)
     infix = 'self' if ctx.user.user_id == user.user_id else 'any'
     auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
     ctx.session.delete(user)
     ctx.session.commit()
     return {}
Beispiel #5
0
 def put(self, ctx, user_name):
     user = users.get_user_by_name(user_name)
     infix = 'self' if ctx.user.user_id == user.user_id else 'any'
     if ctx.has_param('name'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
         users.update_user_name(user, ctx.get_param_as_string('name'))
     if ctx.has_param('password'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
         users.update_user_password(
             user, ctx.get_param_as_string('password'))
     if ctx.has_param('email'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:email' % infix)
         users.update_user_email(user, ctx.get_param_as_string('email'))
     if ctx.has_param('rank'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:rank' % infix)
         users.update_user_rank(
             user, ctx.get_param_as_string('rank'), ctx.user)
     if ctx.has_param('avatarStyle'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:avatar' % infix)
         users.update_user_avatar(
             user,
             ctx.get_param_as_string('avatarStyle'),
             ctx.get_file('avatar'))
     ctx.session.commit()
     return users.serialize_user_with_details(user, ctx.user)
Beispiel #6
0
def update_user(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params["user_name"])
    versions.verify_version(user, ctx)
    versions.bump_version(user)
    infix = "self" if ctx.user.user_id == user.user_id else "any"
    if ctx.has_param("name"):
        auth.verify_privilege(ctx.user, "users:edit:%s:name" % infix)
        users.update_user_name(user, ctx.get_param_as_string("name"))
    if ctx.has_param("password"):
        auth.verify_privilege(ctx.user, "users:edit:%s:pass" % infix)
        users.update_user_password(user, ctx.get_param_as_string("password"))
    if ctx.has_param("email"):
        auth.verify_privilege(ctx.user, "users:edit:%s:email" % infix)
        users.update_user_email(user, ctx.get_param_as_string("email"))
    if ctx.has_param("rank"):
        auth.verify_privilege(ctx.user, "users:edit:%s:rank" % infix)
        users.update_user_rank(user, ctx.get_param_as_string("rank"), ctx.user)
    if ctx.has_param("avatarStyle"):
        auth.verify_privilege(ctx.user, "users:edit:%s:avatar" % infix)
        users.update_user_avatar(
            user,
            ctx.get_param_as_string("avatarStyle"),
            ctx.get_file("avatar", default=b""),
        )
    ctx.session.commit()
    return _serialize(ctx, user)
def test_updating_user(test_ctx):
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_ADMINISTRATOR)
    db.session.add(user)
    result = test_ctx.api.put(
        test_ctx.context_factory(input={
            'name': 'chewie',
            'email': '*****@*****.**',
            'password': '******',
            'rank': 'moderator',
            'avatarStyle': 'gravatar',
        },
                                 user=user), 'u1')
    assert result == {
        'user': {
            'avatarStyle': 'gravatar',
            'avatarUrl': 'http://gravatar.com/avatar/' +
            '6f370c8c7109534c3d5c394123a477d7?d=retro&s=200',
            'creationTime': datetime.datetime(1997, 1, 1),
            'lastLoginTime': None,
            'email': '*****@*****.**',
            'name': 'chewie',
            'rank': 'moderator',
        }
    }
    user = users.get_user_by_name('chewie')
    assert user.name == 'chewie'
    assert user.email == '*****@*****.**'
    assert user.rank == db.User.RANK_MODERATOR
    assert user.avatar_style == user.AVATAR_GRAVATAR
    assert auth.is_valid_password(user, 'oks') is True
    assert auth.is_valid_password(user, 'invalid') is False
def test_creating_user(test_ctx, fake_datetime):
    with fake_datetime('1969-02-12'):
        result = test_ctx.api.post(
            test_ctx.context_factory(
                input={
                    'name': 'chewie1',
                    'email': '*****@*****.**',
                    'password': '******',
                },
                user=test_ctx.user_factory(rank=db.User.RANK_REGULAR)))
    assert result == {
        'user': {
            'avatarStyle': 'gravatar',
            'avatarUrl': 'http://gravatar.com/avatar/' +
            '6f370c8c7109534c3d5c394123a477d7?d=retro&s=200',
            'creationTime': datetime.datetime(1969, 2, 12),
            'lastLoginTime': None,
            'name': 'chewie1',
            'rank': 'administrator',
            'email': '*****@*****.**',
        }
    }
    user = users.get_user_by_name('chewie1')
    assert user.name == 'chewie1'
    assert user.email == '*****@*****.**'
    assert user.rank == db.User.RANK_ADMINISTRATOR
    assert auth.is_valid_password(user, 'oks') is True
    assert auth.is_valid_password(user, 'invalid') is False
Beispiel #9
0
def get_user_tokens(ctx: rest.Context,
                    params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params["user_name"])
    infix = "self" if ctx.user.user_id == user.user_id else "any"
    auth.verify_privilege(ctx.user, "user_tokens:list:%s" % infix)
    user_token_list = user_tokens.get_user_tokens(user)
    return {"results": [_serialize(ctx, token) for token in user_token_list]}
Beispiel #10
0
def update_user(ctx, params):
    user = users.get_user_by_name(params['user_name'])
    versions.verify_version(user, ctx)
    versions.bump_version(user)
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    if ctx.has_param('name'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
        users.update_user_name(user, ctx.get_param_as_string('name'))
    if ctx.has_param('password'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
        users.update_user_password(
            user, ctx.get_param_as_string('password'))
    if ctx.has_param('email'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:email' % infix)
        users.update_user_email(user, ctx.get_param_as_string('email'))
    if ctx.has_param('rank'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:rank' % infix)
        users.update_user_rank(
            user, ctx.get_param_as_string('rank'), ctx.user)
    if ctx.has_param('avatarStyle'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:avatar' % infix)
        users.update_user_avatar(
            user,
            ctx.get_param_as_string('avatarStyle'),
            ctx.get_file('avatar'))
    ctx.session.commit()
    return _serialize(ctx, user)
def test_updating_user(test_ctx):
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_ADMINISTRATOR)
    db.session.add(user)
    result = test_ctx.api.put(
        test_ctx.context_factory(
            input={
                'name': 'chewie',
                'email': '*****@*****.**',
                'password': '******',
                'rank': 'moderator',
                'avatarStyle': 'gravatar',
            },
            user=user),
        'u1')
    assert result == {
        'user': {
            'avatarStyle': 'gravatar',
            'avatarUrl': 'http://gravatar.com/avatar/' +
                '6f370c8c7109534c3d5c394123a477d7?d=retro&s=200',
            'creationTime': datetime.datetime(1997, 1, 1),
            'lastLoginTime': None,
            'email': '*****@*****.**',
            'name': 'chewie',
            'rank': 'moderator',
        }
    }
    user = users.get_user_by_name('chewie')
    assert user.name == 'chewie'
    assert user.email == '*****@*****.**'
    assert user.rank == db.User.RANK_MODERATOR
    assert user.avatar_style == user.AVATAR_GRAVATAR
    assert auth.is_valid_password(user, 'oks') is True
    assert auth.is_valid_password(user, 'invalid') is False
Beispiel #12
0
def get_user_tokens(ctx: rest.Context,
                    params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:list:%s' % infix)
    user_token_list = user_tokens.get_user_tokens(user)
    return {'results': [_serialize(ctx, token) for token in user_token_list]}
def test_creating_user(test_ctx, fake_datetime):
    with fake_datetime('1969-02-12'):
        result = test_ctx.api.post(
            test_ctx.context_factory(
                input={
                    'name': 'chewie1',
                    'email': '*****@*****.**',
                    'password': '******',
                },
                user=test_ctx.user_factory(rank=db.User.RANK_REGULAR)))
    assert result == {
        'user': {
            'avatarStyle': 'gravatar',
            'avatarUrl': 'http://gravatar.com/avatar/' +
                '6f370c8c7109534c3d5c394123a477d7?d=retro&s=200',
            'creationTime': datetime.datetime(1969, 2, 12),
            'lastLoginTime': None,
            'name': 'chewie1',
            'rank': 'administrator',
            'email': '*****@*****.**',
        }
    }
    user = users.get_user_by_name('chewie1')
    assert user.name == 'chewie1'
    assert user.email == '*****@*****.**'
    assert user.rank == db.User.RANK_ADMINISTRATOR
    assert auth.is_valid_password(user, 'oks') is True
    assert auth.is_valid_password(user, 'invalid') is False
Beispiel #14
0
    def put(self, ctx, user_name):
        user = users.get_user_by_name(user_name)
        if not user:
            raise users.UserNotFoundError('User %r not found.' % user_name)

        if ctx.user.user_id == user.user_id:
            infix = 'self'
        else:
            infix = 'any'

        if ctx.has_param('name'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
            users.update_name(user, ctx.get_param_as_string('name'), ctx.user)

        if ctx.has_param('password'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
            users.update_password(user, ctx.get_param_as_string('password'))

        if ctx.has_param('email'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:email' % infix)
            users.update_email(user, ctx.get_param_as_string('email'))

        if ctx.has_param('rank'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:rank' % infix)
            users.update_rank(user, ctx.get_param_as_string('rank'), ctx.user)

        if ctx.has_param('avatarStyle'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:avatar' % infix)
            users.update_avatar(
                user,
                ctx.get_param_as_string('avatarStyle'),
                ctx.get_file('avatar'))

        ctx.session.commit()
        return {'user': _serialize_user(ctx.user, user)}
Beispiel #15
0
 def delete(self, ctx, user_name):
     user = users.get_user_by_name(user_name)
     infix = 'self' if ctx.user.user_id == user.user_id else 'any'
     auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
     ctx.session.delete(user)
     ctx.session.commit()
     return {}
 def _authenticate(self, username, password):
     ''' Try to authenticate user. Throw AuthError for invalid users. '''
     user = users.get_user_by_name(username)
     if not user:
         raise errors.AuthError('No such user.')
     if not auth.is_valid_password(user, password):
         raise errors.AuthError('Invalid password.')
     return user
Beispiel #17
0
def _authenticate_token(username: str,
                        token: str) -> Tuple[model.User, model.UserToken]:
    ''' Try to authenticate user. Throw AuthError for invalid users. '''
    user = users.get_user_by_name(username)
    user_token = user_tokens.get_by_user_and_token(user, token)
    if not auth.is_valid_token(user_token):
        raise errors.AuthError('잘못된 토큰입니다.')
    return user, user_token
Beispiel #18
0
def _authenticate_token(
        username: str, token: str) -> Tuple[model.User, model.UserToken]:
    ''' Try to authenticate user. Throw AuthError for invalid users. '''
    user = users.get_user_by_name(username)
    user_token = user_tokens.get_by_user_and_token(user, token)
    if not auth.is_valid_token(user_token):
        raise errors.AuthError('Invalid token.')
    return user, user_token
Beispiel #19
0
 def _authenticate(self, username, password):
     ''' Try to authenticate user. Throw AuthError for invalid users. '''
     user = users.get_user_by_name(username)
     if not user:
         raise errors.AuthError('No such user.')
     if not auth.is_valid_password(user, password):
         raise errors.AuthError('Invalid password.')
     return user
Beispiel #20
0
def delete_user(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    versions.verify_version(user, ctx)
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
    ctx.session.delete(user)
    ctx.session.commit()
    return {}
Beispiel #21
0
def delete_user(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    versions.verify_version(user, ctx)
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
    ctx.session.delete(user)
    ctx.session.commit()
    return {}
Beispiel #22
0
def delete_user(ctx, params):
    user = users.get_user_by_name(params['user_name'])
    versions.verify_version(user, ctx)
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
    ctx.session.delete(user)
    ctx.session.commit()
    return {}
Beispiel #23
0
def get_user_tokens(
        ctx: rest.Context, params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:list:%s' % infix)
    user_token_list = user_tokens.get_user_tokens(user)
    return {
        'results': [_serialize(ctx, token) for token in user_token_list]
    }
Beispiel #24
0
def delete_user_token(ctx: rest.Context, params: Dict[str,
                                                      str]) -> rest.Response:
    user = users.get_user_by_name(params["user_name"])
    infix = "self" if ctx.user.user_id == user.user_id else "any"
    auth.verify_privilege(ctx.user, "user_tokens:delete:%s" % infix)
    user_token = user_tokens.get_by_user_and_token(user, params["user_token"])
    if user_token is not None:
        ctx.session.delete(user_token)
        ctx.session.commit()
    return {}
Beispiel #25
0
def delete_user_token(
        ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:delete:%s' % infix)
    user_token = user_tokens.get_by_user_and_token(user, params['user_token'])
    if user_token is not None:
        ctx.session.delete(user_token)
        ctx.session.commit()
    return {}
def test_uploading_avatar(test_ctx, tmpdir):
    config.config['data_dir'] = str(tmpdir.mkdir('data'))
    config.config['data_url'] = 'http://example.com/data/'
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_MODERATOR)
    db.session.add(user)
    response = test_ctx.api.put(
        test_ctx.context_factory(input={'avatarStyle': 'manual'},
                                 files={'avatar': EMPTY_PIXEL},
                                 user=user), 'u1')
    user = users.get_user_by_name('u1')
    assert user.avatar_style == user.AVATAR_MANUAL
    assert response['user']['avatarUrl'] == \
        'http://example.com/data/avatars/u1.png'
def test_first_user_becomes_admin_others_not(test_ctx):
    result1 = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie1',
                'email': '*****@*****.**',
                'password': '******',
            },
            user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)))
    result2 = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie2',
                'email': '*****@*****.**',
                'password': '******',
            },
            user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)))
    assert result1['user']['rank'] == 'administrator'
    assert result2['user']['rank'] == 'regular'
    first_user = users.get_user_by_name('chewie1')
    other_user = users.get_user_by_name('chewie2')
    assert first_user.rank == db.User.RANK_ADMINISTRATOR
    assert other_user.rank == db.User.RANK_REGULAR
Beispiel #28
0
    def delete(self, ctx, user_name):
        user = users.get_user_by_name(user_name)
        if not user:
            raise users.UserNotFoundError('User %r not found.' % user_name)

        if ctx.user.user_id == user.user_id:
            infix = 'self'
        else:
            infix = 'any'

        auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
        ctx.session.delete(user)
        ctx.session.commit()
        return {}
def test_first_user_becomes_admin_others_not(test_ctx):
    result1 = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie1',
                'email': '*****@*****.**',
                'password': '******',
            },
            user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)))
    result2 = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie2',
                'email': '*****@*****.**',
                'password': '******',
            },
            user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)))
    assert result1['user']['rank'] == 'administrator'
    assert result2['user']['rank'] == 'regular'
    first_user = users.get_user_by_name('chewie1')
    other_user = users.get_user_by_name('chewie2')
    assert first_user.rank == db.User.RANK_ADMINISTRATOR
    assert other_user.rank == db.User.RANK_REGULAR
def test_uploading_avatar(test_ctx, tmpdir):
    config.config['data_dir'] = str(tmpdir.mkdir('data'))
    config.config['data_url'] = 'http://example.com/data/'
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_MODERATOR)
    db.session.add(user)
    response = test_ctx.api.put(
        test_ctx.context_factory(
            input={'avatarStyle': 'manual'},
            files={'avatar': EMPTY_PIXEL},
            user=user),
        'u1')
    user = users.get_user_by_name('u1')
    assert user.avatar_style == user.AVATAR_MANUAL
    assert response['user']['avatarUrl'] == \
        'http://example.com/data/avatars/u1.png'
Beispiel #31
0
def create_user_token(
        ctx: rest.Context, params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:create:%s' % infix)
    enabled = ctx.get_param_as_bool('enabled', True)
    user_token = user_tokens.create_user_token(user, enabled)
    if ctx.has_param('note'):
        note = ctx.get_param_as_string('note')
        user_tokens.update_user_token_note(user_token, note)
    if ctx.has_param('expirationTime'):
        expiration_time = ctx.get_param_as_string('expirationTime')
        user_tokens.update_user_token_expiration_time(
            user_token, expiration_time)
    ctx.session.add(user_token)
    ctx.session.commit()
    return _serialize(ctx, user_token)
Beispiel #32
0
def create_user_token(ctx: rest.Context,
                      params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:create:%s' % infix)
    enabled = ctx.get_param_as_bool('enabled', True)
    user_token = user_tokens.create_user_token(user, enabled)
    if ctx.has_param('note'):
        note = ctx.get_param_as_string('note')
        user_tokens.update_user_token_note(user_token, note)
    if ctx.has_param('expirationTime'):
        expiration_time = ctx.get_param_as_string('expirationTime')
        user_tokens.update_user_token_expiration_time(user_token,
                                                      expiration_time)
    ctx.session.add(user_token)
    ctx.session.commit()
    return _serialize(ctx, user_token)
def test_uploading_avatar(test_ctx, tmpdir):
    config.config['data_dir'] = str(tmpdir.mkdir('data'))
    config.config['data_url'] = 'http://example.com/data/'
    response = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie',
                'email': '*****@*****.**',
                'password': '******',
                'avatarStyle': 'manual',
            },
            files={'avatar': EMPTY_PIXEL},
            user=test_ctx.user_factory(rank=db.User.RANK_MODERATOR)))
    user = users.get_user_by_name('chewie')
    assert user.avatar_style == user.AVATAR_MANUAL
    assert response['user']['avatarUrl'] == \
        'http://example.com/data/avatars/chewie.png'
Beispiel #34
0
def create_user_token(ctx: rest.Context,
                      params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params["user_name"])
    infix = "self" if ctx.user.user_id == user.user_id else "any"
    auth.verify_privilege(ctx.user, "user_tokens:create:%s" % infix)
    enabled = ctx.get_param_as_bool("enabled", True)
    user_token = user_tokens.create_user_token(user, enabled)
    if ctx.has_param("note"):
        note = ctx.get_param_as_string("note")
        user_tokens.update_user_token_note(user_token, note)
    if ctx.has_param("expirationTime"):
        expiration_time = ctx.get_param_as_string("expirationTime")
        user_tokens.update_user_token_expiration_time(user_token,
                                                      expiration_time)
    ctx.session.add(user_token)
    ctx.session.commit()
    return _serialize(ctx, user_token)
def test_uploading_avatar(test_ctx, tmpdir):
    config.config['data_dir'] = str(tmpdir.mkdir('data'))
    config.config['data_url'] = 'http://example.com/data/'
    response = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie',
                'email': '*****@*****.**',
                'password': '******',
                'avatarStyle': 'manual',
            },
            files={'avatar': EMPTY_PIXEL},
            user=test_ctx.user_factory(rank=db.User.RANK_MODERATOR)))
    user = users.get_user_by_name('chewie')
    assert user.avatar_style == user.AVATAR_MANUAL
    assert response['user']['avatarUrl'] == \
        'http://example.com/data/avatars/chewie.png'
Beispiel #36
0
def update_user(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    versions.verify_version(user, ctx)
    versions.bump_version(user)
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    if ctx.has_param('name'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
        users.update_user_name(user, ctx.get_param_as_string('name'))
    if ctx.has_param('password'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
        users.update_user_password(user, ctx.get_param_as_string('password'))
    if ctx.has_param('email'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:email' % infix)
        users.update_user_email(user, ctx.get_param_as_string('email'))
    if ctx.has_param('rank'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:rank' % infix)
        users.update_user_rank(user, ctx.get_param_as_string('rank'), ctx.user)
    if ctx.has_param('avatarStyle'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:avatar' % infix)
        users.update_user_avatar(user, ctx.get_param_as_string('avatarStyle'),
                                 ctx.get_file('avatar', default=b''))
    ctx.session.commit()
    return _serialize(ctx, user)
Beispiel #37
0
def update_user_token(ctx: rest.Context,
                      params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
    user_token = user_tokens.get_by_user_and_token(user, params['user_token'])
    versions.verify_version(user_token, ctx)
    versions.bump_version(user_token)
    if ctx.has_param('enabled'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        user_tokens.update_user_token_enabled(user_token,
                                              ctx.get_param_as_bool('enabled'))
    if ctx.has_param('note'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        note = ctx.get_param_as_string('note')
        user_tokens.update_user_token_note(user_token, note)
    if ctx.has_param('expirationTime'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        expiration_time = ctx.get_param_as_string('expirationTime')
        user_tokens.update_user_token_expiration_time(user_token,
                                                      expiration_time)
    user_tokens.update_user_token_edit_time(user_token)
    ctx.session.commit()
    return _serialize(ctx, user_token)
Beispiel #38
0
 def put(self, ctx, user_name):
     user = users.get_user_by_name(user_name)
     infix = 'self' if ctx.user.user_id == user.user_id else 'any'
     if ctx.has_param('name'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
         users.update_user_name(user, ctx.get_param_as_string('name'))
     if ctx.has_param('password'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
         users.update_user_password(user,
                                    ctx.get_param_as_string('password'))
     if ctx.has_param('email'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:email' % infix)
         users.update_user_email(user, ctx.get_param_as_string('email'))
     if ctx.has_param('rank'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:rank' % infix)
         users.update_user_rank(user, ctx.get_param_as_string('rank'),
                                ctx.user)
     if ctx.has_param('avatarStyle'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:avatar' % infix)
         users.update_user_avatar(user,
                                  ctx.get_param_as_string('avatarStyle'),
                                  ctx.get_file('avatar'))
     ctx.session.commit()
     return users.serialize_user_with_details(user, ctx.user)
Beispiel #39
0
def update_user_token(
        ctx: rest.Context, params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
    user_token = user_tokens.get_by_user_and_token(user, params['user_token'])
    versions.verify_version(user_token, ctx)
    versions.bump_version(user_token)
    if ctx.has_param('enabled'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        user_tokens.update_user_token_enabled(
            user_token, ctx.get_param_as_bool('enabled'))
    if ctx.has_param('note'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        note = ctx.get_param_as_string('note')
        user_tokens.update_user_token_note(user_token, note)
    if ctx.has_param('expirationTime'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        expiration_time = ctx.get_param_as_string('expirationTime')
        user_tokens.update_user_token_expiration_time(
            user_token, expiration_time)
    user_tokens.update_user_token_edit_time(user_token)
    ctx.session.commit()
    return _serialize(ctx, user_token)
Beispiel #40
0
def update_user_token(ctx: rest.Context,
                      params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params["user_name"])
    infix = "self" if ctx.user.user_id == user.user_id else "any"
    auth.verify_privilege(ctx.user, "user_tokens:edit:%s" % infix)
    user_token = user_tokens.get_by_user_and_token(user, params["user_token"])
    versions.verify_version(user_token, ctx)
    versions.bump_version(user_token)
    if ctx.has_param("enabled"):
        auth.verify_privilege(ctx.user, "user_tokens:edit:%s" % infix)
        user_tokens.update_user_token_enabled(user_token,
                                              ctx.get_param_as_bool("enabled"))
    if ctx.has_param("note"):
        auth.verify_privilege(ctx.user, "user_tokens:edit:%s" % infix)
        note = ctx.get_param_as_string("note")
        user_tokens.update_user_token_note(user_token, note)
    if ctx.has_param("expirationTime"):
        auth.verify_privilege(ctx.user, "user_tokens:edit:%s" % infix)
        expiration_time = ctx.get_param_as_string("expirationTime")
        user_tokens.update_user_token_expiration_time(user_token,
                                                      expiration_time)
    user_tokens.update_user_token_edit_time(user_token)
    ctx.session.commit()
    return _serialize(ctx, user_token)
Beispiel #41
0
def get_user(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    if ctx.user.user_id != user.user_id:
        auth.verify_privilege(ctx.user, 'users:view')
    return _serialize(ctx, user)
Beispiel #42
0
def _authenticate(username: str, password: str) -> model.User:
    ''' Try to authenticate user. Throw AuthError for invalid users. '''
    user = users.get_user_by_name(username)
    if not auth.is_valid_password(user, password):
        raise errors.AuthError('Invalid password.')
    return user
Beispiel #43
0
 def get(self, ctx, user_name):
     auth.verify_privilege(ctx.user, 'users:view')
     user = users.get_user_by_name(user_name)
     return users.serialize_user_with_details(user, ctx.user)
Beispiel #44
0
 def get(self, ctx, user_name):
     auth.verify_privilege(ctx.user, 'users:view')
     user = users.get_user_by_name(user_name)
     return users.serialize_user_with_details(user, ctx.user)
Beispiel #45
0
def _authenticate_basic_auth(username: str, password: str) -> model.User:
    """ Try to authenticate user. Throw AuthError for invalid users. """
    user = users.get_user_by_name(username)
    if not auth.is_valid_password(user, password):
        raise errors.AuthError("Invalid password.")
    return user
Beispiel #46
0
 def get(self, ctx, user_name):
     auth.verify_privilege(ctx.user, 'users:view')
     user = users.get_user_by_name(user_name)
     if not user:
         raise users.UserNotFoundError('User %r not found.' % user_name)
     return {'user': _serialize_user(ctx.user, user)}
Beispiel #47
0
def _authenticate_basic_auth(username: str, password: str) -> model.User:
    ''' Try to authenticate user. Throw AuthError for invalid users. '''
    user = users.get_user_by_name(username)
    if not auth.is_valid_password(user, password):
        raise errors.AuthError('Invalid password.')
    return user
def test_removing_email(test_ctx):
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_ADMINISTRATOR)
    db.session.add(user)
    test_ctx.api.put(test_ctx.context_factory(input={'email': ''}, user=user),
                     'u1')
    assert users.get_user_by_name('u1').email is None
Beispiel #49
0
def get_user(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    if ctx.user.user_id != user.user_id:
        auth.verify_privilege(ctx.user, 'users:view')
    return _serialize(ctx, user)
def test_removing_email(test_ctx):
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_ADMINISTRATOR)
    db.session.add(user)
    test_ctx.api.put(
        test_ctx.context_factory(input={'email': ''}, user=user), 'u1')
    assert users.get_user_by_name('u1').email is None
Beispiel #51
0
def get_user(ctx, params):
    user = users.get_user_by_name(params['user_name'])
    if ctx.user.user_id != user.user_id:
        auth.verify_privilege(ctx.user, 'users:view')
    return _serialize(ctx, user)