Beispiel #1
0
def test_get_user_by_name(user_factory):
    user = user_factory(name='name', email='email')
    db.session.add(user)
    db.session.flush()
    with pytest.raises(users.UserNotFoundError):
        assert users.get_user_by_name('non-existing')
    with pytest.raises(users.UserNotFoundError):
        assert users.get_user_by_name('email')
    assert users.get_user_by_name('name') is user
    assert users.get_user_by_name('NAME') is user
def test_creating_user(test_ctx, fake_datetime):
    with fake_datetime('1969-02-12'):
        result = test_ctx.api.post(
            test_ctx.context_factory(
                input={
                    'name': 'chewie1',
                    'email': '*****@*****.**',
                    'password': '******',
                },
                user=test_ctx.user_factory(rank=db.User.RANK_REGULAR)))
    assert result == {
        'user': {
            'avatarStyle': 'gravatar',
            'avatarUrl': 'http://gravatar.com/avatar/' +
                '6f370c8c7109534c3d5c394123a477d7?d=retro&s=200',
            'creationTime': datetime.datetime(1969, 2, 12),
            'lastLoginTime': None,
            'name': 'chewie1',
            'rank': 'administrator',
            'email': '*****@*****.**',
        }
    }
    user = users.get_user_by_name('chewie1')
    assert user.name == 'chewie1'
    assert user.email == '*****@*****.**'
    assert user.rank == db.User.RANK_ADMINISTRATOR
    assert auth.is_valid_password(user, 'oks') is True
    assert auth.is_valid_password(user, 'invalid') is False
Beispiel #3
0
 def delete(self, ctx, user_name):
     user = users.get_user_by_name(user_name)
     infix = 'self' if ctx.user.user_id == user.user_id else 'any'
     auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
     ctx.session.delete(user)
     ctx.session.commit()
     return {}
Beispiel #4
0
 def put(self, ctx, user_name):
     user = users.get_user_by_name(user_name)
     infix = 'self' if ctx.user.user_id == user.user_id else 'any'
     if ctx.has_param('name'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
         users.update_user_name(user, ctx.get_param_as_string('name'))
     if ctx.has_param('password'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
         users.update_user_password(
             user, ctx.get_param_as_string('password'))
     if ctx.has_param('email'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:email' % infix)
         users.update_user_email(user, ctx.get_param_as_string('email'))
     if ctx.has_param('rank'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:rank' % infix)
         users.update_user_rank(
             user, ctx.get_param_as_string('rank'), ctx.user)
     if ctx.has_param('avatarStyle'):
         auth.verify_privilege(ctx.user, 'users:edit:%s:avatar' % infix)
         users.update_user_avatar(
             user,
             ctx.get_param_as_string('avatarStyle'),
             ctx.get_file('avatar'))
     ctx.session.commit()
     return users.serialize_user_with_details(user, ctx.user)
Beispiel #5
0
def update_user(ctx, params):
    user = users.get_user_by_name(params['user_name'])
    versions.verify_version(user, ctx)
    versions.bump_version(user)
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    if ctx.has_param('name'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
        users.update_user_name(user, ctx.get_param_as_string('name'))
    if ctx.has_param('password'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
        users.update_user_password(
            user, ctx.get_param_as_string('password'))
    if ctx.has_param('email'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:email' % infix)
        users.update_user_email(user, ctx.get_param_as_string('email'))
    if ctx.has_param('rank'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:rank' % infix)
        users.update_user_rank(
            user, ctx.get_param_as_string('rank'), ctx.user)
    if ctx.has_param('avatarStyle'):
        auth.verify_privilege(ctx.user, 'users:edit:%s:avatar' % infix)
        users.update_user_avatar(
            user,
            ctx.get_param_as_string('avatarStyle'),
            ctx.get_file('avatar'))
    ctx.session.commit()
    return _serialize(ctx, user)
Beispiel #6
0
    def put(self, ctx, user_name):
        user = users.get_user_by_name(user_name)
        if not user:
            raise users.UserNotFoundError('User %r not found.' % user_name)

        if ctx.user.user_id == user.user_id:
            infix = 'self'
        else:
            infix = 'any'

        if ctx.has_param('name'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
            users.update_name(user, ctx.get_param_as_string('name'), ctx.user)

        if ctx.has_param('password'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
            users.update_password(user, ctx.get_param_as_string('password'))

        if ctx.has_param('email'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:email' % infix)
            users.update_email(user, ctx.get_param_as_string('email'))

        if ctx.has_param('rank'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:rank' % infix)
            users.update_rank(user, ctx.get_param_as_string('rank'), ctx.user)

        if ctx.has_param('avatarStyle'):
            auth.verify_privilege(ctx.user, 'users:edit:%s:avatar' % infix)
            users.update_avatar(
                user,
                ctx.get_param_as_string('avatarStyle'),
                ctx.get_file('avatar'))

        ctx.session.commit()
        return {'user': _serialize_user(ctx.user, user)}
def test_updating_user(test_ctx):
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_ADMINISTRATOR)
    db.session.add(user)
    result = test_ctx.api.put(
        test_ctx.context_factory(
            input={
                'name': 'chewie',
                'email': '*****@*****.**',
                'password': '******',
                'rank': 'moderator',
                'avatarStyle': 'gravatar',
            },
            user=user),
        'u1')
    assert result == {
        'user': {
            'avatarStyle': 'gravatar',
            'avatarUrl': 'http://gravatar.com/avatar/' +
                '6f370c8c7109534c3d5c394123a477d7?d=retro&s=200',
            'creationTime': datetime.datetime(1997, 1, 1),
            'lastLoginTime': None,
            'email': '*****@*****.**',
            'name': 'chewie',
            'rank': 'moderator',
        }
    }
    user = users.get_user_by_name('chewie')
    assert user.name == 'chewie'
    assert user.email == '*****@*****.**'
    assert user.rank == db.User.RANK_MODERATOR
    assert user.avatar_style == user.AVATAR_GRAVATAR
    assert auth.is_valid_password(user, 'oks') is True
    assert auth.is_valid_password(user, 'invalid') is False
 def _authenticate(self, username, password):
     ''' Try to authenticate user. Throw AuthError for invalid users. '''
     user = users.get_user_by_name(username)
     if not user:
         raise errors.AuthError('No such user.')
     if not auth.is_valid_password(user, password):
         raise errors.AuthError('Invalid password.')
     return user
Beispiel #9
0
def delete_user(ctx, params):
    user = users.get_user_by_name(params['user_name'])
    versions.verify_version(user, ctx)
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
    ctx.session.delete(user)
    ctx.session.commit()
    return {}
Beispiel #10
0
def delete_user(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    versions.verify_version(user, ctx)
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
    ctx.session.delete(user)
    ctx.session.commit()
    return {}
Beispiel #11
0
def _authenticate_token(
        username: str, token: str) -> Tuple[model.User, model.UserToken]:
    ''' Try to authenticate user. Throw AuthError for invalid users. '''
    user = users.get_user_by_name(username)
    user_token = user_tokens.get_by_user_and_token(user, token)
    if not auth.is_valid_token(user_token):
        raise errors.AuthError('Invalid token.')
    return user, user_token
Beispiel #12
0
def get_user_tokens(
        ctx: rest.Context, params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:list:%s' % infix)
    user_token_list = user_tokens.get_user_tokens(user)
    return {
        'results': [_serialize(ctx, token) for token in user_token_list]
    }
Beispiel #13
0
def delete_user_token(
        ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:delete:%s' % infix)
    user_token = user_tokens.get_by_user_and_token(user, params['user_token'])
    if user_token is not None:
        ctx.session.delete(user_token)
        ctx.session.commit()
    return {}
def test_first_user_becomes_admin_others_not(test_ctx):
    result1 = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie1',
                'email': '*****@*****.**',
                'password': '******',
            },
            user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)))
    result2 = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie2',
                'email': '*****@*****.**',
                'password': '******',
            },
            user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)))
    assert result1['user']['rank'] == 'administrator'
    assert result2['user']['rank'] == 'regular'
    first_user = users.get_user_by_name('chewie1')
    other_user = users.get_user_by_name('chewie2')
    assert first_user.rank == db.User.RANK_ADMINISTRATOR
    assert other_user.rank == db.User.RANK_REGULAR
Beispiel #15
0
    def delete(self, ctx, user_name):
        user = users.get_user_by_name(user_name)
        if not user:
            raise users.UserNotFoundError('User %r not found.' % user_name)

        if ctx.user.user_id == user.user_id:
            infix = 'self'
        else:
            infix = 'any'

        auth.verify_privilege(ctx.user, 'users:delete:%s' % infix)
        ctx.session.delete(user)
        ctx.session.commit()
        return {}
def test_uploading_avatar(test_ctx, tmpdir):
    config.config['data_dir'] = str(tmpdir.mkdir('data'))
    config.config['data_url'] = 'http://example.com/data/'
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_MODERATOR)
    db.session.add(user)
    response = test_ctx.api.put(
        test_ctx.context_factory(
            input={'avatarStyle': 'manual'},
            files={'avatar': EMPTY_PIXEL},
            user=user),
        'u1')
    user = users.get_user_by_name('u1')
    assert user.avatar_style == user.AVATAR_MANUAL
    assert response['user']['avatarUrl'] == \
        'http://example.com/data/avatars/u1.png'
Beispiel #17
0
def create_user_token(
        ctx: rest.Context, params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:create:%s' % infix)
    enabled = ctx.get_param_as_bool('enabled', True)
    user_token = user_tokens.create_user_token(user, enabled)
    if ctx.has_param('note'):
        note = ctx.get_param_as_string('note')
        user_tokens.update_user_token_note(user_token, note)
    if ctx.has_param('expirationTime'):
        expiration_time = ctx.get_param_as_string('expirationTime')
        user_tokens.update_user_token_expiration_time(
            user_token, expiration_time)
    ctx.session.add(user_token)
    ctx.session.commit()
    return _serialize(ctx, user_token)
def test_uploading_avatar(test_ctx, tmpdir):
    config.config['data_dir'] = str(tmpdir.mkdir('data'))
    config.config['data_url'] = 'http://example.com/data/'
    response = test_ctx.api.post(
        test_ctx.context_factory(
            input={
                'name': 'chewie',
                'email': '*****@*****.**',
                'password': '******',
                'avatarStyle': 'manual',
            },
            files={'avatar': EMPTY_PIXEL},
            user=test_ctx.user_factory(rank=db.User.RANK_MODERATOR)))
    user = users.get_user_by_name('chewie')
    assert user.avatar_style == user.AVATAR_MANUAL
    assert response['user']['avatarUrl'] == \
        'http://example.com/data/avatars/chewie.png'
Beispiel #19
0
def update_user_token(
        ctx: rest.Context, params: Dict[str, str] = {}) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    infix = 'self' if ctx.user.user_id == user.user_id else 'any'
    auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
    user_token = user_tokens.get_by_user_and_token(user, params['user_token'])
    versions.verify_version(user_token, ctx)
    versions.bump_version(user_token)
    if ctx.has_param('enabled'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        user_tokens.update_user_token_enabled(
            user_token, ctx.get_param_as_bool('enabled'))
    if ctx.has_param('note'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        note = ctx.get_param_as_string('note')
        user_tokens.update_user_token_note(user_token, note)
    if ctx.has_param('expirationTime'):
        auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix)
        expiration_time = ctx.get_param_as_string('expirationTime')
        user_tokens.update_user_token_expiration_time(
            user_token, expiration_time)
    user_tokens.update_user_token_edit_time(user_token)
    ctx.session.commit()
    return _serialize(ctx, user_token)
Beispiel #20
0
def get_user(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
    user = users.get_user_by_name(params['user_name'])
    if ctx.user.user_id != user.user_id:
        auth.verify_privilege(ctx.user, 'users:view')
    return _serialize(ctx, user)
Beispiel #21
0
 def get(self, ctx, user_name):
     auth.verify_privilege(ctx.user, 'users:view')
     user = users.get_user_by_name(user_name)
     return users.serialize_user_with_details(user, ctx.user)
Beispiel #22
0
def get_user(ctx, params):
    user = users.get_user_by_name(params['user_name'])
    if ctx.user.user_id != user.user_id:
        auth.verify_privilege(ctx.user, 'users:view')
    return _serialize(ctx, user)
Beispiel #23
0
 def get(self, ctx, user_name):
     auth.verify_privilege(ctx.user, 'users:view')
     user = users.get_user_by_name(user_name)
     if not user:
         raise users.UserNotFoundError('User %r not found.' % user_name)
     return {'user': _serialize_user(ctx.user, user)}
Beispiel #24
0
def _authenticate_basic_auth(username: str, password: str) -> model.User:
    ''' Try to authenticate user. Throw AuthError for invalid users. '''
    user = users.get_user_by_name(username)
    if not auth.is_valid_password(user, password):
        raise errors.AuthError('Invalid password.')
    return user
def test_removing_email(test_ctx):
    user = test_ctx.user_factory(name='u1', rank=db.User.RANK_ADMINISTRATOR)
    db.session.add(user)
    test_ctx.api.put(
        test_ctx.context_factory(input={'email': ''}, user=user), 'u1')
    assert users.get_user_by_name('u1').email is None