def test_deauth_valid_token_body(self):
resp_auth = helpers.server_post("/auth", {"username":"******", "password":"******"})
value = resp_auth.read()
auth_hash = json.loads(value)
resp = helpers.server_post("/deauth", auth_hash)
if helpers.apache_mode():
self.assertEqual(resp.read(), '')
else:
self.assertEqual(resp.read(), '{"deleted": "True"}')
def test_post_sets_own_password_and_name():
old_password = "******"
new_password = '******'
old_first = "Blue"
old_last = "Shirt"
params = {"username":"******",
"password":old_password,
"new_password":new_password,
"new_first_name":'new_first',
"new_last_name":'new_last',
}
r,data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
first = u.first_name
last = u.last_name
u.set_password(old_password)
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert first == 'new_first'
assert last == 'new_last'
def test_email_change_request():
""" Test that change requests via POST at /user/ are handled correclty. """
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
params = {"username":"******",
"password":"******",
"new_email":new_email,
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, data
user = User(username)
assert user.email == old_email
ps = test_helpers.last_email()
toaddr = ps.toaddr
assert toaddr == new_email
vars = ps.template_vars
first_name = user.first_name
assert first_name == vars['name']
template = ps.template_name
assert template == 'change_email'
pe = PendingEmail(username)
assert pe.in_db
assert pe.new_email == new_email
def test_post_teacher_own_student():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
def test_post_by_blueshirt(self):
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_post(
"/send-password-reset/student_coll1_1", params)
self.assertEqual(202, r.status, data)
user = User('student_coll1_1')
ps = test_helpers.last_email()
toaddr = ps.toaddr
self.assertEqual(user.email, toaddr)
vars = ps.template_vars
self.assertEqual(user.first_name, vars['name'], "Wrong first name")
self.assertEqual('Blue Shirt', vars['requestor_name'],
"Wrong requestor name")
template = ps.template_name
self.assertEqual('password_reset', template, "Wrong email template")
test_helpers.assert_load_template(template, vars)
ppr = PendingPasswordReset('student_coll1_1')
self.assertTrue(ppr.in_db,
"{0} should been in the database.".format(ppr))
self.assertEqual('blueshirt', ppr.requestor_username,
"Wrong requestor username.")
self.assertIn(ppr.verify_code, vars['password_reset_url'],
"Wrong verify code")
def test_deauth_invalid_token_body(self):
auth_hash = {"token":sha256(str(random.randint(0,1000000))).hexdigest()}
resp = helpers.server_post("/deauth", auth_hash)
if helpers.apache_mode():
self.assertEqual(resp.read(), '')
else:
self.assertEqual(resp.read(), '{"deleted": "False"}')
def test_registration_email_in_use():
params = {
"username": "******",
"password": "******",
"first_name": NEW_USER_FNAME,
"last_name": NEW_USER_LNAME,
"email": "*****@*****.**", # student_coll2_2
"team": "team-ABC",
"college": "college-1",
}
r, data = test_helpers.server_post("/registrations", params)
assert r.status == 403
assert "DETAILS_ALREADY_USED" in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user("1_rt1")
assert False, "Should not have created user"
except:
pass
pending = PendingUser("1_rt1")
assert not pending.in_db
test_helpers.assert_no_emails()
def test_post_by_blueshirt(self):
params = {"username":"******",
"password":"******"}
r, data = test_helpers.server_post("/send-password-reset/student_coll1_1", params)
self.assertEqual(202, r.status, data)
user = User('student_coll1_1')
ps = test_helpers.last_email()
toaddr = ps.toaddr
self.assertEqual(user.email, toaddr)
vars = ps.template_vars
self.assertEqual(user.first_name, vars['name'], "Wrong first name")
self.assertEqual('Blue Shirt', vars['requestor_name'], "Wrong requestor name")
template = ps.template_name
self.assertEqual('password_reset', template, "Wrong email template")
test_helpers.assert_load_template(template, vars)
ppr = PendingPasswordReset('student_coll1_1')
self.assertTrue(ppr.in_db, "{0} should been in the database.".format(ppr))
self.assertEqual('blueshirt', ppr.requestor_username, "Wrong requestor username.")
self.assertIn(ppr.verify_code, vars['password_reset_url'], "Wrong verify code")
def test_email_change_request():
""" Test that change requests via POST at /user/ are handled correclty. """
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
params = {
"username": "******",
"password": "******",
"new_email": new_email,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, data
user = User(username)
assert user.email == old_email
ps = test_helpers.last_email()
toaddr = ps.toaddr
assert toaddr == new_email
vars = ps.template_vars
first_name = user.first_name
assert first_name == vars['name']
template = ps.template_name
assert template == 'change_email'
test_helpers.assert_load_template(template, vars)
pe = PendingEmail(username)
assert pe.in_db
assert pe.new_email == new_email
def test_post_other_teacher_blueshirt():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 403
def test_registration_bad_frist_name():
params = {"username":"******",
"password":"******",
"first_name":NEW_USER_FNAME,
"last_name":'2'+NEW_USER_LNAME,
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
assert r.status == 403
assert 'BAD_LAST_NAME' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('1_rt1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('1_rt1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_post_any_blueshirt_can_record_student_media_consent():
blueshirt_mcf = srusers.user('blueshirt-mcf')
groups = blueshirt_mcf.groups()
# Sanity check
assert set(groups) == set(['mentors', 'media-consent-admin'])
params = {
"username": "******",
"password": "******",
"media_consent": 'true',
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, (r.status, data)
u = User("student_coll1_1")
assert u.has_media_consent
ps = test_helpers.last_email()
toaddr = ps.toaddr
expected_addr = u.email
assert toaddr == expected_addr
vars = ps.template_vars
first_name = u.first_name
assert first_name == vars['first_name']
template = ps.template_name
assert template == 'ticket_available'
test_helpers.assert_load_template(template, vars)
def test_registration_email_in_use():
params = {"username":"******",
"password":"******",
"first_name":NEW_USER_FNAME,
"last_name":NEW_USER_LNAME,
"email":"*****@*****.**", # student_coll2_2
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
assert r.status == 403
assert 'DETAILS_ALREADY_USED' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('1_rt1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('1_rt1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_registration_bad_frist_name():
params = {"username":"******",
"password":"******",
"first_name":NEW_USER_FNAME,
"last_name":'2'+NEW_USER_LNAME,
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
assert r.status == 403
assert 'BAD_LAST_NAME' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('1_rt1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('1_rt1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_registration_name_in_use():
params = {"username":"******",
"password":"******",
"first_name":'student2', # student_coll1_2
"last_name":'student',
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403, data
assert 'DETAILS_ALREADY_USED' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('1_ss1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('1_ss1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_post_sets_own_password_and_name():
old_password = "******"
new_password = '******'
old_first = "Blue"
old_last = "Shirt"
params = {
"username": "******",
"password": old_password,
"new_password": new_password,
"new_first_name": 'new_first',
"new_last_name": 'new_last',
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
first = u.first_name
last = u.last_name
u.set_password(old_password)
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert first == 'new_first'
assert last == 'new_last'
def test_post_blueshirt_own_student():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
def test_post_any_blueshirt_can_record_student_media_consent():
blueshirt_mcf = srusers.user('blueshirt-mcf')
groups = blueshirt_mcf.groups()
# Sanity check
assert set(groups) == set(['mentors', 'media-consent-admin'])
params = {"username":"******",
"password":"******",
"media_consent":'true',
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, (r.status, data)
u = User("student_coll1_1")
assert u.has_media_consent
ps = test_helpers.last_email()
toaddr = ps.toaddr
expected_addr = u.email
assert toaddr == expected_addr
vars = ps.template_vars
first_name = u.first_name
assert first_name == vars['first_name']
template = ps.template_name
assert template == 'ticket_available'
test_helpers.assert_load_template(template, vars)
def test_registration_rq_from_student():
test_helpers.delete_db()
params = {
"username": "******",
"password": "******",
"first_name": "register",
"last_name": "this.user",
"email": "*****@*****.**",
"team": "team-ABC",
"college": "college-1",
}
r, data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403
assert "YOU_CANT_REGISTER_USERS" in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user("2_rt1")
assert False, "Should not have created user"
except:
pass
pending = PendingUser("2_rt1")
assert not pending.in_db
test_helpers.assert_no_emails()
def test_student_post_doesnt_set_first_last_name():
old_first = "student1i"
old_last = "student"
params = {
"username": "******",
"password": "******",
"new_first_name": "asdf",
"new_last_name": "cheese",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
details_dict = User("student_coll1_1").details_dictionary_for(
User.create_user("student_coll1_1", "cows"))
# restore original data
u = User("student_coll1_1")
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert details_dict["first_name"] == old_first
assert details_dict["last_name"] == old_last
def test_registration_rq_from_student():
test_helpers.delete_db()
params = {"username":"******",
"password":"******",
"first_name":"register",
"last_name":"this.user",
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403
assert 'YOU_CANT_REGISTER_USERS' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('2_rt1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('2_rt1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_post_teacher_other_student():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
status = r.status
assert status == 403
def test_post_blueshirt_own_student():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
def test_user_post_set_password_password(self):
args_hash = {}
args_hash["token"] = self.auth_hash
args_hash["password"] = "******" + str(random.randint(0,10000))
resp = helpers.server_post("/user/student_coll2_2", args_hash)
instance = User("student_coll2_2", "../../nemesis/userman")
bind_result = instance.conn.bind("student_coll2_2", args_hash["password"])
self.assertTrue(bind_result)
def test_post_teacher_other_student():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
status = r.status
assert status == 403
def form_helper(rq_user, rq_pass, new_fname, new_lname):
new_email = "*****@*****.**"
params = {
"username": rq_user,
"password": rq_pass,
"first_name": new_fname,
"last_name": new_lname,
"email": new_email,
"team": "team-ABC",
"college": "college-1"
}
r, data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 202, data
created = User.create_user('1_rt1')
assert created.email == ''
pending = PendingUser('1_rt1')
assert pending.email == "*****@*****.**"
assert pending.team == "team-ABC"
assert pending.college == "college-1"
email_datas = test_helpers.last_n_emails(2)
student_ps = email_datas[0]
template = student_ps.template_name
assert template == 'new_user'
to = student_ps.toaddr
assert to == new_email
vars = student_ps.template_vars
assert new_fname == vars['name']
vcode = pending.verify_code
assert vcode in vars['activation_url']
test_helpers.assert_load_template(template, vars)
teacher = User.create_user(rq_user)
teacher_ps = email_datas[1]
template = teacher_ps.template_name
assert template == 'user_requested'
to = teacher_ps.toaddr
assert to == teacher.email
vars = teacher_ps.template_vars
assert new_fname == vars['pu_first_name']
assert new_lname == vars['pu_last_name']
assert new_email == vars['pu_email']
assert '1_rt1' == vars['pu_username']
assert 'team-ABC' == vars['pu_team']
assert 'college the first' == vars['pu_college']
vars_str = teacher_ps.template_vars_json
assert vcode not in vars_str, "Should not contain the verification code."
test_helpers.assert_load_template(template, vars)
def test_post_teacher_cant_record_student_media_consent():
params = {"username":"******",
"password":"******",
"media_consent":'true',
}
r, data = test_helpers.server_post("/user/student_coll1_2", params)
assert r.status == 200
assert not User("student_coll1_2").has_media_consent
def test_student_cant_set_team_leader():
params = {"username": "******",
"password": "******",
"new_type": "team-leader",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert not User("student_coll1_1").is_teacher
def test_post_student_cant_withdraw_other_student():
params = {"username":"******",
"password":"******",
"withdrawn":'true',
}
r, data = test_helpers.server_post("/user/student_coll1_2", params)
assert r.status == 403
assert not User("student_coll1_2").has_withdrawn
def test_team_leader_cant_demote_self():
params = {"username": "******",
"password": "******",
"new_type": "student",
}
r,data = test_helpers.server_post("/user/teacher_coll1", params)
assert r.status == 200
assert User("teacher_coll1").is_teacher
def test_post_teacher_cant_withdraw_self():
params = {"username":"******",
"password":"******",
"withdrawn":'true',
}
r, data = test_helpers.server_post("/user/teacher_coll1", params)
assert r.status == 200
assert not User("teacher_coll1").has_withdrawn
def test_post_doesnt_set_blank_last_name():
old_last = User("student_coll1_1").last_name
params = {"username":"******",
"password":"******",
"new_last_name":"",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1").last_name == old_last
def test_user_post_set_email_email(self):
args_hash = {}
args_hash["token"] = self.auth_hash
args_hash["email"] = "sam@sam" + str(random.randint(0,10000)) + ".com"
resp = helpers.server_post("/user/student_coll2_2", args_hash)
self.assertEqual(resp.status, 200)
resp = helpers.server_get("/user/student_coll2_2", {"token":self.auth_hash})
body = json.loads(resp.read())
self.assertEqual(body["email"], args_hash["email"])
def form_helper(rq_user, rq_pass, new_fname, new_lname):
new_email = "*****@*****.**"
params = {"username":rq_user,
"password":rq_pass,
"first_name":new_fname,
"last_name":new_lname,
"email":new_email,
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 202, data
created = User.create_user('1_rt1')
assert created.email == ''
pending = PendingUser('1_rt1')
assert pending.email == "*****@*****.**"
assert pending.team == "team-ABC"
assert pending.college == "college-1"
email_datas = test_helpers.last_n_emails(2)
student_ps = email_datas[0]
template = student_ps.template_name
assert template == 'new_user'
to = student_ps.toaddr
assert to == new_email
vars = student_ps.template_vars
assert new_fname == vars['name']
vcode = pending.verify_code
assert vcode in vars['activation_url']
test_helpers.assert_load_template(template, vars)
teacher = User.create_user(rq_user)
teacher_ps = email_datas[1]
template = teacher_ps.template_name
assert template == 'user_requested'
to = teacher_ps.toaddr
assert to == teacher.email
vars = teacher_ps.template_vars
assert new_fname == vars['pu_first_name']
assert new_lname == vars['pu_last_name']
assert new_email == vars['pu_email']
assert '1_rt1' == vars['pu_username']
assert 'team-ABC' == vars['pu_team']
assert 'college the first' == vars['pu_college']
vars_str = teacher_ps.template_vars_json
assert vcode not in vars_str, "Should not contain the verification code."
test_helpers.assert_load_template(template, vars)
def test_team_leader_cant_demote_self():
params = {
"username": "******",
"password": "******",
"new_type": "student",
}
r, data = test_helpers.server_post("/user/teacher_coll1", params)
assert r.status == 200
assert User("teacher_coll1").is_teacher
def test_post_teacher_cant_record_student_media_consent():
params = {
"username": "******",
"password": "******",
"media_consent": 'true',
}
r, data = test_helpers.server_post("/user/student_coll1_2", params)
assert r.status == 200
assert not User("student_coll1_2").has_media_consent
def test_student_cant_set_team_leader():
params = {
"username": "******",
"password": "******",
"new_type": "team-leader",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert not User("student_coll1_1").is_teacher
def test_post_doesnt_set_blank_last_name():
old_last = User("student_coll1_1").last_name
params = {
"username": "******",
"password": "******",
"new_last_name": "",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1").last_name == old_last
def test_post_teacher_cant_withdraw_self():
params = {
"username": "******",
"password": "******",
"withdrawn": 'true',
}
r, data = test_helpers.server_post("/user/teacher_coll1", params)
assert r.status == 200
assert not User("teacher_coll1").has_withdrawn
def test_post_student_cant_withdraw_other_student():
params = {
"username": "******",
"password": "******",
"withdrawn": 'true',
}
r, data = test_helpers.server_post("/user/student_coll1_2", params)
assert r.status == 403
assert not User("student_coll1_2").has_withdrawn
def test_registration_rq_from_blueshirt():
new_email = "*****@*****.**"
params = {
"username": "******",
"password": "******",
"first_name": NEW_USER_FNAME,
"last_name": NEW_USER_LNAME,
"email": new_email,
"team": "team-ABC",
"college": "college-1",
}
r, data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 202, data
created = User.create_user("1_rt1")
assert created.email == ""
pending = PendingUser("1_rt1")
assert pending.email == "*****@*****.**"
assert pending.team == "team-ABC"
assert pending.college == "college-1"
email_datas = test_helpers.last_n_emails(2)
student_ps = email_datas[0]
template = student_ps.template_name
assert template == "new_user"
to = student_ps.toaddr
assert to == new_email
vars = student_ps.template_vars
assert NEW_USER_FNAME == vars["name"]
vcode = pending.verify_code
assert vcode in vars["activation_url"]
teacher = User.create_user("blueshirt")
teacher_ps = email_datas[1]
template = teacher_ps.template_name
assert template == "user_requested"
to = teacher_ps.toaddr
assert to == teacher.email
vars = teacher_ps.template_vars
assert NEW_USER_FNAME == vars["pu_first_name"]
assert NEW_USER_LNAME == vars["pu_last_name"]
assert new_email == vars["pu_email"]
assert "1_rt1" == vars["pu_username"]
assert "team-ABC" == vars["pu_team"]
assert "college the first" == vars["pu_college"]
vars_str = teacher_ps.template_vars_json
assert vcode not in vars_str, "Should not contain the verification code."
def test_post_blueshirt_record_student_media_consent_again_no_email():
params = {"username":"******",
"password":"******",
"media_consent":'true',
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, (r.status, data)
u = User("student_coll1_1")
assert u.has_media_consent
test_helpers.assert_no_emails()
def test_post_blueshirt_record_student_media_consent_again_no_email():
params = {
"username": "******",
"password": "******",
"media_consent": 'true',
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, (r.status, data)
u = User("student_coll1_1")
assert u.has_media_consent
test_helpers.assert_no_emails()
def test_post_teacher_cant_set_other_team():
old_team = "team-ABC"
new_team = "team-QWZ" # exists, but this teacher doesn't own it
params = {"username":"******",
"password":"******",
"new_team":new_team,
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [old_team] == teams
def test_post_blueshirt_cant_set_team():
old_team = "team-ABC"
new_team = "team-DFE"
params = {"username":"******",
"password":"******",
"new_team":new_team,
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [old_team] == teams
def test_post_sets_others_password():
old_password = "******"
params = {"username":"******",
"password":"******",
"new_password":"******",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1")._user.bind("com")
u = User("student_coll1_1")
u.set_password(old_password)
u.save()
def test_team_leader_can_become_student():
# We need to test against another teacher, because team leaders demoting themselves is not allowed
u = User("student_coll1_1")
u.make_teacher()
u.save()
params = {"username": "******",
"password": "******",
"new_type": "student",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert not User("student_coll1_1").is_teacher
def test_post_sets_others_password():
old_password = "******"
params = {
"username": "******",
"password": "******",
"new_password": "******",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1")._user.bind("com")
u = User("student_coll1_1")
u.set_password(old_password)
u.save()
def test_post_sets_own_password():
old_password = "******"
new_password = '******'
params = {"username":"******",
"password":old_password,
"new_password":new_password,
}
r,data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
u.set_password(old_password)
u.save()
def test_post_teacher_cant_set_other_team():
old_team = "team-ABC"
new_team = "team-QWZ" # exists, but this teacher doesn't own it
params = {
"username": "******",
"password": "******",
"new_team": new_team,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [old_team] == teams
def test_team_leader_can_become_student():
# We need to test against another teacher, because team leaders demoting themselves is not allowed
u = User("student_coll1_1")
u.make_teacher()
u.save()
params = {
"username": "******",
"password": "******",
"new_type": "student",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert not User("student_coll1_1").is_teacher
def test_registration_not_authed():
test_helpers.delete_db()
params = {"username":"******",
"first_name":"register",
"last_name":"this.user",
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403
assert 'NO_PASSWORD' in data
assert len(test_helpers.get_registrations()) == 0
test_helpers.delete_db()
def test_post_blueshirt_cant_set_team():
old_team = "team-ABC"
new_team = "team-DFE"
params = {
"username": "******",
"password": "******",
"new_team": new_team,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [old_team] == teams
def test_registration_wrong_college():
params = {"username":"******",
"password":"******",
"first_name":NEW_USER_FNAME,
"last_name":NEW_USER_LNAME,
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-2"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403
assert 'BAD_COLLEGE' in data
assert len(test_helpers.get_registrations()) == 0
test_helpers.delete_db()
def test_registration_wrong_college():
params = {"username":"******",
"password":"******",
"first_name":NEW_USER_FNAME,
"last_name":NEW_USER_LNAME,
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-2"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403
assert 'BAD_COLLEGE' in data
assert len(test_helpers.get_registrations()) == 0
test_helpers.delete_db()
def test_registration_not_authed():
test_helpers.delete_db()
params = {"username":"******",
"first_name":"register",
"last_name":"this.user",
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403
assert 'NO_PASSWORD' in data
assert len(test_helpers.get_registrations()) == 0
test_helpers.delete_db()
def test_post_sets_own_password():
old_password = "******"
new_password = '******'
params = {
"username": "******",
"password": old_password,
"new_password": new_password,
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
u.set_password(old_password)
u.save()
def test_email_change_request_reset_without_change():
""" Test that a change requests to the original value,
where there is no actual outstanding request doens't explode"""
username = "******"
old_email = User(username).email
params = {
"username": "******",
"password": "******",
"new_email": old_email,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, data
user = User(username)
assert user.email == old_email
test_helpers.assert_no_emails()
def test_team_leader_can_set_team_leader():
params = {
"username": "******",
"password": "******",
"new_type": "team-leader",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
is_teacher = u.is_teacher
# Clean up
u.make_student()
u.save()
# now assert (ensures the clean-up occurs)
assert is_teacher
def test_post_teacher_sets_team():
old_team = "team-ABC"
new_team = "team-DFE"
params = {
"username": "******",
"password": "******",
"new_team": new_team,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [new_team] == teams
u.set_team(old_team)
u.save()
