def test_new_user_unconfirmed(self):
user = UnconfirmedUserFactory()
docs = query_user(user.fullname)['results']
assert_equal(len(docs), 0)
token = user.get_confirmation_token(user.username)
user.confirm_email(token)
user.save()
docs = query_user(user.fullname)['results']
assert_equal(len(docs), 1)
def test_new_user_unconfirmed(self):
user = UnconfirmedUserFactory()
docs = query_user(user.fullname)['results']
assert_equal(len(docs), 0)
token = user.get_confirmation_token(user.username)
user.confirm_email(token)
user.save()
docs = query_user(user.fullname)['results']
assert_equal(len(docs), 1)
class TestConfirmingEmail(OsfTestCase):
def setUp(self):
super(TestConfirmingEmail, self).setUp()
self.user = UnconfirmedUserFactory()
self.confirmation_url = self.user.get_confirmation_url(
self.user.username,
external=False,
)
self.confirmation_token = self.user.get_confirmation_token(
self.user.username
)
def test_cannot_remove_another_user_email(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
url = api_url_for('update_user')
header = {'id': user1.username, 'emails': [{'address': user1.username}]}
res = self.app.put_json(url, header, auth=user2.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_cannnot_make_primary_email_for_another_user(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
email = '*****@*****.**'
user1.emails.append(email)
user1.save()
url = api_url_for('update_user')
header = {'id': user1.username,
'emails': [{'address': user1.username, 'primary': False, 'confirmed': True},
{'address': email, 'primary': True, 'confirmed': True}
]}
res = self.app.put_json(url, header, auth=user2.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_cannnot_add_email_for_another_user(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
email = '*****@*****.**'
url = api_url_for('update_user')
header = {'id': user1.username,
'emails': [{'address': user1.username, 'primary': True, 'confirmed': True},
{'address': email, 'primary': False, 'confirmed': False}
]}
res = self.app.put_json(url, header, auth=user2.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_error_page_if_confirm_link_is_used(self):
self.user.confirm_email(self.confirmation_token)
self.user.save()
res = self.app.get(self.confirmation_url, expect_errors=True)
assert_in(auth_exc.InvalidTokenError.message_short, res)
assert_equal(res.status_code, http.BAD_REQUEST)
def test_confirm_email_get_with_campaign(self):
for key, value in campaigns.get_campaigns().items():
user = UnconfirmedUserFactory()
user.system_tags.append(value.get('system_tag'))
user.save()
token = user.get_confirmation_token(user.username)
kwargs = {
'uid': user._id,
}
with self.app.app.test_request_context(), mock_auth(user):
res = auth_views.confirm_email_get(token, **kwargs)
assert_equal(res.status_code, http.FOUND)
assert_equal(res.location, campaigns.campaign_url_for(key))
def test_confirm_email_get_with_campaign(self):
for key, value in campaigns.get_campaigns().items():
user = UnconfirmedUserFactory()
user.system_tags.append(value.get('system_tag'))
user.save()
token = user.get_confirmation_token(user.username)
kwargs = {
'uid': user._id,
}
with self.app.app.test_request_context(), mock_auth(user):
res = auth_views.confirm_email_get(token, **kwargs)
assert_equal(res.status_code, http.FOUND)
assert_equal(res.location, campaigns.campaign_url_for(key))
class TestConfirmingEmail(OsfTestCase):
def setUp(self):
super(TestConfirmingEmail, self).setUp()
self.user = UnconfirmedUserFactory()
self.confirmation_url = self.user.get_confirmation_url(
self.user.username,
external=False,
)
self.confirmation_token = self.user.get_confirmation_token(
self.user.username)
def test_cannot_remove_another_user_email(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
url = api_url_for('update_user')
header = {
'id': user1.username,
'emails': [{
'address': user1.username
}]
}
res = self.app.put_json(url,
header,
auth=user2.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def test_cannnot_make_primary_email_for_another_user(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
email = '*****@*****.**'
user1.emails.append(email)
user1.save()
url = api_url_for('update_user')
header = {
'id':
user1.username,
'emails': [{
'address': user1.username,
'primary': False,
'confirmed': True
}, {
'address': email,
'primary': True,
'confirmed': True
}]
}
res = self.app.put_json(url,
header,
auth=user2.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def test_cannnot_add_email_for_another_user(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
email = '*****@*****.**'
url = api_url_for('update_user')
header = {
'id':
user1.username,
'emails': [{
'address': user1.username,
'primary': True,
'confirmed': True
}, {
'address': email,
'primary': False,
'confirmed': False
}]
}
res = self.app.put_json(url,
header,
auth=user2.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def test_error_page_if_confirm_link_is_used(self):
self.user.confirm_email(self.confirmation_token)
self.user.save()
res = self.app.get(self.confirmation_url, expect_errors=True)
assert_in(auth_exc.InvalidTokenError.message_short, res)
assert_equal(res.status_code, http.BAD_REQUEST)
class TestConfirmingEmail(OsfTestCase):
def setUp(self):
super(TestConfirmingEmail, self).setUp()
self.user = UnconfirmedUserFactory()
self.confirmation_url = self.user.get_confirmation_url(
self.user.username,
external=False,
)
self.confirmation_token = self.user.get_confirmation_token(
self.user.username
)
def test_redirects_to_settings(self):
res = self.app.get(self.confirmation_url).follow()
assert_equal(
res.request.path,
'/settings/',
'redirected to settings page'
)
assert_in('Welcome to the OSF!', res, 'shows flash message')
assert_in('Please update the following settings.', res)
def test_error_page_if_confirm_link_is_expired(self):
self.user.confirm_email(self.confirmation_token)
self.user.save()
res = self.app.get(self.confirmation_url, expect_errors=True)
assert_in('Link Expired', res)
def test_flash_message_does_not_break_page_if_email_unconfirmed(self):
# set a password for user
self.user.set_password('bicycle')
self.user.save()
# Goes to log in page
res = self.app.get('/account/').maybe_follow()
# Fills the form with correct password
form = res.forms['signinForm']
form['username'] = self.user.username
form['password'] = '******'
res = form.submit().maybe_follow()
assert_in(language.UNCONFIRMED, res, 'shows flash message')
@mock.patch('framework.auth.views.send_confirm_email')
def test_resend_form(self, send_confirm_email):
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = self.user.username
res = form.submit()
assert_true(send_confirm_email.called)
assert_in('Resent email to', res)
def test_resend_form_does_nothing_if_not_in_db(self):
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = '*****@*****.**'
res = form.submit()
assert_equal(res.request.path, '/resend/')
def test_resend_form_shows_alert_if_email_already_confirmed(self):
user = UnconfirmedUserFactory()
url = user.get_confirmation_url(user.username, external=False)
# User confirms their email address
self.app.get(url).maybe_follow()
# tries to resend confirmation
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = user.username
res = form.submit()
# Sees alert message
assert_in('already been confirmed', res)
class TestConfirmingEmail(OsfTestCase):
def setUp(self):
super(TestConfirmingEmail, self).setUp()
self.user = UnconfirmedUserFactory()
self.confirmation_url = self.user.get_confirmation_url(
self.user.username,
external=False,
)
self.confirmation_token = self.user.get_confirmation_token(
self.user.username)
def test_redirects_to_settings(self):
res = self.app.get(self.confirmation_url).follow()
assert_equal(res.request.path, '/settings/',
'redirected to settings page')
assert_in('Welcome to the OSF!', res, 'shows flash message')
assert_in('Please update the following settings.', res)
def test_error_page_if_confirm_link_is_expired(self):
self.user.confirm_email(self.confirmation_token)
self.user.save()
res = self.app.get(self.confirmation_url, expect_errors=True)
assert_in('Link Expired', res)
def test_flash_message_does_not_break_page_if_email_unconfirmed(self):
# set a password for user
self.user.set_password('bicycle')
self.user.save()
# Goes to log in page
res = self.app.get('/account/').maybe_follow()
# Fills the form with correct password
form = res.forms['signinForm']
form['username'] = self.user.username
form['password'] = '******'
res = form.submit().maybe_follow()
assert_in(language.UNCONFIRMED, res, 'shows flash message')
@mock.patch('framework.auth.views.send_confirm_email')
def test_resend_form(self, send_confirm_email):
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = self.user.username
res = form.submit()
assert_true(send_confirm_email.called)
assert_in('Resent email to', res)
def test_resend_form_does_nothing_if_not_in_db(self):
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = '*****@*****.**'
res = form.submit()
assert_equal(res.request.path, '/resend/')
def test_resend_form_shows_alert_if_email_already_confirmed(self):
user = UnconfirmedUserFactory()
url = user.get_confirmation_url(user.username, external=False)
# User confirms their email address
self.app.get(url).maybe_follow()
# tries to resend confirmation
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = user.username
res = form.submit()
# Sees alert message
assert_in('already been confirmed', res)
class TestConfirmingEmail(OsfTestCase):
def setUp(self):
super(TestConfirmingEmail, self).setUp()
self.user = UnconfirmedUserFactory()
self.confirmation_url = self.user.get_confirmation_url(
self.user.username,
external=False,
)
self.confirmation_token = self.user.get_confirmation_token(
self.user.username
)
def test_cannot_remove_another_user_email(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
url = api_url_for('update_user')
header = {'id': user1.username, 'emails': [{'address': user1.username}]}
res = self.app.put_json(url, header, auth=user2.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_cannnot_make_primary_email_for_another_user(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
email = '*****@*****.**'
user1.emails.append(email)
user1.save()
url = api_url_for('update_user')
header = {'id': user1.username,
'emails': [{'address': user1.username, 'primary': False, 'confirmed': True},
{'address': email, 'primary': True, 'confirmed': True}
]}
res = self.app.put_json(url, header, auth=user2.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_cannnot_add_email_for_another_user(self):
user1 = AuthUserFactory()
user2 = AuthUserFactory()
email = '*****@*****.**'
url = api_url_for('update_user')
header = {'id': user1.username,
'emails': [{'address': user1.username, 'primary': True, 'confirmed': True},
{'address': email, 'primary': False, 'confirmed': False}
]}
res = self.app.put_json(url, header, auth=user2.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_error_page_if_confirm_link_is_used(self):
self.user.confirm_email(self.confirmation_token)
self.user.save()
res = self.app.get(self.confirmation_url, expect_errors=True)
assert_in(auth_exc.InvalidTokenError.message_short, res)
assert_equal(res.status_code, http.BAD_REQUEST)
@mock.patch('framework.auth.views.send_confirm_email')
def test_resend_form(self, send_confirm_email):
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = self.user.username
res = form.submit()
assert_true(send_confirm_email.called)
assert_in('Resent email to', res)
def test_resend_form_does_nothing_if_not_in_db(self):
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = '*****@*****.**'
res = form.submit()
assert_equal(res.request.path, '/resend/')
def test_resend_form_shows_alert_if_email_already_confirmed(self):
user = UnconfirmedUserFactory()
url = user.get_confirmation_url(user.username, external=False)
# User confirms their email address
self.app.get(url).maybe_follow()
# tries to resend confirmation
res = self.app.get('/resend/')
form = res.forms['resendForm']
form['email'] = user.username
res = form.submit()
# Sees alert message
assert_in('already been confirmed', res)
