def test_article_about(self):
category = Category(name="zh-hans")
category.save()
body = urlencode(dict(
title="sdf是地方",
active=1,
category='zh-hans',
create_time='2015-06-14 16:07',
md_content='test 1 2 3 <pre><code>def123</code></pre>',
))
response = self.fetch('/admin/article/add', method="POST",
headers=self.headers, body=body)
self.assertIn(b'<code>', response.body)
article = Article.objects(title='sdf是地方').first()
self.assertIn('<code>', article.html_content)
response = self.fetch('/admin/articles/1', headers=self.headers)
self.assertIn('sdf是地方', response.body.decode())
self.assertIn('/zh-hans/%s/%s' % (article.create_time.strftime('%d-%m'),
article.id_no),
response.body.decode())
self.assertIn('/admin/article/%s/edit' % article.id_no,
response.body.decode())
response = self.fetch('/admin', headers=self.headers)
self.assertIn('sdf是地方', response.body.decode())
self.assertIn('/admin/article/%s/edit' % article.id_no,
response.body.decode())
body = urlencode(dict(
# title="sdf是地方",
active=1,
category='zh-hans',
create_time='2015-06-14 16:07',
md_content='test 1 2 3 <pre><code>def123</code></pre>',
))
response = self.fetch('/admin/article/add', method="POST",
headers=self.headers, body=body)
self.assertEqual(400, response.code)
body = urlencode(dict(
title="sdf是地方",
active=1,
category='zh-hans',
create_time='2015-06-14 24:07fc',
md_content='test 1 2 3 <pre><code>def123</code></pre>',
))
response = self.fetch('/admin/article/add', method="POST",
headers=self.headers, body=body)
self.assertEqual(500, response.code)
response = self.fetch('/admin/article/%s/del' % article.id_no,
method="DELETE", headers=self.headers)
self.assertIn('1', response.body.decode())
article = Article.objects(title='sdf是地方').first()
self.assertEqual(1, article.is_del)
def get(self):
"""转到SSO登录页面"""
next_url = self.get_query_argument('next')
next_url += ('&' if '?' in next_url else '?') + 'info=1'
url = self.get_login_url()
url += ('&' if '?' in url else '?') + urlencode(dict(next=next_url))
self.redirect(url)
def test_home(self):
response = self.fetch('/admin', headers=self.headers)
body = response.body.decode()
self.assertIn('Add Quote', body)
body = urlencode(dict(quote_body="test quo body",
quote_author="arion"))
response = self.fetch('/admin', method="POST",
headers=self.headers, body=body)
self.assertEqual(response.code, 200)
def test_login(self):
url = "/auth/login"
response = self.fetch(url)
self.assertIn(b'email', response.body)
body = urlencode(dict(
email='*****@*****.**',
pass_word='12345'
))
response = self.fetch(url, method="POST", headers=self.headers, body=body)
self.assertIn(b'Add Quote', response.body)
def wrapper(self, *args, **kwargs):
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_admin_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
return self.redirect(url)
raise HTTPError(403)
return func(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
user = self.current_user
if not user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
elif f(user):
return method(self, *args, **kwargs)
raise HTTPError(403)
def _wrapper(self, *args, **kwargs):
if not (self.current_user and self.current_user.active is True):
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url(
) if not self.current_user else self.get_verify_url()
if "?" not in url:
if urllib.parse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
assert self.request.uri is not None
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return None
raise HTTPError(403)
return f(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
""" @type self BaseHandler """
# 如果没有登录,强制登录
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
raise tornado.web.HTTPError(403)
# 如果1小时内不活跃,强制退出
if (datetime.now() -
self.current_user.last_active).total_seconds() >= 60 * 60:
self.redirect(
url_concat(self.reverse_url('logout'),
{'next': self.request.uri}))
return
self.db.execute(
'update operator set last_active=NOW() where id=%s',
self.current_user.id)
# 检查权限
if required_roles:
roles = self.current_user.roles.split(',')
passed = False
if required_roles == ('developer_mgr', ):
# 如果标明只有开发主管可以访问,那么真的你需要 developer_mgr 这个角色才能访问
if 'developer_mgr' in roles:
passed = True
else:
for role in roles:
if role == 'developer' or role in required_roles:
passed = True
break
if not passed:
self.render('403.html')
return
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
""" @type self BaseHandler """
# 如果没有登录,强制登录
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
raise tornado.web.HTTPError(403)
# 如果是已登录用户,但账号被禁止,强制退出
if self.current_user.deleted == '1':
self.redirect(self.reverse_url('logout'))
return
# 检查微信是否绑定,未绑定跳转到设置页面
if self.request.uri.startswith('/wx'):
if 'sp_props' in self.current_user:
if not 'wx_type' in self.current_user.sp_props:
return self.redirect(self.reverse_url('wx.setting'))
# 检查权限
if required_roles:
roles = self.current_user.roles.split(',')
passed = False
for role in roles:
if role == 'manager' or role in required_roles:
passed = True
break
if not passed:
self.render('403.html')
return
# if self.current_user.password.lower() == hashlib.md5('123456' + self.current_user.pwd_salt).hexdigest():
# if self.request.uri not in ('/password', '/message/unread'):
# return self.redirect(self.reverse_url('password'))
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
""" @type self BaseHandler """
# 如果没有登录,强制登录
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
raise tornado.web.HTTPError(403)
# 如果是已登录用户,但账号被禁止,强制退出
if self.current_user.deleted == '1':
self.redirect(self.reverse_url('logout'))
return
# 检查微信是否绑定,未绑定跳转到设置页面
if self.request.uri.startswith('/wx'):
if 'sp_props' in self.current_user:
if not 'wx_type' in self.current_user.sp_props:
return self.redirect(self.reverse_url('wx.setting'))
# 检查权限
if required_roles:
roles = self.current_user.roles.split(',')
passed = False
for role in roles:
if role == 'manager' or role in required_roles:
passed = True
break
if not passed:
self.render('403.html')
return
# if self.current_user.password.lower() == hashlib.md5('123456' + self.current_user.pwd_salt).hexdigest():
# if self.request.uri not in ('/password', '/message/unread'):
# return self.redirect(self.reverse_url('password'))
return method(self, *args, **kwargs)
def f(self, *args, **kwargs): # self = requestHandler
if localAccess and (self.request.remote_ip in ('::1', '127.0.0.1') or \
addressInNetwork(self.request.remote_ip, '192.168.1.0/24')):
return method(self, *args, **kwargs)
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
if 'application/json' in self.request.headers.get('Accept'):
raise HTTPError(401)
else:
self.redirect(url)
return
raise HTTPError(403)
return method(self, *args, **kwargs)
def f(self, *args, **kwargs): # self = requestHandler
ip = ipaddress.ip_address(self.request.remote_ip)
if localAccess and (ip.is_private or ip in ipaddress.ip_network('192.168.1.0/24')):
return method(self, *args, **kwargs)
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
if 'application/json' in self.request.headers.get('Accept'):
raise HTTPError(401)
else:
self.redirect(url)
return
raise HTTPError(403)
return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs):
""" @type self BaseHandler """
# 如果没有登录,强制登录
if not self.current_user:
if self.request.method in ("GET", "HEAD"):
url = self.get_login_url()
if "?" not in url:
if urlparse.urlsplit(url).scheme:
# if login url is absolute, make next absolute too
next_url = self.request.full_url()
else:
next_url = self.request.uri
url += "?" + urlencode(dict(next=next_url))
self.redirect(url)
return
raise tornado.web.HTTPError(403)
# 如果1小时内不活跃,强制退出
if (datetime.now() - self.current_user.last_active).total_seconds() >= 60*60:
self.redirect(url_concat(self.reverse_url('logout'), {'next': self.request.uri}))
return
self.db.execute('update operator set last_active=NOW() where id=%s', self.current_user.id)
# 检查权限
if required_roles:
roles = self.current_user.roles.split(',')
passed = False
if required_roles == ('developer_mgr',):
# 如果标明只有开发主管可以访问,那么真的你需要 developer_mgr 这个角色才能访问
if 'developer_mgr' in roles:
passed = True
else:
for role in roles:
if role == 'developer' or role in required_roles:
passed = True
break
if not passed:
self.render('403.html')
return
return method(self, *args, **kwargs)
def test_quote_about(self):
quote = Quote(
body="test quote 1",
author="arion_______")
quote.save()
response = self.fetch('/admin/quotes/1', headers=self.headers)
self.assertIn(b'test quote 1', response.body)
self.assertIn(b'arion_______', response.body)
response = self.fetch('/admin/quote/%s' % quote.id_no,
headers=self.headers)
self.assertIn(b'test quote 1', response.body)
self.assertIn(b'arion_______', response.body)
body = urlencode(dict(
quote_body="test quote edit",
quote_author="arion______"
))
response = self.fetch('/admin/quote/%s' % quote.id_no, method="POST",
headers=self.headers, body=body)
self.assertIn(b'test quote edit', response.body)
self.assertIn(b'arion______', response.body)
