Beispiel #1
0
    def create_user(self, context, request: TracimRequest, hapic_data=None):
        """
        Create new user
        """
        app_config = request.registry.settings["CFG"]  # type: CFG
        uapi = UserApi(
            current_user=request.current_user,
            session=request.dbsession,
            config=app_config  # User
        )
        gapi = GroupApi(
            current_user=request.current_user,
            session=request.dbsession,
            config=app_config  # User
        )
        groups = [gapi.get_one_with_name(hapic_data.body.profile)]
        password = hapic_data.body.password
        if not password and hapic_data.body.email_notification:
            password = password_generator()

        user = uapi.create_user(
            auth_type=AuthType.UNKNOWN,
            email=hapic_data.body.email,
            password=password,
            timezone=hapic_data.body.timezone,
            lang=hapic_data.body.lang,
            name=hapic_data.body.public_name,
            do_notify=hapic_data.body.email_notification,
            groups=groups,
            do_save=True,
        )
        uapi.execute_created_user_actions(user)
        return uapi.get_user_with_context(user)
Beispiel #2
0
 def create_user(self, context, request: TracimRequest, hapic_data=None):
     """
     Create new user
     """
     app_config = request.registry.settings['CFG']
     uapi = UserApi(
         current_user=request.current_user,  # User
         session=request.dbsession,
         config=app_config,
     )
     gapi = GroupApi(
         current_user=request.current_user,  # User
         session=request.dbsession,
         config=app_config,
     )
     groups = [gapi.get_one_with_name(hapic_data.body.profile)]
     user = uapi.create_user(email=hapic_data.body.email,
                             password=hapic_data.body.password,
                             timezone=hapic_data.body.timezone,
                             lang=hapic_data.body.lang,
                             name=hapic_data.body.public_name,
                             do_notify=hapic_data.body.email_notification,
                             groups=groups,
                             do_save=True)
     return uapi.get_user_with_context(user)
Beispiel #3
0
    def test_unit__disable_user___err__user_cant_disable_itself(self):
        api = UserApi(
            current_user=None,
            session=self.session,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=None,
            session=self.session,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        user = api.create_user(
            email='*****@*****.**',
            password='******',
            name='bob',
            groups=groups,
            timezone='Europe/Paris',
            do_save=True,
            do_notify=False,
        )

        api2 = UserApi(current_user=user,
                       session=self.session,
                       config=self.app_config)
        from tracim_backend.exceptions import UserCantDisableHimself
        with pytest.raises(UserCantDisableHimself):
            api2.disable(user)
Beispiel #4
0
    def create_minimal_user(self, email, groups=[], save_now=False) -> User:
        """Previous create_user method"""
        validator = TracimValidator()
        validator.add_validator('email', email, user_email_validator)
        validator.validate_all()
        self._check_email(email)
        user = User()
        user.email = email
        # TODO - G.M - 2018-11-29 - Check if this default_value can be
        # incorrect according to user_public_name_validator
        user.display_name = email.split('@')[0]
        user.created = datetime.datetime.utcnow()
        if not groups:
            gapi = GroupApi(
                current_user=self._user,  # User
                session=self._session,
                config=self._config,
            )
            groups = [gapi.get_one(Group.TIM_USER)]
        for group in groups:
            user.groups.append(group)

        self._session.add(user)

        if save_now:
            self._session.flush()

        return user
Beispiel #5
0
 def test_proxy_workspace_agenda__err__other_workspace_agenda(self) -> None:
     dbsession = get_tm_session(self.session_factory, transaction.manager)
     admin = dbsession.query(User).filter(
         User.email == "*****@*****.**").one()
     uapi = UserApi(current_user=admin,
                    session=dbsession,
                    config=self.app_config)
     gapi = GroupApi(current_user=admin,
                     session=dbsession,
                     config=self.app_config)
     groups = [gapi.get_one_with_name("users")]
     uapi.create_user(
         "*****@*****.**",
         password="******",
         do_save=True,
         do_notify=False,
         groups=groups,
     )
     workspace_api = WorkspaceApi(current_user=admin,
                                  session=dbsession,
                                  config=self.app_config,
                                  show_deleted=True)
     workspace = workspace_api.create_workspace("test", save_now=True)
     transaction.commit()
     self.testapp.authorization = ("Basic", ("*****@*****.**",
                                             "*****@*****.**"))
     result = self.testapp.get("/agenda/workspace/{}/".format(
         workspace.workspace_id),
                               status=403)
     assert result.json_body["code"] == 5001
Beispiel #6
0
    def create_minimal_user(
            self,
            email,
            groups=[],
            save_now=False
    ) -> User:
        """Previous create_user method"""
        validator = TracimValidator()
        validator.add_validator('email', email, user_email_validator)
        validator.validate_all()
        self._check_email(email)
        user = User()
        user.email = email
        # TODO - G.M - 2018-11-29 - Check if this default_value can be
        # incorrect according to user_public_name_validator
        user.display_name = email.split('@')[0]
        user.created = datetime.datetime.utcnow()
        if not groups:
            gapi = GroupApi(
                current_user=self._user,  # User
                session=self._session,
                config=self._config,
            )
            groups = [gapi.get_one(Group.TIM_USER)]
        for group in groups:
            user.groups.append(group)

        self._session.add(user)

        if save_now:
            self._session.flush()

        return user
Beispiel #7
0
    def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(User).filter(User.email == "*****@*****.**").one()
        uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config)
        gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config)
        groups = [gapi.get_one_with_name("users")]
        test_user = uapi.create_user(
            email="*****@*****.**",
            password="******",
            name="bob",
            groups=groups,
            timezone="Europe/Paris",
            lang="en",
            do_save=True,
            do_notify=False,
        )
        uapi.save(test_user)
        uapi.disable(test_user)
        transaction.commit()
        self.testapp.authorization = ("Basic", ("*****@*****.**", "password"))

        res = self.testapp.get("/api/v2/auth/whoami", status=401)
        assert isinstance(res.json, dict)
        assert "code" in res.json.keys()
        # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema
        assert res.json_body["code"] is None
        assert "message" in res.json.keys()
        assert "details" in res.json.keys()
Beispiel #8
0
 def test_functional__webdav_access_to_root__remote_auth(self) -> None:
     dbsession = get_tm_session(self.session_factory, transaction.manager)
     admin = dbsession.query(User) \
         .filter(User.email == '*****@*****.**') \
         .one()
     uapi = UserApi(
         current_user=admin,
         session=dbsession,
         config=self.app_config,
     )
     gapi = GroupApi(
         current_user=admin,
         session=dbsession,
         config=self.app_config,
     )
     groups = [gapi.get_one_with_name('users')]
     user = uapi.create_user(
         '*****@*****.**',
         password=None,
         do_save=True,
         do_notify=False,
         groups=groups,
         auth_type=AuthType.REMOTE
     )
     uapi.save(user)
     transaction.commit()
     extra_environ = {
         'REMOTE_USER': '******',
     }
     res = self.testapp.get('/', status=200, extra_environ=extra_environ)
     assert res
Beispiel #9
0
    def create_user(self, context, request: TracimRequest, hapic_data=None):
        """
        Create new user
        """
        app_config = request.registry.settings['CFG']
        uapi = UserApi(
            current_user=request.current_user,  # User
            session=request.dbsession,
            config=app_config,
        )
        gapi = GroupApi(
            current_user=request.current_user,  # User
            session=request.dbsession,
            config=app_config,
        )
        groups = [gapi.get_one_with_name(hapic_data.body.profile)]
        password = hapic_data.body.password
        if not password and hapic_data.body.email_notification:
            password = password_generator()

        user = uapi.create_user(
            auth_type=AuthType.UNKNOWN,
            email=hapic_data.body.email,
            password=password,
            timezone=hapic_data.body.timezone,
            lang=hapic_data.body.lang,
            name=hapic_data.body.public_name,
            do_notify=hapic_data.body.email_notification,
            groups=groups,
            do_save=True
        )
        return uapi.get_user_with_context(user)
Beispiel #10
0
    def test_api___simple_search_ok__no_search_string(self) -> None:
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(User).filter(User.email == "*****@*****.**").one()
        uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config)
        gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config)
        groups = [gapi.get_one_with_name("trusted-users")]
        user = uapi.create_user(
            "*****@*****.**",
            password="******",
            do_save=True,
            do_notify=False,
            groups=groups,
        )
        workspace_api = WorkspaceApi(
            current_user=admin, session=dbsession, config=self.app_config, show_deleted=True
        )
        workspace = workspace_api.create_workspace("test", save_now=True)
        rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config)
        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
        api = ContentApi(session=dbsession, current_user=user, config=self.app_config)
        api.create(
            content_type_slug="html-document", workspace=workspace, label="test", do_save=True
        )
        transaction.commit()

        self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**"))
        res = self.testapp.get("/api/v2/search/content".format(), status=200)
        search_result = res.json_body
        assert search_result
        assert search_result["total_hits"] == 0
        assert search_result["is_total_hits_accurate"] is True
        assert len(search_result["contents"]) == 0
Beispiel #11
0
    def test_unit__disable_user___err__user_cant_disable_itself(self):
        api = UserApi(
            current_user=None,
            session=self.session,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=None,
            session=self.session,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        user = api.create_user(
            email='*****@*****.**',
            password='******',
            name='bob',
            groups=groups,
            timezone='Europe/Paris',
            do_save=True,
            do_notify=False,
        )

        api2 = UserApi(current_user=user,session=self.session, config=self.app_config)
        from tracim_backend.exceptions import UserCantDisableHimself
        with pytest.raises(UserCantDisableHimself):
            api2.disable(user)
Beispiel #12
0
    def test_unit__disable_user___ok__nominal_case(self):
        api = UserApi(current_user=None, session=self.session, config=self.app_config)
        gapi = GroupApi(current_user=None, session=self.session, config=self.app_config)
        groups = [gapi.get_one_with_name("users")]
        user = api.create_user(
            email="*****@*****.**",
            password="******",
            name="bob",
            groups=groups,
            timezone="Europe/Paris",
            do_save=True,
            do_notify=False,
        )
        user2 = api.create_user(
            email="*****@*****.**",
            password="******",
            name="bob2",
            groups=groups,
            timezone="Europe/Paris",
            do_save=True,
            do_notify=False,
        )

        api2 = UserApi(current_user=user, session=self.session, config=self.app_config)

        api2.disable(user2)
        updated_user2 = api.get_one(user2.user_id)
        assert updated_user2.is_active is False
        assert updated_user2.user_id == user2.user_id
        assert updated_user2.email == user2.email
Beispiel #13
0
 def test_functional__webdav_access_to_root__nominal_case(self) -> None:
     dbsession = get_tm_session(self.session_factory, transaction.manager)
     admin = dbsession.query(User) \
         .filter(User.email == '*****@*****.**') \
         .one()
     uapi = UserApi(
         current_user=admin,
         session=dbsession,
         config=self.app_config,
     )
     gapi = GroupApi(
         current_user=admin,
         session=dbsession,
         config=self.app_config,
     )
     groups = [gapi.get_one_with_name('users')]
     user = uapi.create_user('*****@*****.**', password='******', do_save=True, do_notify=False, groups=groups)  # nopep8
     transaction.commit()
     self.testapp.authorization = (
         'Basic',
         (
             '*****@*****.**',
             '*****@*****.**'
         )
     )
     res = self.testapp.get('/', status=200)
     assert res
Beispiel #14
0
 def test_proxy_user_agenda__ok__nominal_case(self) -> None:
     dbsession = get_tm_session(self.session_factory, transaction.manager)
     admin = dbsession.query(User).filter(
         User.email == "*****@*****.**").one()
     uapi = UserApi(current_user=admin,
                    session=dbsession,
                    config=self.app_config)
     gapi = GroupApi(current_user=admin,
                     session=dbsession,
                     config=self.app_config)
     groups = [gapi.get_one_with_name("users")]
     user = uapi.create_user(
         "*****@*****.**",
         password="******",
         do_save=True,
         do_notify=False,
         groups=groups,
     )
     transaction.commit()
     self.testapp.authorization = ("Basic", ("*****@*****.**",
                                             "*****@*****.**"))
     self.testapp.get("/agenda/user/{}/".format(user.user_id), status=404)
     event = VALID_CALDAV_BODY_PUT_EVENT
     self.testapp.put("/agenda/user/{}/".format(user.user_id),
                      event,
                      content_type="text/calendar",
                      status=201)
     self.testapp.get("/agenda/user/{}/".format(user.user_id), status=200)
     self.testapp.delete("/agenda/user/{}/".format(user.user_id),
                         status=200)
Beispiel #15
0
    def test_api___simple_search_ok__by_comment_content(
        self,
        created_content_name,
        search_string,
        nb_content_result,
        first_search_result_content_name,
        first_created_comment_content,
        second_created_comment_content,
    ) -> None:
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(User).filter(User.email == "*****@*****.**").one()
        uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config)
        gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config)
        groups = [gapi.get_one_with_name("trusted-users")]
        user = uapi.create_user(
            "*****@*****.**",
            password="******",
            do_save=True,
            do_notify=False,
            groups=groups,
        )
        workspace_api = WorkspaceApi(
            current_user=admin, session=dbsession, config=self.app_config, show_deleted=True
        )
        workspace = workspace_api.create_workspace("test", save_now=True)
        rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config)
        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
        api = ContentApi(session=dbsession, current_user=user, config=self.app_config)
        content = api.create(
            content_type_slug="html-document",
            workspace=workspace,
            label=created_content_name,
            do_save=True,
        )
        api.create_comment(
            workspace=workspace, parent=content, content=first_created_comment_content, do_save=True
        )
        api.create_comment(
            workspace=workspace,
            parent=content,
            content=second_created_comment_content,
            do_save=True,
        )
        api.create(
            content_type_slug="html-document", workspace=workspace, label="report", do_save=True
        )
        api.create(
            content_type_slug="thread", workspace=workspace, label="discussion", do_save=True
        )
        transaction.commit()

        self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**"))
        params = {"search_string": search_string}
        res = self.testapp.get("/api/v2/search/content".format(), status=200, params=params)
        search_result = res.json_body
        assert search_result
        assert search_result["total_hits"] == nb_content_result
        assert search_result["is_total_hits_accurate"] is False
        assert search_result["contents"][0]["label"] == first_search_result_content_name
Beispiel #16
0
 def test_proxy_user_agenda__ok__workspace_filter(self) -> None:
     dbsession = get_tm_session(self.session_factory, transaction.manager)
     admin = dbsession.query(User).filter(
         User.email == "*****@*****.**").one()
     uapi = UserApi(current_user=admin,
                    session=dbsession,
                    config=self.app_config)
     gapi = GroupApi(current_user=admin,
                     session=dbsession,
                     config=self.app_config)
     groups = [gapi.get_one_with_name("users")]
     user = uapi.create_user(
         "*****@*****.**",
         password="******",
         do_save=True,
         do_notify=False,
         groups=groups,
     )
     workspace_api = WorkspaceApi(current_user=admin,
                                  session=dbsession,
                                  config=self.app_config,
                                  show_deleted=True)
     workspace = workspace_api.create_workspace("wp1", save_now=True)
     workspace.agenda_enabled = True
     workspace2 = workspace_api.create_workspace("wp2", save_now=True)
     workspace2.agenda_enabled = True
     workspace3 = workspace_api.create_workspace("wp3", save_now=True)
     workspace3.agenda_enabled = True
     rapi = RoleApi(current_user=admin,
                    session=dbsession,
                    config=self.app_config)
     rapi.create_one(user, workspace, UserRoleInWorkspace.CONTRIBUTOR,
                     False)
     rapi.create_one(user, workspace2, UserRoleInWorkspace.READER, False)
     rapi.create_one(user, workspace3, UserRoleInWorkspace.READER, False)
     transaction.commit()
     self.testapp.authorization = ("Basic", ("*****@*****.**",
                                             "*****@*****.**"))
     params = {
         "workspace_ids":
         "{},{}".format(workspace.workspace_id, workspace3.workspace_id),
         "agenda_types":
         "workspace",
     }
     result = self.testapp.get("/api/v2/users/{}/agenda".format(
         user.user_id),
                               params=params,
                               status=200)
     assert len(result.json_body) == 2
     agenda = result.json_body[0]
     assert agenda[
         "agenda_url"] == "http://localhost:6543/agenda/workspace/{}/".format(
             workspace.workspace_id)
     assert agenda["with_credentials"] is True
     agenda = result.json_body[1]
     assert agenda[
         "agenda_url"] == "http://localhost:6543/agenda/workspace/{}/".format(
             workspace3.workspace_id)
     assert agenda["with_credentials"] is True
Beispiel #17
0
    def test_api__elasticsearch_search__ok__in_file_ingest_search(self):
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(User).filter(
            User.email == "*****@*****.**").one()
        uapi = UserApi(current_user=admin,
                       session=dbsession,
                       config=self.app_config)
        gapi = GroupApi(current_user=admin,
                        session=dbsession,
                        config=self.app_config)
        groups = [gapi.get_one_with_name("trusted-users")]
        user = uapi.create_user(
            "*****@*****.**",
            password="******",
            do_save=True,
            do_notify=False,
            groups=groups,
        )
        workspace_api = WorkspaceApi(current_user=admin,
                                     session=dbsession,
                                     config=self.app_config,
                                     show_deleted=True)
        workspace = workspace_api.create_workspace("test", save_now=True)
        rapi = RoleApi(current_user=admin,
                       session=dbsession,
                       config=self.app_config)
        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER,
                        False)
        api = ContentApi(session=dbsession,
                         current_user=user,
                         config=self.app_config)
        with self.session.no_autoflush:
            text_file = api.create(
                content_type_slug=content_type_list.File.slug,
                workspace=workspace,
                label="important",
                do_save=False,
            )
            api.update_file_data(text_file, "test_file", "text/plain",
                                 b"we need to find stringtosearch here !")
            api.save(text_file)
            api.execute_created_content_actions(text_file)
        content_id = text_file.content_id
        transaction.commit()
        self.refresh_elasticsearch()

        params = {"search_string": "stringtosearch"}
        self.testapp.authorization = ("Basic", ("*****@*****.**",
                                                "*****@*****.**"))
        res = self.testapp.get("/api/v2/search/content".format(),
                               status=200,
                               params=params)
        search_result = res.json_body
        assert search_result
        assert search_result["total_hits"] == 1
        assert search_result["is_total_hits_accurate"] is True
        assert len(search_result["contents"]) == 1
        assert search_result["contents"][0]["content_id"] == content_id
Beispiel #18
0
 def test_unit__get_one__err__group_not_exist(self) -> None:
     """
     Get one group who does not exist by id
     """
     api = GroupApi(current_user=None,
                    session=self.session,
                    config=self.app_config)
     with pytest.raises(GroupDoesNotExist):
         api.get_one(10)
Beispiel #19
0
 def test_unit__get_one_with_name__err__group_not_exist(self) -> None:
     """
     get one group by name who does not exist
     """
     api = GroupApi(current_user=None,
                    session=self.session,
                    config=self.app_config)
     with pytest.raises(GroupDoesNotExist):
         api.get_one_with_name("unknown_group")
Beispiel #20
0
 def test_unit__get_one__ok_nominal_case(self) -> None:
     """
     Get one group by id
     """
     api = GroupApi(current_user=None,
                    session=self.session,
                    config=self.app_config)
     group = api.get_one(1)
     assert group.group_id == 1
     assert group.group_name == "users"
Beispiel #21
0
 def test_unit__get_one_group_with_name__nominal_case(self) -> None:
     """
     get one group by name
     """
     api = GroupApi(current_user=None,
                    session=self.session,
                    config=self.app_config)
     group = api.get_one_with_name("administrators")
     assert group.group_id == 3
     assert group.group_name == "administrators"
Beispiel #22
0
 def test_unit__get_all__ok__nominal_case(self):
     """
     get all groups
     """
     api = GroupApi(current_user=None,
                    session=self.session,
                    config=self.app_config)
     groups = api.get_all()
     assert ["users", "trusted-users",
             "administrators"] == [group.group_name for group in groups]
Beispiel #23
0
 def test_unit__get_one_with_name__err__group_not_exist(self) -> None:
     """
     get one group by name who does not exist
     """
     api = GroupApi(
         current_user=None,
         session=self.session,
         config=self.app_config,
     )
     with pytest.raises(GroupDoesNotExist):
         group = api.get_one_with_name('unknown_group')
Beispiel #24
0
 def test_unit__get_all__ok__nominal_case(self):
     """
     get all groups
     """
     api = GroupApi(
         current_user=None,
         session=self.session,
         config=self.app_config,
     )
     groups = api.get_all()
     assert ['users', 'trusted-users', 'administrators'] == [group.group_name for group in groups]  # nopep8
Beispiel #25
0
 def test_unit__get_one__err__group_not_exist(self) -> None:
     """
     Get one group who does not exist by id
     """
     api = GroupApi(
         current_user=None,
         session=self.session,
         config=self.app_config,
     )
     with pytest.raises(GroupDoesNotExist):
         group = api.get_one(10)
Beispiel #26
0
 def test_unit__get_one__ok_nominal_case(self) -> None:
     """
     Get one group by id
     """
     api = GroupApi(
         current_user=None,
         session=self.session,
         config=self.app_config,
     )
     group = api.get_one(1)
     assert group.group_id == 1
     assert group.group_name == 'users'
Beispiel #27
0
 def test_unit__get_one_group_with_name__nominal_case(self) -> None:
     """
     get one group by name
     """
     api = GroupApi(
         current_user=None,
         session=self.session,
         config=self.app_config,
     )
     group = api.get_one_with_name('administrators')
     assert group.group_id == 3
     assert group.group_name == 'administrators'
Beispiel #28
0
 def test_unit__get_all_manageable(self):
     admin = self.session.query(User) \
         .filter(User.email == '*****@*****.**').one()
     uapi = UserApi(
         session=self.session,
         current_user=admin,
         config=self.app_config,
     )
     # Checks a case without workspaces.
     wapi = WorkspaceApi(
         session=self.session,
         current_user=admin,
         config=self.app_config,
     )
     eq_([], wapi.get_all_manageable())
     # Checks an admin gets all workspaces.
     w4 = wapi.create_workspace(label='w4')
     w3 = wapi.create_workspace(label='w3')
     w2 = wapi.create_workspace(label='w2')
     w1 = wapi.create_workspace(label='w1')
     eq_([w1, w2, w3, w4], wapi.get_all_manageable())
     # Checks a regular user gets none workspace.
     gapi = GroupApi(
         session=self.session,
         current_user=None,
         config=self.app_config,
     )
     u = uapi.create_minimal_user('[email protected]', [gapi.get_one(Group.TIM_USER)],
                                  True)
     wapi = WorkspaceApi(
         session=self.session,
         current_user=u,
         config=self.app_config,
     )
     rapi = RoleApi(
         session=self.session,
         current_user=None,
         config=self.app_config,
     )
     rapi.create_one(u, w4, UserRoleInWorkspace.READER, False)
     rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, False)
     rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, False)
     rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
     eq_([], wapi.get_all_manageable())
     # Checks a manager gets only its own workspaces.
     u.groups.append(gapi.get_one(Group.TIM_MANAGER))
     rapi.delete_one(u.user_id, w2.workspace_id)
     rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
     eq_([w1, w2], wapi.get_all_manageable())
Beispiel #29
0
    def allowed_to_invite_new_user(self, email: str) -> bool:
        # INFO - G.M - 2018-10-25 - disallow account creation if no
        # email provided or email_notification disabled.
        if not email:
            return False
        if not self._config.EMAIL_NOTIFICATION_ACTIVATED and self._config.NEW_USER_INVITATION_DO_NOTIFY:
            return False
        # INFO - G.M - 2018-10-25 - do not allow all profile to invite new user
        gapi = GroupApi(self._session, self._user, self._config)
        invite_minimal_profile = gapi.get_one_with_name(group_name=self._config.NEW_USER_INVITATION_MINIMAL_PROFILE)  # nopep8

        if not self._user.profile.id >= invite_minimal_profile.group_id:
            return False

        return True
Beispiel #30
0
 def test_proxy_workspace_agenda__ok__nominal_case(self) -> None:
     dbsession = get_tm_session(self.session_factory, transaction.manager)
     admin = dbsession.query(User).filter(
         User.email == "*****@*****.**").one()
     uapi = UserApi(current_user=admin,
                    session=dbsession,
                    config=self.app_config)
     gapi = GroupApi(current_user=admin,
                     session=dbsession,
                     config=self.app_config)
     groups = [gapi.get_one_with_name("users")]
     user = uapi.create_user(
         "*****@*****.**",
         password="******",
         do_save=True,
         do_notify=False,
         groups=groups,
     )
     workspace_api = WorkspaceApi(current_user=admin,
                                  session=dbsession,
                                  config=self.app_config,
                                  show_deleted=True)
     workspace = workspace_api.create_workspace("test", save_now=True)
     workspace.agenda_enabled = True
     rapi = RoleApi(current_user=admin,
                    session=dbsession,
                    config=self.app_config)
     rapi.create_one(user, workspace, UserRoleInWorkspace.CONTENT_MANAGER,
                     False)
     transaction.commit()
     self.testapp.authorization = ("Basic", ("*****@*****.**",
                                             "*****@*****.**"))
     self.testapp.get("/agenda/workspace/{}/".format(
         workspace.workspace_id),
                      status=404)
     event = VALID_CALDAV_BODY_PUT_EVENT
     self.testapp.put(
         "/agenda/workspace/{}/".format(workspace.workspace_id),
         event,
         content_type="text/agenda",
         status=201,
     )
     self.testapp.get("/agenda/workspace/{}/".format(
         workspace.workspace_id),
                      status=200)
     self.testapp.delete("/agenda/workspace/{}/".format(
         workspace.workspace_id),
                         status=200)
Beispiel #31
0
 def test_unit__get_all_manageable(self):
     admin = self.session.query(User) \
         .filter(User.email == '*****@*****.**').one()
     uapi = UserApi(
         session=self.session,
         current_user=admin,
         config=self.app_config,
     )
     # Checks a case without workspaces.
     wapi = WorkspaceApi(
         session=self.session,
         current_user=admin,
         config=self.app_config,
     )
     eq_([], wapi.get_all_manageable())
     # Checks an admin gets all workspaces.
     w4 = wapi.create_workspace(label='w4')
     w3 = wapi.create_workspace(label='w3')
     w2 = wapi.create_workspace(label='w2')
     w1 = wapi.create_workspace(label='w1')
     eq_([w1, w2, w3, w4], wapi.get_all_manageable())
     # Checks a regular user gets none workspace.
     gapi = GroupApi(
         session=self.session,
         current_user=None,
         config=self.app_config,
     )
     u = uapi.create_minimal_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True)
     wapi = WorkspaceApi(
         session=self.session,
         current_user=u,
         config=self.app_config,
     )
     rapi = RoleApi(
         session=self.session,
         current_user=None,
         config=self.app_config,
     )
     rapi.create_one(u, w4, UserRoleInWorkspace.READER, False)
     rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, False)
     rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, False)
     rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
     eq_([], wapi.get_all_manageable())
     # Checks a manager gets only its own workspaces.
     u.groups.append(gapi.get_one(Group.TIM_MANAGER))
     rapi.delete_one(u.user_id, w2.workspace_id)
     rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
     eq_([w1, w2], wapi.get_all_manageable())
Beispiel #32
0
    def allowed_to_invite_new_user(self, email: str) -> bool:
        # INFO - G.M - 2018-10-25 - disallow account creation if no
        # email provided or email_notification disabled.
        if not email:
            return False
        if not self._config.EMAIL_NOTIFICATION_ACTIVATED:
            return False
        # INFO - G.M - 2018-10-25 - do not allow all profile to invite new user
        gapi = GroupApi(self._session, self._user, self._config)
        invite_minimal_profile = gapi.get_one_with_name(
            group_name=self._config.INVITE_NEW_USER_MINIMAL_PROFILE)  # nopep8

        if not self._user.profile.id >= invite_minimal_profile.group_id:
            return False

        return True
Beispiel #33
0
 def test_unit__authenticate_user___err__user_not_active(self):
     api = UserApi(current_user=None, session=self.session, config=self.app_config)
     gapi = GroupApi(current_user=None, session=self.session, config=self.app_config)
     groups = [gapi.get_one_with_name("users")]
     user = api.create_user(
         email="*****@*****.**",
         password="******",
         name="bob",
         groups=groups,
         timezone="Europe/Paris",
         do_save=True,
         do_notify=False,
     )
     api.disable(user)
     with pytest.raises(AuthenticationFailed):
         api.authenticate("*****@*****.**", "*****@*****.**")
Beispiel #34
0
    def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(User) \
            .filter(User.email == '*****@*****.**') \
            .one()
        uapi = UserApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        test_user = uapi.create_user(
            email='*****@*****.**',
            password='******',
            name='bob',
            groups=groups,
            timezone='Europe/Paris',
            lang='en',
            do_save=True,
            do_notify=False,
        )
        uapi.save(test_user)
        uapi.disable(test_user)
        transaction.commit()
        self.testapp.authorization = (
            'Basic',
            (
                '*****@*****.**',
                'password'
            )
        )

        res = self.testapp.get('/api/v2/auth/whoami', status=401)
        assert isinstance(res.json, dict)
        assert 'code' in res.json.keys()
        # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema
        assert res.json_body['code'] is None
        assert 'message' in res.json.keys()
        assert 'details' in res.json.keys()
Beispiel #35
0
    def test_functional__webdav_access_to_workspace__nominal_case(self) -> None:
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(User) \
            .filter(User.email == '*****@*****.**') \
            .one()
        uapi = UserApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        user = uapi.create_user('*****@*****.**', password='******',
                                do_save=True, do_notify=False,
                                groups=groups)  # nopep8
        workspace_api = WorkspaceApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
            show_deleted=True,
        )
        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
        rapi = RoleApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        rapi.create_one(user, workspace, UserRoleInWorkspace.READER,
                        False)  # nopep8
        transaction.commit()

        self.testapp.authorization = (
            'Basic',
            (
                '*****@*****.**',
                '*****@*****.**'
            )
        )
        res = self.testapp.get('/test', status=200)
Beispiel #36
0
    def test_api__try_login_enpoint__err_401__user_not_activated(self):
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(User) \
            .filter(User.email == '*****@*****.**') \
            .one()
        uapi = UserApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        test_user = uapi.create_user(
            email='*****@*****.**',
            password='******',
            name='bob',
            groups=groups,
            timezone='Europe/Paris',
            do_save=True,
            do_notify=False,
        )
        uapi.save(test_user)
        uapi.disable(test_user)
        transaction.commit()

        params = {
            'email': '*****@*****.**',
            'password': '******',
        }
        res = self.testapp.post_json(
            '/api/v2/auth/login',
            params=params,
            status=403,
        )
        assert res.json_body
        assert 'code' in res.json_body
        assert res.json_body['code'] == error.AUTHENTICATION_FAILED
Beispiel #37
0
    def test_api__try_login_enpoint__err_401__user_not_activated(self):
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(models.User) \
            .filter(models.User.email == '*****@*****.**') \
            .one()
        uapi = UserApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        test_user = uapi.create_user(
            email='*****@*****.**',
            password='******',
            name='bob',
            groups=groups,
            timezone='Europe/Paris',
            do_save=True,
            do_notify=False,
        )
        uapi.save(test_user)
        uapi.disable(test_user)
        transaction.commit()

        params = {
            'email': '*****@*****.**',
            'password': '******',
        }
        res = self.testapp.post_json(
            '/api/v2/auth/login',
            params=params,
            status=403,
        )
        assert res.json_body
        assert 'code' in res.json_body
        assert res.json_body['code'] == error.AUTHENTICATION_FAILED
Beispiel #38
0
 def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
     dbsession = get_tm_session(self.session_factory, transaction.manager)
     admin = dbsession.query(User) \
         .filter(User.email == '*****@*****.**') \
         .one()
     uapi = UserApi(
         current_user=admin,
         session=dbsession,
         config=self.app_config,
     )
     gapi = GroupApi(
         current_user=admin,
         session=dbsession,
         config=self.app_config,
     )
     groups = [gapi.get_one_with_name('users')]
     test_user = uapi.create_user(
         email='*****@*****.**',
         password='******',
         name='bob',
         groups=groups,
         timezone='Europe/Paris',
         do_save=True,
         do_notify=False,
     )
     uapi.save(test_user)
     uapi.disable(test_user)
     transaction.commit()
     headers_auth = {
             'Tracim-Api-Key': 'mysuperapikey',
             'Tracim-Api-Login': '******',
     }
     res = self.testapp.get(
         '/api/v2/auth/whoami',
         status=401,
         headers=headers_auth
     )
     assert isinstance(res.json, dict)
     assert 'code' in res.json.keys()
     assert res.json_body['code'] is None
Beispiel #39
0
    def test_unit__disable_user___ok__nominal_case(self):
        api = UserApi(
            current_user=None,
            session=self.session,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=None,
            session=self.session,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        user = api.create_user(
            email='*****@*****.**',
            password='******',
            name='bob',
            groups=groups,
            timezone='Europe/Paris',
            do_save=True,
            do_notify=False,
        )
        user2 = api.create_user(
            email='*****@*****.**',
            password='******',
            name='bob2',
            groups=groups,
            timezone='Europe/Paris',
            do_save=True,
            do_notify=False,
        )

        api2 = UserApi(current_user=user,
                       session=self.session,
                       config=self.app_config)
        from tracim_backend.exceptions import UserCantDisableHimself
        api2.disable(user2)
        updated_user2 = api.get_one(user2.user_id)
        assert updated_user2.is_active == False
        assert updated_user2.user_id == user2.user_id
        assert updated_user2.email == user2.email
Beispiel #40
0
 def set_profile(self, context, request: TracimRequest, hapic_data=None):
     """
     set user profile
     """
     app_config = request.registry.settings['CFG']
     uapi = UserApi(
         current_user=request.current_user,  # User
         session=request.dbsession,
         config=app_config,
     )
     gapi = GroupApi(
         current_user=request.current_user,  # User
         session=request.dbsession,
         config=app_config,
     )
     groups = [gapi.get_one_with_name(hapic_data.body.profile)]
     uapi.update(
         user=request.candidate_user,
         groups=groups,
         do_save=True,
     )
     return
Beispiel #41
0
    def test_unit__disable_user___ok__nominal_case(self):
        api = UserApi(
            current_user=None,
            session=self.session,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=None,
            session=self.session,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        user = api.create_user(
            email='*****@*****.**',
            password='******',
            name='bob',
            groups=groups,
            timezone='Europe/Paris',
            do_save=True,
            do_notify=False,
        )
        user2 = api.create_user(
            email='*****@*****.**',
            password='******',
            name='bob2',
            groups=groups,
            timezone='Europe/Paris',
            do_save=True,
            do_notify=False,
        )

        api2 = UserApi(current_user=user,session=self.session, config=self.app_config)
        from tracim_backend.exceptions import UserCantDisableHimself
        api2.disable(user2)
        updated_user2 = api.get_one(user2.user_id)
        assert updated_user2.is_active == False
        assert updated_user2.user_id == user2.user_id
        assert updated_user2.email == user2.email
Beispiel #42
0
 def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
     dbsession = get_tm_session(self.session_factory, transaction.manager)
     admin = dbsession.query(models.User) \
         .filter(models.User.email == '*****@*****.**') \
         .one()
     uapi = UserApi(
         current_user=admin,
         session=dbsession,
         config=self.app_config,
     )
     gapi = GroupApi(
         current_user=admin,
         session=dbsession,
         config=self.app_config,
     )
     groups = [gapi.get_one_with_name('users')]
     test_user = uapi.create_user(
         email='*****@*****.**',
         password='******',
         name='bob',
         groups=groups,
         timezone='Europe/Paris',
         do_save=True,
         do_notify=False,
     )
     uapi.save(test_user)
     uapi.disable(test_user)
     transaction.commit()
     headers_auth = {
         'Tracim-Api-Key': 'mysuperapikey',
         'Tracim-Api-Login': '******',
     }
     res = self.testapp.get('/api/v2/auth/whoami',
                            status=401,
                            headers=headers_auth)
     assert isinstance(res.json, dict)
     assert 'code' in res.json.keys()
     assert res.json_body['code'] is None
Beispiel #43
0
    def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
        dbsession = get_tm_session(self.session_factory, transaction.manager)
        admin = dbsession.query(models.User) \
            .filter(models.User.email == '*****@*****.**') \
            .one()
        uapi = UserApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        gapi = GroupApi(
            current_user=admin,
            session=dbsession,
            config=self.app_config,
        )
        groups = [gapi.get_one_with_name('users')]
        test_user = uapi.create_user(
            email='*****@*****.**',
            password='******',
            name='bob',
            groups=groups,
            timezone='Europe/Paris',
            lang='en',
            do_save=True,
            do_notify=False,
        )
        uapi.save(test_user)
        uapi.disable(test_user)
        transaction.commit()
        self.testapp.authorization = ('Basic', ('*****@*****.**', 'pass'))

        res = self.testapp.get('/api/v2/auth/whoami', status=401)
        assert isinstance(res.json, dict)
        assert 'code' in res.json.keys()
        # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema
        assert res.json_body['code'] is None
        assert 'message' in res.json.keys()
        assert 'details' in res.json.keys()
Beispiel #44
0
    def create_minimal_user(self, email, groups=[], save_now=False) -> User:
        """Previous create_user method"""
        self._check_email(email)
        user = User()
        user.email = email
        user.display_name = email.split('@')[0]

        if not groups:
            gapi = GroupApi(
                current_user=self._user,  # User
                session=self._session,
                config=self._config,
            )
            groups = [gapi.get_one(Group.TIM_USER)]
        for group in groups:
            user.groups.append(group)

        self._session.add(user)

        if save_now:
            self._session.flush()

        return user
Beispiel #45
0
 def set_profile(self, context, request: TracimRequest, hapic_data=None):
     """
     set user profile
     """
     app_config = request.registry.settings['CFG']
     uapi = UserApi(
         current_user=request.current_user,  # User
         session=request.dbsession,
         config=app_config,
     )
     gapi = GroupApi(
         current_user=request.current_user,  # User
         session=request.dbsession,
         config=app_config,
     )
     groups = [gapi.get_one_with_name(hapic_data.body.profile)]
     uapi.update(
         user=request.candidate_user,
         auth_type=request.candidate_user.auth_type,
         groups=groups,
         do_save=True,
     )
     return
Beispiel #46
0
 def test_unit__authenticate_user___err__user_not_active(self):
     api = UserApi(
         current_user=None,
         session=self.session,
         config=self.app_config,
     )
     gapi = GroupApi(
         current_user=None,
         session=self.session,
         config=self.app_config,
     )
     groups = [gapi.get_one_with_name('users')]
     user = api.create_user(
         email='*****@*****.**',
         password='******',
         name='bob',
         groups=groups,
         timezone='Europe/Paris',
         do_save=True,
         do_notify=False,
     )
     api.disable(user)
     with pytest.raises(AuthenticationFailed):
         api.authenticate('*****@*****.**', '*****@*****.**')