def test_auth_owns_pretend(self):
u, p = self._create_ad_user()
rando = fh.create_user()
u2 = fh.create_user()
adm = fh.create_user(is_admin=True)
assert auth_owns_fn_user(u, p)
assert auth_owns_fn_actual_user(u, p)
assert auth_enforce_owns_fn(u, p)
assert auth_owns_fn_user(adm, p)
assert self.throws_exception(lambda: auth_owns_fn_user(u2, p)).code == FORBIDDEN
assert self.throws_exception(lambda: auth_enforce_owns_fn(u2, p)).code == FORBIDDEN
def test_bool(self):
u2 = fh.create_user(is_admin=True)
self.flush()
self.login(u2)
r = self.client_async(self.url,{'abool': 'on'})
assert r.results.abool == True
def test_api_prologue_exception(self):
"""
Verifies that an ApiPrologueException is handled properly
"""
user = fh.create_user()
self.flush()
self.login(user)
# The bad version in this url will force an ApiPrologueException in the dispatcher
bad_url = '/api/vA/user/set_pref'
params = {'key': 'asd', 'value': 'omgwow'}
response = self.client_async(bad_url, params, status=501, assert_success=False)
assert 'Invalid version' in response.results.errors[0].message
# no function!
url = '/api/v1/user/meow'
params = {}
response = self.client_async(url, params, status=501, assert_success=False)
assert 'user.meow not implemented' in response.results.errors[0].message
# no module!
url = '/api/v1/rawr/meow'
params = {}
response = self.client_async(url, params, status=501, assert_success=False)
assert 'rawr.meow not implemented' in response.results.errors[0].message
def test_auth(self):
# not an admin
u = fh.create_user()
self.flush()
self.login(u)
r = self.client_async(self.url,{}, status=403, assert_success=False)
assert r.errors[0].code == FORBIDDEN
def test_value_error(self):
"""
Verifies that a ValueError is handled properly
"""
# we cant create a new user because of the rollback when there is an error.
user = fh.create_user(is_admin=True)
self.flush()
self.login(user)
# Force a ValueError with a bad budget value
params = {'anint': 'not an int'}
response = self.client_async(self.url, params, status=500, assert_success=False)
assert 'int()' in response.results.errors[0].message
def test_timer_proxy(self):
u = fh.create_user()
self.flush()
self.login(u)
response = self.post(self.form_url, {"a_number": 32, "a_string": "aodij"})
assert response.tmpl_context.show_debug == False
assert response.tmpl_context.queries == ""
u = fh.create_user(is_admin=True)
self.flush()
self.login(u)
response = self.post(self.form_url, {"a_number": 32, "a_string": "aodij"})
assert response.tmpl_context.show_debug == True
assert len(response.tmpl_context.queries) == 3
assert response.tmpl_context.querie_time > 0.0
for q, t in response.tmpl_context.queries:
assert q
assert t > 0.0
def test_edit(self):
own = fh.create_user()
rando = fh.create_user()
a = fh.create_user(is_admin=True)
self.flush()
u = api.user.edit(own, own, own, first_name='omgwow', default_timezone=0, is_active='f', role='admin')
assert u.id == own.id
assert u.first_name == 'omgwow'
assert u.is_active == True
assert u.role == 'user'
assert 'London' in u.default_timezone
u = api.user.edit(a, a, own, last_name='yeah')
assert u.id == own.id
u = api.user.edit(a, a, own, is_active='f', role='admin')
assert u.id == own.id
assert u.is_active == False
assert u.role == 'admin'
assert self.throws_exception(lambda: api.user.edit(rando, rando, own, first_name='m')).code == NOT_FOUND
assert self.throws_exception(lambda: api.user.edit(a, a, None, first_name='s')).code == NOT_FOUND
def test_field_editor(self):
u = fh.create_user()
adm = fh.create_user(is_admin=True)
class SomeForm(formencode.Schema):
things = fv.Number(not_empty=False, min=0)
yo_mammas = fv.Int(not_empty=False, min=0)
admin_only = fv.Int(not_empty=False, min=0)
error_1 = fv.UnicodeString(not_empty=False)
error_2 = fv.UnicodeString(not_empty=False)
edit_fields = ['things', 'yo_mammas', 'error_1', 'error_2']
admin_edit_fields = ['admin_only']
class Editor(FieldEditor):
def __init__(self):
super(Editor, self).__init__(edit_fields, admin_edit_fields, SomeForm)
def edit_error_1(self, actual_user, user, obj, key, value):
raise ClientException('error_1')
def edit_error_2(self, actual_user, user, obj, key, value):
raise ClientException('error_2')
def edit_things(self, actual_user, user, obj, key, value):
assert actual_user
assert user
assert key == 'things'
obj['things'] = value
def edit_random(self, actual_user, user, obj, key, value):
obj['random'] = value
def edit_admin_only(self, actual_user, user, obj, key, value):
assert key == 'admin_only'
obj['admin_only'] = value
#not defining yo_mammas intentionally
editor = Editor()
#basic case, non admin
obj = {}
editor.edit(u, u, obj, things='3.0')
assert obj['things'] == 3.0
obj = {}
editor.edit(u, u, obj, key='things', value='4.0')
assert obj['things'] == 4.0
#basic case, admin, multiple fields
obj = {}
editor.edit(adm, u, obj, things='5.0', admin_only=34)
assert obj['things'] == 5.0
assert obj['admin_only'] == 34
#FAIL case, non-admin. will not edit admin!
obj = {}
editor.edit(u, u, obj, things='5.0', admin_only=34)
assert obj['things'] == 5.0
assert 'admin_only' not in obj
# should not run the validator on the admin_only field
editor.edit(u, u, obj, things='5.0', admin_only='dont breaK!')
assert obj['things'] == 5.0
assert 'admin_only' not in obj
ce = (ClientException,)
#FAIL case, empty
assert self.throws_exception(lambda: editor.edit(u, u, obj), types=ce).code == INCOMPLETE
#FAIL case, dont edit random stuff we dont care about
obj = {}
assert self.throws_exception(lambda: editor.edit(u, u, obj, random='poo'), types=ce).code == INCOMPLETE
assert not obj
assert self.throws_exception(lambda: editor.edit(u, u, obj, admin_only='poo'), types=ce).code == INCOMPLETE
assert not obj
editor.edit(u, u, obj, things=4.5, random='poo')
assert 'things' in obj
assert 'random' not in obj
editor.edit(u, u, obj, things=4.5, random_foo='poo')
assert 'things' in obj
assert 'random_foo' not in obj
#this cant call the function cause it isnt defined
obj = {}
assert self.throws_exception(lambda: editor.edit(u, u, obj, yo_mammas='2'), types=(AppException,)).code == INCOMPLETE
exc = self.throws_exception(lambda: editor.edit(u, u, obj, error_1='blah', error_2='blah'), types=(CompoundException,))
assert exc.has_exceptions
assert len(exc.exceptions) == 2
assert 'error_1' in [e.msg for e in exc.exceptions]
assert 'error_2' in [e.msg for e in exc.exceptions]
##
#validation!
##
i = (formencode.validators.Invalid,)
exc = self.throws_exception(lambda: editor.edit(u, u, obj, things='asd', yo_mammas='qw'), types=i)
assert exc
assert len(exc.error_dict.keys()) == 2
assert 'things' in exc.error_dict.keys()
assert 'yo_mammas' in exc.error_dict.keys()
def test_auth_admin(self):
u = fh.create_user()
adm = fh.create_user(is_admin=True)
assert auth_admin_fn(adm)
assert self.throws_exception(lambda: auth_admin_fn(u)).code == FORBIDDEN
def _create_ad_user(self, make_admin=False):
u = make_admin and fh.create_user(is_admin=True) or fh.create_user()
p = u.set_preference(u'omg', u'wow')
return u, p