def test_admin_scoped_token_can_create_and_send_email(
self, mock_auth, mock_mail):
token = ApiOAuth2PersonalToken(owner=self.user,
name='Admin Token',
scopes='osf.admin')
mock_cas_resp = CasResponse(authenticated=True,
user=self.user._id,
attributes={
'accessToken':
token.token_id,
'accessTokenScope':
[s for s in token.scopes.split(' ')]
})
mock_auth.return_value = self.user, mock_cas_resp
assert_equal(
User.find(Q('username', 'eq', self.unconfirmed_email)).count(), 0)
res = self.app.post_json_api(
'{}?send_email=true'.format(self.base_url),
self.data,
headers={'Authorization': 'Bearer {}'.format(token.token_id)})
assert_equal(res.status_code, 201)
assert_equal(res.json['data']['attributes']['username'],
self.unconfirmed_email)
assert_equal(
User.find(Q('username', 'eq', self.unconfirmed_email)).count(), 1)
assert_equal(mock_mail.call_count, 1)
def test_properly_scoped_token_can_create_without_username_but_not_send_email(
self, mock_auth, mock_mail):
token = ApiOAuth2PersonalToken(owner=self.user,
name='Authorized Token',
scopes='osf.users.create')
mock_cas_resp = CasResponse(authenticated=True,
user=self.user._id,
attributes={
'accessToken':
token.token_id,
'accessTokenScope':
[s for s in token.scopes.split(' ')]
})
mock_auth.return_value = self.user, mock_cas_resp
self.data['data']['attributes'] = {'full_name': 'No Email'}
assert_equal(User.find(Q('fullname', 'eq', 'No Email')).count(), 0)
res = self.app.post_json_api(
'{}?send_email=true'.format(self.base_url),
self.data,
headers={'Authorization': 'Bearer {}'.format(token.token_id)})
assert_equal(res.status_code, 201)
assert_equal(res.json['data']['attributes']['username'], None)
assert_equal(User.find(Q('fullname', 'eq', 'No Email')).count(), 1)
assert_equal(mock_mail.call_count, 0)
def test_improperly_scoped_token_can_not_create_or_email(
self, mock_auth, mock_mail):
token = ApiOAuth2PersonalToken(owner=self.user,
name='Unauthorized Token',
scopes='osf.full_write')
mock_cas_resp = CasResponse(authenticated=True,
user=self.user._id,
attributes={
'accessToken':
token.token_id,
'accessTokenScope':
[s for s in token.scopes.split(' ')]
})
mock_auth.return_value = self.user, mock_cas_resp
assert_equal(
User.find(Q('username', 'eq', self.unconfirmed_email)).count(), 0)
res = self.app.post_json_api(
'{}?send_email=true'.format(self.base_url),
self.data,
headers={'Authorization': 'Bearer {}'.format(token.token_id)},
expect_errors=True)
assert_equal(res.status_code, 403)
assert_equal(
User.find(Q('username', 'eq', self.unconfirmed_email)).count(), 0)
assert_equal(mock_mail.call_count, 0)
def test_admin_scoped_token_has_admin(self, mock_auth):
token = ApiOAuth2PersonalToken(owner=self.user,
name='Admin Token',
scopes='osf.admin')
mock_cas_resp = CasResponse(authenticated=True,
user=self.user._id,
attributes={
'accessToken':
token.token_id,
'accessTokenScope':
[s for s in token.scopes.split(' ')]
})
mock_auth.return_value = self.user, mock_cas_resp
res = self.app.get(
self.url,
headers={'Authorization': 'Bearer {}'.format(token.token_id)})
assert_equal(res.status_code, 200)
assert_equal(res.json['meta']['admin'], True)