Ejemplo n.º 1
0
def college_info(collegeid):
    ah = AuthHelper(request)
    c = College(collegeid)
    if ah.auth_will_succeed and c in ah.user.colleges or ah.user.is_blueshirt:
        response = {}
        response["name"] = c.name
        response["teams"] = [t.name for t in c.teams]
        au = ah.user
        if c in au.colleges:
            response["users"] = [
                m.username for m in c.users if au.can_administrate(m)
            ]

        return json.dumps(response), 200

    else:
        return ah.auth_error_json, 403
Ejemplo n.º 2
0
def user_details(userid):
    ah = AuthHelper(request)

    if not (ah.auth_will_succeed and ah.user.can_view(userid)):
        return ah.auth_error_json, 403

    user = User.create_user(userid)
    details = user.details_dictionary_for(ah.user)

    if 'email' in details:
        """Then the requesting user can view the emails -- also tell them
        about any pending changes."""
        email_change_rq = PendingEmail(user.username)
        if email_change_rq.in_db:
            new_email = email_change_rq.new_email
            if new_email != details['email']:
                details['new_email'] = new_email
    return json.dumps(details), 200
Ejemplo n.º 3
0
def set_user_details(userid):
    ah = AuthHelper(request)

    if not (ah.auth_will_succeed and ah.user.can_administrate(userid)):
        return ah.auth_error_json, 403

    user_to_update = User.create_user(userid)
    if request.form.has_key("new_email") and not ah.user.is_blueshirt:
        new_email = request.form["new_email"]
        request_new_email(user_to_update, new_email)
    # Students aren't allowed to update their own names
    # at this point, if the ah.user is valid, we know it's a self-edit
    if request.form.has_key(
            "new_first_name"
    ) and not ah.user.is_student and request.form["new_first_name"] != '':
        user_to_update.set_first_name(request.form["new_first_name"])
    if request.form.has_key(
            "new_last_name"
    ) and not ah.user.is_student and request.form["new_last_name"] != '':
        user_to_update.set_last_name(request.form["new_last_name"])
    if request.form.has_key("new_team"):
        team = request.form["new_team"]
        if (not user_to_update.is_blueshirt) and ah.user.manages_team(team):
            user_to_update.set_team(team)
    if request.form.has_key(
            "new_type") and ah.user.is_teacher and user_to_update != ah.user:
        if request.form["new_type"] == 'student':
            user_to_update.make_student()
        elif request.form["new_type"] == 'team-leader':
            user_to_update.make_teacher()
    if request.form.has_key("withdrawn") and request.form['withdrawn'] == 'true' \
        and ah.user.can_withdraw(user_to_update):
        user_to_update.withdraw()

    user_to_update.save()

    # Do this separately and last because it makes an immediate change
    # to the underlying database, rather than waiting for save().
    if request.form.has_key("new_password"):
        user_to_update.set_password(request.form["new_password"])

    return '{}', 200
Ejemplo n.º 4
0
def colleges():
    ah = AuthHelper(request)
    if ah.auth_will_succeed and ah.user.is_blueshirt:
        return json.dumps({"colleges": College.all_college_names()})
    else:
        return ah.auth_error_json, 403
Ejemplo n.º 5
0
    def wrapper(*args, **kwargs):
        ah = AuthHelper(request)
        if not ah.auth_will_succeed:
            return ah.auth_error_json, 403

        return func(ah.user, *args, **kwargs)
Ejemplo n.º 6
0
def test_authhelper_will_succeed_all_right():
    x = AuthHelper(FakeRequest("blueshirt", "blueshirt"))
    assert x.auth_will_succeed
Ejemplo n.º 7
0
def test_authhelper_will_succeed_wrong_password():
    x = AuthHelper(FakeRequest("blueshirt", "bees"))
    assert not x.auth_will_succeed
Ejemplo n.º 8
0
def test_authhelper_produces_correct_user_from_wrong_case():
    x = AuthHelper(FakeRequest("Student_Coll1_1", "cows"))
    assert x.user.username == "student_coll1_1"
Ejemplo n.º 9
0
def test_authhelper_produces_null_user():
    x = AuthHelper(FakeRequest("owiefjwqoi", "blueshirt"))
    assert not x.user.is_blueshirt
Ejemplo n.º 10
0
def test_authhelper_produces_correct_user():
    x = AuthHelper(FakeRequest("blueshirt", "blueshirt"))
    assert x.user.is_blueshirt
Ejemplo n.º 11
0
def test_authhelper_finds_right_password():
    x = AuthHelper(FakeRequest("student_coll1_1", "cows"))
    assert x.password_correct
Ejemplo n.º 12
0
def test_authhelper_finds_wrong_password():
    x = AuthHelper(FakeRequest("student_coll1_1", "wrong_password"))
    assert not x.password_correct
Ejemplo n.º 13
0
def test_authhelper_finds_valid_users():
    x = AuthHelper(FakeRequest("student_coll1_1", "wrong_password"))
    assert x.user_exists
Ejemplo n.º 14
0
def test_authhelper_finds_invalid_users():
    x = AuthHelper(FakeRequest("wrong_user", "wrong_password"))
    assert not x.user_exists
Ejemplo n.º 15
0
def test_authhelper_will_succeed_no_form():
    x = AuthHelper(FakeRequest())
    assert not x.auth_will_succeed
Ejemplo n.º 16
0
def register_user():
    ah = AuthHelper(request)

    if not ah.auth_will_succeed:
        return ah.auth_error_json, 403

    requesting_user = ah.user
    if not requesting_user.can_register_users:
        return json.dumps({"error": "YOU_CANT_REGISTER_USERS"}), 403

    teacher_username = requesting_user.username
    college_group = request.form["college"].strip()
    first_name = request.form["first_name"].strip()
    last_name = request.form["last_name"].strip()
    email = request.form["email"].strip()
    team = request.form["team"].strip()

    if College(college_group) not in requesting_user.colleges:
        return json.dumps({"error": "BAD_COLLEGE"}), 403

    if team not in [t.name for t in College(college_group).teams]:
        return json.dumps({"error": "BAD_TEAM"}), 403

    if not helpers.is_email_valid(email):
        return json.dumps({"error": "BAD_EMAIL"}), 403

    if not helpers.is_name_valid(first_name):
        return json.dumps({"error": "BAD_FIRST_NAME"}), 403

    if not helpers.is_name_valid(last_name):
        return json.dumps({"error": "BAD_LAST_NAME"}), 403

    if User.name_used(first_name, last_name) or helpers.email_used(email):
        return json.dumps({"error": "DETAILS_ALREADY_USED"}), 403

    u = User.create_new_user(requesting_user, college_group, first_name,
                             last_name)
    verify_code = helpers.create_verify_code(u.username, email)

    pu = PendingUser(u.username)
    pu.teacher_username = teacher_username
    pu.college = college_group
    pu.email = email
    pu.team = team
    pu.verify_code = verify_code
    pu.save()

    log_action('registering user', pu)

    url = url_for('activate_account',
                  username=u.username,
                  code=verify_code,
                  _external=True)
    pu.send_welcome_email(first_name, url)

    rqu_email_vars = {
        'name': requesting_user.first_name,
        'pu_first_name': first_name,
        'pu_last_name': last_name,
        'pu_username': pu.username,
        'pu_college': College(pu.college).name,
        'pu_email': pu.email,
        'pu_team': pu.team
    }
    mailer.email_template(requesting_user.email, 'user_requested',
                          rqu_email_vars)

    return "{}", 202
Ejemplo n.º 17
0
def test_authhelper_finds_right_password_wrong_case_username():
    x = AuthHelper(FakeRequest("Student_Coll1_1", "cows"))
    assert x.password_correct