def test_increment_user_activity_counters(self):
user = UserFactory()
date = timezone.now()
assert_equal(user.get_activity_points(db=None), 0)
analytics.increment_user_activity_counters(user._id, 'project_created', date.isoformat(), db=None)
assert_equal(user.get_activity_points(db=None), 1)
class TestDisableUser(AdminTestCase):
def setUp(self):
self.user = UserFactory()
self.request = RequestFactory().post('/fake_path')
self.view = views.UserDeleteView
self.view = setup_log_view(self.view, self.request, guid=self.user._id)
def test_get_object(self):
obj = self.view().get_object()
nt.assert_is_instance(obj, OSFUser)
def test_get_context(self):
res = self.view().get_context_data(object=self.user)
nt.assert_in('guid', res)
nt.assert_equal(res.get('guid'), self.user._id)
def test_disable_user(self):
settings.ENABLE_EMAIL_SUBSCRIPTIONS = False
count = AdminLogEntry.objects.count()
self.view().delete(self.request)
self.user.reload()
nt.assert_true(self.user.is_disabled)
nt.assert_equal(AdminLogEntry.objects.count(), count + 1)
def test_reactivate_user(self):
settings.ENABLE_EMAIL_SUBSCRIPTIONS = False
self.view().delete(self.request)
count = AdminLogEntry.objects.count()
self.view().delete(self.request)
self.user.reload()
nt.assert_false(self.user.is_disabled)
nt.assert_equal(AdminLogEntry.objects.count(), count + 1)
def test_no_user(self):
view = setup_view(views.UserDeleteView(), self.request, guid='meh')
with nt.assert_raises(Http404):
view.delete(self.request)
def test_no_user_permissions_raises_error(self):
user = UserFactory()
guid = user._id
request = RequestFactory().get(reverse('users:disable', kwargs={'guid': guid}))
request.user = user
with self.assertRaises(PermissionDenied):
self.view.as_view()(request, guid=guid)
def test_correct_view_permissions(self):
user = UserFactory()
guid = user._id
change_permission = Permission.objects.get(codename='change_osfuser')
user.user_permissions.add(change_permission)
user.save()
request = RequestFactory().get(reverse('users:disable', kwargs={'guid': guid}))
request.user = user
response = self.view.as_view()(request, guid=guid)
self.assertEqual(response.status_code, 200)
def test_revoke_remote_access_not_called(self):
user2 = UserFactory()
user2.external_accounts.add(self.external_account)
user2.save()
with mock.patch.object(self.user_settings, 'revoke_remote_oauth_access') as mock_revoke:
with mock_auth(self.user):
self.user_settings.revoke_oauth_access(self.external_account)
assert_equal(mock_revoke.call_count, 0)
def test_no_two_emails_to_same_person(self, mock_send):
user = UserFactory()
user.osf_mailing_lists[settings.OSF_HELP_LIST] = True
user.save()
self.queue_mail(user=user)
self.queue_mail(user=user)
main(dry_run=False)
assert_equal(mock_send.call_count, 1)
def test_serialize_user_merged(self):
master = UserFactory()
user = UserFactory()
master.merge_user(user)
d = utils.serialize_user(user, full=True)
assert_true(d['is_merged'])
assert_equal(d['merged_by']['url'], user.merged_by.url)
assert_equal(d['merged_by']['absolute_url'], user.merged_by.absolute_url)
def test_csrf_cookie_gets_set_on_authd_request(self):
user = UserFactory()
# use session auth
session_cookie = user.get_or_create_cookie()
self.app.set_cookie(settings.COOKIE_NAME, str(session_cookie))
res = self.app.get('/settings/')
assert res.status_code == 200
assert api_settings.CSRF_COOKIE_NAME in self.app.cookies
class TestGithubNodeSettings(unittest.TestCase):
def setUp(self):
super(TestGithubNodeSettings, self).setUp()
self.user = UserFactory()
self.user.add_addon('github')
self.user_settings = self.user.get_addon('github')
self.external_account = factories.GitHubAccountFactory()
self.user_settings.owner.external_accounts.add(self.external_account)
self.user_settings.owner.save()
self.node_settings = factories.GitHubNodeSettingsFactory(user_settings=self.user_settings)
@mock.patch('addons.github.api.GitHubClient.delete_hook')
def test_delete_hook(self, mock_delete_hook):
self.node_settings.hook_id = 'hook'
self.node_settings.save()
args = (
self.node_settings.user,
self.node_settings.repo,
self.node_settings.hook_id,
)
res = self.node_settings.delete_hook()
assert_true(res)
mock_delete_hook.assert_called_with(*args)
@mock.patch('addons.github.api.GitHubClient.delete_hook')
def test_delete_hook_no_hook(self, mock_delete_hook):
res = self.node_settings.delete_hook()
assert_false(res)
assert_false(mock_delete_hook.called)
@mock.patch('addons.github.api.GitHubClient.delete_hook')
def test_delete_hook_not_found(self, mock_delete_hook):
self.node_settings.hook_id = 'hook'
self.node_settings.save()
mock_delete_hook.side_effect = NotFoundError
args = (
self.node_settings.user,
self.node_settings.repo,
self.node_settings.hook_id,
)
res = self.node_settings.delete_hook()
assert_false(res)
mock_delete_hook.assert_called_with(*args)
@mock.patch('addons.github.api.GitHubClient.delete_hook')
def test_delete_hook_error(self, mock_delete_hook):
self.node_settings.hook_id = 'hook'
self.node_settings.save()
mock_delete_hook.side_effect = GitHubError(mock.Mock())
args = (
self.node_settings.user,
self.node_settings.repo,
self.node_settings.hook_id,
)
res = self.node_settings.delete_hook()
assert_false(res)
mock_delete_hook.assert_called_with(*args)
def setUp(self):
super(TestMergingAccounts, self).setUp()
self.user = UserFactory.build()
self.user.fullname = "tess' test string"
self.user.set_password('science')
self.user.save()
self.dupe = UserFactory.build()
self.dupe.set_password('example')
self.dupe.save()
def create_fake_user():
email = fake_email()
name = fake.name()
user = UserFactory(username=email, fullname=name,
is_registered=True, emails=[email],
date_registered=fake.date_time(tzinfo=pytz.UTC),
)
user.set_password('faker123')
user.save()
logger.info('Created user: {0} <{1}>'.format(user.fullname, user.username))
return user
def test_serialize_account_status(self):
user = UserFactory()
info = serialize_user(user)
nt.assert_equal(info['disabled'], False)
user.is_disabled = True
info = serialize_user(user)
nt.assert_almost_equal(
int(info['disabled'].strftime('%s')),
int(timezone.now().strftime('%s')),
delta=50)
nt.assert_is_instance(info['disabled'], datetime)
def test_subscribe_fake_email_does_not_throw_validation_error(self, mock_get_mailchimp_api):
list_name = 'foo'
user = UserFactory(username='******')
mock_client = mock.MagicMock()
mock_get_mailchimp_api.return_value = mock_client
mock_client.lists.list.return_value = {'data': [{'id': 1, 'list_name': list_name}]}
mock_client.lists.subscribe.side_effect = mailchimp.ValidationError
mailchimp_utils.subscribe_mailchimp(list_name, user._id)
handlers.celery_teardown_request()
user.reload()
assert_false(user.mailchimp_mailing_lists[list_name])
def test_get_total_activity_count(self):
user = UserFactory()
date = timezone.now()
assert_equal(analytics.get_total_activity_count(user._id), 0)
assert_equal(analytics.get_total_activity_count(user._id), user.get_activity_points())
analytics.increment_user_activity_counters(user._id, 'project_created', date.isoformat())
assert_equal(analytics.get_total_activity_count(user._id), 1)
assert_equal(analytics.get_total_activity_count(user._id), user.get_activity_points())
def setUp(self):
super(TestInstitutionUsersList, self).setUp()
self.institution = InstitutionFactory()
self.user1 = UserFactory()
self.user1.affiliated_institutions.add(self.institution)
self.user1.save()
self.user2 = UserFactory()
self.user2.affiliated_institutions.add(self.institution)
self.user2.save()
self.institution_user_url = '/{0}institutions/{1}/users/'.format(API_BASE, self.institution._id)
def test_region_wb_url_from_creators_defaults(self):
user = UserFactory()
region = factories.RegionFactory()
user_settings = user.get_addon('osfstorage')
user_settings.default_region = region
user_settings.save()
project = ProjectFactory(creator=user)
node_settings = project.get_addon('osfstorage')
assert node_settings.region_id == region.id
def test_swapping_guids(self):
user = UserFactory()
node = NodeFactory()
user_guid = user.guids[0]
node_guid = node.guids[0]
user._id = node_guid._id
node._id = user_guid._id
assert node_guid._id == user._id
assert user_guid._id == node._id
class TestDisabledUser(OsfTestCase):
def setUp(self):
super(TestDisabledUser, self).setUp()
self.user = UserFactory()
self.user.set_password('Korben Dallas')
self.user.is_disabled = True
self.user.save()
def test_profile_disabled_returns_401(self):
res = self.app.get(self.user.url, expect_errors=True)
assert_equal(res.status_code, 410)
def test_serialize_two_factor(self):
user = UserFactory()
info = serialize_user(user)
nt.assert_false(info['two_factor'])
user.get_or_add_addon('twofactor')
info = serialize_user(user)
nt.assert_is_instance(info, dict)
nt.assert_equal(info['name'], user.fullname)
nt.assert_equal(list(info['emails']), list(user.emails.values_list('address', flat=True)))
nt.assert_equal(info['last_login'], user.date_last_login)
nt.assert_equal(len(info['nodes']), 0)
nt.assert_true(info['two_factor'])
def test_serialize_user(self):
master = UserFactory()
user = UserFactory()
master.merge_user(user)
d = utils.serialize_user(user)
assert_equal(d['id'], user._primary_key)
assert_equal(d['url'], user.url)
assert_equal(d.get('username', None), None)
assert_equal(d['fullname'], user.fullname)
assert_equal(d['registered'], user.is_registered)
assert_equal(d['absolute_url'], user.absolute_url)
assert_equal(d['date_registered'], user.date_registered.strftime('%Y-%m-%d'))
assert_equal(d['active'], user.is_active)
def test_correct_view_permissions(self):
user = UserFactory()
guid = user._id
view_permission = Permission.objects.get(codename='view_osfuser')
user.user_permissions.add(view_permission)
user.save()
request = RequestFactory().get(reverse('users:user', kwargs={'guid': guid}))
request.user = user
response = views.UserView.as_view()(request, guid=guid)
self.assertEqual(response.status_code, 200)
def test_must_be_authorizer_false(self):
# Setup
self.project.add_addon('github', auth=None)
node_settings = self.project.get_addon('github')
user2 = UserFactory()
user2.add_addon('github')
user_settings = user2.get_addon('github')
node_settings.user_settings = user_settings
node_settings.save()
# Test
with assert_raises(HTTPError):
self.decorated()
def test_build_create_user_time_conflict(self):
# Test that build and create user factories do not create conflicting usernames
# because they occured quickly
user_email_one = fake_email()
user_email_two = fake_email()
assert user_email_one != user_email_two
user_one_build = UserFactory.build()
user_two_build = UserFactory.build()
assert user_one_build.username != user_two_build.username
user_one_create = UserFactory()
user_two_create = UserFactory()
assert user_one_create.username != user_two_create.username
def test_callback_wrong_user(self):
# Reject temporary credentials not assigned to the user
#
# This prohibits users from associating their external account with
# another user's OSF account by using XSS or similar attack vector to
# complete the OAuth flow using the logged-in user but their own account
# on the external service.
#
# If the OSF were to allow login via OAuth with the provider in question,
# this would allow attackers to hijack OSF accounts with a simple script
# injection.
# mock a successful call to the provider to exchange temp keys for
# permanent keys
responses.add(
responses.Response(
responses.POST,
'http://mock1a.com/callback',
body='oauth_token=perm_token'
'&oauth_token_secret=perm_secret'
'&oauth_callback_confirmed=true',
)
)
user = UserFactory()
account = ExternalAccountFactory(
provider="mock1a",
provider_name='Mock 1A',
oauth_key="temp_key",
oauth_secret="temp_secret"
)
account.save()
# associate this ExternalAccount instance with the user
user.external_accounts.add(account)
user.save()
malicious_user = UserFactory()
# Fake a request context for the callback
with self.app.app.test_request_context(
path="/oauth/callback/mock1a/",
query_string="oauth_token=temp_key&oauth_verifier=mock_verifier"
):
# make sure the user is logged in
authenticate(user=malicious_user, access_token=None, response=None)
with assert_raises(PermissionsError):
# do the key exchange
self.provider.auth_callback(user=malicious_user)
def test_users_list_filter_multiple_fields_with_additional_filters(self):
self.john_doe = UserFactory(fullname='John Doe')
self.john_doe.given_name = 'John'
self.john_doe.family_name = 'Doe'
self.john_doe.save()
self.doe_jane = UserFactory(fullname='Doe Jane')
self.doe_jane.given_name = 'Doe'
self.doe_jane.family_name = 'Jane'
self.doe_jane.save()
url = "/{}users/?filter[given_name,family_name]=Doe&filter[id]={}".format(API_BASE, self.john_doe._id)
res = self.app.get(url)
data = res.json['data']
assert_equal(len(data), 1)
def test_correct_view_permissions(self):
user = UserFactory()
guid = user._id
view_permission = Permission.objects.get(codename='view_osfuser')
spam_permission = Permission.objects.get(codename='view_spam')
user.user_permissions.add(view_permission)
user.user_permissions.add(spam_permission)
user.save()
request = RequestFactory().get(self.url)
request.user = user
response = self.plain_view.as_view()(request, guid=guid)
self.assertEqual(response.status_code, 200)
def test_users_list_filter_multiple_field(self, app, user_one, user_two):
john_doe = UserFactory(fullname='John Doe')
john_doe.given_name = 'John'
john_doe.family_name = 'Doe'
john_doe.save()
doe_jane = UserFactory(fullname='Doe Jane')
doe_jane.given_name = 'Doe'
doe_jane.family_name = 'Jane'
doe_jane.save()
url = '/{}users/?filter[given_name,family_name]=Doe'.format(API_BASE)
res = app.get(url)
data = res.json['data']
assert len(data) == 2
def test_multiple_users_associated(self):
# Create only one ExternalAccount for multiple OSF users
#
# For some providers (ex: GitHub), the act of completing the OAuth flow
# revokes previously generated credentials. In addition, there is often no
# way to know the user's id on the external service until after the flow
# has completed.
#
# Having only one ExternalAccount instance per account on the external
# service means that connecting subsequent OSF users to the same external
# account will not invalidate the credentials used by the OSF for users
# already associated.
user_a = UserFactory()
external_account = ExternalAccountFactory(
provider='mock2',
provider_id='mock_provider_id',
provider_name='Mock Provider',
)
user_a.external_accounts.add(external_account)
user_a.save()
user_b = UserFactory()
# Mock the exchange of the code for an access token
_prepare_mock_oauth2_handshake_response()
# Fake a request context for the callback
with self.app.app.test_request_context(
path="/oauth/callback/mock2/",
query_string="code=mock_code&state=mock_state"
) as ctx:
# make sure the user is logged in
authenticate(user=user_b, access_token=None, response=None)
session.data['oauth_states'] = {
self.provider.short_name: {
'state': 'mock_state',
},
}
session.save()
# do the key exchange
self.provider.auth_callback(user=user_b)
user_a.reload()
user_b.reload()
external_account.reload()
assert_equal(
list(user_a.external_accounts.values_list('pk', flat=True)),
list(user_b.external_accounts.values_list('pk', flat=True)),
)
assert_equal(
ExternalAccount.objects.all().count(),
1
)
def test_unverified_orcid(self):
user = UserFactory.build(is_registered=True)
user.external_identity = {'ORCID': {'fake-orcid': 'SOMETHINGELSE'}}
user.save()
node = format_user(user)
assert {x.attrs['uri'] for x in node.get_related()} == {user.absolute_url, user.profile_image_url()}
def setUp(self):
super(TestCallbacks, self).setUp()
self.project = ProjectFactory.build()
self.consolidated_auth = Auth(self.project.creator)
self.project.creator.save()
self.non_authenticator = UserFactory()
self.non_authenticator.save()
self.project.save()
self.project.add_contributor(
contributor=self.non_authenticator,
auth=self.consolidated_auth,
)
self.project.add_addon('gitlab', auth=self.consolidated_auth)
self.project.creator.add_addon('gitlab')
self.external_account = GitLabAccountFactory()
self.project.creator.external_accounts.add(self.external_account)
self.project.creator.save()
self.node_settings = self.project.get_addon('gitlab')
self.user_settings = self.project.creator.get_addon('gitlab')
self.node_settings.user_settings = self.user_settings
self.node_settings.user = '******'
self.node_settings.repo = 'Sheer-Heart-Attack'
self.node_settings.external_account = self.external_account
self.node_settings.save()
self.node_settings.set_auth
def setUp(self):
self.user = UserFactory()
self.public_node = ProjectFactory(creator=self.user, is_public=True)
self.private_node = ProjectFactory(creator=self.user, is_public=False)
self.request = RequestFactory().post('/fake_path')
self.view = views.SpamUserDeleteView
self.view = setup_log_view(self.view, self.request, guid=self.user._id)
def test_callback(self):
# Exchange temporary credentials for permanent credentials
# mock a successful call to the provider to exchange temp keys for
# permanent keys
httpretty.register_uri(
httpretty.POST,
'http://mock1a.com/callback',
body=(
'oauth_token=perm_token'
'&oauth_token_secret=perm_secret'
'&oauth_callback_confirmed=true'
),
)
user = UserFactory()
# Fake a request context for the callback
ctx = self.app.app.test_request_context(
path='/oauth/callback/mock1a/',
query_string='oauth_token=temp_key&oauth_verifier=mock_verifier',
)
with ctx:
# make sure the user is logged in
authenticate(user=user, access_token=None, response=None)
session.data['oauth_states'] = {
self.provider.short_name: {
'token': 'temp_key',
'secret': 'temp_secret',
},
}
session.save()
# do the key exchange
self.provider.auth_callback(user=user)
account = ExternalAccount.objects.first()
assert_equal(account.oauth_key, 'perm_token')
assert_equal(account.oauth_secret, 'perm_secret')
assert_equal(account.provider_id, 'mock_provider_id')
assert_equal(account.provider_name, 'Mock OAuth 1.0a Provider')
def test_subscribe_called_with_correct_arguments(self, mock_get_mailchimp_api):
list_name = 'foo'
user = UserFactory()
mock_client = mock.MagicMock()
mock_get_mailchimp_api.return_value = mock_client
mock_client.lists.list.return_value = {'data': [{'id': 1, 'list_name': list_name}]}
list_id = mailchimp_utils.get_list_id_from_name(list_name)
mailchimp_utils.subscribe_mailchimp(list_name, user._id)
handlers.celery_teardown_request()
mock_client.lists.subscribe.assert_called_with(
id=list_id,
email={'email': user.username},
merge_vars={
'fname': user.given_name,
'lname': user.family_name,
},
double_optin=False,
update_existing=True,
)
def test_retract_report(self):
user = UserFactory()
time = timezone.now()
self.comment.report_abuse(user,
date=time,
category='spam',
text='ads',
save=True)
assert_equal(self.comment.spam_status, SpamStatus.FLAGGED)
self.comment.retract_report(user, save=True)
assert_equal(self.comment.spam_status, SpamStatus.UNKNOWN)
equivalent = {
'date': time,
'category': 'spam',
'text': 'ads',
'retracted': True
}
assert_in(user._id, self.comment.reports)
assert_equal(self.comment.reports[user._id], equivalent)
def test_unregistered_user_csl(self):
# Tests the csl name for an unregistered user
referrer = UserFactory()
project = NodeFactory(creator=referrer)
user = UnregUserFactory()
user.add_unclaimed_record(project,
given_name=user.fullname, referrer=referrer,
email=fake_email())
user.save()
name = user.unclaimed_records[project._primary_key]['name'].split(' ')
family_name = name[-1]
given_name = ' '.join(name[:-1])
assert bool(
user.csl_name(project._id) ==
{
'given': given_name,
'family': family_name,
}
)
def test_GET_disapprove_with_wrong_admins_token_returns_HTTPBad_Request(self):
admin2 = UserFactory()
Contributor.objects.create(user=admin2, node=self.registration)
self.registration.add_permission(admin2, 'admin', save=True)
self.registration.embargo_registration(
self.user,
timezone.now() + datetime.timedelta(days=10)
)
self.registration.save()
assert_true(self.registration.is_pending_embargo)
wrong_rejection_token = self.registration.embargo.approval_state[admin2._id]['rejection_token']
res = self.app.get(
self.registration.web_url_for('view_project', token=wrong_rejection_token),
auth=self.user.auth,
expect_errors=True
)
assert_true(self.registration.is_pending_embargo)
assert_equal(res.status_code, 400)
def test_serialize_node_summary_private_fork_private_project_should_include_is_fork(
self):
# contributor on a private project
user = UserFactory()
node = ProjectFactory(is_public=False)
node.add_contributor(user)
# contributor cannot see private fork of this project
consolidated_auth = Auth(user=node.creator)
fork = node.fork_node(consolidated_auth)
res = serialize_node_summary(
fork,
auth=Auth(user),
primary=True,
)
# serialized result should have is_fork
assert_false(res['can_view'])
assert_true(res['is_fork'])
def test_cannot_set_email_to_a_user_that_already_exists(self):
reg_user = UserFactory()
name, email = fake.name(), fake_email()
new_user = self.project.add_unregistered_contributor(
email=email, fullname=name, auth=Auth(self.referrer))
self.project.save()
# Goes to claim url and successfully claims account
claim_url = new_user.get_claim_url(self.project._primary_key)
res = self.app.get(claim_url)
self.project.reload()
assert_in('Set Password', res)
form = res.forms['setPasswordForm']
# Fills out an email that is the username of another user
form['username'] = reg_user.username
form['password'] = '******'
form['password2'] = 'killerqueen'
res = form.submit().maybe_follow(expect_errors=True)
assert_in(language.ALREADY_REGISTERED.format(email=reg_user.username),
res)
def test_service_validate(self):
user = UserFactory()
url = furl.furl(self.base_url)
url.path.segments.extend((
'p3',
'serviceValidate',
))
service_url = 'http://test.osf.io'
ticket = fake.md5()
body = make_service_validation_response_body(user, ticket)
responses.add(
responses.Response(
responses.GET,
url.url,
body=body,
status=200,
))
resp = self.client.service_validate(ticket, service_url)
assert_true(resp.authenticated)
def create_fake_user():
email = fake_email()
name = fake.name()
user = UserFactory(
username=email,
fullname=name,
is_registered=True,
emails=[email],
date_registered=fake.date_time(tzinfo=pytz.UTC),
)
user.set_password('faker123')
user.save()
logger.info('Created user: {0} <{1}>'.format(user.fullname, user.username))
return user
class TestTriggeredMails(OsfTestCase):
def setUp(self):
super(TestTriggeredMails, self).setUp()
self.user = UserFactory()
self.user.date_last_login = timezone.now()
self.user.save()
@mock.patch('website.mails.queue_mail')
def test_dont_trigger_no_login_mail(self, mock_queue):
self.user.date_last_login = timezone.now() - timedelta(seconds=6)
self.user.save()
main(dry_run=False)
assert_false(mock_queue.called)
@mock.patch('website.mails.queue_mail')
def test_trigger_no_login_mail(self, mock_queue):
self.user.date_last_login = timezone.now() - timedelta(weeks=6)
self.user.save()
main(dry_run=False)
mock_queue.assert_called_with(
user=mock.ANY,
fullname=self.user.fullname,
to_addr=self.user.username,
mail={
'callback': mock.ANY,
'template': 'no_login',
'subject': mock.ANY
},
send_at=mock.ANY,
)
@mock.patch('website.mails.send_mail')
def test_find_inactive_users_with_no_inactivity_email_sent_or_queued(
self, mock_mail):
user_active = UserFactory(fullname='Spot')
user_inactive = UserFactory(fullname='Nucha')
user_already_received_mail = UserFactory(fullname='Pep')
user_active.date_last_login = timezone.now() - timedelta(seconds=6)
user_inactive.date_last_login = timezone.now() - timedelta(weeks=6)
user_already_received_mail.date_last_login = timezone.now(
) - timedelta(weeks=6)
user_active.save()
user_inactive.save()
user_already_received_mail.save()
mails.queue_mail(to_addr=user_already_received_mail.username,
send_at=timezone.now(),
user=user_already_received_mail,
mail=mails.NO_LOGIN)
users = find_inactive_users_with_no_inactivity_email_sent_or_queued()
assert_equal(len(users), 1)
def setUp(self):
super(TestDraftFormView, self).setUp()
self.user = AuthUserFactory()
self.dr1 = DraftRegistrationFactory(
initiator=self.user,
registration_schema=utils.draft_reg_util(),
registration_metadata=utils.SCHEMA_DATA)
self.dr1.submit_for_review(self.user, {}, save=True)
self.dr1.flags # sets flags if there aren't any yet.
self.request = RequestFactory().get('/fake_path')
self.view = DraftFormView()
self.view = setup_view(self.view, self.request, draft_pk=self.dr1._id)
self.post = RequestFactory().post('/fake_path')
self.post.user = UserFactory()
self.post_view = DraftFormView()
self.form_data = {
'notes': 'Far between',
'proof_of_publication': 'approved',
}
def test_must_set_self(self):
user = UserFactory()
assert_equal(self.file.checkout, None)
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': user._id
}
}
},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
assert_equal(res.status_code, 400)
assert_equal(self.file.checkout, None)
def test_must_set_self(self, app, user, file, file_url):
user_unauthorized = UserFactory()
assert file.checkout is None
res = app.put_json_api(
file_url,
{
'data': {
'id': file._id,
'type': 'files',
'attributes': {
'checkout': user_unauthorized._id
}
}
},
auth=user.auth,
expect_errors=True,
)
file.reload()
assert res.status_code == 400
assert file.checkout is None
def test_one_approval_with_two_admins_stays_pending(self):
self.admin2 = UserFactory()
Contributor.objects.create(node=self.registration, user=self.admin2)
self.registration.add_permission(self.admin2, 'admin', save=True)
self.registration.retract_registration(self.user)
self.registration.save()
self.registration.reload()
approval_token = self.registration.retraction.approval_state[
self.user._id]['approval_token']
assert_equal(self.registration.retraction.state, Retraction.UNAPPROVED)
self.registration.retraction.approve_retraction(
self.user, approval_token)
assert_true(self.registration.is_pending_retraction)
num_of_approvals = sum([
val['has_approved']
for val in self.registration.retraction.approval_state.values()
])
assert_equal(num_of_approvals, 1)
def test_non_admin_approval_token_raises_PermissionsError(self):
non_admin = UserFactory()
self.registration.retract_registration(self.user)
self.registration.save()
assert_true(self.registration.is_pending_retraction)
approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token']
with assert_raises(PermissionsError):
self.registration.retraction.approve_retraction(non_admin, approval_token)
assert_true(self.registration.is_pending_retraction)
assert_false(self.registration.is_retracted)
# group admin on node cannot retract registration
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
self.registration.registered_from.add_osf_group(group, permissions.ADMIN)
with assert_raises(PermissionsError):
self.registration.retraction.approve_retraction(group_mem, approval_token)
assert_true(self.registration.is_pending_retraction)
assert_false(self.registration.is_retracted)
def setUp(self):
self.flagged_user = UserFactory()
self.flagged_user.spam_status = SpamStatus.FLAGGED
self.flagged_user.save()
self.spam_user = UserFactory()
self.spam_user.spam_status = SpamStatus.SPAM
self.spam_user.save()
self.ham_user = UserFactory()
self.ham_user.spam_status = SpamStatus.HAM
self.ham_user.save()
self.request = RequestFactory().post('/fake_path')
def test_password_change_sends_email(self, mock_mail):
user = UserFactory()
user.set_password('killerqueen')
user.save()
assert_equal(len(mock_mail.call_args_list), 1)
empty, kwargs = mock_mail.call_args
kwargs['user'].reload()
assert_equal(empty, ())
assert_equal(kwargs, {
'user': user,
'mimetype': 'plain',
'mail': mails.PASSWORD_RESET,
'to_addr': user.username,
})
def test_sparse_registration_serializer(self, user):
user = UserFactory()
versioned_request = make_drf_request_with_version(version='2.2')
registration = RegistrationFactory(creator=user)
result = SparseRegistrationSerializer(registration,
context={
'request': versioned_request
}).data
data = result['data']
assert data['id'] == registration._id
assert data['type'] == 'sparse-registrations'
# Attributes
attributes = data['attributes']
assert attributes['withdrawn'] == registration.is_retracted
assert attributes['title'] == registration.title
assert attributes['description'] == registration.description
assert attributes['public'] == registration.is_public
assert set(attributes['tags']) == set(
registration.tags.values_list('name', flat=True))
assert 'current_user_can_comment' not in attributes
assert 'license' not in attributes
assert attributes['category'] == registration.category
assert attributes['fork'] == registration.is_fork
# Relationships
relationships = data['relationships']
assert 'registered_by' not in relationships
assert 'registered_from' not in relationships
assert 'region' not in relationships
assert 'children' in relationships
assert 'detail' in relationships
assert 'contributors' in relationships
assert 'files' not in relationships
assert 'affiliated_institutions' not in relationships
assert 'registrations' not in relationships
assert 'forked_from' not in relationships
assert 'sparse' not in relationships['detail']['links']['related'][
'href']
assert 'sparse' in relationships['children']['links']['related'][
'href']
def setUp(self):
super(TestRubeus, self).setUp()
self.project = ProjectFactory.create()
self.consolidated_auth = Auth(user=self.project.creator)
self.non_authenticator = UserFactory()
self.project.save()
self.project.add_contributor(
contributor=self.non_authenticator,
auth=self.consolidated_auth,
)
self.project.add_addon('s3', self.consolidated_auth)
self.project.creator.add_addon('s3', self.consolidated_auth)
self.node_settings = self.project.get_addon('s3')
self.user_settings = self.project.creator.get_addon('s3')
self.user_settings.access_key = 'We-Will-Rock-You'
self.user_settings.secret_key = 'Idontknowanyqueensongs'
self.node_settings.bucket = 'Sheer-Heart-Attack'
self.node_settings.user_settings = self.user_settings
self.node_settings.save()
def test_two_approvals_with_two_admins_retracts(self):
self.admin2 = UserFactory()
Contributor.objects.create(node=self.registration, user=self.admin2)
self.registration.add_permission(self.admin2, permissions.ADMIN, save=True)
self.registration.retract_registration(self.user)
self.registration.save()
self.registration.reload()
# First admin approves
approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token']
self.registration.retraction.approve_retraction(self.user, approval_token)
assert_true(self.registration.is_pending_retraction)
num_of_approvals = sum([val['has_approved'] for val in self.registration.retraction.approval_state.values()])
assert_equal(num_of_approvals, 1)
# Second admin approves
approval_token = self.registration.retraction.approval_state[self.admin2._id]['approval_token']
self.registration.retraction.approve_retraction(self.admin2, approval_token)
num_of_approvals = sum([val['has_approved'] for val in self.registration.retraction.approval_state.values()])
assert_equal(num_of_approvals, 2)
assert_true(self.registration.is_retracted)
def test_admin_can_checkin(self, app, user, node, file, file_url):
user_unauthorized = UserFactory()
node.add_contributor(user_unauthorized)
file.checkout = user_unauthorized
file.save()
res = app.put_json_api(
file_url, {
'data': {
'id': file._id,
'type': 'files',
'attributes': {
'checkout': None
}
}
}, auth=user.auth, expect_errors=True, )
file.reload()
node.reload()
assert res.status_code == 200
assert file.checkout is None
assert node.logs.latest().action == NodeLog.CHECKED_IN
assert node.logs.latest().user == user
class TestCore(unittest.TestCase):
def setUp(self):
super(TestCore, self).setUp()
self.user = UserFactory()
self.user.add_addon('box')
self.user.save()
self.settings = self.user.get_addon('box')
self.settings.save()
def test_get_addon_returns_box_user_settings(self):
result = self.user.get_addon('box')
assert_true(isinstance(result, UserSettings))
def setUp(self):
super(TestMustBeContributorOrPublicButNotAnonymizedDecorator,
self).setUp()
self.contrib = AuthUserFactory()
self.non_contrib = AuthUserFactory()
admin = UserFactory()
self.public_project = ProjectFactory(is_public=True)
self.public_project.add_contributor(
admin,
auth=Auth(self.public_project.creator),
permissions=['read', 'write', 'admin'])
self.private_project = ProjectFactory(is_public=False)
self.private_project.add_contributor(
admin,
auth=Auth(self.private_project.creator),
permissions=['read', 'write', 'admin'])
self.public_project.add_contributor(self.contrib,
auth=Auth(
self.public_project.creator))
self.private_project.add_contributor(self.contrib,
auth=Auth(
self.private_project.creator))
self.public_project.save()
self.private_project.save()
self.anonymized_link_to_public_project = PrivateLinkFactory(
anonymous=True)
self.anonymized_link_to_private_project = PrivateLinkFactory(
anonymous=True)
self.anonymized_link_to_public_project.nodes.add(self.public_project)
self.anonymized_link_to_public_project.save()
self.anonymized_link_to_private_project.nodes.add(self.private_project)
self.anonymized_link_to_private_project.save()
self.flaskapp = Flask('Testing decorator')
@self.flaskapp.route('/project/<pid>/')
@must_be_contributor_or_public_but_not_anonymized
def project_get(**kwargs):
return 'success', 200
self.app = WebtestApp(self.flaskapp)
def test_user_denies_access(self):
# Create a 401 error
_prepare_mock_401_error()
user = UserFactory()
# Fake a request context for the callback
with self.app.app.test_request_context(
path="/oauth/callback/mock2/",
query_string="error=mock_error&code=mock_code&state=mock_state"
):
# make sure the user is logged in
authenticate(user=user, access_token=None, response=None)
session.data['oauth_states'] = {
self.provider.short_name: {
'state': 'mock_state',
},
}
session.save()
assert_false(self.provider.auth_callback(user=user))
def test_change_embargo_date(self):
assert_false(self.registration.embargo)
assert_true(self.registration.is_public)
# Note: Date comparisons accept a difference up to a day because embargoes start at midnight
# Create an embargo from a registration with none
change_embargo_date(self.registration, self.user, self.date_valid)
assert_almost_equal(self.registration.embargo.end_date,
self.date_valid,
delta=datetime.timedelta(days=1))
# Make sure once embargo is set, registration is made private
self.registration.reload()
assert_false(self.registration.is_public)
# Update an embargo end date
change_embargo_date(self.registration, self.user, self.date_valid2)
assert_almost_equal(self.registration.embargo.end_date,
self.date_valid2,
delta=datetime.timedelta(days=1))
# Test invalid dates
with assert_raises(ValidationError):
change_embargo_date(self.registration, self.user,
self.date_too_late)
with assert_raises(ValidationError):
change_embargo_date(self.registration, self.user,
self.date_too_soon)
# Test that checks user has permission
with assert_raises(PermissionDenied):
change_embargo_date(self.registration, UserFactory(),
self.date_valid)
assert_almost_equal(self.registration.embargo.end_date,
self.date_valid2,
delta=datetime.timedelta(days=1))
def test_update_wiki_updates_comments_and_user_comments_viewed_timestamp(self):
project = ProjectFactory(creator=self.user, is_public=True)
wiki_page = WikiFactory(node=project, page_name='test')
wiki = WikiVersionFactory(wiki_page=wiki_page)
comment = CommentFactory(node=project, target=Guid.load(wiki_page._id), user=UserFactory())
# user views comments -- sets user.comments_viewed_timestamp
url = project.api_url_for('update_comments_timestamp')
res = self.app.put_json(url, {
'page': 'wiki',
'rootId': wiki_page._id
}, auth=self.user.auth)
assert res.status_code == 200
self.user.reload()
assert wiki_page._id in self.user.comments_viewed_timestamp
# user updates the wiki
project.update_node_wiki('test', 'Updating wiki', self.auth)
comment.reload()
self.user.reload()
assert wiki_page._id in self.user.comments_viewed_timestamp
assert comment.target.referent._id == wiki_page._id
def test_one_approval_with_two_admins_stays_pending(self):
admin2 = UserFactory()
Contributor.objects.create(node=self.registration, user=admin2)
self.registration.add_permission(admin2, 'admin', save=True)
self.registration.require_approval(
self.user
)
self.registration.save()
# First admin approves
approval_token = self.registration.registration_approval.approval_state[self.user._id]['approval_token']
self.registration.registration_approval.approve(self.user, approval_token)
assert_true(self.registration.is_pending_registration)
num_of_approvals = sum([val['has_approved'] for val in self.registration.registration_approval.approval_state.values()])
assert_equal(num_of_approvals, 1)
# Second admin approves
approval_token = self.registration.registration_approval.approval_state[admin2._id]['approval_token']
self.registration.registration_approval.approve(admin2, approval_token)
assert_false(self.registration.is_pending_registration)
num_of_approvals = sum([val['has_approved'] for val in self.registration.registration_approval.approval_state.values()])
assert_equal(num_of_approvals, 2)
def test_cannot_checkout_when_checked_out(
self, app, user, node, file, file_url):
user_unauthorized = UserFactory()
node.add_contributor(user_unauthorized)
file.checkout = user_unauthorized
file.save()
count = node.logs.count()
res = app.put_json_api(
file_url, {
'data': {
'id': file._id,
'type': 'files',
'attributes': {
'checkout': user._id
}
}
}, auth=user.auth, expect_errors=True, )
file.reload()
node.reload()
assert res.status_code == 200
assert file.checkout == user_unauthorized
assert node.logs.count() == count
def test_password_change_sends_email(self, mock_mail):
user = UserFactory()
user.set_password('killerqueen')
user.save()
assert_equal(len(mock_mail.call_args_list), 1)
empty, kwargs = mock_mail.call_args
kwargs['user'].reload()
assert_equal(empty, ())
assert_equal(kwargs, {
'user': user,
'mimetype': 'html',
'mail': mails.PASSWORD_RESET,
'to_addr': user.username,
'can_change_preferences': False,
'osf_contact_email': settings.OSF_CONTACT_EMAIL,
})
def test_create_conference_node_with_same_name_as_existing_node(self, mock_upload, mock_send_mail):
conference = ConferenceFactory()
user = UserFactory()
title = 'Long Live Greg'
ProjectFactory(creator=user, title=title)
body = 'Greg is a good plant'
content = 'Long may they reign.'
recipient = '{0}{1}[email protected]'.format(
'test-' if settings.DEV_MODE else '',
conference.endpoint,
)
self.app.post(
api_url_for('meeting_hook'),
{
'X-Mailgun-Sscore': 0,
'timestamp': '123',
'token': 'secret',
'signature': hmac.new(
key=settings.MAILGUN_API_KEY.encode(),
msg='{}{}'.format('123', 'secret').encode(),
digestmod=hashlib.sha256,
).hexdigest(),
'attachment-count': '1',
'X-Mailgun-Sscore': 0,
'from': '{0} <{1}>'.format(user.fullname, user.username),
'recipient': recipient,
'subject': title,
'stripped-text': body,
},
upload_files=[
('attachment-1', 'attachment-1', content.encode()),
],
)
assert AbstractNode.objects.filter(title=title, creator=user).count() == 2
assert mock_upload.called
assert mock_send_mail.called
