def test_is_deactivated(self): user = User(password='******', role='administrator', state='deactivated', id='uid') result = user.is_admin() assert result is False
def test_current_user_role(self): user = User(password='******', id='uid') result = yield user.can_update(user, first_name='TestName', role='administrator') assert result == (False, {'role'})
def test_other_user_role(self): user_to_update = User(password='******', id='uid2') user_doing_update = User(password='******', id='uid') result = yield user_to_update.can_update(user_doing_update, first_name='TestName') assert result == (False, set([]))
def test_internal_fields_not_returned(user): u = User(**user) result = u.clean() assert '_id' not in result assert 'password' not in result assert 'verification_hash' not in result
def test_change_password(self): user = User(password=User.hash_password('password1')) assert user.verify_password('password1') with patch.object(User, '_save', return_value=make_future()): yield user.change_password('password1', 'password2') assert user.verify_password('password2') assert User._save.call_count == 1
def test_sys_admin(self): user_to_update = User(password='******', id='uid2') user_doing_update = User(password='******', role='administrator', id='uid') result = yield user_to_update.can_update(user_doing_update, first_name='TestName') assert result == (True, set([]))
def test_get_required_fields_with_defaults(self): test_user = User(password='******', id='uid') expected_org_defaults = { 'state': 'approved', 'role': 'user', 'type': 'user', 'organisations': {} } returned_defaults = test_user.get_required_fields_with_defaults() assert expected_org_defaults == returned_defaults
def test_can_approve_no_org(self, org_info, expected): u = deepcopy(USER) u['role'] = org_info user = User(**u) func = partial(self.user_org.can_approve, user) result = IOLoop.instance().run_sync(func) assert result == expected
def test_can_approve_admin_joins(self, org_info, expected): u = deepcopy(USER) u['organisations']['org0'] = org_info user = User(**u) func = partial(self.user_org.can_approve, user) result = IOLoop.instance().run_sync(func) assert result == expected
def test_can_approve(self, role, expected): u = deepcopy(USER) u['role'] = role user = User(**u) func = partial(self.organisation.can_approve, user) result = IOLoop.instance().run_sync(func) assert result == expected
def test_get_repository_no_parent(self): service = Service(id="serv1", type="service", name="service", organisation_id="org2", location="https://example.com") with patch.object(Repository, "get_parent", side_effect=couch.NotFound( HTTPError(404, 'Not Found'))): with patch.object( Service, "get", return_value=make_future(service)) as get_service: repo = Repository(**self.REPOSITORY) user = User(**self.USER) result = yield repo.with_relations(user) get_service.assert_called_with('serv1') assert result == { "organisation": { "id": "org1" }, "name": "repository", "created_by": "user1", "state": "approved", "service": { "id": "serv1", "name": "service", "organisation_id": "org2", "location": "https://example.com" }, "id": "repo1" }
def test_create_user(self, db_client): user = yield User.create(User(), 'password', email='*****@*****.**', first_name='test', last_name='user', has_agreed_to_terms=True) assert user.first_name == 'test' assert user.last_name == 'user' assert user.password != 'password' assert user.verify_password('password') assert user.state == State.approved assert user.verification_hash assert db_client().save_doc.call_count == 1
def test_can_approve_non_external_provided(self, role, expected): service = Service(id='serv0', service_type="external") u = deepcopy(USER) u['role'] = role user = User(**u) func = partial(service.can_approve, user, service_type='repository') result = IOLoop.instance().run_sync(func) assert result == expected
def test_can_approve_service_provided(self): with patch.object(Service, 'get', return_value=make_future( self.service)) as mock_response: user = User(**USER) func = partial(self.repo.can_approve, user, service_id='serv1') IOLoop.instance().run_sync(func) mock_response.assert_called_once_with('serv1')
def prepare(self): self.user = None if self.token: try: token = yield Token.get(self.token) self.user = yield User.get(token.user_id) except couch.NotFound: # silently ignore invalid tokens pass
def test_can_approve_no_service(self): with patch.object(Service, 'get', side_effect=couch.NotFound( HTTPError(404, 'Not Found'))): user = User(**USER) func = partial(self.repo.can_approve, user) result = IOLoop.instance().run_sync(func) assert result is False
def test_can_approve_external_provided(self, role, expected): service = Service(id='serv0', service_type="repository") u = deepcopy(USER) u['role'] = role user = User(**u) func = partial(service.can_approve, user, service_type='external') result = IOLoop.instance().run_sync(func) # External services should always be approvable assert result is True
def test_login(self, db_client): user, token = yield User.login(USERS[0]['email'], 'password0') assert user.id == USERS[0]['_id'] assert token saved_token = db_client().save_doc.call_args[0][0] assert saved_token['_id'] == token assert saved_token['user_id'] == user.id
def test_unverified_user(self, db_client): db_client().get_doc.return_value = make_future(UNVERIFIED_USER) with patch.object(User, 'check_unique', return_value=make_future()): user = yield User.verify(UNVERIFIED_USER['_id'], UNVERIFIED_USER['verification_hash']) assert user.id == UNVERIFIED_USER['_id'] assert user.state == State.approved assert 'verification_hash' not in user._resource db_client().save_doc.assert_called_once_with(user._resource)
def test_create_organisation(self): user = User() with patch.object(Organisation, '_save', return_value=make_future(None)): org = yield Organisation.create(user, name='testorg', created_by='testuser') assert org.name == 'testorg' assert org.created_by == 'testuser'
def test_can_approve_srv_admin_joins(self, org_info, expected): with patch.object(Service, 'get', return_value=make_future(self.service)): u = deepcopy(USER) u['organisations']['org1'] = org_info user = User(**u) func = partial(self.repo.can_approve, user) result = IOLoop.instance().run_sync(func) assert result is False
def test_can_approve_no_org(self, role, expected): with patch.object(Service, 'get', return_value=make_future(self.service)): u = deepcopy(USER) u['role'] = role user = User(**u) func = partial(self.repo.can_approve, user) result = IOLoop.instance().run_sync(func) assert result == expected
def test_create_org_with_reference_links_empty_links(self): reference_links = {'links': {}} user = User() with patch.object(Organisation, '_save', return_value=make_future(None)): org = yield Organisation.create(user, name='testorg', created_by='testuser', reference_links=reference_links) validate_schema(org) assert org.reference_links == {'links': {}}
def test_get_organisation_defaults(self): user = User(password='******', id='uid') with patch.object(Organisation, '_save', return_value=make_future(None)): org = yield Organisation.create(user, name='testorg', created_by='testuser') assert org.repositories == {} assert org.services == {} assert org.state.name == 'pending' assert org.type == 'organisation' assert org.star_rating == 0
def test_create_org_with_reference_links_with_extra_keys(self): user = User() reference_links = TEST_REFERENCE_LINKS['extra_keys'] with patch.object(Organisation, '_save', return_value=make_future(None)): with pytest.raises(MultipleInvalid) as exc: org = yield Organisation.create( user, name='testorg', created_by='testuser', reference_links=reference_links) validate_schema(org) assert exc.value.error_message == 'Key extra1 is not allowed'
def test_create_org_with_invalid_reference_url(self): user = User() reference_links = TEST_REFERENCE_LINKS['invalid_url'] with patch.object(Organisation, '_save', return_value=make_future(None)): with pytest.raises(MultipleInvalid) as exc: org = yield Organisation.create( user, name='testorg', created_by='testuser', reference_links=reference_links) validate_schema(org) assert exc.value.error_message == 'Missing URL scheme'
def test_create_org_with_redirect_id_type(self): reference_links = TEST_REFERENCE_LINKS['valid'] user = User() with patch.object(Organisation, '_save', return_value=make_future(None)): org = yield Organisation.create(user, name='testorg', created_by='testuser', reference_links=reference_links) validate_schema(org) assert org.reference_links['redirect_id_type'] == 'id1' assert org.reference_links['links']['id1'] == 'https://id1.com' assert org.reference_links['links']['id2'] == 'https://id2.com'
def test_create_organisation_as_admin(self): user = User(password='******', role='administrator', id='uid') with patch.object(Organisation, '_save', return_value=make_future(None)): with patch.object(Service, 'create', return_value=make_future(Service())): org = yield Organisation.create(user, name='testorg', created_by='testuser', id='testorgid') assert org.name == 'testorg' assert org.created_by == 'testuser' assert org.state.name == 'approved'
def test_create_admin_user(self, db_client): user = yield User.create_admin('*****@*****.**', 'password', first_name='test', last_name='user') assert user.first_name == 'test' assert user.last_name == 'user' assert user.verify_password('password') assert user.state == State.approved assert 'verification_hash' not in user._resource assert user.is_admin() assert db_client().save_doc.call_count == 1 assert db_client().save_doc.call_args[0][0] == user._resource
def test_create_org_with_non_existent_redirect_id_type(self): user = User() reference_links = TEST_REFERENCE_LINKS['missing_links'] with patch.object(Organisation, '_save', return_value=make_future(None)): with pytest.raises(MultipleInvalid) as exc: org = yield Organisation.create( user, name='testorg', created_by='testuser', reference_links=reference_links) validate_schema(org) msg = 'Redirect ID type must point to one of the links\' ID types' assert exc.value.error_message == msg
def post(self): """Create token""" # TODO: what if unverified user? data = self.get_json_body(required=['email', 'password']) try: user, token = yield User.login(data['email'], data['password']) except Unauthorized: raise HTTPError(401, 'Invalid email and/or password') self.finish({ 'status': 200, 'data': { 'token': token, 'user': user.clean() } })
from functools import partial import couch import pytest from mock import patch from tornado.ioloop import IOLoop from tornado.httpclient import HTTPError from perch import Organisation, Service, Repository, UserOrganisation, User from ..util import make_future USER = { '_id': 'user0', 'type': 'user', 'email': '*****@*****.**', 'password': User.hash_password('password0'), 'state': 'approved', 'role': 'user', 'has_agreed_to_terms': True, 'organisations': {} } sys_role = [ ('administrator', True), ('user', False) ] org_user_role = [ ({ 'state': 'pending', 'role': 'user'
def test_create_user_invalid_password(self, db_client): with pytest.raises(exceptions.ValidationError): yield User.create(User(), 'p')
from perch import Organisation, Repository, User from perch.model import State from accounts.models import email ADMINS = [ '*****@*****.**', '*****@*****.**', ] ADMIN = User(_id='admin1', name='admin user', email='*****@*****.**') USER = User( first_name='test first', last_name='test last', verification_hash='testhash', password=User.hash_password('password0'), has_agreed_to_terms=True, email='*****@*****.**', _id='test id' ) ORGANISATION = Organisation( _id='org1', name='test organisation' ) REPOSITORY = Repository( id='repo1', organisation_id=ORGANISATION.id, name='test repo' )
def test_is_not_admin(self): user = User(password='******', role='user', id='uid') result = user.is_admin() assert result is False
def test_sys_admin_role(self): user_to_update = User(password='******', id='uid2') user_doing_update = User(password='******', role='administrator', id='uid') result = yield user_to_update.can_update(user_doing_update, first_name='TestName', role='administrator') assert result == (True, set([]))
def test_unique_user_new_email(self): user = User(email='test@test') yield user.check_unique()
def test_login_unverified_user(self, db_client): """Check logging in an unverified user doesn't raise an exception""" # TODO: should we allow unverified users to login? yield User.login(UNVERIFIED_USER['email'], 'password1')
def test_verified_user(self, db_client): db_client().get_doc.return_value = make_future(USERS[0]) user = yield User.verify(USERS[0]['_id'], 'something') assert user.id == USERS[0]['_id'] assert not User.db_client().save_doc.called
def test_change_password_incorrect_password(self): user = User(password=User.hash_password('password1')) with pytest.raises(exceptions.Unauthorized): yield user.change_password('password2', 'password3')
def test_invalid_hash(self, db_client): db_client().get_doc.return_value = make_future(UNVERIFIED_USER) with pytest.raises(exceptions.ValidationError): yield User.verify(UNVERIFIED_USER['_id'], 'something') assert not User.db_client().save_doc.called
def test_unique(self): user = User(**USERS[0]) yield user.check_unique()
def test_unique_user_new(self): user = User(email=USERS[0]['email']) with pytest.raises(exceptions.ValidationError): yield user.check_unique()
def test_unverified(): u = User(**UNVERIFIED_USER) result = u.clean() assert result['verified'] is False
def test_login_incorrect_email(self, db_client): with pytest.raises(exceptions.Unauthorized): yield User.login('does not exist', 'password')
def test_verified(): u = User(**VERIFIED_USER) result = u.clean() assert result['verified'] is True
def test_login_incorrect_password(self, db_client): with pytest.raises(exceptions.Unauthorized): yield User.login(USERS[0]['email'], 'password1')
def test_is_admin(self): user = User(password='******', role='administrator', id='uid') result = user.is_admin() assert result is True
def test_current_user(self): user = User(password='******', id='uid') result = yield user.can_update(user, first_name='TestName') assert result == (True, set([]))