Ejemplo n.º 1
0
    def test_invite_new_user_to_association(self, user, send_invitation_mail):
        user.email = "*****@*****.**"
        session = Client().session()

        association = Association(name='prancing ponies')
        session.add(association)
        session.flush()
        session.add(UserAssociation(user_id=user.user_id,
                                    association_id=association.association_id))
        session.flush()

        response = self.app.post(
            '/association/{0}/invite_user'.format(association.association_id),
            data={'email': '*****@*****.**'})
        eq_(response.status_code, 200, response.data)
        body = json.loads(response.data)
        eq_(body, {'status': 'ok', 'action': 'invited'})

        invite = session.query(AssociationInvite).one()
        eq_(invite.email, '*****@*****.**')
        eq_(invite.association_id, association.association_id)

        send_invitation_mail.assert_called_once_with(
            '*****@*****.**',
            '*****@*****.**',
            'prancing ponies',
            'http://localhost/accept_invitation/{0}/'.format(invite.token))
Ejemplo n.º 2
0
def new_rad_by_name():
    if not g.user:
        return error_response('login required')
    try:
        parse(request.form['rad'])
    except ParseError as e:
        return error_response('parse error: {0}'.format(e.message))
    session = Client().session()
    lib_name = request.form['lib']
    association_id = request.form['association_id']
    try:
        find_association(association_id)
    except NoResultFound:
        return error_response('no such association')
    try:
        lib = session.query(Lib).\
            filter(Lib.name == lib_name).\
            filter(Lib.association_id == association_id).\
            one()
    except NoResultFound:
        return error_response("no such lib '{0}'".format(lib_name))
    rad = Rad(created_by=g.user.user_id,
              lib_id=lib.lib_id,
              rad=request.form['rad'])
    session.add(rad)
    radlibs.lib.decache_lib(lib.name, lib.association_id)
    return {
        'status': 'ok',
        'rad_id': rad.rad_id,
    }
Ejemplo n.º 3
0
def edit_rad(rad_id):
    if rad_id == 0:
        abort(404)
    if not g.user:
        return error_response('login required')
    try:
        parse(request.form['rad'])
    except ParseError as e:
        return error_response('parse error: {0}'.format(e.message))
    session = Client().session()
    try:
        (rad, lib) = session.query(Rad, Lib).\
            join(Lib).\
            join(Association).\
            join(UserAssociation).\
            filter(UserAssociation.user_id == g.user.user_id).\
            filter(Rad.rad_id == rad_id).\
            one()
    except NoResultFound:
        return error_response('no such rad')

    rad.rad = request.form['rad']
    session.add(rad)
    radlibs.lib.decache_lib(lib.name, lib.association_id)
    return {'status': 'ok'}
Ejemplo n.º 4
0
    def test_no_such_lib_raises_keyerror(self, g):
        session = Client().session()
        association = Association(name="prancing ponies")
        session.add(association)
        session.flush()
        g.association_id = association.association_id

        radlibs.lib.load_lib('Loot')
Ejemplo n.º 5
0
    def test_generate_token(self):
        session = Client().session()
        user = User()
        session.add(user)
        session.flush()

        token = EmailVerificationToken.generate(user)
        eq_(len(token.token), 32)
Ejemplo n.º 6
0
    def test_generate(self):
        session = Client().session()
        association = Association(name='crazy train')
        session.add(association)
        session.flush()

        invite = AssociationInvite.generate(association.association_id,
                                            '*****@*****.**')
Ejemplo n.º 7
0
 def test_breadcrumb_for_an_association(self):
     session = Client().session()
     association = Association(name="Harpy")
     session.add(association)
     session.flush()
     with app.app_context():
         crumb = breadcrumb_for(association)
     eq_(crumb, ('Harpy', 'http://localhost/association/{0}'.format(
         association.association_id)))
Ejemplo n.º 8
0
def register():
    db_session = Client().session()
    user = User(
        email=request.form['email'],
        identifier=session['partial_user']['identifier'])
    db_session.add(user)
    db_session.flush()
    token = EmailVerificationToken.generate(user)
    send_verification_mail(
        user, url_for('verify_email', token=token.token, _external=True))
    session['user'] = {'email': user.email, 'identifier': user.identifier}
    return redirect(request.form['redirect_uri'])
Ejemplo n.º 9
0
 def test_accept_invite_prompts_for_login(self):
     session = Client().session()
     association = Association(name="tower of power")
     session.add(association)
     session.flush()
     invite = AssociationInvite.generate(association.association_id,
                                         '*****@*****.**')
     session.flush()
     response = self.app.get('/accept_invitation/{0}/'.format(invite.token))
     eq_(response.status_code, 200)
     assert 'Please create an account' in response.data,\
         "Response didn't prompt for login"
Ejemplo n.º 10
0
 def test_test_radlib_requires_login(self):
     session = Client().session()
     association = Association(name="somebody's private stuff")
     session.add(association)
     session.flush()
     response = self.app.post(
         '/association/{0}/test_radlib'.format(association.association_id),
         data={'rad': 'I ate some <Food>'})
     eq_(response.status_code, 200)
     body = json.loads(response.data)
     eq_(body, {
         'status': 'error',
         'error': 'login required'})
Ejemplo n.º 11
0
    def test_bypass_login__existing_user(self):
        session = Client().session()
        user = User(identifier='http://www.facebook.com/itsme',
                    email='*****@*****.**')
        session.add(user)
        session.flush()

        response = self.app.post('/login_bypass', data={
            'email': '*****@*****.**',
            'identifier': 'http://www.facebook.com/itsme',
        })
        eq_(response.status_code, 302)
        eq_(response.headers['Location'], 'http://localhost/')
Ejemplo n.º 12
0
 def test_hmac_auth__invalid_datetime_format(self):
     session = Client().session()
     user = User(api_key='hurfdurf')
     session.add(user)
     session.flush()
     response = self.app.post(
         '/test_authorization', data={'user_id': user.user_id,
                                      'signature': 'johnhancock',
                                      'time': 'beer:30',
                                      'other_param': 'frabjous'})
     eq_(response.status_code, 200, response.data)
     body = json.loads(response.data)
     eq_(body, {'status': 'error', 'error': 'not logged in'})
Ejemplo n.º 13
0
 def test_hmac_auth__user_has_no_api_key(self):
     session = Client().session()
     user = User()
     session.add(user)
     session.flush()
     time = datetime.datetime.utcnow().strftime('%Y%m%dT%H:%M:%S')
     signature = "mloop droop"
     response = self.app.post(
         '/test_authorization', data={'user_id': user.user_id,
                                      'signature': signature,
                                      'time': time,
                                      'other_param': 'frabjous'})
     eq_(response.status_code, 200, response.data)
     body = json.loads(response.data)
     eq_(body, {'status': 'error', 'error': 'not logged in'})
Ejemplo n.º 14
0
 def test_accept_invite_while_unverified_verifies_email(self, user):
     user.email = '*****@*****.**'
     user.email_verified_at = None
     session = Client().session()
     association = Association(name="tower of power")
     session.add(association)
     session.flush()
     invite = AssociationInvite.generate(association.association_id,
                                         '*****@*****.**')
     session.flush()
     response = self.app.get('/accept_invitation/{0}/'.format(invite.token))
     eq_(response.status_code, 302, response.data)
     del(user)
     user = session.query(User).one()
     assert user.email_verified_at, "Email wasn't verified"
Ejemplo n.º 15
0
    def test_add_new_rad__requires_correct_user(self, user):
        session = Client().session()
        other_user = User()
        association_id = self.create_association(other_user)
        lib = Lib(name="Song", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/{0}/rad/new'.format(lib.lib_id),
                                 data={'rad': '<Song_which_never_ends>'})
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': 'no such lib'})
Ejemplo n.º 16
0
def token_url():
    token = request.form['token']
    api_params = {
        'token': token,
        'apiKey': os.environ['ENGAGE_API_KEY'],
        'format': 'json',
    }

    response = requests.get('https://rpxnow.com/api/v2/auth_info',
                            params=api_params)
    auth_info = json.loads(response.text)
    if 'profile' not in auth_info:
        return make_response('An error occurred interacting with your '
                             'identity provider. Since that does not '
                             'usually happen unless you are a radlibs '
                             'developer, here is the error in all its '
                             'terrible beauty: ' + response.text)
    identifier = auth_info['profile']['identifier']
    email = auth_info['profile'].get('email')
    redirect_uri = request.form.get('redirect_uri', '/')

    db_session = Client().session()
    try:
        user = db_session.query(User).\
            filter(User.identifier == identifier).\
            one()
    except NoResultFound:
        if email:
            existing_users = db_session.query(User).\
                filter(User.email == email).\
                all()
            if existing_users:
                provider = provider_for_identifier(
                    existing_users[0].identifier)
                return render_template(
                    'identifier_mismatch.html.jinja',
                    existing_provider=provider)
            user = User(email=email,
                        identifier=identifier,
                        email_verified_at=utcnow())
            db_session.add(user)
        else:
            session['partial_user'] = {'identifier': identifier}
            return redirect(url_for('show_registration',
                                    redirect_uri=redirect_uri))

    session['user'] = {'identifier': identifier, 'email': email}
    return redirect(redirect_uri)
Ejemplo n.º 17
0
    def test_add_new_rad__requires_user(self):
        session = Client().session()
        association = Association(name='Partytown')
        session.add(association)
        session.flush()
        lib = Lib(name="Animal", association_id=association.association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/{0}/rad/new'.format(lib.lib_id),
                                 data={'rad': 'what is happening'})
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': 'login required'})
Ejemplo n.º 18
0
    def test_add_user_to_association_requires_correct_login(self, user):
        session = Client().session()

        association = Association(name='prancing ponies')
        session.add(association)
        session.flush()

        response = self.app.post(
            '/association/{0}/invite_user'.format(association.association_id),
            data={'email': '*****@*****.**'})
        eq_(response.status_code, 200)

        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': 'no such association'})
Ejemplo n.º 19
0
def create_association():
    if not g.user:
        abort(401)
    name = request.form['name']
    session = Client().session()
    association = Association(name=name)
    session.add(association)
    session.flush()

    user_association = UserAssociation(
        user_id=g.user.user_id,
        association_id=association.association_id)
    session.add(user_association)

    return redirect(url_for('manage_association',
                            association_id=association.association_id))
Ejemplo n.º 20
0
    def test_test_radlib_with_unknown_lib(self, user):
        session = Client().session()
        association = Association(name="pdx python")
        session.add(association)
        session.flush()
        session.add(UserAssociation(user_id=user.user_id,
                                    association_id=association.association_id))

        response = self.app.post(
            '/association/{0}/test_radlib'.format(association.association_id),
            data={'rad': 'I ate some <Food>'})
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': "no such lib 'Food'"})
Ejemplo n.º 21
0
    def test_create_new_lib__lib_already_exists(self, user):
        session = Client().session()
        association_id = self.create_association(user)
        lib = Lib(name="Rant", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post(
            '/association/{0}/lib/new'.format(association_id),
            data={"name": "Rant"})

        eq_(response.status_code, 200, response.data)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': 'lib already exists'
            })
Ejemplo n.º 22
0
    def test_edit_rad(self, user):
        session = Client().session()
        association_id = self.create_association(user)
        lib = Lib(name="Band", association_id=association_id)
        session.add(lib)
        session.flush()
        rad = Rad(lib_id=lib.lib_id,
                  created_by=user.user_id,
                  rad='Huey Lewis and the Nws')
        session.add(rad)
        session.flush()

        response = self.app.post('/lib/rad/{0}/edit'.format(rad.rad_id),
                                 data={'rad': 'Huey Lewis and the News'})
        eq_(response.status_code, 200, response.data)
        body = json.loads(response.data)
        eq_(body, {'status': 'ok'})
Ejemplo n.º 23
0
    def test_new_rad_by_name__missing_params(self, user):
        session = Client().session()
        association_id = self.create_association(user)
        lib = Lib(name="Song", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/rad/new', data={
            'lib': 'Song',
            'rad': 'Stairway to <Location>',
        })
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': "missing param 'association_id'"
            })
Ejemplo n.º 24
0
    def test_add_new_rad_by_name__syntax_error(self, user):
        session = Client().session()
        association_id = self.create_association(user)
        lib = Lib(name="Song", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/rad/new', data={
            'association_id': association_id,
            'lib': 'Song',
            'rad': 'All you need is <Emotion',
        })
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {'status': 'error',
                   'error': "parse error: Unexpected token '<' at line 1 "
                            "character 17 of 'All you need is <Emotion'"})
Ejemplo n.º 25
0
    def test_invite__invalid_email_address(self, user):
        session = Client().session()

        watercooler = Association(name='watercooler')
        session.add(watercooler)
        session.flush()
        session.add(UserAssociation(user_id=user.user_id,
                                    association_id=watercooler.association_id))
        session.flush()

        response = self.app.post(
            '/association/{0}/invite_user'.format(watercooler.association_id),
            data={'email': 'not a valid email'})
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {'status': 'error',
                   'error': "invalid email address 'not a valid email'"})
Ejemplo n.º 26
0
def verify_email(token):
    db_session = Client().session()
    try:
        verification_token = db_session.query(EmailVerificationToken).\
            filter(EmailVerificationToken.token == token).\
            one()

        user = db_session.query(User).\
            filter(User.user_id == verification_token.user_id).\
            one()
    except NoResultFound:
        abort(404)
    user.email_verified_at = utcnow()
    db_session.add(user)
    db_session.delete(verification_token)

    return render_template('verification_complete.html.jinja')
Ejemplo n.º 27
0
    def test_verify_email(self):
        session = Client().session()
        user = User()
        session.add(user)
        session.flush()
        token = EmailVerificationToken.generate(user)

        response = self.app.get('/verify_email/{0}'.format(token.token))
        eq_(response.status_code, 200, response.data)
        assert 'Thanks!' in response.data, 'response was rude'

        del(user)
        user = session.query(User).one()
        assert user.email_verified_at, "email wasn't verified!"

        tokens = session.query(EmailVerificationToken).all()
        eq_(tokens, [])
Ejemplo n.º 28
0
    def test_test_radlib_with_syntactically_invalid_rad(self, user):
        session = Client().session()
        association = Association(name="pdx python")
        session.add(association)
        session.flush()
        session.add(UserAssociation(user_id=user.user_id,
                                    association_id=association.association_id))

        response = self.app.post(
            '/association/{0}/test_radlib'.format(association.association_id),
            data={'rad': 'I ate some Food>'})
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': "Unexpected token '>' at line 1 character 16 of "
            "'I ate some Food>'"})
Ejemplo n.º 29
0
def bypass_login():
    if not app.config['DEBUG']:
        abort(404)
    db_session = Client().session()
    email = request.form['email']
    identifier = request.form['identifier']
    try:
        user = db_session.query(User).\
            filter(User.identifier == identifier).\
            one()
    except NoResultFound:
        user = User()
    user.email = email
    user.identifier = identifier
    db_session.add(user)
    session['user'] = {'identifier': identifier, 'email': email}
    return redirect('/')
Ejemplo n.º 30
0
    def test_invite__user_is_already_in_the_association(self, user):
        session = Client().session()

        watercooler = Association(name='watercooler')
        session.add(watercooler)
        session.flush()
        session.add(UserAssociation(user_id=user.user_id,
                                    association_id=watercooler.association_id))
        session.flush()

        response = self.app.post(
            '/association/{0}/invite_user'.format(watercooler.association_id),
            data={'email': user.email})
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {'status': 'error',
                   'error': 'already in association'})