def test_set_user_by_instance(session_scope_function):
add_user(session_scope_function, name='test_user', password='******',
lastname='lastname', firstname='firstname',
email='*****@*****.**', access_level='asked')
add_user(session_scope_function, name='test_user_2',
password='******', lastname='lastname',
firstname='firstname', email='*****@*****.**',
access_level='asked')
user = get_user_by_name(session_scope_function, 'test_user')
set_user_by_instance(session_scope_function, user, lastname='a',
firstname='b', email='c', linkedin_url='d',
twitter_url='e', facebook_url='f', google_url='g',
github_url='h', website_url='i', bio='j',
is_want_news=False)
user = get_user_by_name(session_scope_function, 'test_user')
assert user.lastname == 'a'
assert user.firstname == 'b'
assert user.email == 'c'
assert user.linkedin_url == 'd'
assert user.twitter_url == 'e'
assert user.facebook_url == 'f'
assert user.google_url == 'g'
assert user.github_url == 'h'
assert user.website_url == 'i'
assert user.bio == 'j'
assert user.is_want_news is False
def test_user_event_status(client_session):
client, session = client_session
add_user(session,
'new_user',
'new_user',
'new_user',
'new_user',
'new_user',
access_level='user')
add_event(session,
'iris',
'iris_new_event',
'new_event',
'starting_kit',
'/tmp/databoard_test/submissions',
is_public=True)
# user signed up, not approved for the event
ask_sign_up_team(session, 'iris_new_event', 'new_user')
with login_scope(client, 'new_user', 'new_user') as client:
rv = client.get('/problems')
assert rv.status_code == 200
assert b'user-waiting' in rv.data
assert b'user-signed' not in rv.data
# user signed up and approved for the event
sign_up_team(session, 'iris_new_event', 'new_user')
with login_scope(client, 'new_user', 'new_user') as client:
rv = client.get('/problems')
assert rv.status_code == 200
assert b'user-signed' in rv.data
assert b'user-waiting' not in rv.data
def test_add_user(session_scope_function):
name = 'test_user'
password = '******'
lastname = 'Test'
firstname = 'User'
email = '*****@*****.**'
access_level = 'asked'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.name == name
assert check_password(password, user.hashed_password)
assert user.lastname == lastname
assert user.firstname == firstname
assert user.email == email
assert user.access_level == access_level
# check that a team was automatically added with the new user
team = get_team_by_name(session_scope_function, name)
assert team.name == name
assert team.admin_id == user.id
def test_approve_single_user(client_session):
client, session = client_session
add_user(session, 'aa', 'aa', 'aa', 'aa', 'aa', access_level='asked')
with login_scope(client, 'test_iris_admin', 'test') as client:
rv = client.get('/sign_up/aa')
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert re.match("User(.*aa.*) is signed up",
flash_message['Successful sign-up'])
# ensure that the previous change have been committed within our
# session
session.commit()
user = get_user_by_name(session, 'aa')
assert user.access_level == 'user'
rv = client.get("/sign_up/unknown_user")
session.commit()
assert rv.status_code == 302
assert rv.location == "http://localhost/problems"
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert flash_message['message'] == 'No user unknown_user'
def test_approve_sign_up_for_event(client_session):
client, session = client_session
with login_scope(client, 'test_iris_admin', 'test') as client:
# check the redirection if the user or the event does not exist
rv = client.get("/events/xxx/sign_up/test_user")
session.commit()
assert rv.status_code == 302
assert rv.location == "http://localhost/problems"
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert flash_message['message'] == 'No event xxx or no user test_user'
rv = client.get("/events/iris_test/sign_up/xxxx")
session.commit()
assert rv.status_code == 302
assert rv.location == "http://localhost/problems"
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert flash_message['message'] == 'No event iris_test or no user xxxx'
add_user(session, 'zz', 'zz', 'zz', 'zz', 'zz', access_level='user')
_, _, event_team = ask_sign_up_team(session, 'iris_test', 'zz')
assert not event_team.approved
rv = client.get('/events/iris_test/sign_up/zz')
assert rv.status_code == 302
assert rv.location == "http://localhost/problems"
session.commit()
event_team = get_event_team_by_name(session, 'iris_test', 'zz')
assert event_team.approved
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert "is signed up for Event" in flash_message['Successful sign-up']
def test_user_event(client_session):
client, session = client_session
# behavior when a user is not approved yet
add_user(session, 'xx', 'xx', 'xx', 'xx', 'xx', access_level='asked')
with login_scope(client, 'xx', 'xx') as client:
rv = client.get('/events/iris_test')
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert (flash_message['message'] ==
"Your account has not been approved yet by the administrator")
# trigger that the event does not exist
with login_scope(client, 'test_user', 'test') as client:
rv = client.get('/events/xxx')
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert "no event named" in flash_message['message']
# GET
with login_scope(client, 'test_user', 'test') as client:
rv = client.get('events/iris_test')
assert rv.status_code == 200
assert b'Iris classification' in rv.data
assert b'Rules' in rv.data
def test_check_user_interactions(session_scope_function, output_format,
expected_format):
add_user(session_scope_function,
name='test_user',
password='******',
lastname='lastname',
firstname='firstname',
email='*****@*****.**',
access_level='asked')
params = {'interaction': 'landing'}
add_user_interaction(session_scope_function, **params)
params = {
'interaction': 'landing',
'user': get_user_by_name(session_scope_function, 'test_user')
}
add_user_interaction(session_scope_function, **params)
user_interaction = get_user_interactions_by_name(
session_scope_function, output_format=output_format)
if isinstance(user_interaction, pd.DataFrame):
assert user_interaction.shape[0] == 2
assert isinstance(user_interaction, expected_format)
user_interaction = get_user_interactions_by_name(
session_scope_function, name='test_user', output_format=output_format)
if isinstance(user_interaction, pd.DataFrame):
assert user_interaction.shape[0] == 1
def test_get_user_by_name(session_scope_function, name, query_type):
add_user(session_scope_function, name='test_user', password='******',
lastname='lastname', firstname='firstname',
email='*****@*****.**', access_level='asked')
add_user(session_scope_function, name='test_user_2',
password='******', lastname='lastname',
firstname='firstname', email='*****@*****.**',
access_level='asked')
user = get_user_by_name(session_scope_function, name)
assert isinstance(user, query_type)
def test_approve_user(session_scope_function):
add_user(session_scope_function, name='test_user', password='******',
lastname='Test', firstname='User', email='*****@*****.**',
access_level='asked')
user = get_user_by_name(session_scope_function, 'test_user')
assert user.access_level == 'asked'
assert user.is_authenticated is False
approve_user(session_scope_function, 'test_user')
user = get_user_by_name(session_scope_function, 'test_user')
assert user.access_level == 'user'
assert user.is_authenticated is True
def sign_up():
"""Sign-up request."""
if flask_login.current_user.is_authenticated:
session['logged_in'] = True
return redirect(url_for('ramp.problems'))
form = UserCreateProfileForm()
if form.validate_on_submit():
user = add_user(session=db.session,
name=form.user_name.data,
password=form.password.data,
lastname=form.lastname.data,
firstname=form.firstname.data,
email=form.email.data,
linkedin_url=form.linkedin_url.data,
twitter_url=form.twitter_url.data,
facebook_url=form.facebook_url.data,
google_url=form.google_url.data,
github_url=form.github_url.data,
website_url=form.website_url.data,
bio=form.bio.data,
is_want_news=form.is_want_news.data,
access_level='asked')
admin_users = User.query.filter_by(access_level='admin')
for admin in admin_users:
subject = 'Approve registration of {}'.format(
encode_string(user.name))
body = body_formatter_user(user)
url_approve = ('http://www.ramp.studio/sign_up/{}'.format(
encode_string(user.name)))
body += 'Click on the link to approve the registration '
body += 'of this user: {}'.format(url_approve)
send_mail(admin.email, subject, body)
return redirect(url_for('auth.login'))
return render_template('sign_up.html', form=form)
def test_delete_user(session_scope_function):
username = '******'
add_user(session_scope_function,
name=username,
password='******',
lastname='lastname',
firstname='firstname',
email='*****@*****.**',
access_level='asked')
user = (session_scope_function.query(User).filter(
User.name == username).all())
assert len(user) == 1
delete_user(session_scope_function, username)
user = (session_scope_function.query(User).filter(
User.name == username).one_or_none())
assert user is None
def test_sign_up_for_event(client_session):
client, session = client_session
# trigger that the event does not exist
with login_scope(client, 'test_user', 'test') as client:
rv = client.get('/events/xxx/sign_up')
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert "no event named" in flash_message['message']
# GET: sign-up to a new controlled event
add_user(session, 'yy', 'yy', 'yy', 'yy', 'yy', access_level='user')
with login_scope(client, 'yy', 'yy') as client:
rv = client.get('/events/iris_test/sign_up')
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert "Sign-up request is sent" in flash_message['Request sent']
# make sure that the database has been updated for our session
session.commit()
event_team = get_event_team_by_name(session, 'iris_test', 'yy')
assert not event_team.approved
# check that we are informing the user that he has to wait for approval
rv = client.get('/events/iris_test')
assert rv.status_code == 200
assert b'Waiting approval...' in rv.data
# GET: sign-up to a new uncontrolled event
event = get_event(session, 'boston_housing_test')
event.is_controled_signup = False
session.commit()
with login_scope(client, 'yy', 'yy') as client:
rv = client.get('/events/boston_housing_test/sign_up')
assert rv.status_code == 302
assert (rv.location ==
'http://localhost/events/boston_housing_test/sandbox')
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert "is signed up for" in flash_message['Successful sign-up']
# make sure that the database has been updated for our session
session.commit()
event_team = get_event_team_by_name(session, 'boston_housing_test',
'yy')
assert event_team.approved
def test_add_user(session_scope_function):
name = 'test_user'
password = '******'
lastname = 'Test'
firstname = 'User'
email = '*****@*****.**'
access_level = 'asked'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.name == name
assert check_password(password, user.hashed_password)
assert user.lastname == lastname
assert user.firstname == firstname
assert user.email == email
assert user.access_level == access_level
# check that a team was automatically added with the new user
team = get_team_by_name(session_scope_function, name)
assert team.name == name
assert team.admin_id == user.id
# check that we get an error if we try to add the same user
with pytest.raises(NameClashError, match='email is already in use'):
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
# check that the checking is case insensitive
with pytest.raises(NameClashError, match='email is already in use'):
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email.capitalize(),
access_level=access_level)
# add a user email with some capital letters and check that only lower case
# are stored in the database
name = 'new_user_name'
email = '*****@*****.**'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.email == '*****@*****.**'
def test_approve_users_remove(client_session):
client, session = client_session
# create 2 new users
add_user(session, 'xx', 'xx', 'xx', 'xx', 'xx', access_level='user')
add_user(session, 'yy', 'yy', 'yy', 'yy', 'yy', access_level='asked')
# ask for sign up for an event for the first user
_, _, event_team = ask_sign_up_team(session, 'iris_test', 'xx')
with login_scope(client, 'test_iris_admin', 'test') as client:
# GET check that we get all new user to be approved
rv = client.get('/approve_users')
assert rv.status_code == 200
# line for user approval
assert b'yy: yy yy - yy' in rv.data
# line for the event approval
assert b'iris_test - xx'
# POST check that we are able to approve a user and event
data = ImmutableMultiDict([('submit_button', 'Remove!'),
('approve_users', 'yy'),
('approve_event_teams', str(event_team.id))
])
rv = client.post('/approve_users', data=data)
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
# ensure that the previous change have been committed within our
# session
session.commit()
user = get_user_by_name(session, 'yy')
assert user is None
event_team = get_event_team_by_name(session, 'iris_test', 'xx')
assert event_team is None
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
print(flash_message)
assert re.match(
r"Removed users:\nyy\nRemoved event_team:\n"
r"Event\(iris_test\)/Team\(.*xx.*\)\n",
flash_message['Removed users'])
def test_sign_up_for_event_mail(client_session):
client, session = client_session
# GET: sign-up to a new controlled event
with client.application.app_context():
with mail.record_messages() as outbox:
add_user(session,
'zz',
'zz',
'zz',
'zz',
'zz@gmail',
access_level='user')
with login_scope(client, 'zz', 'zz') as client:
rv = client.get('/events/iris_test/sign_up')
assert rv.status_code == 302
session.commit()
# check that the email has been sent
assert len(outbox) == 1
assert ('Click on this link to approve the sign-up request'
in outbox[0].body)
def test_set_user_access_level(session_scope_function, access_level):
username = '******'
user = add_user(session_scope_function,
name=username,
password='******',
lastname='lastname',
firstname='firstname',
email='*****@*****.**',
access_level='asked')
assert user.access_level == 'asked'
assert user.is_authenticated is False
set_user_access_level(session_scope_function, username, access_level)
user = get_user_by_name(session_scope_function, username)
assert user.access_level == access_level
assert user.is_authenticated is True
def sign_up():
"""Sign-up request."""
if flask_login.current_user.is_authenticated:
session['logged_in'] = True
return redirect(url_for('ramp.problems'))
form = UserCreateProfileForm()
if form.validate_on_submit():
try:
user = add_user(session=db.session,
name=form.user_name.data,
password=form.password.data,
lastname=form.lastname.data,
firstname=form.firstname.data,
email=form.email.data,
linkedin_url=form.linkedin_url.data,
twitter_url=form.twitter_url.data,
facebook_url=form.facebook_url.data,
google_url=form.google_url.data,
github_url=form.github_url.data,
website_url=form.website_url.data,
bio=form.bio.data,
is_want_news=form.is_want_news.data,
access_level='not_confirmed')
except NameClashError as e:
flash(str(e))
logger.info(str(e))
return render_template('index.html')
# send an email to the participant such that he can confirm his email
token = ts.dumps(user.email)
recover_url = url_for('auth.user_confirm_email',
token=token,
_external=True)
subject = "Confirm your email for signing-up to RAMP"
body = ('Hi {}, \n\n click on the following link to confirm your email'
'address and finalize your sign-up to RAMP.\n\n Note that'
'your account still needs to be approved by a RAMP '
'administrator.\n\n'.format(user.firstname))
body += recover_url
body += '\n\nSee you on the RAMP website!'
send_mail(user.email, subject, body)
logger.info('{} has signed-up to RAMP'.format(user.name))
flash("We sent a confirmation email. Go read your email and click on "
"the confirmation link")
return render_template('index.html')
return render_template('sign_up.html', form=form)
def test_is_accessible_code(session_toy_db):
event_name = 'iris_test'
# simulate a user which is not authenticated
user = get_user_by_name(session_toy_db, 'test_user_2')
user.is_authenticated = False
assert not is_accessible_code(session_toy_db, event_name, user.name)
# simulate a user which authenticated and author of the submission to a
# public event
user.is_authenticated = True
assert is_accessible_code(session_toy_db, event_name, user.name)
# simulate an admin user
user = get_user_by_name(session_toy_db, 'test_iris_admin')
user.is_authenticated = True
assert is_accessible_code(session_toy_db, event_name, 'test_iris_admin')
# simulate a user which is not signed up to the event
user = add_user(session_toy_db, 'xx', 'xx', 'xx', 'xx', 'xx', 'user')
user.is_authenticated = True
assert not is_accessible_code(session_toy_db, event_name, user.name)
def test_is_accessible_code(session_toy_db):
# create a third user
add_user(
session_toy_db, name='test_user_3', password='******',
lastname='Test_3', firstname='User_3',
email='*****@*****.**', access_level='user')
approve_user(session_toy_db, 'test_user_3')
event_name = 'iris_test'
sign_up_team(session_toy_db, event_name, 'test_user_3')
# simulate a user which is not authenticated
user = get_user_by_name(session_toy_db, 'test_user_2')
user.is_authenticated = False
assert not is_accessible_code(session_toy_db, event_name, user.name)
# simulate a user which authenticated and author of the submission to a
# public event
user.is_authenticated = True
assert is_accessible_code(session_toy_db, event_name, user.name)
# simulate an admin user
user = get_user_by_name(session_toy_db, 'test_iris_admin')
user.is_authenticated = True
assert is_accessible_code(session_toy_db, event_name, 'test_iris_admin')
# simulate a user which is not signed up to the event
user = add_user(session_toy_db, 'xx', 'xx', 'xx', 'xx', 'xx', 'user')
user.is_authenticated = True
assert not is_accessible_code(session_toy_db, event_name, user.name)
# simulate that the event is not publicly opened
event = get_event(session_toy_db, event_name)
past_public_opening = event.public_opening_timestamp
tomorrow = datetime.datetime.utcnow() + datetime.timedelta(days=1)
event.public_opening_timestamp = tomorrow
session_toy_db.commit()
assert is_accessible_code(session_toy_db, event_name, 'test_user_3')
# Make a submission
submission_name = 'random_forest_10_10'
ramp_config = generate_ramp_config(read_config(ramp_config_template()))
path_submission = os.path.join(
os.path.dirname(ramp_config['ramp_sandbox_dir']), submission_name
)
sub = add_submission(
session_toy_db, event_name, 'test_user_3', submission_name,
path_submission
)
# check that the user submitting the submission could access it
assert is_accessible_code(
session_toy_db, event_name, 'test_user_3', sub.id
)
# change the admin of the team
from ramp_database.model import Team, User
team = (session_toy_db.query(Team)
.filter(Team.name == 'test_user_3')
.first())
user = (session_toy_db.query(User)
.filter(User.name == 'test_user_2')
.first())
team.admin_id = user.id
team.admin = user
session_toy_db.commit()
# check that the admin can access the submission
assert is_accessible_code(
session_toy_db, event_name, 'test_user_2', sub.id
)
# but others cannot
assert not is_accessible_code(
session_toy_db, event_name, 'test_user_3', sub.id
)
event.public_opening_timestamp = past_public_opening
session_toy_db.commit()