def test_registration(self):
'Make sure that registration works'
url = self.get_url('user_register')
username, password, nickname, email = [self.userS[x].replace('1', '9') for x in 'username', 'password', 'nickname', 'email']
params = ReplaceableDict(username=username, password=password, nickname=nickname, email=email)
# Make sure the registration page appears properly
self.assert_('Registration' in self.get(url).unicode_body)
# Register
registrationCount1 = db.query(User_).count()
self.post(url, params)
# Register with a username that already exists
self.assert_json(self.post(url, params.replace(username=self.userS['username'])), 0)
# Register with a nickname that already exists
self.assert_json(self.post(url, params.replace(nickname=self.userS['nickname'])), 0)
# Register with a email that already exists
self.assert_json(self.post(url, params.replace(email=self.userS['email'])), 0)
# Register with a weak password
self.assert_json(self.post(url, params.replace(password='******')), 0)
# Register with the same username but with different case
self.post(url, params.replace(username=username.upper(), nickname=nickname + 'x', email=email + 'x'))
# Register with the same nickname but with different case
self.post(url, params.replace(username=username + 'x', nickname=nickname.upper(), email=email + 'x'))
# Register with the same email but with different case
self.post(url, params.replace(username=username + 'x', nickname=nickname + 'x', email=email.upper()))
# Confirm with an invalid ticket
self.get(self.get_url('user_confirm', ticket='xxx'))
# Confirm registration
registrationCount2 = db.query(User_).count()
self.assertEqual(registrationCount2 - registrationCount1, +4)
self.get(self.get_url('user_confirm', ticket=db.query(User_.ticket).filter_by(email=email).order_by(User_.when_expired.desc()).first()[0]))
# Make sure the user exists
self.assertEqual(db.query(User).filter_by(email=email).count(), 1)
# Make sure that conflicting registrations have been deleted
registrationCount3 = db.query(User_).count()
self.assertEqual(registrationCount3 - registrationCount2, -4)
def update_(request):
'Update account'
params = request.params
if params.get('token') != request.session.get_csrf_token():
return dict(isOk=0, message='Invalid session token')
userID = authenticated_userid(request)
# If the user is trying to update account information, send confirmation email
if 'username' in params:
return save_user_(request, dict(params), 'update', db.query(User).get(userID))
# Make sure the smsAddressID belongs to the user
smsAddressID = params.get('smsAddressID')
smsAddress = db.query(SMSAddress).filter(
(SMSAddress.id == smsAddressID) &
(SMSAddress.user_id == userID)).first()
if not smsAddress:
return dict(isOk=0, message='Could not find smsAddressID=%s corresponding to userID=%s' % (smsAddressID, userID))
# Load
smsAddressAction = params.get('smsAddressAction')
# If the user is activating an SMS address,
if 'activate' == smsAddressAction:
smsAddress.is_active = True
return dict(isOk=1, is_active=smsAddress.is_active)
# If the user is deactivating an SMS address,
if 'deactivate' == smsAddressAction:
smsAddress.is_active = False
return dict(isOk=1, is_active=smsAddress.is_active)
# If the user is removing an SMS address,
elif 'remove' == smsAddressAction:
db.delete(smsAddress)
return dict(isOk=1)
# If the command is not recognized,
return dict(isOk=0, message='Command not recognized')
def test_registration(self):
'Make sure that registration works'
url = self.get_url('user_register')
username, password, nickname, email = [
self.userS[x].replace('1', '9')
for x in 'username', 'password', 'nickname', 'email'
]
params = ReplaceableDict(username=username,
password=password,
nickname=nickname,
email=email)
# Make sure the registration page appears properly
self.assert_('Registration' in self.get(url).unicode_body)
# Register
registrationCount1 = db.query(User_).count()
self.post(url, params)
# Register with a username that already exists
self.assert_json(
self.post(url, params.replace(username=self.userS['username'])), 0)
# Register with a nickname that already exists
self.assert_json(
self.post(url, params.replace(nickname=self.userS['nickname'])), 0)
# Register with a email that already exists
self.assert_json(
self.post(url, params.replace(email=self.userS['email'])), 0)
# Register with a weak password
self.assert_json(self.post(url, params.replace(password='******')), 0)
# Register with the same username but with different case
self.post(
url,
params.replace(username=username.upper(),
nickname=nickname + 'x',
email=email + 'x'))
# Register with the same nickname but with different case
self.post(
url,
params.replace(username=username + 'x',
nickname=nickname.upper(),
email=email + 'x'))
# Register with the same email but with different case
self.post(
url,
params.replace(username=username + 'x',
nickname=nickname + 'x',
email=email.upper()))
# Confirm with an invalid ticket
self.get(self.get_url('user_confirm', ticket='xxx'))
# Confirm registration
registrationCount2 = db.query(User_).count()
self.assertEqual(registrationCount2 - registrationCount1, +4)
self.get(
self.get_url('user_confirm',
ticket=db.query(
User_.ticket).filter_by(email=email).order_by(
User_.when_expired.desc()).first()[0]))
# Make sure the user exists
self.assertEqual(db.query(User).filter_by(email=email).count(), 1)
# Make sure that conflicting registrations have been deleted
registrationCount3 = db.query(User_).count()
self.assertEqual(registrationCount3 - registrationCount2, -4)
def processRegistration(email):
'Process an SMS address registration'
# Get userID and code
match = pattern_registration.match(email.subject)
if not match:
return False
userID, userCode = match.groups()
userID = int(userID)
fromWhom = parseaddr(email.fromWhom)[1]
# Make sure we have a proper email address
try:
fromWhom = validators.Email(not_empty=True).to_python(fromWhom)
except Invalid:
return False
# If userID is zero, then the sender wants to unregister his or her address
if userID == 0:
db.query(SMSAddress).filter_by(email=fromWhom).delete()
return True
# Load
user = db.query(User).filter_by(id=userID, code=userCode).options(joinedload(User.sms_addresses)).first()
# If the user doesn't exist,
if not user:
return False
# If we have registered the address already,
if fromWhom in (x.email for x in user.sms_addresses):
return True
# Add
db.add(SMSAddress(email=fromWhom, user_id=userID))
return True
def processRegistration(email):
'Process an SMS address registration'
# Get userID and code
match = pattern_registration.match(email.subject)
if not match:
return False
userID, userCode = match.groups()
userID = int(userID)
fromWhom = parseaddr(email.fromWhom)[1]
# Make sure we have a proper email address
try:
fromWhom = validators.Email(not_empty=True).to_python(fromWhom)
except Invalid:
return False
# If userID is zero, then the sender wants to unregister his or her address
if userID == 0:
db.query(SMSAddress).filter_by(email=fromWhom).delete()
return True
# Load
user = db.query(User).filter_by(id=userID, code=userCode).options(
joinedload(User.sms_addresses)).first()
# If the user doesn't exist,
if not user:
return False
# If we have registered the address already,
if fromWhom in (x.email for x in user.sms_addresses):
return True
# Add
db.add(SMSAddress(email=fromWhom, user_id=userID))
return True
def test_mutate(self):
'Make sure that mutating the user works'
url = self.get_url('user_mutate')
self.login(self.userI)
token = get_token(self.get(self.get_url('user_update')).body)
params = ReplaceableDict(token=token)
# Check that a bad token fails
self.assert_json(self.post(url, params.replace(token=token + 'x')), 0)
# Check that we can mutate the user code
userCode = db.query(User.code).filter_by(username=self.userI['username']).first()[0]
self.assert_json(self.post(url, params), 1)
self.assertNotEqual(userCode, db.query(User.code).filter_by(username=self.userI['username']).first()[0])
def test_reset(self):
'Make sure that resetting the password works'
url = self.get_url('user_reset')
password, email = [self.userI[x] for x in 'password', 'email']
# Trying to reset an email that does not exist returns an error
self.assert_json(self.post(url, dict(email=email + 'x')), 0)
# Resetting the password does not immediately change the password
self.assert_json(self.post(url, dict(email=email)), 1)
self.assertEqual(db.query(User).filter_by(email=email).first().check(password), True)
# Apply change
self.get(self.get_url('user_confirm', ticket=db.query(User_.ticket).filter_by(email=email).order_by(User_.when_expired.desc()).first()[0]))
self.assertEqual(db.query(User).filter_by(email=email).first().check(password), False)
def move(request):
'Move a user to a different access category'
params = request.params
if params.get('token') != request.session.get_csrf_token():
return dict(isOk=0, message='Invalid session token')
userID = authenticated_userid(request)
# Load targetUser
targetUserID = params.get('targetUserID', 0)
targetUser = db.query(User).get(targetUserID)
if not targetUser:
return dict(isOk=0, message='Could not find targetUserID=%s' % targetUserID)
if int(userID) == int(targetUserID):
return dict(isOk=0, message='Cannot promote or demote yourself')
# Load attributes
hasAttributes = False
for attributeName in 'is_active', 'is_super':
value = params.get(attributeName)
if value is None:
continue
try:
value = bool(int(value))
except ValueError:
return dict(isOk=0, message='Could not parse %s=%s' % (attributeName, value))
setattr(targetUser, attributeName, value)
hasAttributes = True
if not hasAttributes:
return dict(isOk=0, message='No attributes specified')
# Return
region_invalidate(get_properties, None, targetUserID)
return dict(isOk=1)
def test_mutate(self):
'Make sure that mutating the user works'
url = self.get_url('user_mutate')
self.login(self.userI)
token = get_token(self.get(self.get_url('user_update')).body)
params = ReplaceableDict(token=token)
# Check that a bad token fails
self.assert_json(self.post(url, params.replace(token=token + 'x')), 0)
# Check that we can mutate the user code
userCode = db.query(
User.code).filter_by(username=self.userI['username']).first()[0]
self.assert_json(self.post(url, params), 1)
self.assertNotEqual(
userCode,
db.query(User.code).filter_by(
username=self.userI['username']).first()[0])
def test_move(self):
'Make sure that only superusers can promote or demote other users'
url = self.get_url('user_move')
# Check that we only see the login page if the user is not logged in
self.assert_forbidden(url, method='POST')
# Check that only super users can promote or demote other users
for userD in self.userA, self.userI:
self.login(userD)
self.assert_forbidden(url, method='POST')
self.login(self.userS)
userID = db.query(
User.id).filter_by(username=self.userS['username']).first()[0]
token = get_token(self.get(self.get_url('user_index')).body)
get_targetUser = lambda: db.query(User).filter_by(username=self.userI[
'username']).first()
targetUser = get_targetUser()
params = ReplaceableDict(token=token,
targetUserID=targetUser.id,
is_super=1,
is_active=1)
# Check that a bad token fails
self.assert_json(self.post(url, params.replace(token=token + 'x')), 0)
# Check that a bad targetUserID fails
self.assert_json(self.post(url, params.replace(targetUserID=0)), 0)
# Check that a bad attribute fails
self.assert_json(self.post(url, params.replace(is_super='xxx')), 0)
self.assert_json(self.post(url, params.replace(is_active='xxx')), 0)
# Check that a super user cannot promote or demote self
self.assert_json(self.post(url, params.replace(targetUserID=userID)),
0)
# Check that a super user can promote or demote other users
self.assert_json(self.post(url, params.replace(is_super=1)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_super, True)
self.assert_json(self.post(url, params.replace(is_super=0)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_super, False)
self.assert_json(self.post(url, params.replace(is_active=1)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_active, True)
self.assert_json(self.post(url, params.replace(is_active=0)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_active, False)
def _to_python(self, value, user):
'Check whether the value is unique'
# If the user is new or the value changed,
if not user or getattr(user, self.fieldName) != value:
# Make sure the value is unique
if db.query(User).filter(getattr(User, self.fieldName)==value).first():
# Raise
raise Invalid(self.errorMessage, value, user)
# Return
return value
def test_reset(self):
'Make sure that resetting the password works'
url = self.get_url('user_reset')
password, email = [self.userI[x] for x in 'password', 'email']
# Trying to reset an email that does not exist returns an error
self.assert_json(self.post(url, dict(email=email + 'x')), 0)
# Resetting the password does not immediately change the password
self.assert_json(self.post(url, dict(email=email)), 1)
self.assertEqual(
db.query(User).filter_by(email=email).first().check(password),
True)
# Apply change
self.get(
self.get_url('user_confirm',
ticket=db.query(
User_.ticket).filter_by(email=email).order_by(
User_.when_expired.desc()).first()[0]))
self.assertEqual(
db.query(User).filter_by(email=email).first().check(password),
False)
def test_update(self):
'Make sure that updating credentials works'
url = self.get_url('user_update')
# Check that we only see the login page if the user is not logged in
self.assert_forbidden(url)
self.assert_forbidden(url, method='POST')
# Check that the update form is filled with the user's credentials
self.login(self.userI)
body = self.get(url).unicode_body
self.assert_(self.userI['username'] in body)
self.assert_(self.userI['nickname'] in body)
self.assert_(self.userI['email'].lower() in body)
token = get_token(body)
# Updating credentials requires a token
username, password, nickname, email = [
'0' + self.userI[x]
for x in 'username', 'password', 'nickname', 'email'
]
params = ReplaceableDict(token=token,
username=username,
password=password,
nickname=nickname,
email=email)
self.assert_json(self.post(url, params.replace(token='')), 0)
self.assert_json(self.post(url, params), 1)
# Make sure the credentials have not changed yet
self.assertEqual(
db.query(User).filter_by(username=username,
nickname=nickname,
email=email).count(), 0)
# Make sure the credentials have changed after confirmation
self.get(
self.get_url('user_confirm',
ticket=db.query(
User_.ticket).filter_by(email=email).order_by(
User_.when_expired.desc()).first()[0]))
self.assertEqual(
db.query(User).filter_by(username=username,
nickname=nickname,
email=email).first().check(password),
True)
def get_patents():
return db.query(Patent).join(Patent.status, Patent.type).options(
joinedload(Patent.technology),
joinedload(Patent.firm),
joinedload(Patent.status),
joinedload(Patent.type),
joinedload_all(Patent.inventors, PatentInventor.contact, Contact.phones),
joinedload(Patent.country),
).order_by(
PatentStatus.name,
PatentType.name,
Patent.date_filed,
).all()
def test_move(self):
'Make sure that only superusers can promote or demote other users'
url = self.get_url('user_move')
# Check that we only see the login page if the user is not logged in
self.assert_forbidden(url, method='POST')
# Check that only super users can promote or demote other users
for userD in self.userA, self.userI:
self.login(userD)
self.assert_forbidden(url, method='POST')
self.login(self.userS)
userID = db.query(User.id).filter_by(username=self.userS['username']).first()[0]
token = get_token(self.get(self.get_url('user_index')).body)
get_targetUser = lambda: db.query(User).filter_by(username=self.userI['username']).first()
targetUser = get_targetUser()
params = ReplaceableDict(token=token, targetUserID=targetUser.id, is_super=1, is_active=1)
# Check that a bad token fails
self.assert_json(self.post(url, params.replace(token=token + 'x')), 0)
# Check that a bad targetUserID fails
self.assert_json(self.post(url, params.replace(targetUserID=0)), 0)
# Check that a bad attribute fails
self.assert_json(self.post(url, params.replace(is_super='xxx')), 0)
self.assert_json(self.post(url, params.replace(is_active='xxx')), 0)
# Check that a super user cannot promote or demote self
self.assert_json(self.post(url, params.replace(targetUserID=userID)), 0)
# Check that a super user can promote or demote other users
self.assert_json(self.post(url, params.replace(is_super=1)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_super, True)
self.assert_json(self.post(url, params.replace(is_super=0)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_super, False)
self.assert_json(self.post(url, params.replace(is_active=1)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_active, True)
self.assert_json(self.post(url, params.replace(is_active=0)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_active, False)
def get_patents():
return db.query(Patent).join(Patent.status, Patent.type).options(
joinedload(Patent.technology),
joinedload(Patent.firm),
joinedload(Patent.status),
joinedload(Patent.type),
joinedload_all(Patent.inventors, PatentInventor.contact,
Contact.phones),
joinedload(Patent.country),
).order_by(
PatentStatus.name,
PatentType.name,
Patent.date_filed,
).all()
def test_update(self):
'Make sure that updating credentials works'
url = self.get_url('user_update')
# Check that we only see the login page if the user is not logged in
self.assert_forbidden(url)
self.assert_forbidden(url, method='POST')
# Check that the update form is filled with the user's credentials
self.login(self.userI)
body = self.get(url).unicode_body
self.assert_(self.userI['username'] in body)
self.assert_(self.userI['nickname'] in body)
self.assert_(self.userI['email'].lower() in body)
token = get_token(body)
# Updating credentials requires a token
username, password, nickname, email = ['0' + self.userI[x] for x in 'username', 'password', 'nickname', 'email']
params = ReplaceableDict(token=token, username=username, password=password, nickname=nickname, email=email)
self.assert_json(self.post(url, params.replace(token='')), 0)
self.assert_json(self.post(url, params), 1)
# Make sure the credentials have not changed yet
self.assertEqual(db.query(User).filter_by(username=username, nickname=nickname, email=email).count(), 0)
# Make sure the credentials have changed after confirmation
self.get(self.get_url('user_confirm', ticket=db.query(User_.ticket).filter_by(email=email).order_by(User_.when_expired.desc()).first()[0]))
self.assertEqual(db.query(User).filter_by(username=username, nickname=nickname, email=email).first().check(password), True)
def reset(request):
'Reset password'
# Get email
email = request.params.get('email')
# Try to load the user
user = db.query(User).filter(User.email==email).first()
# If the email is not in our database,
if not user:
return dict(isOk=0)
# Reset account
return save_user_(request, dict(
username=user.username,
password=make_random_string(PASSWORD_LEN_MAX),
nickname=user.nickname,
email=user.email), 'reset', user)
def mutate(request):
'Mutate user token'
params = request.params
if params.get('token') != request.session.get_csrf_token():
return dict(isOk=0, message='Invalid session token')
userID = authenticated_userid(request)
# Mutate user code
user = db.query(User).get(userID)
user.code = make_random_string(CODE_LEN)
# Refresh cookie
if not hasattr(request, 'response_headerlist'):
request.response_headerlist = []
request.response_headerlist.extend(remember(request, user.id, tokens=format_tokens(user)))
# Return
region_invalidate(get_properties, None, userID)
return dict(isOk=1, code=user.code)
def apply_user_(ticket):
'Finalize a change to a user account'
user_ = db.query(User_).filter(
(User_.ticket == ticket) &
(User_.when_expired >= datetime.datetime.utcnow())).first()
if not user_:
raise UserException('')
# If the ticket is valid,
if user_:
# Apply the change and reset rejection_count
userID = user_.user_id
db.merge(User(
id=userID,
username=user_.username,
password_=user_.password_,
nickname=user_.nickname,
email=user_.email,
rejection_count=0,
code=make_random_string(CODE_LEN)))
region_invalidate(get_properties, None, userID)
# Return
return user_
def login_(request):
'Process login credentials'
# Make shortcuts
environ, params, registry = [getattr(request, x) for x in 'environ', 'params', 'registry']
username, password = [params.get(x, '').strip() for x in 'username', 'password']
if not username or not password:
return dict(isOk=0)
# Check username
user = db.query(User).filter_by(username=username).first()
if not user:
return dict(isOk=0)
# If the password is incorrect, increment and return rejection_count
if not user.check(password):
user.rejection_count += 1
return dict(isOk=0, rejection_count=user.rejection_count)
# If there have been too many rejections, expect recaptcha
if user.rejection_count >= REJECTION_LIMIT:
rChallenge, rResponse = [params.get(x, '') for x in 'recaptcha_challenge', 'recaptcha_response']
rPrivate = registry.settings.get('recaptcha.private', '')
clientIP = environ.get('HTTP_X_REAL_IP', environ.get('HTTP_X_FORWARDED_FOR', environ.get('REMOTE_ADDR')))
# If the response is not valid, say so
if not captcha.submit(rChallenge, rResponse, rPrivate, clientIP).is_valid:
return dict(isOk=0, rejection_count=user.rejection_count)
# Save user
try:
user.minutes_offset = int(params.get('minutes_offset', MINUTES_OFFSET))
except ValueError:
user.minutes_offset = MINUTES_OFFSET
user.when_login = datetime.datetime.utcnow()
user.rejection_count = 0
# Set cookie
if not hasattr(request, 'response_headerlist'):
request.response_headerlist = []
request.response_headerlist.extend(remember(request, user.id, tokens=format_tokens(user)))
# Return
return dict(isOk=1)
def get_properties(userID):
'Return user properties'
return db.query(User.nickname, User.minutes_offset, User.is_active, User.is_super, User.code).filter_by(id=userID).first()
def save_user_(request, valueByName, action, user=None):
'Validate values and send confirmation email if values are okay'
# Validate form
try:
form = UserForm().to_python(valueByName, user)
except Invalid, error:
return dict(isOk=0, errorByID=error.unpack_errors())
# Prepare ticket
try:
ticket = make_random_unique_string(TICKET_LEN,
lambda x: db.query(User_).filter_by(ticket=x).first() == None)
except RuntimeError:
return dict(isOk=0, errorByID={'status': 'Could not generate ticket; please try again later'})
# Prepare user_
user_ = User_(
username=form['username'],
password=form['password'],
nickname=form['nickname'],
email=form['email'],
user_id=user.id if user else None,
ticket=ticket,
when_expired=datetime.datetime.utcnow() + datetime.timedelta(hours=TICKET_HOURS))
db.add(user_)
# Send message
get_mailer(request).send_to_queue(Message(
recipients=[formataddr((user_.nickname, user_.email))],
def index(request):
'Display patent activity'
upload = db.query(Upload).order_by(Upload.when.desc()).first()
patents = get_patents()
return dict(upload=upload, patents=patents)
def update(request):
'Show account update page'
userID = authenticated_userid(request)
user = db.query(User).options(joinedload(User.sms_addresses)).get(userID)
return dict(user=user)
def index(request):
'Display patent activity'
upload = db.query(Upload).order_by(Upload.when.desc()).first()
patents = get_patents()
return dict(upload=upload, patents=patents)
def test_index(self):
'Assert that the user index page shows how many accounts are on file'
url = self.get_url('user_index')
# Make sure that the user index page is visible
self.assert_('%s users' %
db.query(User).count() in self.get(url).unicode_body)
def test_update_smsAddress(self):
'Make sure that updating smsAddresses works'
url = self.get_url('user_update')
db.query(SMSAddress).delete()
userSID, userSCode, userSEmail = db.query(
User.id, User.code,
User.email).filter_by(username=self.userS['username']).first()
userAID, userACode, userAEmail = db.query(
User.id, User.code,
User.email).filter_by(username=self.userA['username']).first()
userIID, userICode, userIEmail = db.query(
User.id, User.code,
User.email).filter_by(username=self.userI['username']).first()
imapServer = sms.connect(self.router.registry.settings)
# Register an invalid email address
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userSID, userSCode),
fromWhom=''))
# Register using an invalid userID or userCode
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (-1, userSCode),
fromWhom='sms_' + userSEmail))
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userSID, -1),
fromWhom='sms_' + userSEmail))
# Register three email addresses
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userSID, userSCode),
fromWhom='sms_' + userSEmail))
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userAID, userACode),
fromWhom='sms_' + userAEmail))
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userIID, userICode),
fromWhom='sms_' + userIEmail))
# Register an address that already exists for the given user
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userSID, userSCode),
fromWhom='sms_' + userSEmail))
# Remove an email address
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (0, 'xxx'),
fromWhom='sms_' + userSEmail))
# Process
sms.process(self.router.registry.settings)
# Make sure we only have two registered SMS address
self.assertEqual(2, db.query(SMSAddress).count())
smsAddressA = db.query(SMSAddress).filter_by(user_id=userAID).first()
smsAddressI = db.query(SMSAddress).filter_by(user_id=userIID).first()
# Get token
self.login(self.userI)
token = get_token(self.get(url).unicode_body)
params = ReplaceableDict(token=token,
smsAddressAction='activate',
smsAddressID=smsAddressI.id)
# Activate an smsAddress that doesn't belong to the user
self.assert_json(
self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Activate an smsAddress
self.assert_json(self.post(url, params), 1)
self.assertEqual(
db.query(
SMSAddress.is_active).filter_by(user_id=userIID).first()[0],
True)
params = ReplaceableDict(token=token,
smsAddressAction='deactivate',
smsAddressID=smsAddressI.id)
# Deactivate an smsAddress that doesn't belong to the user
self.assert_json(
self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Deactivate an smsAddress
self.assert_json(self.post(url, params), 1)
self.assertEqual(
db.query(
SMSAddress.is_active).filter_by(user_id=userIID).first()[0],
False)
params = ReplaceableDict(token=token,
smsAddressAction='remove',
smsAddressID=smsAddressI.id)
# Remove an smsAddress that doesn't belong to the user
self.assert_json(
self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Remove an smsAddress that does belong to the user
self.assert_json(self.post(url, params), 1)
self.assertEqual(
db.query(SMSAddress).filter_by(id=smsAddressI.id).count(), 0)
params = ReplaceableDict(token=token)
# Send an invalid command
self.assert_json(self.post(url, params.replace(smsAddressAction='')),
0)
self.assert_json(
self.post(url, params.replace(smsAddressAction='xxx')), 0)
def index(request):
'Show information about people registered in the database'
return dict(users=db.query(User).order_by(User.when_login.desc()).all())
def test_index(self):
'Assert that the user index page shows how many accounts are on file'
url = self.get_url('user_index')
# Make sure that the user index page is visible
self.assert_('%s users' % db.query(User).count() in self.get(url).unicode_body)
def get_properties(userID):
'Return user properties'
return db.query(User.nickname, User.minutes_offset, User.is_active, User.is_super, User.code).filter_by(id=userID).first()
def test_update_smsAddress(self):
'Make sure that updating smsAddresses works'
url = self.get_url('user_update')
db.query(SMSAddress).delete()
userSID, userSCode, userSEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userS['username']).first()
userAID, userACode, userAEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userA['username']).first()
userIID, userICode, userIEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userI['username']).first()
imapServer = sms.connect(self.router.registry.settings)
# Register an invalid email address
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom=''))
# Register using an invalid userID or userCode
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (-1, userSCode), fromWhom='sms_' + userSEmail))
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, -1), fromWhom='sms_' + userSEmail))
# Register three email addresses
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='sms_' + userSEmail))
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userAID, userACode), fromWhom='sms_' + userAEmail))
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userIID, userICode), fromWhom='sms_' + userIEmail))
# Register an address that already exists for the given user
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='sms_' + userSEmail))
# Remove an email address
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (0, 'xxx'), fromWhom='sms_' + userSEmail))
# Process
sms.process(self.router.registry.settings)
# Make sure we only have two registered SMS address
self.assertEqual(2, db.query(SMSAddress).count())
smsAddressA = db.query(SMSAddress).filter_by(user_id=userAID).first()
smsAddressI = db.query(SMSAddress).filter_by(user_id=userIID).first()
# Get token
self.login(self.userI)
token = get_token(self.get(url).unicode_body)
params = ReplaceableDict(token=token, smsAddressAction='activate', smsAddressID=smsAddressI.id)
# Activate an smsAddress that doesn't belong to the user
self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Activate an smsAddress
self.assert_json(self.post(url, params), 1)
self.assertEqual(db.query(SMSAddress.is_active).filter_by(user_id=userIID).first()[0], True)
params = ReplaceableDict(token=token, smsAddressAction='deactivate', smsAddressID=smsAddressI.id)
# Deactivate an smsAddress that doesn't belong to the user
self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Deactivate an smsAddress
self.assert_json(self.post(url, params), 1)
self.assertEqual(db.query(SMSAddress.is_active).filter_by(user_id=userIID).first()[0], False)
params = ReplaceableDict(token=token, smsAddressAction='remove', smsAddressID=smsAddressI.id)
# Remove an smsAddress that doesn't belong to the user
self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Remove an smsAddress that does belong to the user
self.assert_json(self.post(url, params), 1)
self.assertEqual(db.query(SMSAddress).filter_by(id=smsAddressI.id).count(), 0)
params = ReplaceableDict(token=token)
# Send an invalid command
self.assert_json(self.post(url, params.replace(smsAddressAction='')), 0)
self.assert_json(self.post(url, params.replace(smsAddressAction='xxx')), 0)