Ejemplo n.º 1
0
def test_user_get_wrong_user():
    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 403
Ejemplo n.º 2
0
def test_activate_wrong_code():
    pu = create_pending_user()
    pu.save()

    r,data = test_helpers.server_get("/activate/abc/bees")
    status = r.status
    assert status == 403, data
Ejemplo n.º 3
0
 def test_user_get_valid_teacher_body(self):
     resp = helpers.server_get("/user/student_coll1_1", {"token":self.auth_hash})
     body = resp.read()
     print body
     hash = json.loads(body)
     self.assertEqual(hash["full_name"], "student1 student")
     self.assertEqual(hash["email"], "*****@*****.**")
Ejemplo n.º 4
0
def test_colleges_blueshirt():
    params = {"username": "******", "password": "******"}
    r, data = test_helpers.server_get("/colleges", params)
    print r.status
    print data
    assert r.status == 200
    assert len(json.loads(data)["colleges"]) == 2
Ejemplo n.º 5
0
def test_college_403_bad_creds():
    params = {"username":"******",
              "password":"******"}

    r, data = test_helpers.server_get("/colleges/college-1", params)

    assert r.status == 403
Ejemplo n.º 6
0
def test_colleges_no_user():
    params = {}

    r, data = test_helpers.server_get("/colleges", params)

    print r, data
    assert r.status == 403
Ejemplo n.º 7
0
def test_activate_wrong_code():
    pu = create_pending_user()
    pu.save()

    r, data = test_helpers.server_get("/activate/abc/bees")
    status = r.status
    assert status == 403, data
Ejemplo n.º 8
0
def test_user_get_blueshirt_wrong_password():
    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/blueshirt", params)

    assert r.status == 403
Ejemplo n.º 9
0
def test_college_blueshirt_can_see_any_college():
    params = {"username": "******", "password": "******"}

    r, data = test_helpers.server_get("/colleges/college-2", params)

    assert r.status == 200
    resp = json.loads(data)
    assert "users" not in resp.keys()
Ejemplo n.º 10
0
def test_user_get_other_can_view():
    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 200
    assert data.find("student_coll1_1") != -1
Ejemplo n.º 11
0
def test_user_get_wrong_user():
    params = {
        "username": "******",
        "password": "******",
    }

    r, data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 403
Ejemplo n.º 12
0
def test_colleges_blueshirt():
    params = {"username": "******", "password": "******"}
    r, data = test_helpers.server_get("/colleges", params)
    print(r.status)
    print(data)
    assert r.status == 200
    colleges = sorted(json.loads(data)["colleges"])
    assert colleges == ["college-1", "college-2"]
Ejemplo n.º 13
0
def test_user_get_blueshirt_wrong_password():
    params = {
        "username": "******",
        "password": "******",
    }

    r, data = test_helpers.server_get("/user/blueshirt", params)

    assert r.status == 403
Ejemplo n.º 14
0
def test_college_blueshirt_can_see_any_college():
    params = {"username":"******",
              "password":"******"}

    r, data = test_helpers.server_get("/colleges/college-2", params)

    assert r.status == 200
    resp = json.loads(data)
    assert "users" not in resp.keys()
Ejemplo n.º 15
0
def test_user_colleges():
    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/blueshirt", params)
    data = json.loads(data)

    assert r.status == 200
    assert "college-1" in data[u"colleges"]
Ejemplo n.º 16
0
def test_user_withdrawn_false():
    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/teacher_coll2", params)
    data = json.loads(data)

    assert r.status == 200
    assert not data['has_withdrawn']
Ejemplo n.º 17
0
    def test_user_post_set_email_email(self):
        args_hash = {}
        args_hash["token"] = self.auth_hash
        args_hash["email"] = "sam@sam" + str(random.randint(0,10000)) + ".com"
        resp = helpers.server_post("/user/student_coll2_2", args_hash)
        self.assertEqual(resp.status, 200)

        resp = helpers.server_get("/user/student_coll2_2", {"token":self.auth_hash})
        body = json.loads(resp.read())
        self.assertEqual(body["email"], args_hash["email"])
Ejemplo n.º 18
0
def test_user_get_self_wrong_case():
    """
    Tests that when a user auths with the wrong case,
    and requests the wrong case of username in the url,
    we still respond with the correctly cased data.
    """
    params = {"username": "******", "password": "******"}
    r, data = test_helpers.server_get("/user/studenT_coll1_1", params)
    assert r.status == 200
    assert data.find("student_coll1_1") != -1
Ejemplo n.º 19
0
def test_user_teams():
    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/student_coll1_1", params)
    data = json.loads(data)

    assert r.status == 200
    assert ["team-ABC"] == data[u"teams"]
Ejemplo n.º 20
0
def test_college_teacher_cant_see_blueshirt():

    params = {"username": "******", "password": "******"}

    r, data = test_helpers.server_get("/colleges/college-1", params)

    assert r.status == 200

    resp = json.loads(data)
    assert resp["name"] == "college the first"
    assert "blueshirt" not in set(resp["users"])
Ejemplo n.º 21
0
def test_user_colleges():
    params = {
        "username": "******",
        "password": "******",
    }

    r, data = test_helpers.server_get("/user/blueshirt", params)
    data = json.loads(data)

    assert r.status == 200
    assert "college-1" in data[u"colleges"]
Ejemplo n.º 22
0
    def test_get_college_body(self):
        resp = helpers.server_get("/college", {"token":self.auth_hash})
        obj = json.loads(resp.read())
        self.assertTrue(obj.has_key("userids"))
        self.assertTrue("teacher_coll1" in obj["userids"])
        self.assertTrue("student_coll1_1" in obj["userids"])
        self.assertTrue("student_coll1_2" in obj["userids"])

        self.assertEqual(obj["college_name"], "college the first")
        self.assertTrue("team-ABC" in obj["teams"])
        self.assertTrue("team-DFE" in obj["teams"])
Ejemplo n.º 23
0
def test_user_withdrawn_false():
    params = {
        "username": "******",
        "password": "******",
    }

    r, data = test_helpers.server_get("/user/teacher_coll2", params)
    data = json.loads(data)

    assert r.status == 200
    assert not data['has_withdrawn']
Ejemplo n.º 24
0
def test_user_get_self_wrong_case():
    """
    Tests that when a user auths with the wrong case,
    and requests the wrong case of username in the url,
    we still respond with the correctly cased data.
    """
    params = {"username":"******",
              "password":"******"}
    r,data = test_helpers.server_get("/user/studenT_coll1_1", params)
    assert r.status == 200
    assert data.find("student_coll1_1") != -1
Ejemplo n.º 25
0
def test_user_teams():
    params = {
        "username": "******",
        "password": "******",
    }

    r, data = test_helpers.server_get("/user/student_coll1_1", params)
    data = json.loads(data)

    assert r.status == 200
    assert ["team-ABC"] == data[u"teams"]
Ejemplo n.º 26
0
    def test_verify_outdated_request(self):
        with sqlite_connect() as conn:
            cur = conn.cursor()
            statement = "INSERT INTO password_resets (username, requestor_username, request_time, verify_code) VALUES (?,?,?, ?)"
            days = config.getint('nemesis', 'password_reset_days')
            old = datetime.datetime.now() - datetime.timedelta(days = days + 2)
            arguments = ('abc', 'blueshirt', old.strftime('%Y-%m-%d %H:%M:%S'), 'bees')
            cur.execute(statement, arguments)
            conn.commit()

        r, data = test_helpers.server_get("/reset_password/abc/bees")
        self.assertEqual(410, r.status, data)
Ejemplo n.º 27
0
def test_college_teacher_can_see_students_and_self():
    params = {"username": "******", "password": "******"}

    r, data = test_helpers.server_get("/colleges/college-1", params)

    assert r.status == 200

    resp = json.loads(data)
    assert resp["name"] == "college the first"
    assert "teacher_coll1" in set(resp["users"])
    assert "student_coll1_1" in set(resp["users"])
    assert "student_coll1_2" in set(resp["users"])
Ejemplo n.º 28
0
def test_user_properties_student():
    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/student_coll1_1", params)
    data = json.loads(data)

    assert r.status == 200
    assert data['is_student']
    assert not data['is_team_leader']
    assert not data['is_blueshirt']
Ejemplo n.º 29
0
def test_user_get_checks_same_email():
    username = "******"
    new_email = User(username).email
    setup_new_email(username, new_email, 'bees')

    params = {"username": username, "password": "******"}
    r, data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 200, data

    user_info = json.loads(data)
    assert not user_info.has_key('new_email'), \
        "Should not have a new_email key when the new one and the current one match"
Ejemplo n.º 30
0
def test_verify_outdated_request():
    conn = test_helpers.sqlite_connect()
    cur = conn.cursor()
    statement = "INSERT INTO email_changes (username, new_email, request_time, verify_code) VALUES (?,?,?, ?)"
    old = datetime.datetime.now() - datetime.timedelta(days = 4)
    arguments = ('abc', '*****@*****.**', old.strftime('%Y-%m-%d %H:%M:%S'), 'bees')
    cur.execute(statement, arguments)
    conn.commit()

    r,data = test_helpers.server_get("/verify/abc/bees")
    status = r.status
    assert status == 410, data
Ejemplo n.º 31
0
def test_college_teacher_cant_see_blueshirt():

    params = {"username":"******",
              "password":"******"}

    r, data = test_helpers.server_get("/colleges/college-1", params)

    assert r.status == 200

    resp = json.loads(data)
    assert resp["name"] == "college the first"
    assert "blueshirt" not in set(resp["users"])
Ejemplo n.º 32
0
def test_college_teacher_can_see_students_and_self():
    params = {"username":"******",
              "password":"******"}

    r, data = test_helpers.server_get("/colleges/college-1", params)

    assert r.status == 200

    resp = json.loads(data)
    assert resp["name"] == "college the first"
    assert "teacher_coll1" in set(resp["users"])
    assert "student_coll1_1" in set(resp["users"])
    assert "student_coll1_2" in set(resp["users"])
Ejemplo n.º 33
0
def test_user_get_checks_same_email():
    username = "******"
    new_email = User(username).email
    setup_new_email(username, new_email, 'bees')

    params = {"username":username,
              "password":"******"}
    r,data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 200, data

    user_info = json.loads(data)
    assert not user_info.has_key('new_email'), \
        "Should not have a new_email key when the new one and the current one match"
Ejemplo n.º 34
0
def test_college_valid_user():
    params = {"username": "******", "password": "******"}

    r, data = test_helpers.server_get("/colleges/college-1", params)

    assert r.status == 200

    resp = json.loads(data)
    assert resp["name"] == "college the first"
    assert len(resp["users"]) == 1
    assert resp["users"][0] == "student_coll1_1"
    assert len(resp["teams"]) == 2
    assert sorted(resp["teams"]) == sorted(["team-ABC", "team-DFE"])
Ejemplo n.º 35
0
def test_user_properties_blueshirt():
    params = {
        "username": "******",
        "password": "******",
    }

    r, data = test_helpers.server_get("/user/blueshirt", params)
    data = json.loads(data)

    assert r.status == 200
    assert data['is_blueshirt']
    assert not data['is_student']
    assert not data['is_team_leader']
Ejemplo n.º 36
0
def test_email_changed_in_user_get():
    username = "******"
    new_email = '*****@*****.**'
    setup_new_email(username, new_email, 'bees')

    params = {"username": username, "password": "******"}
    r, data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 200, data

    user_info = json.loads(data)
    user_new_email = user_info['new_email']

    assert user_new_email == new_email
Ejemplo n.º 37
0
    def test_verify_outdated_request(self):
        with sqlite_connect() as conn:
            cur = conn.cursor()
            statement = "INSERT INTO password_resets (username, requestor_username, request_time, verify_code) VALUES (?,?,?, ?)"
            days = config.getint('nemesis', 'password_reset_days')
            old = datetime.datetime.now() - datetime.timedelta(days=days + 2)
            arguments = ('abc', 'blueshirt', old.strftime('%Y-%m-%d %H:%M:%S'),
                         'bees')
            cur.execute(statement, arguments)
            conn.commit()

        r, data = test_helpers.server_get("/reset_password/abc/bees")
        self.assertEqual(410, r.status, data)
Ejemplo n.º 38
0
def test_verify_outdated_request():
    conn = sqlite_connect()
    cur = conn.cursor()
    statement = "INSERT INTO email_changes (username, new_email, request_time, verify_code) VALUES (?,?,?, ?)"
    days = config.getint('nemesis', 'email_change_days')
    old = datetime.datetime.now() - datetime.timedelta(days=days + 2)
    arguments = ('abc', '*****@*****.**', old.strftime('%Y-%m-%d %H:%M:%S'),
                 'bees')
    cur.execute(statement, arguments)
    conn.commit()

    r, data = test_helpers.server_get("/verify/abc/bees")
    status = r.status
    assert status == 410, data
Ejemplo n.º 39
0
def test_college_valid_user():
    params = {"username":"******",
              "password":"******"}

    r, data = test_helpers.server_get("/colleges/college-1", params)

    assert r.status == 200

    resp = json.loads(data)
    assert resp["name"] == "college the first"
    assert len(resp["users"]) == 1
    assert resp["users"][0] == "student_coll1_1"
    assert len(resp["teams"]) == 2
    assert sorted(resp["teams"]) == sorted(["team-ABC", "team-DFE"])
Ejemplo n.º 40
0
def test_email_changed_in_user_get():
    username = "******"
    new_email = '*****@*****.**'
    setup_new_email(username, new_email, 'bees')

    params = {"username":username,
              "password":"******"}
    r,data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 200, data

    user_info = json.loads(data)
    user_new_email = user_info['new_email']

    assert user_new_email == new_email
Ejemplo n.º 41
0
def test_user_get_other_can_view():
    # Set up a pending email for the student
    pe = PendingEmail('student_coll1_1')
    pe.new_email = '*****@*****.**'
    pe.verify_code = 'bibble'
    pe.save()

    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 200
    assert data.find("student_coll1_1") != -1
    assert 'email' not in data
    assert 'new_email' not in data
Ejemplo n.º 42
0
def test_email_changed_in_user_get_wrong_case():
    """
    Tests that when the user is requested with the wrong case,
    we still return the correct information about their pending email.
    """
    new_email = '*****@*****.**'
    setup_new_email("student_coll1_1", new_email, 'bees')

    params = {"username": "******", "password": "******"}
    r, data = test_helpers.server_get("/user/Student_Coll1_1", params)
    assert r.status == 200, data

    user_info = json.loads(data)
    user_new_email = user_info['new_email']

    assert user_new_email == new_email
Ejemplo n.º 43
0
def test_user_get_other_can_view():
    # Set up a pending email for the student
    pe = PendingEmail('student_coll1_1')
    pe.new_email = '*****@*****.**'
    pe.verify_code = 'bibble'
    pe.save()

    params = {
        "username": "******",
        "password": "******",
    }

    r, data = test_helpers.server_get("/user/student_coll1_1", params)
    assert r.status == 200
    assert data.find("student_coll1_1") != -1
    assert 'email' not in data
    assert 'new_email' not in data
Ejemplo n.º 44
0
def test_email_changed_in_user_get_wrong_case():
    """
    Tests that when the user is requested with the wrong case,
    we still return the correct information about their pending email.
    """
    new_email = '*****@*****.**'
    setup_new_email("student_coll1_1", new_email, 'bees')

    params = {"username":"******",
              "password":"******"}
    r,data = test_helpers.server_get("/user/Student_Coll1_1", params)
    assert r.status == 200, data

    user_info = json.loads(data)
    user_new_email = user_info['new_email']

    assert user_new_email == new_email
Ejemplo n.º 45
0
def test_activate_success():
    username = '******'

    rq_user = User.create_user("teacher_coll1", "facebees")
    cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate')
    assert cu.username == username

    pu = create_pending_user(username)
    pu.save()

    r, data = test_helpers.server_get("/activate/" + username + "/bibble")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email
    assert pu.email == email
    teams = [t.name for t in u.teams]
    assert pu.team in teams
    colleges = u.colleges
    assert pu.college in colleges

    students = srusers.group('students').members
    assert username in students

    pu = PendingUser(username)
    assert not pu.in_db, "registration DB entry should have been removed"

    # ensure we sent the team-leader a confirmation
    ps = test_helpers.last_email()
    toaddr = ps.toaddr
    tl_email = rq_user.email
    assert toaddr == tl_email

    vars = ps.template_vars
    tl_name = rq_user.first_name
    assert tl_name == vars['name']
    first_name = cu.first_name
    assert first_name == vars['au_first_name']
    last_name = cu.last_name
    assert last_name == vars['au_last_name']
    assert username == vars['au_username']

    template = ps.template_name
    assert template == 'user_activated_team_leader'
Ejemplo n.º 46
0
def test_activate_success():
    username = '******'

    rq_user = User.create_user("teacher_coll1", "facebees")
    cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate')
    assert cu.username == username

    pu = create_pending_user(username)
    pu.save()

    r,data = test_helpers.server_get("/activate/" + username + "/bibble")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email
    assert pu.email == email
    teams = [t.name for t in u.teams]
    assert pu.team in teams
    colleges = u.colleges
    assert pu.college in colleges

    students = srusers.group('students').members
    assert username in students

    pu = PendingUser(username)
    assert not pu.in_db, "registration DB entry should have been removed"

    # ensure we sent the team-leader a confirmation
    ps = test_helpers.last_email()
    toaddr = ps.toaddr
    tl_email = rq_user.email
    assert toaddr == tl_email

    vars = ps.template_vars
    tl_name = rq_user.first_name
    assert tl_name == vars['name']
    first_name = cu.first_name
    assert first_name == vars['au_first_name']
    last_name = cu.last_name
    assert last_name == vars['au_last_name']
    assert username == vars['au_username']

    template = ps.template_name
    assert template == 'user_activated_team_leader'
Ejemplo n.º 47
0
def test_verify_success():
    username = "******"
    old_email = User(username).email
    new_email = "*****@*****.**"

    setup_new_email('student_coll1_1', new_email, 'bees')

    r, data = test_helpers.server_get("/verify/" + username + "/bees")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email

    # restore the original first
    u.set_email(old_email)
    u.save()

    assert email == new_email
Ejemplo n.º 48
0
def test_verify_success():
    username = "******"
    old_email = User(username).email
    new_email = "*****@*****.**"

    setup_new_email('student_coll1_1', new_email, 'bees')

    r,data = test_helpers.server_get("/verify/" + username + "/bees")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email

    # restore the original first
    u.set_email(old_email)
    u.save()

    assert email == new_email
Ejemplo n.º 49
0
    def test_verify_success(self):
        username = "******"
        setup_password_reset(username, 'bees')

        r, data = test_helpers.server_get("/reset_password/" + username + "/bees")
        self.assertEqual(200, r.status, data)

        try:
            match = re.search(r'"password": "******"]+)"', data)
            self.assertTrue(match, "Failed to extract password")

            new_password = match.group(1)

            user = User.create_user(username, new_password)
            self.assertTrue(user.is_authenticated, "Wrong password ({0}) found in page!".format(new_password))
        finally:
            User(username).set_password('cows')

        ppr = PendingPasswordReset('student_coll1_1')
        self.assertFalse(ppr.in_db, "{0} should no longer in the database.".format(ppr))
Ejemplo n.º 50
0
def test_user_withdrawn_true():
    username = '******'
    sru = srusers.user(username)
    sru.cname = 'to'
    sru.sname = 'consent'
    sru.email = ''
    sru.save()
    for gid in ['students', 'withdrawn', 'college-2']:
        g = srusers.group(gid)
        g.user_add(sru)
        g.save()

    params = {"username":"******",
              "password":"******",
              }

    r,data = test_helpers.server_get("/user/to-withdraw", params)
    data = json.loads(data)

    assert r.status == 200
    assert data['has_withdrawn']
Ejemplo n.º 51
0
def test_user_withdrawn_true():
    username = '******'
    sru = srusers.user(username)
    sru.cname = 'to'
    sru.sname = 'consent'
    sru.email = ''
    sru.save()
    for gid in ['students', 'withdrawn', 'college-2']:
        g = srusers.group(gid)
        g.user_add(sru)
        g.save()

    params = {
        "username": "******",
        "password": "******",
    }

    r, data = test_helpers.server_get("/user/to-withdraw", params)
    data = json.loads(data)

    assert r.status == 200
    assert data['has_withdrawn']
Ejemplo n.º 52
0
    def test_verify_success(self):
        username = "******"
        setup_password_reset(username, 'bees')

        r, data = test_helpers.server_get("/reset_password/" + username +
                                          "/bees")
        self.assertEqual(200, r.status, data)

        try:
            match = re.search(r'"password": "******"]+)"', data)
            self.assertTrue(match, "Failed to extract password")

            new_password = match.group(1)

            user = User.create_user(username, new_password)
            self.assertTrue(
                user.is_authenticated,
                "Wrong password ({0}) found in page!".format(new_password))
        finally:
            User(username).set_password('cows')

        ppr = PendingPasswordReset('student_coll1_1')
        self.assertFalse(ppr.in_db,
                         "{0} should no longer in the database.".format(ppr))
Ejemplo n.º 53
0
def test_activate_needs_registration():
    r, data = test_helpers.server_get("/activate/nope/bees")
    status = r.status
    assert status == 404, data
Ejemplo n.º 54
0
def test_colleges_student_cant_access():
    params = {"username": "******", "password": "******"}
    r, data = test_helpers.server_get("/colleges", params)
    assert r.status == 403
Ejemplo n.º 55
0
def test_colleges_teacher_cant_access():
    params = {"username": "******", "password": "******"}
    r, data = test_helpers.server_get("/colleges", params)
    assert r.status == 403
Ejemplo n.º 56
0
def test_colleges_no_password():
    params = {"username": "******"}
    r, data = test_helpers.server_get("/colleges", params)
    assert r.status == 403
Ejemplo n.º 57
0
def test_college_no_user():
    params = {}
    r, data = test_helpers.server_get("/colleges/college-1", params)
    data = json.loads(data)

    assert r.status == 403