class TestBoxIntegration(OsfTestCase):
def setUp(self):
super(TestBoxIntegration, self).setUp()
self.user = AuthUserFactory()
# User is logged in
self.app.authenticate(*self.user.auth)
def test_cant_start_oauth_if_already_authorized(self):
# User already has box authorized
self.user.add_addon('box')
self.user.save()
settings = self.user.get_addon('box')
oauth = BoxOAuthSettings(user_id='fa;l', access_token='a;lkjadl;kas')
oauth.save()
settings.oauth_settings = oauth
settings.save()
assert_true(self.user.get_addon('box').has_auth)
# Tries to start oauth again
url = api_url_for('box_oauth_start_user')
res = self.app.get(url).follow()
# Is redirected back to settings page
assert_equal(
res.request.path,
web_url_for('user_addons')
)
class TestAuthViews(OsfTestCase):
def setUp(self):
super(TestAuthViews, self).setUp()
self.user = AuthUserFactory()
# Log user in
self.app.authenticate(*self.user.auth)
def test_dropbox_oauth_start(self):
url = api_url_for('dropbox_oauth_start_user')
res = self.app.get(url)
assert_is_redirect(res)
assert_in('&force_reapprove=true', res.location)
@mock.patch('website.addons.dropbox.views.auth.DropboxOAuth2Flow.finish')
@mock.patch('website.addons.dropbox.views.auth.get_client_from_user_settings')
def test_dropbox_oauth_finish(self, mock_get, mock_finish):
mock_client = mock.MagicMock()
mock_client.account_info.return_value = {'display_name': 'Mr. Drop Box'}
mock_get.return_value = mock_client
mock_finish.return_value = ('mytoken123', 'mydropboxid', 'done')
url = api_url_for('dropbox_oauth_finish')
res = self.app.get(url)
assert_is_redirect(res)
@mock.patch('website.addons.dropbox.client.DropboxClient.disable_access_token')
def test_dropbox_oauth_delete_user(self, mock_disable_access_token):
self.user.add_addon('dropbox')
settings = self.user.get_addon('dropbox')
settings.access_token = '12345abc'
settings.save()
assert_true(settings.has_auth)
self.user.save()
url = api_url_for('dropbox_oauth_delete_user')
self.app.delete(url)
settings.reload()
assert_false(settings.has_auth)
@mock.patch('website.addons.dropbox.client.DropboxClient.disable_access_token')
def test_dropbox_oauth_delete_user_with_invalid_credentials(self, mock_disable_access_token):
self.user.add_addon('dropbox')
settings = self.user.get_addon('dropbox')
settings.access_token = '12345abc'
settings.save()
assert_true(settings.has_auth)
mock_response = mock.Mock()
mock_response.status = 401
mock_disable_access_token.side_effect = ErrorResponse(mock_response, "The given OAuth 2 access token doesn't exist or has expired.")
self.user.save()
url = api_url_for('dropbox_oauth_delete_user')
self.app.delete(url)
settings.reload()
assert_false(settings.has_auth)
class TestMenbibAuthViews(OsfTestCase):
def setUp(self):
self.app = TestApp(app)
self.user = AuthUserFactory()
self.app.authenticate(*self.user.auth)
def test_menbib_oauth_start(self):
url = api_url_for('menbib_oauth_start_user')
res = self.app.get(url)
assert_is_redirect(res)
@mock.patch('website.addons.menbib.views.auth.finish_auth')
def test_menbib_oauth_finish(self, mock_finish):
mock_finish.return_value = AuthResult('mytokenabc', 'myrefreshabc', 'cool', '3600')
url = api_url_for('menbib_oauth_finish')
res = self.app.get(url)
assert_is_redirect(res)
def test_menbib_oauth_delete_user(self):
self.user.add_addon('menbib')
user_settings = self.user.get_addon('menbib')
user_settings.access_token = '12345abc'
assert_true(user_settings.has_auth)
self.user.save()
url = api_url_for('menbib_oauth_delete_user')
res = self.app.delete(url)
user_settings.reload()
assert_false(user_settings.has_auth)
class TestBadge(OsfTestCase):
def setUp(self):
super(TestBadge, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('badges', override=True)
self.usersettings = self.user.get_addon('badges', self.user.auth)
self.usersettings.save()
def test_fields(self):
badgedata = create_badge_dict()
create_mock_badge(self.usersettings, badge_data=badgedata)
badge = self.usersettings.badges[0]
assert_equals(badge.name, badgedata['badgeName'])
assert_equals(badge.description, badgedata['description'])
assert_equals(badge.image, 'temp.png')
assert_equals(badge.criteria, badgedata['criteria'])
def test_system_badge(self):
create_mock_badge(self.usersettings)
badge = self.usersettings.badges[0]
badge.make_system_badge()
assert_true(badge.is_system_badge)
assert_equals(badge, Badge.get_system_badges()[0])
def test_assertions(self):
create_mock_badge(self.usersettings)
badge = self.usersettings.badges[0]
assert_equals(len(badge.assertions), 0)
for n in xrange(4):
BadgeAssertion.create(badge, None)
assert_equals(len(badge.assertions), n + 1)
class TestCreateBucket(OsfTestCase):
def setUp(self):
super(TestCreateBucket, self).setUp()
self.user = AuthUserFactory()
self.consolidated_auth = Auth(user=self.user)
self.auth = ('test', self.user.api_keys[0]._primary_key)
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('s3', auth=self.consolidated_auth)
self.project.creator.add_addon('s3')
self.user_settings = self.user.get_addon('s3')
self.user_settings.access_key = 'We-Will-Rock-You'
self.user_settings.secret_key = 'Idontknowanyqueensongs'
self.user_settings.save()
self.node_settings = self.project.get_addon('s3')
self.node_settings.bucket = 'Sheer-Heart-Attack'
self.node_settings.user_settings = self.project.creator.get_addon('s3')
self.node_settings.save()
def test_bad_names(self):
assert_false(validate_bucket_name('bogus naMe'))
assert_false(validate_bucket_name(''))
assert_false(validate_bucket_name('no'))
assert_false(validate_bucket_name('.cantstartwithp'))
assert_false(validate_bucket_name('or.endwith.'))
assert_false(validate_bucket_name('..nodoubles'))
assert_false(validate_bucket_name('no_unders_in'))
def test_names(self):
assert_true(validate_bucket_name('imagoodname'))
assert_true(validate_bucket_name('still.passing'))
assert_true(validate_bucket_name('can-have-dashes'))
assert_true(validate_bucket_name('kinda.name.spaced'))
@mock.patch('website.addons.s3.views.crud.create_bucket')
@mock.patch('website.addons.s3.utils.get_bucket_drop_down')
def test_create_bucket_pass(self, mock_make, mock_dropdown):
mock_make.return_value = True
mock_dropdown.return_value = ['mybucket']
url = self.project.api_url_for('create_new_bucket')
ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth)
assert_equals(ret.status_int, http.OK)
@mock.patch('website.addons.s3.views.crud.create_bucket')
def test_create_bucket_fail(self, mock_make):
error = S3ResponseError(418, 'because Im a test')
error.message = 'This should work'
mock_make.side_effect = error
url = "/api/v1/project/{0}/s3/newbucket/".format(self.project._id)
ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth, expect_errors=True)
assert_equals(ret.body, '{"message": "This should work", "title": "Problem connecting to S3"}')
class TestUserSettingsModel(OsfTestCase):
def setUp(self):
super(TestUserSettingsModel, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('badges', override=True)
self.usersettings = self.user.get_addon('badges')
self.usersettings.save()
def test_can_award(self):
assert_false(self.usersettings.can_award)
create_mock_badge(self.usersettings)
assert_true(self.usersettings.can_award)
def test_to_openbadge(self):
self.user.fullname = 'HoneyBadger'
self.user.username = '******'
self.user.save()
test = {
'name': 'HoneyBadger',
'email': '*****@*****.**'
}
assert_equal(self.usersettings.to_openbadge(), test)
def test_badges(self):
create_mock_badge(self.usersettings)
create_mock_badge(self.usersettings)
assert_equal(len(self.usersettings.badges), 2)
create_mock_badge(self.usersettings)
assert_equal(len(self.usersettings.badges), 3)
class TestGoogleDriveHgridViews(OsfTestCase):
def setUp(self):
super(TestGoogleDriveHgridViews, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('googledrive')
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('googledrive', Auth(self.user))
self.node_settings = self.project.get_addon('googledrive')
self.user_settings = self.user.get_addon('googledrive')
self.node_settings.user_settings = self.user_settings
self.user_settings.save()
self.node_settings.save()
# Log user in
self.app.authenticate(*self.user.auth)
@mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.folders')
def test_googledrive_folders(self, mock_drive_client_folders):
folderId = '12345'
mock_drive_client_folders.return_value = mock_folders['items']
url = api_url_for('googledrive_folders', pid=self.project._primary_key, folderId=folderId)
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json), len(mock_folders['items']))
@mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.about')
def test_googledrive_folders_returns_only_root(self, mock_about):
mock_about.return_value = {'rootFolderId': '24601'}
url = self.project.api_url_for('googledrive_folders')
res = self.app.get(url, auth=self.user.auth)
assert_equal(len(res.json), 1)
assert_equal(res.status_code, 200)
assert_equal(res.json[0]['id'], '24601')
def test_set_user_config_fail(self, mock_connection):
mock_connection.return_value = create_mock_connection('wrong', 'info')
# Create a user with no settings
user = AuthUserFactory()
user.add_addon('dataverse')
user_settings = user.get_addon('dataverse')
url = api_url_for('dataverse_set_user_config')
params = {'dataverse_username': '******',
'dataverse_password': '******'}
# Post incorrect credentials to existing user
res = self.app.post_json(url, params, auth=self.user.auth,
expect_errors=True)
self.user_settings.reload()
# Original user's info has not changed
assert_equal(res.status_code, http.UNAUTHORIZED)
assert_equal(self.user_settings.dataverse_username, 'snowman')
assert_equal(self.user_settings.dataverse_password, 'frosty')
# Post incorrect credentials to new user
res = self.app.post_json(url, params, auth=user.auth,
expect_errors=True)
user_settings.reload()
# New user's incorrect credentials were not saved
assert_equal(res.status_code, http.UNAUTHORIZED)
assert_equal(user_settings.dataverse_username, None)
assert_equal(user_settings.dataverse_password, None)
class TestAssertion(OsfTestCase):
def setUp(self):
super(TestAssertion, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('badges', override=True)
self.usersettings = self.user.get_addon('badges', self.user.auth)
self.usersettings.save()
self.project = ProjectFactory()
self.node_settings = self.project.get_addon('badges')
create_mock_badge(self.usersettings)
self.badge = self.usersettings.badges[0]
def test_parent(self):
assertion = BadgeAssertion.create(self.badge, self.project)
assert_equals(assertion.badge, self.badge)
def test_recipient(self):
assertion = BadgeAssertion.create(self.badge, self.project)
test_data = {
'idenity': self.project._id,
'type': 'osfnode',
'hashed': False
}
assert_equals(assertion.recipient, test_data)
def test_awarder(self):
assertion = BadgeAssertion.create(self.badge, self.project)
assert_equals(assertion.awarder, self.usersettings)
def test_set_user_config_fail(self, mock_connection):
mock_connection.side_effect = UnauthorizedError('Bad credentials!')
# Create a user with no settings
user = AuthUserFactory()
user.add_addon('dataverse')
user_settings = user.get_addon('dataverse')
url = api_url_for('dataverse_set_user_config')
params = {'api_token': 'wrong-info'}
# Post incorrect credentials to existing user
res = self.app.post_json(url,
params,
auth=self.user.auth,
expect_errors=True)
self.user_settings.reload()
# Original user's info has not changed
assert_equal(res.status_code, http.UNAUTHORIZED)
assert_equal(self.user_settings.api_token, 'snowman-frosty')
# Post incorrect credentials to new user
res = self.app.post_json(url,
params,
auth=user.auth,
expect_errors=True)
user_settings.reload()
# New user's incorrect credentials were not saved
assert_equal(res.status_code, http.UNAUTHORIZED)
assert_equal(user_settings.api_token, None)
class TestGoogleDriveHgridViews(OsfTestCase):
def setUp(self):
super(TestGoogleDriveHgridViews, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('googledrive')
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('googledrive', Auth(self.user))
self.node_settings = self.project.get_addon('googledrive')
self.user_settings = self.user.get_addon('googledrive')
self.node_settings.user_settings = self.user_settings
self.user_settings.save()
self.node_settings.save()
# Log user in
self.app.authenticate(*self.user.auth)
@mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.folders')
def test_googledrive_folders(self, mock_drive_client_folders):
folderId = '12345'
mock_drive_client_folders.return_value = mock_folders['items']
url = api_url_for('googledrive_folders', pid=self.project._primary_key, folderId=folderId)
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json), len(mock_folders['items']))
@mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.about')
def test_googledrive_folders_returns_only_root(self, mock_about):
mock_about.return_value = {'rootFolderId': '24601'}
url = self.project.api_url_for('googledrive_folders')
res = self.app.get(url, auth=self.user.auth)
assert_equal(len(res.json), 1)
assert_equal(res.status_code, 200)
assert_equal(res.json[0]['id'], '24601')
class TestUserSettingsModel(OsfTestCase):
def setUp(self):
super(TestUserSettingsModel, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('badges', override=True)
self.usersettings = self.user.get_addon('badges')
self.usersettings.save()
def test_can_award(self):
assert_false(self.usersettings.can_award)
create_mock_badge(self.usersettings)
assert_true(self.usersettings.can_award)
def test_to_openbadge(self):
self.user.fullname = 'HoneyBadger'
self.user.username = '******'
self.user.save()
test = {'name': 'HoneyBadger', 'email': '*****@*****.**'}
assert_equal(self.usersettings.to_openbadge(), test)
def test_badges(self):
create_mock_badge(self.usersettings)
create_mock_badge(self.usersettings)
assert_equal(len(self.usersettings.badges), 2)
create_mock_badge(self.usersettings)
assert_equal(len(self.usersettings.badges), 3)
def test_set_user_config_fail(self, mock_connection):
mock_connection.side_effect = UnauthorizedError('Bad credentials!')
# Create a user with no settings
user = AuthUserFactory()
user.add_addon('dataverse')
user_settings = user.get_addon('dataverse')
url = api_url_for('dataverse_set_user_config')
params = {'api_token': 'wrong-info'}
# Post incorrect credentials to existing user
res = self.app.post_json(url, params, auth=self.user.auth,
expect_errors=True)
self.user_settings.reload()
# Original user's info has not changed
assert_equal(res.status_code, http.UNAUTHORIZED)
assert_equal(self.user_settings.api_token, 'snowman-frosty')
# Post incorrect credentials to new user
res = self.app.post_json(url, params, auth=user.auth,
expect_errors=True)
user_settings.reload()
# New user's incorrect credentials were not saved
assert_equal(res.status_code, http.UNAUTHORIZED)
assert_equal(user_settings.api_token, None)
class TestBadge(OsfTestCase):
def setUp(self):
super(TestBadge, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('badges', override=True)
self.usersettings = self.user.get_addon('badges', self.user.auth)
self.usersettings.save()
def test_fields(self):
badgedata = create_badge_dict()
create_mock_badge(self.usersettings, badge_data=badgedata)
badge = self.usersettings.badges[0]
assert_equals(badge.name, badgedata['badgeName'])
assert_equals(badge.description, badgedata['description'])
assert_equals(badge.image, 'temp.png')
assert_equals(badge.criteria, badgedata['criteria'])
def test_system_badge(self):
create_mock_badge(self.usersettings)
badge = self.usersettings.badges[0]
badge.make_system_badge()
assert_true(badge.is_system_badge)
assert_equals(badge, Badge.get_system_badges()[0])
def test_assertions(self):
create_mock_badge(self.usersettings)
badge = self.usersettings.badges[0]
assert_equals(len(badge.assertions), 0)
for n in xrange(4):
BadgeAssertion.create(badge, None)
assert_equals(len(badge.assertions), n + 1)
class TestAssertion(OsfTestCase):
def setUp(self):
super(TestAssertion, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('badges', override=True)
self.usersettings = self.user.get_addon('badges', self.user.auth)
self.usersettings.save()
self.project = ProjectFactory()
self.node_settings = self.project.get_addon('badges')
create_mock_badge(self.usersettings)
self.badge = self.usersettings.badges[0]
def test_parent(self):
assertion = BadgeAssertion.create(self.badge, self.project)
assert_equals(assertion.badge, self.badge)
def test_recipient(self):
assertion = BadgeAssertion.create(self.badge, self.project)
test_data = {
'idenity': self.project._id,
'type': 'osfnode',
'hashed': False
}
assert_equals(assertion.recipient, test_data)
def test_awarder(self):
assertion = BadgeAssertion.create(self.badge, self.project)
assert_equals(assertion.awarder, self.usersettings)
def test_oauth_delete_user_two_osf_user(self, mock_revoke_token, mock_github_user):
mock_revoke_token.return_value = True
user = mock.Mock()
user.id = "testing user id"
user.login = "******"
mock_github_user.return_value = user
views.auth.create_and_attach_oauth(self.user_settings, "testing acess token", "testing token type")
user2 = AuthUserFactory()
user2.add_addon('github')
user2.save()
user_settings2 = user2.get_addon('github')
views.auth.create_and_attach_oauth(user_settings2, "testing access token", "testing token type")
url = api_url_for("github_oauth_delete_user")
self.app.delete(url, auth=self.user.auth)
self.user_settings.reload()
user_settings2.reload()
assert_false(self.user_settings.oauth_token_type)
assert_false(self.user_settings.oauth_access_token)
assert_false(self.user_settings.github_user_name)
assert_false(self.user_settings.oauth_settings)
assert_true(user_settings2.oauth_settings)
assert_equal(user_settings2.oauth_token_type, "testing token type")
assert_equal(user_settings2.oauth_access_token, "testing access token")
assert_equal(user_settings2.github_user_name, "testing user")
class TestAuthViews(OsfTestCase):
def setUp(self):
self.app = TestApp(app)
self.user = AuthUserFactory()
self.app.authenticate(*self.user.auth)
def test_mendeley_oauth_start(self):
self.user.add_addon('mendeley')
settings = self.user.get_addon('mendeley')
settings.access_token = '12345abc'
print settings.has_auth
settings.save()
# assert_true(settings.has_auth)
url = views.mendeley_oauth_start(self)
print url
def test_mendeley_oauth_delete_user(self):
pass
def test_mendeley_oauth_delete_node(self):
pass
def test_mendeley_oauth_callback(self):
pass
class TestCreateBucket(OsfTestCase):
def setUp(self):
super(TestCreateBucket, self).setUp()
self.user = AuthUserFactory()
self.consolidated_auth = Auth(user=self.user)
self.auth = ('test', self.user.api_keys[0]._primary_key)
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('s3', auth=self.consolidated_auth)
self.project.creator.add_addon('s3')
self.user_settings = self.user.get_addon('s3')
self.user_settings.access_key = 'We-Will-Rock-You'
self.user_settings.secret_key = 'Idontknowanyqueensongs'
self.user_settings.save()
self.node_settings = self.project.get_addon('s3')
self.node_settings.bucket = 'Sheer-Heart-Attack'
self.node_settings.user_settings = self.project.creator.get_addon('s3')
self.node_settings.save()
def test_bad_names(self):
assert_false(validate_bucket_name('bogus naMe'))
assert_false(validate_bucket_name(''))
assert_false(validate_bucket_name('no'))
assert_false(validate_bucket_name('.cantstartwithp'))
assert_false(validate_bucket_name('or.endwith.'))
assert_false(validate_bucket_name('..nodoubles'))
assert_false(validate_bucket_name('no_unders_in'))
def test_names(self):
assert_true(validate_bucket_name('imagoodname'))
assert_true(validate_bucket_name('still.passing'))
assert_true(validate_bucket_name('can-have-dashes'))
assert_true(validate_bucket_name('kinda.name.spaced'))
@mock.patch('website.addons.s3.views.crud.create_bucket')
@mock.patch('website.addons.s3.utils.get_bucket_drop_down')
def test_create_bucket_pass(self, mock_make, mock_dropdown):
mock_make.return_value = True
mock_dropdown.return_value = ['mybucket']
url = self.project.api_url_for('create_new_bucket')
ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth)
assert_equals(ret.status_int, http.OK)
@mock.patch('website.addons.s3.views.crud.create_bucket')
def test_create_bucket_fail(self, mock_make):
error = S3ResponseError(418, 'because Im a test')
error.message = 'This should work'
mock_make.side_effect = error
url = "/api/v1/project/{0}/s3/newbucket/".format(self.project._id)
ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth, expect_errors=True)
assert_equals(ret.body, '{"message": "This should work", "title": "Problem connecting to S3"}')
def test_oauth_delete_user_two_osf_user(self, mock_revoke_token,
mock_github_user):
mock_revoke_token.return_value = True
user = mock.Mock()
user.id = "testing user id"
user.login = "******"
mock_github_user.return_value = user
views.auth.create_and_attach_oauth(self.user_settings,
"testing acess token",
"testing token type")
user2 = AuthUserFactory()
user2.add_addon('github')
user2.save()
user_settings2 = user2.get_addon('github')
views.auth.create_and_attach_oauth(user_settings2,
"testing access token",
"testing token type")
url = api_url_for("github_oauth_delete_user")
self.app.delete(url, auth=self.user.auth)
self.user_settings.reload()
user_settings2.reload()
assert_false(self.user_settings.oauth_token_type)
assert_false(self.user_settings.oauth_access_token)
assert_false(self.user_settings.github_user_name)
assert_false(self.user_settings.oauth_settings)
assert_true(user_settings2.oauth_settings)
assert_equal(user_settings2.oauth_token_type, "testing token type")
assert_equal(user_settings2.oauth_access_token, "testing access token")
assert_equal(user_settings2.github_user_name, "testing user")
class TestViews(OsfTestCase):
def setUp(self):
super(TestViews, self).setUp()
self.user = AuthUserFactory()
self.user_addon = self.user.get_or_add_addon('twofactor')
self.user_settings = self.user.get_addon('twofactor')
def test_confirm_code(self):
# Send a valid code to the API endpoint for the user settings.
url = api_url_for('twofactor_settings_put')
res = self.app.put_json(
url, {'code': _valid_code(self.user_settings.totp_secret)},
auth=self.user.auth)
# reload the user settings object from the DB
self.user_settings.reload()
assert_true(self.user_settings.is_confirmed)
assert_equal(res.status_code, 200)
def test_confirm_code_failure(self):
url = api_url_for('twofactor_settings_put')
res = self.app.put_json(url, {'code': '0000000'},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
json = res.json
assert_in('verification code', json['message_long'])
# reload the user settings object from the DB
self.user_settings.reload()
assert_false(self.user_settings.is_confirmed)
class TestViews(OsfTestCase):
@mock.patch('website.addons.twofactor.models.push_status_message')
def setUp(self, mocked):
super(TestViews, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('twofactor')
self.user_settings = self.user.get_addon('twofactor')
def test_confirm_code(self):
# Send a valid code to the API endpoint for the user settings.
res = self.app.post_json(
'/api/v1/settings/twofactor/',
{'code': _valid_code(self.user_settings.totp_secret)},
auth=self.user.auth)
# reload the user settings object from the DB
self.user_settings.reload()
assert_true(self.user_settings.is_confirmed)
assert_equal(res.status_code, 200)
def test_confirm_code_failure(self):
res = self.app.post_json('/api/v1/settings/twofactor/',
{'code': '000000'},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
json = res.json
assert_in('verification code', json['message_long'])
# reload the user settings object from the DB
self.user_settings.reload()
assert_false(self.user_settings.is_confirmed)
def test_set_user_config_fail(self, mock_connection):
mock_connection.return_value = create_mock_connection('wrong', 'info')
# Create a user with no settings
user = AuthUserFactory()
user.add_addon('dataverse')
user_settings = user.get_addon('dataverse')
url = api_url_for('dataverse_set_user_config')
params = {'dataverse_username': '******', 'dataverse_password': '******'}
# Post incorrect credentials to existing user
res = self.app.post_json(url,
params,
auth=self.user.auth,
expect_errors=True)
self.user_settings.reload()
# Original user's info has not changed
assert_equal(res.status_code, http.UNAUTHORIZED)
assert_equal(self.user_settings.dataverse_username, 'snowman')
assert_equal(self.user_settings.dataverse_password, 'frosty')
# Post incorrect credentials to new user
res = self.app.post_json(url,
params,
auth=user.auth,
expect_errors=True)
user_settings.reload()
# New user's incorrect credentials were not saved
assert_equal(res.status_code, http.UNAUTHORIZED)
assert_equal(user_settings.dataverse_username, None)
assert_equal(user_settings.dataverse_password, None)
def test_user_settings_when_user_does_not_have_addon(self, _):
user = AuthUserFactory()
url = self.project.api_url_for("s3_post_user_settings")
self.app.post_json(url, {"access_key": "ABCDEFG", "secret_key": "We are the champions"}, auth=user.auth)
user.reload()
user_settings = user.get_addon("s3")
assert_equals(user_settings.access_key, "ABCDEFG")
assert_equals(user_settings.secret_key, "We are the champions")
class TestGoogleDriveUtils(OsfTestCase):
def setUp(self):
super(TestGoogleDriveUtils, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('googledrive')
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('googledrive', Auth(self.user))
self.node_settings = self.project.get_addon('googledrive')
self.user_settings = self.user.get_addon('googledrive')
oauth_settings = GoogleDriveOAuthSettingsFactory()
self.user_settings.oauth_settings = oauth_settings
self.node_settings.user_settings = self.user_settings
self.node_settings.folder_id = '09120912'
self.node_settings.folder_path = 'foo/bar'
self.user_settings.save()
self.node_settings.save()
# Log user in
self.app.authenticate(*self.user.auth)
def test_serialize_settings_helper_returns_correct_urls(self):
result = serialize_settings(self.node_settings, self.user)
urls = result['urls']
assert_equal(urls['files'], self.project.web_url_for('collect_file_trees'))
assert_equal(urls['config'], self.project.api_url_for('googledrive_config_put'))
assert_equal(urls['deauthorize'], self.project.api_url_for('googledrive_deauthorize'))
assert_equal(urls['importAuth'], self.project.api_url_for('googledrive_import_user_auth'))
# Includes endpoint for fetching folders only
# NOTE: Querystring params are in camelCase
assert_equal(urls['get_folders'], self.project.api_url_for('googledrive_folders'))
def test_serialize_settings_helper_returns_correct_auth_info(self):
self.user_settings.access_token = 'abc123'
result = serialize_settings(self.node_settings, self.user)
assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
assert_true(result['userHasAuth'])
assert_true(result['userIsOwner'])
def test_serialize_settings_for_user_no_auth(self):
no_addon_user = AuthUserFactory()
result = serialize_settings(self.node_settings, no_addon_user)
assert_false(result['userIsOwner'])
assert_false(result['userHasAuth'])
def test_googledrive_import_user_auth_returns_serialized_settings(self):
self.node_settings.user_settings = None
self.node_settings.save()
url = api_url_for('googledrive_import_user_auth', pid=self.project._primary_key)
res = self.app.put(url, auth=self.user.auth)
self.project.reload()
self.node_settings.reload()
expected_result = serialize_settings(self.node_settings, self.user)
result = res.json['result']
assert_equal(result, expected_result)
class TestGoogleDriveUtils(OsfTestCase):
def setUp(self):
super(TestGoogleDriveUtils, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('googledrive')
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('googledrive', Auth(self.user))
self.node_settings = self.project.get_addon('googledrive')
self.user_settings = self.user.get_addon('googledrive')
oauth_settings = GoogleDriveOAuthSettingsFactory()
self.user_settings.oauth_settings = oauth_settings
self.node_settings.user_settings = self.user_settings
self.node_settings.folder_id = '09120912'
self.node_settings.folder_path = 'foo/bar'
self.user_settings.save()
self.node_settings.save()
# Log user in
self.app.authenticate(*self.user.auth)
def test_serialize_settings_helper_returns_correct_urls(self):
result = serialize_settings(self.node_settings, self.user)
urls = result['urls']
assert_equal(urls['files'], self.project.web_url_for('collect_file_trees'))
assert_equal(urls['config'], self.project.api_url_for('googledrive_config_put'))
assert_equal(urls['deauthorize'], self.project.api_url_for('googledrive_deauthorize'))
assert_equal(urls['importAuth'], self.project.api_url_for('googledrive_import_user_auth'))
# Includes endpoint for fetching folders only
# NOTE: Querystring params are in camelCase
assert_equal(urls['get_folders'], self.project.api_url_for('googledrive_folders'))
def test_serialize_settings_helper_returns_correct_auth_info(self):
self.user_settings.access_token = 'abc123'
result = serialize_settings(self.node_settings, self.user)
assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
assert_true(result['userHasAuth'])
assert_true(result['userIsOwner'])
def test_serialize_settings_for_user_no_auth(self):
no_addon_user = AuthUserFactory()
result = serialize_settings(self.node_settings, no_addon_user)
assert_false(result['userIsOwner'])
assert_false(result['userHasAuth'])
def test_googledrive_import_user_auth_returns_serialized_settings(self):
self.node_settings.user_settings = None
self.node_settings.save()
url = api_url_for('googledrive_import_user_auth', pid=self.project._primary_key)
res = self.app.put(url, auth=self.user.auth)
self.project.reload()
self.node_settings.reload()
expected_result = serialize_settings(self.node_settings, self.user)
result = res.json['result']
assert_equal(result, expected_result)
def test_s3_set_bucket_already_authed(self):
user = AuthUserFactory()
user.add_addon("s3")
user_settings = user.get_addon("s3")
user_settings.access_key = "foo"
user_settings.secret_key = "bar"
user_settings.save()
self.project.add_contributor(user, save=True)
url = self.project.api_url_for("s3_post_node_settings")
res = self.app.post_json(url, {"s3_bucket": "hammertofall"}, auth=user.auth, expect_errors=True)
assert_equal(res.status_code, http.BAD_REQUEST)
class TestAuthViews(OsfTestCase):
def setUp(self):
super(TestAuthViews, self).setUp()
self.user = AuthUserFactory()
# Log user in
self.app.authenticate(*self.user.auth)
def test_box_oauth_start(self):
url = api_url_for('box_oauth_start_user')
res = self.app.get(url)
assert_is_redirect(res)
@mock.patch('website.addons.box.views.auth.box_oauth_finish')
@mock.patch('website.addons.box.views.auth.finish_auth')
@mock.patch('website.addons.box.views.auth.BoxClient')
def test_box_oauth_finish(self, mock_get, mock_finish, mock_oauth):
mock_client = mock.MagicMock()
mock_client.get_user_info.return_value = {
'name': 'Mr. Box',
'id': '1234567890'
}
mock_get.return_value = mock_client
mock_finish.return_value = {
'token_type': 'something',
'access_token': 'something',
'refresh_token': 'something'
}
mock_oauth.return_value = ('mytoken123', 'myboxid', 'done')
url = api_url_for('box_oauth_finish')
res = self.app.get(url)
assert_is_redirect(res)
@mock.patch('website.addons.box.views.auth.flash')
def test_box_oauth_finish_cancelled(self, mock_flash):
url = api_url_for('box_oauth_finish', error='User declined!')
res = self.app.get(url)
assert_is_redirect(res)
mock_flash.assert_called_once()
@mock.patch('website.addons.box.model.BoxOAuthSettings.revoke_access_token'
)
def test_box_oauth_delete_user(self, mock_disable_access_token):
self.user.add_addon('box')
settings = self.user.get_addon('box')
oauth = BoxOAuthSettings(user_id='fa;l', access_token='a;lkjadl;kas')
oauth.save()
settings.oauth_settings = oauth
settings.save()
assert_true(settings.has_auth)
self.user.save()
url = api_url_for('box_oauth_delete_user')
self.app.delete(url)
settings.reload()
assert_false(settings.has_auth)
def test_user_settings_when_user_does_not_have_addon(self, _):
user = AuthUserFactory()
url = self.project.api_url_for('s3_post_user_settings')
self.app.post_json(url, {
'access_key': 'ABCDEFG',
'secret_key': 'We are the champions'
},
auth=user.auth)
user.reload()
user_settings = user.get_addon('s3')
assert_equals(user_settings.access_key, 'ABCDEFG')
assert_equals(user_settings.secret_key, 'We are the champions')
class TestDropboxIntegration(OsfTestCase):
def setUp(self):
super(TestDropboxIntegration, self).setUp()
self.user = AuthUserFactory()
# User is logged in
self.app.authenticate(*self.user.auth)
def test_cant_start_oauth_if_already_authorized(self):
# User already has dropbox authorized
self.user.add_addon('dropbox')
self.user.save()
settings = self.user.get_addon('dropbox')
settings.access_token = 'abc123foobarbaz'
settings.save()
assert_true(self.user.get_addon('dropbox').has_auth)
# Tries to start oauth again
url = api_url_for('dropbox_oauth_start_user')
res = self.app.get(url).follow()
# Is redirected back to settings page
assert_equal(res.request.path, web_url_for('user_addons'))
def test_s3_set_bucket_already_authed(self):
user = AuthUserFactory()
user.add_addon('s3')
user_settings = user.get_addon('s3')
user_settings.access_key = 'foo'
user_settings.secret_key = 'bar'
user_settings.save()
self.project.add_contributor(user, save=True)
url = self.project.api_url_for('s3_post_node_settings')
res = self.app.post_json(url, {'s3_bucket': 'hammertofall'},
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, http.BAD_REQUEST)
class TestRemove2Factor(AdminTestCase):
def setUp(self):
super(TestRemove2Factor, self).setUp()
self.user = AuthUserFactory()
@mock.patch('admin.users.views.User.delete_addon')
def test_remove_two_factor_get(self, mock_delete_addon):
guid = self.user._id
request = RequestFactory().get('/fake_path')
remove_2_factor(request, guid)
mock_delete_addon.assert_called_with('twofactor')
def test_integration_delete_two_factor(self):
guid = self.user._id
user_addon = self.user.get_or_add_addon('twofactor')
assert_not_equal(user_addon, None)
user_settings = self.user.get_addon('twofactor')
assert_not_equal(user_settings, None)
request = RequestFactory().post('/fake_path')
remove_2_factor(request, guid)
post_addon = self.user.get_addon('twofactor')
assert_equal(post_addon, None)
class TestRemove2Factor(AdminTestCase):
def setUp(self):
super(TestRemove2Factor, self).setUp()
self.user = AuthUserFactory()
@mock.patch('admin.users.views.User.delete_addon')
def test_remove_two_factor_get(self, mock_delete_addon):
guid = self.user._id
request = RequestFactory().get('/fake_path')
remove_2_factor(request, guid)
mock_delete_addon.assert_called_with('twofactor')
def test_integration_delete_two_factor(self):
guid = self.user._id
user_addon = self.user.get_or_add_addon('twofactor')
assert_not_equal(user_addon, None)
user_settings = self.user.get_addon('twofactor')
assert_not_equal(user_settings, None)
request = RequestFactory().post('/fake_path')
remove_2_factor(request, guid)
post_addon = self.user.get_addon('twofactor')
assert_equal(post_addon, None)
class TestAuthViews(OsfTestCase):
def setUp(self):
super(TestAuthViews, self).setUp()
self.user = AuthUserFactory()
# Log user in
self.app.authenticate(*self.user.auth)
def test_box_oauth_start(self):
url = api_url_for('box_oauth_start_user')
res = self.app.get(url)
assert_is_redirect(res)
@mock.patch('website.addons.box.views.auth.box_oauth_finish')
@mock.patch('website.addons.box.views.auth.finish_auth')
@mock.patch('website.addons.box.views.auth.BoxClient')
def test_box_oauth_finish(self, mock_get, mock_finish, mock_oauth):
mock_client = mock.MagicMock()
mock_client.get_user_info.return_value = {'name': 'Mr. Box', 'id': '1234567890'}
mock_get.return_value = mock_client
mock_finish.return_value = {
'token_type': 'something',
'access_token': 'something',
'refresh_token': 'something'
}
mock_oauth.return_value = ('mytoken123', 'myboxid', 'done')
url = api_url_for('box_oauth_finish')
res = self.app.get(url)
assert_is_redirect(res)
@mock.patch('website.addons.box.views.auth.flash')
def test_box_oauth_finish_cancelled(self, mock_flash):
url = api_url_for('box_oauth_finish', error='User declined!')
res = self.app.get(url)
assert_is_redirect(res)
mock_flash.assert_called_once()
@mock.patch('website.addons.box.model.BoxOAuthSettings.revoke_access_token')
def test_box_oauth_delete_user(self, mock_disable_access_token):
self.user.add_addon('box')
settings = self.user.get_addon('box')
oauth = BoxOAuthSettings(user_id='fa;l', access_token='a;lkjadl;kas')
oauth.save()
settings.oauth_settings = oauth
settings.save()
assert_true(settings.has_auth)
self.user.save()
url = api_url_for('box_oauth_delete_user')
self.app.delete(url)
settings.reload()
assert_false(settings.has_auth)
class TestRemove2Factor(AdminTestCase):
def setUp(self):
super(TestRemove2Factor, self).setUp()
self.user = AuthUserFactory()
self.request = RequestFactory().post('/fake_path')
self.view = User2FactorDeleteView()
self.view = setup_log_view(self.view, self.request, guid=self.user._id)
@mock.patch('admin.users.views.User.delete_addon')
def test_remove_two_factor_get(self, mock_delete_addon):
self.view.delete(self.request)
mock_delete_addon.assert_called_with('twofactor')
def test_integration_delete_two_factor(self):
user_addon = self.user.get_or_add_addon('twofactor')
nt.assert_not_equal(user_addon, None)
user_settings = self.user.get_addon('twofactor')
nt.assert_not_equal(user_settings, None)
count = OSFLogEntry.objects.count()
self.view.delete(self.request)
post_addon = self.user.get_addon('twofactor')
nt.assert_equal(post_addon, None)
nt.assert_equal(OSFLogEntry.objects.count(), count + 1)
class TestS3ViewsHgrid(OsfTestCase):
def setUp(self):
super(TestS3ViewsHgrid, self).setUp()
self.user = AuthUserFactory()
self.consolidated_auth = Auth(user=self.user)
self.auth = ('test', self.user.api_keys[0]._primary_key)
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('s3', auth=self.consolidated_auth)
self.project.creator.add_addon('s3')
self.user_settings = self.user.get_addon('s3')
self.user_settings.access_key = 'We-Will-Rock-You'
self.user_settings.secret_key = 'Idontknowanyqueensongs'
self.user_settings.save()
self.node_settings = self.project.get_addon('s3')
self.node_settings.bucket = 'Sheer-Heart-Attack'
self.node_settings.user_settings = self.project.creator.get_addon('s3')
self.node_settings.save()
def test_data_contents_no_user_settings(self):
self.node_settings.user_settings = None
self.node_settings.save()
url = "/api/v1/project/{0}/s3/hgrid/".format(self.project._id)
rv = self.app.get(url, expect_errors=True, auth=self.user.auth)
assert_equals(rv.status_int, http.BAD_REQUEST)
def test_dummy_folder(self):
url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id)
rv = self.app.get(url, auth=self.user.auth)
assert_true(self.node_settings.bucket in rv.body)
def test_dummy_folder_no_user_settings(self):
self.node_settings.user_settings = None
self.node_settings.save()
url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id)
rv = self.app.get(url, auth=self.user.auth)
assert_equals(rv.body, 'null')
def test_dummy_folder_no_bucket(self):
self.node_settings.bucket = None
self.node_settings.save()
url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id)
rv = self.app.get(url, auth=self.user.auth)
assert_equals(rv.body, 'null')
class TestRemove2Factor(AdminTestCase):
def setUp(self):
super(TestRemove2Factor, self).setUp()
self.user = AuthUserFactory()
self.request = RequestFactory().post('/fake_path')
self.view = User2FactorDeleteView()
self.view = setup_log_view(self.view, self.request, guid=self.user._id)
@mock.patch('admin.users.views.User.delete_addon')
def test_remove_two_factor_get(self, mock_delete_addon):
self.view.delete(self.request)
mock_delete_addon.assert_called_with('twofactor')
def test_integration_delete_two_factor(self):
user_addon = self.user.get_or_add_addon('twofactor')
nt.assert_not_equal(user_addon, None)
user_settings = self.user.get_addon('twofactor')
nt.assert_not_equal(user_settings, None)
count = OSFLogEntry.objects.count()
self.view.delete(self.request)
post_addon = self.user.get_addon('twofactor')
nt.assert_equal(post_addon, None)
nt.assert_equal(OSFLogEntry.objects.count(), count + 1)
class TestS3ViewsHgrid(OsfTestCase):
def setUp(self):
super(TestS3ViewsHgrid, self).setUp()
self.user = AuthUserFactory()
self.consolidated_auth = Auth(user=self.user)
self.auth = ('test', self.user.api_keys[0]._primary_key)
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('s3', auth=self.consolidated_auth)
self.project.creator.add_addon('s3')
self.user_settings = self.user.get_addon('s3')
self.user_settings.access_key = 'We-Will-Rock-You'
self.user_settings.secret_key = 'Idontknowanyqueensongs'
self.user_settings.save()
self.node_settings = self.project.get_addon('s3')
self.node_settings.bucket = 'Sheer-Heart-Attack'
self.node_settings.user_settings = self.project.creator.get_addon('s3')
self.node_settings.save()
def test_data_contents_no_user_settings(self):
self.node_settings.user_settings = None
self.node_settings.save()
url = "/api/v1/project/{0}/s3/hgrid/".format(self.project._id)
rv = self.app.get(url, expect_errors=True, auth=self.user.auth)
assert_equals(rv.status_int, http.BAD_REQUEST)
def test_dummy_folder(self):
url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id)
rv = self.app.get(url, auth=self.user.auth)
assert_true(self.node_settings.bucket in rv.body)
def test_dummy_folder_no_user_settings(self):
self.node_settings.user_settings = None
self.node_settings.save()
url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id)
rv = self.app.get(url, auth=self.user.auth)
assert_equals(rv.body, 'null')
def test_dummy_folder_no_bucket(self):
self.node_settings.bucket = None
self.node_settings.save()
url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id)
rv = self.app.get(url, auth=self.user.auth)
assert_equals(rv.body, 'null')
def test_s3_set_bucket_already_authed(self):
user = AuthUserFactory()
user.add_addon('s3')
user_settings = user.get_addon('s3')
user_settings.access_key = 'foo'
user_settings.secret_key = 'bar'
user_settings.save()
self.project.add_contributor(user, save=True)
url = self.project.api_url + 's3/settings/'
res = self.app.post_json(
url, {'s3_bucket': 'hammertofall'}, auth=user.auth,
expect_errors=True
)
assert_equal(res.status_code, http.BAD_REQUEST)
def test_user_settings_when_user_does_not_have_addon(self, _):
user = AuthUserFactory()
url = self.project.api_url_for('s3_post_user_settings')
self.app.post_json(
url,
{
'access_key': 'ABCDEFG',
'secret_key': 'We are the champions'
},
auth=user.auth
)
user.reload()
user_settings = user.get_addon('s3')
assert_equals(user_settings.access_key, 'ABCDEFG')
assert_equals(user_settings.secret_key, 'We are the champions')
def test_set_user_config(self, mock_connection):
mock_connection.return_value = create_mock_connection()
# Create a user with no settings
user = AuthUserFactory()
user.add_addon('dataverse')
user_settings = user.get_addon('dataverse')
url = api_url_for('dataverse_set_user_config')
params = {'api_token': 'snowman-frosty'}
# Post dataverse credentials
self.app.post_json(url, params, auth=user.auth)
user_settings.reload()
# User settings have updated correctly
assert_equal(user_settings.api_token, 'snowman-frosty')
def test_set_user_config(self, mock_connection):
mock_connection.return_value = create_mock_connection()
# Create a user with no settings
user = AuthUserFactory()
user.add_addon('dataverse')
user_settings = user.get_addon('dataverse')
url = api_url_for('dataverse_set_user_config')
params = {'api_token': 'snowman-frosty'}
# Post dataverse credentials
self.app.post_json(url, params, auth=user.auth)
user_settings.reload()
# User settings have updated correctly
assert_equal(user_settings.api_token, 'snowman-frosty')
def test_serialize_settings_helper_non_owner(self, mock_connection):
mock_connection.return_value = create_mock_connection()
# Non-owner user without add-on
serializer = DataverseSerializer(node_settings=self.node_settings)
result = serializer.serialized_node_settings
assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
assert_false(result['userHasAuth'])
assert_false(result['userIsOwner'])
# Non-owner user with add-on
stranger = AuthUserFactory()
stranger.add_addon('dataverse')
stranger.external_accounts.append(create_external_account())
serializer.user_settings = stranger.get_addon('dataverse')
result = serializer.serialized_node_settings
assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
assert_true(result['userHasAuth'])
assert_false(result['userIsOwner'])
def test_serialize_settings_helper_non_owner(self, mock_connection):
mock_connection.return_value = create_mock_connection()
# Non-owner user without add-on
stranger = AuthUserFactory()
result = serialize_settings(self.node_settings, stranger)
assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
assert_false(result['userHasAuth'])
assert_false(result['userIsOwner'])
# Non-owner user with add-on
stranger.add_addon('dataverse')
stranger_settings = stranger.get_addon('dataverse')
stranger_settings.api_token = 'foo-bar'
stranger_settings.save()
result = serialize_settings(self.node_settings, stranger)
assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
assert_true(result['userHasAuth'])
assert_false(result['userIsOwner'])
def test_serialize_settings_helper_non_owner(self, mock_connection):
mock_connection.return_value = create_mock_connection()
# Non-owner user without add-on
stranger = AuthUserFactory()
result = serialize_settings(self.node_settings, stranger)
assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
assert_false(result['userHasAuth'])
assert_false(result['userIsOwner'])
# Non-owner user with add-on
stranger.add_addon('dataverse')
stranger_settings = stranger.get_addon('dataverse')
stranger_settings.api_token = 'foo-bar'
stranger_settings.save()
result = serialize_settings(self.node_settings, stranger)
assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
assert_true(result['userHasAuth'])
assert_false(result['userIsOwner'])
class TestUtils(OsfTestCase):
@mock.patch('website.addons.twofactor.models.push_status_message')
def setUp(self, mocked):
super(TestUtils, self).setUp()
self.user = AuthUserFactory()
self.user_addon = self.user.get_or_add_addon('twofactor')
self.user_settings = self.user.get_addon('twofactor')
def test_serialize_urls_enabled(self):
urls = serialize_urls(self.user_addon)
for key in ['enable', 'disable', 'settings', 'otpauth']:
assert_in(key, urls)
assert_equal(urls['otpauth'], self.user_addon.otpauth_url)
def test_serialize_urls_disabled(self):
urls = serialize_urls(None)
for key in ['enable', 'disable', 'settings', 'otpauth']:
assert_in(key, urls)
assert_equal(urls['otpauth'], '')
def test_serialize_settings_enabled_and_unconfirmed(self):
settings = serialize_settings(Auth(self.user))
assert_true(settings['is_enabled'])
assert_false(settings['is_confirmed'])
assert_equal(settings['secret'], self.user_addon.totp_secret_b32)
assert_equal(settings['drift'], self.user_addon.totp_drift)
def test_serialize_settings_enabled_and_confirmed(self):
self.user_addon.is_confirmed = True
self.user_addon.save()
settings = serialize_settings(Auth(self.user))
assert_true(settings['is_enabled'])
assert_true(settings['is_confirmed'])
assert_equal(settings['secret'], self.user_addon.totp_secret_b32)
assert_equal(settings['drift'], self.user_addon.totp_drift)
def test_serialize_settings_disabled(self):
user = AuthUserFactory()
settings = serialize_settings(Auth(user))
assert_false(settings['is_enabled'])
assert_false(settings['is_confirmed'])
assert_equal(settings['secret'], None)
assert_equal(settings['drift'], None)
class TestUtils(OsfTestCase):
@mock.patch('website.addons.twofactor.models.push_status_message')
def setUp(self, mocked):
super(TestUtils, self).setUp()
self.user = AuthUserFactory()
self.user_addon = self.user.get_or_add_addon('twofactor')
self.user_settings = self.user.get_addon('twofactor')
def test_serialize_urls_enabled(self):
urls = serialize_urls(self.user_addon)
for key in ['enable', 'disable', 'settings', 'otpauth']:
assert_in(key, urls)
assert_equal(urls['otpauth'], self.user_addon.otpauth_url)
def test_serialize_urls_disabled(self):
urls = serialize_urls(None)
for key in ['enable', 'disable', 'settings', 'otpauth']:
assert_in(key, urls)
assert_equal(urls['otpauth'], '')
def test_serialize_settings_enabled_and_unconfirmed(self):
settings = serialize_settings(Auth(self.user))
assert_true(settings['is_enabled'])
assert_false(settings['is_confirmed'])
assert_equal(settings['secret'], self.user_addon.totp_secret_b32)
assert_equal(settings['drift'], self.user_addon.totp_drift)
def test_serialize_settings_enabled_and_confirmed(self):
self.user_addon.is_confirmed = True
self.user_addon.save()
settings = serialize_settings(Auth(self.user))
assert_true(settings['is_enabled'])
assert_true(settings['is_confirmed'])
assert_equal(settings['secret'], self.user_addon.totp_secret_b32)
assert_equal(settings['drift'], self.user_addon.totp_drift)
def test_serialize_settings_disabled(self):
user = AuthUserFactory()
settings = serialize_settings(Auth(user))
assert_false(settings['is_enabled'])
assert_false(settings['is_confirmed'])
assert_equal(settings['secret'], None)
assert_equal(settings['drift'], None)
class TestViews(OsfTestCase):
@mock.patch('website.addons.twofactor.models.push_status_message')
def setUp(self, mocked):
super(TestViews, self).setUp()
self.user = AuthUserFactory()
self.user_addon = self.user.get_or_add_addon('twofactor')
self.user_settings = self.user.get_addon('twofactor')
def test_confirm_code(self):
# Send a valid code to the API endpoint for the user settings.
url = api_url_for('twofactor_settings_put')
res = self.app.put_json(
url,
{'code': _valid_code(self.user_settings.totp_secret)},
auth=self.user.auth
)
# reload the user settings object from the DB
self.user_settings.reload()
assert_true(self.user_settings.is_confirmed)
assert_equal(res.status_code, 200)
def test_confirm_code_failure(self):
url = api_url_for('twofactor_settings_put')
res = self.app.put_json(
url,
{'code': '0000000'},
auth=self.user.auth,
expect_errors=True
)
assert_equal(res.status_code, 403)
json = res.json
assert_in('verification code', json['message_long'])
# reload the user settings object from the DB
self.user_settings.reload()
assert_false(self.user_settings.is_confirmed)
class TestAddonLogs(OsfTestCase):
def setUp(self):
super(TestAddonLogs, self).setUp()
self.flask_app = SetEnvironMiddleware(self.app.app,
REMOTE_ADDR='127.0.0.1')
self.test_app = webtest.TestApp(self.flask_app)
self.user = AuthUserFactory()
self.auth_obj = Auth(user=self.user)
self.node = ProjectFactory(creator=self.user)
self.session = Session(data={'auth_user_id': self.user._id})
self.session.save()
self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(
self.session._id)
self.configure_addon()
def configure_addon(self):
self.user.add_addon('github')
self.user_addon = self.user.get_addon('github')
self.oauth_settings = AddonGitHubOauthSettings(github_user_id='john')
self.oauth_settings.save()
self.user_addon.oauth_settings = self.oauth_settings
self.user_addon.oauth_access_token = 'secret'
self.user_addon.save()
self.node.add_addon('github', self.auth_obj)
self.node_addon = self.node.get_addon('github')
self.node_addon.user = '******'
self.node_addon.repo = 'youre-my-best-friend'
self.node_addon.user_settings = self.user_addon
self.node_addon.save()
def build_payload(self, metadata, **kwargs):
options = dict(
auth={'id': self.user._id},
action='create',
provider=self.node_addon.config.short_name,
metadata=metadata,
time=time.time() + 1000,
)
options.update(kwargs)
options = {
key: value
for key, value in options.iteritems() if value is not None
}
message, signature = signing.default_signer.sign_payload(options)
return {
'payload': message,
'signature': signature,
}
@mock.patch('website.notifications.events.files.FileAdded.perform')
def test_add_log(self, mock_perform):
path = 'pizza'
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path})
nlogs = len(self.node.logs)
self.test_app.put_json(url,
payload,
headers={'Content-Type': 'application/json'})
self.node.reload()
assert_equal(len(self.node.logs), nlogs + 1)
# # Mocking form_message and perform so that the payload need not be exact.
# assert_true(mock_form_message.called, "form_message not called")
assert_true(mock_perform.called, "perform not called")
def test_add_log_missing_args(self):
path = 'pizza'
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path}, auth=None)
nlogs = len(self.node.logs)
res = self.test_app.put_json(
url,
payload,
headers={'Content-Type': 'application/json'},
expect_errors=True,
)
assert_equal(res.status_code, 400)
self.node.reload()
assert_equal(len(self.node.logs), nlogs)
def test_add_log_no_user(self):
path = 'pizza'
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path},
auth={'id': None})
nlogs = len(self.node.logs)
res = self.test_app.put_json(
url,
payload,
headers={'Content-Type': 'application/json'},
expect_errors=True,
)
assert_equal(res.status_code, 400)
self.node.reload()
assert_equal(len(self.node.logs), nlogs)
def test_add_log_no_addon(self):
path = 'pizza'
node = ProjectFactory(creator=self.user)
url = node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path})
nlogs = len(node.logs)
res = self.test_app.put_json(
url,
payload,
headers={'Content-Type': 'application/json'},
expect_errors=True,
)
assert_equal(res.status_code, 400)
self.node.reload()
assert_equal(len(node.logs), nlogs)
def test_add_log_bad_action(self):
path = 'pizza'
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path}, action='dance')
nlogs = len(self.node.logs)
res = self.test_app.put_json(
url,
payload,
headers={'Content-Type': 'application/json'},
expect_errors=True,
)
assert_equal(res.status_code, 400)
self.node.reload()
assert_equal(len(self.node.logs), nlogs)
def test_action_file_rename(self):
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(
action='rename',
metadata={
'path': 'foo',
},
source={
'materialized': 'foo',
'provider': 'github',
'node': {
'_id': self.node._id
},
'name': 'new.txt',
'kind': 'file',
},
destination={
'path': 'foo',
'materialized': 'foo',
'provider': 'github',
'node': {
'_id': self.node._id
},
'name': 'old.txt',
'kind': 'file',
},
)
self.test_app.put_json(url,
payload,
headers={'Content-Type': 'application/json'})
self.node.reload()
assert_equal(
self.node.logs[-1].action,
'github_addon_file_renamed',
)
class TestCreateBucket(S3AddonTestCase):
def setUp(self):
super(TestCreateBucket, self).setUp()
self.user = AuthUserFactory()
self.consolidated_auth = Auth(user=self.user)
self.auth = self.user.auth
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('s3', auth=self.consolidated_auth)
self.project.creator.add_addon('s3')
self.user_settings = self.user.get_addon('s3')
self.user_settings.access_key = 'We-Will-Rock-You'
self.user_settings.secret_key = 'Idontknowanyqueensongs'
self.user_settings.save()
self.node_settings = self.project.get_addon('s3')
self.node_settings.bucket = 'Sheer-Heart-Attack'
self.node_settings.user_settings = self.project.creator.get_addon('s3')
self.node_settings.save()
def test_bad_names(self):
assert_false(validate_bucket_name(''))
assert_false(validate_bucket_name('no'))
assert_false(validate_bucket_name('a' * 64))
assert_false(validate_bucket_name(' leadingspace'))
assert_false(validate_bucket_name('trailingspace '))
assert_false(validate_bucket_name('bogus naMe'))
assert_false(validate_bucket_name('.cantstartwithp'))
assert_false(validate_bucket_name('or.endwith.'))
assert_false(validate_bucket_name('..nodoubles'))
assert_false(validate_bucket_name('no_unders_in'))
assert_false(validate_bucket_name('-leadinghyphen'))
assert_false(validate_bucket_name('trailinghyphen-'))
assert_false(validate_bucket_name('Mixedcase'))
assert_false(validate_bucket_name('empty..label'))
assert_false(validate_bucket_name('label-.trailinghyphen'))
assert_false(validate_bucket_name('label.-leadinghyphen'))
assert_false(validate_bucket_name('8.8.8.8'))
assert_false(validate_bucket_name('600.9000.0.28'))
assert_false(validate_bucket_name('no_underscore'))
assert_false(validate_bucket_name('_nounderscoreinfront'))
assert_false(validate_bucket_name('no-underscore-in-back_'))
assert_false(
validate_bucket_name('no-underscore-in_the_middle_either'))
def test_names(self):
assert_true(validate_bucket_name('imagoodname'))
assert_true(validate_bucket_name('still.passing'))
assert_true(validate_bucket_name('can-have-dashes'))
assert_true(validate_bucket_name('kinda.name.spaced'))
assert_true(validate_bucket_name('a-o.valid'))
assert_true(validate_bucket_name('11.12.m'))
assert_true(validate_bucket_name('a--------a'))
assert_true(validate_bucket_name('a' * 63))
def test_bad_locations(self):
assert_false(validate_bucket_location('Venus'))
assert_false(validate_bucket_location('AlphaCentari'))
assert_false(validate_bucket_location('CostaRica'))
def test_locations(self):
assert_true(validate_bucket_location(''))
assert_true(validate_bucket_location('us-east-2'))
assert_true(validate_bucket_location('eu-central-1'))
assert_true(validate_bucket_location('us-west-1'))
assert_true(validate_bucket_location('us-west-2'))
assert_true(validate_bucket_location('ap-northeast-1'))
assert_true(validate_bucket_location('ap-northeast-2'))
assert_true(validate_bucket_location('ap-southeast-1'))
assert_true(validate_bucket_location('ap-southeast-2'))
assert_true(validate_bucket_location('ap-south-1'))
assert_true(validate_bucket_location('sa-east-1'))
assert_true(validate_bucket_location('eu-west-1'))
@mock.patch('website.addons.s3.views.utils.create_bucket')
@mock.patch('website.addons.s3.views.utils.get_bucket_names')
def test_create_bucket_pass(self, mock_names, mock_make):
mock_make.return_value = True
mock_names.return_value = ['butintheend', 'it', 'doesntevenmatter']
url = self.project.api_url_for('create_bucket')
ret = self.app.post_json(url, {
'bucket_name': 'doesntevenmatter',
'bucket_location': '',
},
auth=self.user.auth)
assert_equal(ret.status_int, http.OK)
assert_equal(ret.json, {})
@mock.patch('website.addons.s3.views.utils.create_bucket')
def test_create_bucket_fail(self, mock_make):
error = S3ResponseError(418, 'because Im a test')
error.message = 'This should work'
mock_make.side_effect = error
url = "/api/v1/project/{0}/s3/newbucket/".format(self.project._id)
ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'},
auth=self.user.auth,
expect_errors=True)
assert_equals(
ret.body,
'{"message": "This should work", "title": "Problem connecting to S3"}'
)
@mock.patch('website.addons.s3.views.utils.create_bucket')
def test_bad_location_fails(self, mock_make):
url = "/api/v1/project/{0}/s3/newbucket/".format(self.project._id)
ret = self.app.post_json(
url, {
'bucket_name': 'doesntevenmatter',
'bucket_location': 'not a real bucket location',
},
auth=self.user.auth,
expect_errors=True)
assert_equals(
ret.body,
'{"message": "That bucket location is not valid.", "title": "Invalid bucket location"}'
)
class TestNodeFilesListPagination(ApiTestCase):
def setUp(self):
super(TestNodeFilesListPagination, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
httpretty.enable()
def tearDown(self):
super(TestNodeFilesListPagination, self).tearDown()
httpretty.disable()
httpretty.reset()
def add_github(self):
user_auth = Auth(self.user)
self.project.add_addon('github', auth=user_auth)
addon = self.project.get_addon('github')
addon.repo = 'something'
addon.user = '******'
oauth_settings = GitHubAccountFactory()
oauth_settings.save()
self.user.add_addon('github')
self.user.external_accounts.append(oauth_settings)
self.user.save()
addon.user_settings = self.user.get_addon('github')
addon.save()
self.project.save()
def check_file_order(self, resp):
previous_file_name = 0
for file in resp.json['data']:
int_file_name = int(file['attributes']['name'])
assert(int_file_name > previous_file_name, 'Files were not in order')
previous_file_name = int_file_name
def test_node_files_are_sorted_correctly(self):
prepare_mock_wb_response(
node=self.project,
provider='github',
files=[
{'name': '01', 'path': '/01/', 'materialized': '/01/', 'kind': 'folder'},
{'name': '02', 'path': '/02', 'materialized': '/02', 'kind': 'file'},
{'name': '03', 'path': '/03/', 'materialized': '/03/', 'kind': 'folder'},
{'name': '04', 'path': '/04', 'materialized': '/04', 'kind': 'file'},
{'name': '05', 'path': '/05/', 'materialized': '/05/', 'kind': 'folder'},
{'name': '06', 'path': '/06', 'materialized': '/06', 'kind': 'file'},
{'name': '07', 'path': '/07/', 'materialized': '/07/', 'kind': 'folder'},
{'name': '08', 'path': '/08', 'materialized': '/08', 'kind': 'file'},
{'name': '09', 'path': '/09/', 'materialized': '/09/', 'kind': 'folder'},
{'name': '10', 'path': '/10', 'materialized': '/10', 'kind': 'file'},
{'name': '11', 'path': '/11/', 'materialized': '/11/', 'kind': 'folder'},
{'name': '12', 'path': '/12', 'materialized': '/12', 'kind': 'file'},
{'name': '13', 'path': '/13/', 'materialized': '/13/', 'kind': 'folder'},
{'name': '14', 'path': '/14', 'materialized': '/14', 'kind': 'file'},
{'name': '15', 'path': '/15/', 'materialized': '/15/', 'kind': 'folder'},
{'name': '16', 'path': '/16', 'materialized': '/16', 'kind': 'file'},
{'name': '17', 'path': '/17/', 'materialized': '/17/', 'kind': 'folder'},
{'name': '18', 'path': '/18', 'materialized': '/18', 'kind': 'file'},
{'name': '19', 'path': '/19/', 'materialized': '/19/', 'kind': 'folder'},
{'name': '20', 'path': '/20', 'materialized': '/20', 'kind': 'file'},
{'name': '21', 'path': '/21/', 'materialized': '/21/', 'kind': 'folder'},
{'name': '22', 'path': '/22', 'materialized': '/22', 'kind': 'file'},
{'name': '23', 'path': '/23/', 'materialized': '/23/', 'kind': 'folder'},
{'name': '24', 'path': '/24', 'materialized': '/24', 'kind': 'file'},
]
)
self.add_github()
url = '/{}nodes/{}/files/github/?page[size]=100'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth)
self.check_file_order(res)
class TestNodeFilesList(ApiTestCase):
def setUp(self):
super(TestNodeFilesList, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.private_url = '/{}nodes/{}/files/'.format(API_BASE, self.project._id)
self.user_two = AuthUserFactory()
self.public_project = ProjectFactory(creator=self.user, is_public=True)
self.public_url = '/{}nodes/{}/files/'.format(API_BASE, self.public_project._id)
httpretty.enable()
def tearDown(self):
super(TestNodeFilesList, self).tearDown()
httpretty.disable()
httpretty.reset()
def add_github(self):
user_auth = Auth(self.user)
self.project.add_addon('github', auth=user_auth)
addon = self.project.get_addon('github')
addon.repo = 'something'
addon.user = '******'
oauth_settings = GitHubAccountFactory()
oauth_settings.save()
self.user.add_addon('github')
self.user.external_accounts.append(oauth_settings)
self.user.save()
addon.user_settings = self.user.get_addon('github')
addon.save()
self.project.save()
def _prepare_mock_wb_response(self, node=None, **kwargs):
prepare_mock_wb_response(node=node or self.project, **kwargs)
def test_returns_public_files_logged_out(self):
res = self.app.get(self.public_url, expect_errors=True)
assert_equal(res.status_code, 200)
assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage')
assert_equal(res.content_type, 'application/vnd.api+json')
def test_returns_public_files_logged_in(self):
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage')
def test_returns_storage_addons_link(self):
res = self.app.get(self.private_url, auth=self.user.auth)
assert_in('storage_addons', res.json['data'][0]['links'])
def test_returns_file_data(self):
fobj = self.project.get_addon('osfstorage').get_root().append_file('NewFile')
fobj.save()
res = self.app.get('{}osfstorage/{}'.format(self.private_url, fobj._id), auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_true(isinstance(res.json['data'], dict))
assert_equal(res.content_type, 'application/vnd.api+json')
assert_equal(res.json['data']['attributes']['kind'], 'file')
assert_equal(res.json['data']['attributes']['name'], 'NewFile')
def test_returns_osfstorage_folder_version_two(self):
fobj = self.project.get_addon('osfstorage').get_root().append_folder('NewFolder')
fobj.save()
res = self.app.get('{}osfstorage/'.format(self.private_url), auth=self.user.auth)
assert_equal(res.status_code, 200)
def test_returns_osf_storage_folder_version_two_point_two(self):
fobj = self.project.get_addon('osfstorage').get_root().append_folder('NewFolder')
fobj.save()
res = self.app.get('{}osfstorage/?version=2.2'.format(self.private_url), auth=self.user.auth)
assert_equal(res.status_code, 200)
def test_list_returns_folder_data(self):
fobj = self.project.get_addon('osfstorage').get_root().append_folder('NewFolder')
fobj.save()
res = self.app.get('{}osfstorage/'.format(self.private_url, fobj._id), auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 1)
assert_equal(res.content_type, 'application/vnd.api+json')
assert_equal(res.json['data'][0]['attributes']['name'], 'NewFolder')
def test_returns_folder_data(self):
fobj = self.project.get_addon('osfstorage').get_root().append_folder('NewFolder')
fobj.save()
res = self.app.get('{}osfstorage/{}/'.format(self.private_url, fobj._id), auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 0)
assert_equal(res.content_type, 'application/vnd.api+json')
def test_returns_private_files_logged_out(self):
res = self.app.get(self.private_url, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0])
def test_returns_private_files_logged_in_contributor(self):
res = self.app.get(self.private_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
assert_equal(len(res.json['data']), 1)
assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage')
def test_returns_private_files_logged_in_non_contributor(self):
res = self.app.get(self.private_url, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
def test_returns_addon_folders(self):
user_auth = Auth(self.user)
res = self.app.get(self.private_url, auth=self.user.auth)
assert_equal(len(res.json['data']), 1)
assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage')
self.project.add_addon('github', auth=user_auth)
addon = self.project.get_addon('github')
addon.repo = 'something'
addon.user = '******'
oauth_settings = GitHubAccountFactory()
oauth_settings.save()
self.user.add_addon('github')
self.user.external_accounts.append(oauth_settings)
self.user.save()
addon.user_settings = self.user.get_addon('github')
addon.save()
self.project.save()
res = self.app.get(self.private_url, auth=self.user.auth)
data = res.json['data']
providers = [item['attributes']['provider'] for item in data]
assert_equal(len(data), 2)
assert_in('github', providers)
assert_in('osfstorage', providers)
def test_returns_node_files_list(self):
self._prepare_mock_wb_response(provider='github', files=[{'name': 'NewFile'}])
self.add_github()
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.json['data'][0]['attributes']['name'], 'NewFile')
assert_equal(res.json['data'][0]['attributes']['provider'], 'github')
def test_returns_node_file(self):
self._prepare_mock_wb_response(provider='github', files=[{'name': 'NewFile'}], folder=False, path='/file')
self.add_github()
url = '/{}nodes/{}/files/github/file'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, headers={
'COOKIE': 'foo=bar;' # Webtests doesnt support cookies?
})
assert_equal(res.status_code, 200)
assert_equal(res.json['data']['attributes']['name'], 'NewFile')
assert_equal(res.json['data']['attributes']['provider'], 'github')
def test_notfound_node_file_returns_folder(self):
self._prepare_mock_wb_response(provider='github', files=[{'name': 'NewFile'}], path='/file')
url = '/{}nodes/{}/files/github/file'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True, headers={
'COOKIE': 'foo=bar;' # Webtests doesnt support cookies?
})
assert_equal(res.status_code, 404)
def test_notfound_node_folder_returns_file(self):
self._prepare_mock_wb_response(provider='github', files=[{'name': 'NewFile'}], folder=False, path='/')
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True, headers={
'COOKIE': 'foo=bar;' # Webtests doesnt support cookies?
})
assert_equal(res.status_code, 404)
def test_waterbutler_server_error_returns_503(self):
self._prepare_mock_wb_response(status_code=500)
self.add_github()
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True, headers={
'COOKIE': 'foo=bar;' # Webtests doesnt support cookies?
})
assert_equal(res.status_code, 503)
def test_waterbutler_invalid_data_returns_503(self):
wb_url = waterbutler_api_url_for(self.project._id, provider='github', path='/', meta=True)
self.add_github()
httpretty.register_uri(
httpretty.GET,
wb_url,
body=json.dumps({}),
status=400
)
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 503)
def test_handles_unauthenticated_waterbutler_request(self):
self._prepare_mock_wb_response(status_code=401)
self.add_github()
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
def test_handles_notfound_waterbutler_request(self):
invalid_provider = 'gilkjadsflhub'
self._prepare_mock_wb_response(status_code=404, provider=invalid_provider)
url = '/{}nodes/{}/files/{}/'.format(API_BASE, self.project._id, invalid_provider)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
assert_in('detail', res.json['errors'][0])
def test_handles_request_to_provider_not_configured_on_project(self):
provider = 'box'
url = '/{}nodes/{}/files/{}/'.format(API_BASE, self.project._id, provider)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_false(self.project.get_addon(provider))
assert_equal(res.status_code, 404)
assert_equal(res.json['errors'][0]['detail'], 'The {} provider is not configured for this project.'.format(provider))
def test_handles_bad_waterbutler_request(self):
wb_url = waterbutler_api_url_for(self.project._id, provider='github', path='/', meta=True)
httpretty.register_uri(
httpretty.GET,
wb_url,
body=json.dumps({}),
status=418
)
self.add_github()
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 503)
assert_in('detail', res.json['errors'][0])
def test_files_list_contains_relationships_object(self):
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert 'relationships' in res.json['data'][0]
class TestAddonAuth(OsfTestCase):
def setUp(self):
super(TestAddonAuth, self).setUp()
self.flask_app = SetEnvironMiddleware(self.app.app, REMOTE_ADDR='127.0.0.1')
self.test_app = webtest.TestApp(self.flask_app)
self.user = AuthUserFactory()
self.auth_obj = Auth(user=self.user)
self.node = ProjectFactory(creator=self.user)
self.session = Session(data={'auth_user_id': self.user._id})
self.session.save()
self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id)
self.configure_addon()
def configure_addon(self):
self.user.add_addon('github')
self.user_addon = self.user.get_addon('github')
self.oauth_settings = AddonGitHubOauthSettings(github_user_id='john')
self.oauth_settings.save()
self.user_addon.oauth_settings = self.oauth_settings
self.user_addon.oauth_access_token = 'secret'
self.user_addon.save()
self.node.add_addon('github', self.auth_obj)
self.node_addon = self.node.get_addon('github')
self.node_addon.user = '******'
self.node_addon.repo = 'youre-my-best-friend'
self.node_addon.user_settings = self.user_addon
self.node_addon.save()
def build_url(self, **kwargs):
options = dict(
action='download',
cookie=self.cookie,
nid=self.node._id,
provider=self.node_addon.config.short_name,
)
options.update(kwargs)
return api_url_for('get_auth', **options)
def test_auth_download(self):
url = self.build_url()
res = self.test_app.get(url)
assert_equal(res.json['auth'], views.make_auth(self.user))
assert_equal(res.json['credentials'], self.node_addon.serialize_waterbutler_credentials())
assert_equal(res.json['settings'], self.node_addon.serialize_waterbutler_settings())
expected_url = furl.furl(self.node.api_url_for('create_waterbutler_log', _absolute=True))
observed_url = furl.furl(res.json['callback_url'])
observed_url.port = expected_url.port
assert_equal(expected_url, observed_url)
def test_auth_missing_args(self):
url = self.build_url(cookie=None)
res = self.test_app.get(url, expect_errors=True)
assert_equal(res.status_code, 400)
def test_auth_bad_cookie(self):
url = self.build_url(cookie=self.cookie[::-1])
res = self.test_app.get(url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_auth_missing_addon(self):
url = self.build_url(provider='queenhub')
res = self.test_app.get(url, expect_errors=True)
assert_equal(res.status_code, 400)
def test_auth_bad_ip(self):
flask_app = SetEnvironMiddleware(self.app.app, REMOTE_ADDR='192.168.1.1')
test_app = webtest.TestApp(flask_app)
url = self.build_url()
res = test_app.get(url, expect_errors=True)
assert_equal(res.status_code, 403)
class TestNodeFilesListFiltering(ApiTestCase):
def setUp(self):
super(TestNodeFilesListFiltering, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
httpretty.enable()
# Prep HTTP mocks
prepare_mock_wb_response(
node=self.project,
provider='github',
files=[
{'name': 'abc', 'path': '/abc/', 'materialized': '/abc/', 'kind': 'folder'},
{'name': 'xyz', 'path': '/xyz', 'materialized': '/xyz', 'kind': 'file'},
]
)
def tearDown(self):
super(TestNodeFilesListFiltering, self).tearDown()
httpretty.disable()
httpretty.reset()
def add_github(self):
user_auth = Auth(self.user)
self.project.add_addon('github', auth=user_auth)
addon = self.project.get_addon('github')
addon.repo = 'something'
addon.user = '******'
oauth_settings = GitHubAccountFactory()
oauth_settings.save()
self.user.add_addon('github')
self.user.external_accounts.append(oauth_settings)
self.user.save()
addon.user_settings = self.user.get_addon('github')
addon.save()
self.project.save()
def test_node_files_are_filterable_by_name(self):
url = '/{}nodes/{}/files/github/?filter[name]=xyz'.format(API_BASE, self.project._id)
self.add_github()
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 1) # filters out 'abc'
assert_equal(res.json['data'][0]['attributes']['name'], 'xyz')
def test_node_files_filter_by_name_case_insensitive(self):
url = '/{}nodes/{}/files/github/?filter[name]=XYZ'.format(API_BASE, self.project._id)
self.add_github()
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 1) # filters out 'abc', but finds 'xyz'
assert_equal(res.json['data'][0]['attributes']['name'], 'xyz')
def test_node_files_are_filterable_by_path(self):
url = '/{}nodes/{}/files/github/?filter[path]=abc'.format(API_BASE, self.project._id)
self.add_github()
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 1) # filters out 'xyz'
assert_equal(res.json['data'][0]['attributes']['name'], 'abc')
def test_node_files_are_filterable_by_kind(self):
url = '/{}nodes/{}/files/github/?filter[kind]=folder'.format(API_BASE, self.project._id)
self.add_github()
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 1) # filters out 'xyz'
assert_equal(res.json['data'][0]['attributes']['name'], 'abc')
def test_node_files_external_provider_can_filter_by_last_touched(self):
yesterday_stamp = datetime.datetime.utcnow() - datetime.timedelta(days=1)
self.add_github()
url = '/{}nodes/{}/files/github/?filter[last_touched][gt]={}'.format(API_BASE,
self.project._id,
yesterday_stamp.isoformat())
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 2)
def test_node_files_osfstorage_cannot_filter_by_last_touched(self):
yesterday_stamp = datetime.datetime.utcnow() - datetime.timedelta(days=1)
self.file = api_utils.create_test_file(self.project, self.user)
url = '/{}nodes/{}/files/osfstorage/?filter[last_touched][gt]={}'.format(API_BASE,
self.project._id,
yesterday_stamp.isoformat())
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(len(res.json['errors']), 1)
class TestAddonFileViews(OsfTestCase):
@classmethod
def setUpClass(cls):
super(TestAddonFileViews, cls).setUpClass()
PROVIDER_MAP['github'] = [TestFolder, TestFile, TestFileNode]
TestFileNode.provider = 'github'
def setUp(self):
super(TestAddonFileViews, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.user.add_addon('github')
self.project.add_addon('github', auth=Auth(self.user))
self.user_addon = self.user.get_addon('github')
self.node_addon = self.project.get_addon('github')
self.oauth = AddonGitHubOauthSettings(github_user_id='denbarell',
oauth_access_token='Truthy')
self.oauth.save()
self.user_addon.oauth_settings = self.oauth
self.user_addon.save()
self.node_addon.user_settings = self.user_addon
self.node_addon.repo = 'Truth'
self.node_addon.user = '******'
self.node_addon.save()
@classmethod
def tearDownClass(cls):
super(TestAddonFileViews, cls).tearDownClass()
PROVIDER_MAP['github'] = [
models.GithubFolder, models.GithubFile, models.GithubFileNode
]
del PROVIDER_MAP['test_addons']
def get_test_file(self):
ret = TestFile(name='Test',
node=self.project,
path='/test/Test',
materialized_path='/test/Test')
ret.save()
return ret
def get_mako_return(self):
ret = serialize_node(self.project, Auth(self.user), primary=True)
ret.update({
'error': '',
'provider': '',
'file_path': '',
'sharejs_uuid': '',
'private': '',
'urls': {
'files': '',
'render': '',
'sharejs': '',
'mfr': '',
'gravatar': '',
'external': '',
},
'size': '',
'extra': '',
'file_name': '',
'materialized_path': '',
})
ret.update(rubeus.collect_addon_assets(self.project))
return ret
def test_redirects_to_guid(self):
file_node = self.get_test_file()
guid = file_node.get_guid(create=True)
resp = self.app.get(self.project.web_url_for(
'addon_view_or_download_file',
path=file_node.path.strip('/'),
provider='github'),
auth=self.user.auth)
assert_equals(resp.status_code, 302)
assert_equals(resp.location,
'http://*****:*****@mock.patch('website.addons.base.views.addon_view_file')
def test_action_view_calls_view_file(self, mock_view_file):
self.user.reload()
self.project.reload()
file_node = self.get_test_file()
guid = file_node.get_guid(create=True)
mock_view_file.return_value = self.get_mako_return()
self.app.get('/{}/?action=view'.format(guid._id), auth=self.user.auth)
args, kwargs = mock_view_file.call_args
assert_equals(kwargs, {})
assert_equals(args[0].user, self.user)
assert_equals(args[1], self.project)
assert_equals(args[2], file_node)
assert_true(isinstance(args[3], file_node.touch(None).__class__))
@mock.patch('website.addons.base.views.addon_view_file')
def test_no_action_calls_view_file(self, mock_view_file):
self.user.reload()
self.project.reload()
file_node = self.get_test_file()
guid = file_node.get_guid(create=True)
mock_view_file.return_value = self.get_mako_return()
self.app.get('/{}/'.format(guid._id), auth=self.user.auth)
args, kwargs = mock_view_file.call_args
assert_equals(kwargs, {})
assert_equals(args[0].user, self.user)
assert_equals(args[1], self.project)
assert_equals(args[2], file_node)
assert_true(isinstance(args[3], file_node.touch(None).__class__))
def test_download_create_guid(self):
file_node = self.get_test_file()
assert_is(file_node.get_guid(), None)
self.app.get(self.project.web_url_for(
'addon_view_or_download_file',
path=file_node.path.strip('/'),
provider='github',
),
auth=self.user.auth)
assert_true(file_node.get_guid())
def test_unauthorized_addons_raise(self):
path = 'cloudfiles'
self.node_addon.user_settings = None
self.node_addon.save()
resp = self.app.get(self.project.web_url_for(
'addon_view_or_download_file',
path=path,
provider='github',
action='download'),
auth=self.user.auth,
expect_errors=True)
assert_equals(resp.status_code, 401)
def test_nonstorage_addons_raise(self):
resp = self.app.get(self.project.web_url_for(
'addon_view_or_download_file',
path='sillywiki',
provider='wiki',
action='download'),
auth=self.user.auth,
expect_errors=True)
assert_equals(resp.status_code, 400)
def test_head_returns_url(self):
file_node = self.get_test_file()
guid = file_node.get_guid(create=True)
resp = self.app.head('/{}/'.format(guid._id), auth=self.user.auth)
location = furl.furl(resp.location)
assert_urls_equal(location.url,
file_node.generate_waterbutler_url(direct=None))
def test_nonexistent_addons_raise(self):
path = 'cloudfiles'
self.project.delete_addon('github', Auth(self.user))
self.project.save()
resp = self.app.get(self.project.web_url_for(
'addon_view_or_download_file',
path=path,
provider='github',
action='download'),
auth=self.user.auth,
expect_errors=True)
assert_equals(resp.status_code, 400)
def test_unauth_addons_raise(self):
path = 'cloudfiles'
self.node_addon.user_settings = None
self.node_addon.save()
resp = self.app.get(self.project.web_url_for(
'addon_view_or_download_file',
path=path,
provider='github',
action='download'),
auth=self.user.auth,
expect_errors=True)
assert_equals(resp.status_code, 401)
class TestNodeFilesList(ApiTestCase):
def setUp(self):
super(TestNodeFilesList, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.private_url = '/{}nodes/{}/files/'.format(API_BASE,
self.project._id)
self.user_two = AuthUserFactory()
self.public_project = ProjectFactory(creator=self.user, is_public=True)
self.public_url = '/{}nodes/{}/files/'.format(API_BASE,
self.public_project._id)
httpretty.enable()
def tearDown(self):
super(TestNodeFilesList, self).tearDown()
httpretty.disable()
httpretty.reset()
def _prepare_mock_wb_response(self, node=None, **kwargs):
prepare_mock_wb_response(node=node or self.project, **kwargs)
def test_cannot_access_retracted_files_list(self):
registration = RegistrationFactory(creator=self.user,
project=self.public_project)
url = '/{}nodes/{}/files/'.format(API_BASE, registration._id)
retraction = RetractedRegistrationFactory(registration=registration,
user=registration.creator)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
def test_returns_public_files_logged_out(self):
res = self.app.get(self.public_url, expect_errors=True)
assert_equal(res.status_code, 200)
assert_equal(res.json['data'][0]['attributes']['provider'],
'osfstorage')
assert_equal(res.content_type, 'application/vnd.api+json')
def test_returns_public_files_logged_in(self):
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
assert_equal(res.json['data'][0]['attributes']['provider'],
'osfstorage')
def test_returns_file_data(self):
fobj = self.project.get_addon('osfstorage').get_root().append_file(
'NewFile')
fobj.save()
res = self.app.get('{}osfstorage/{}'.format(self.private_url,
fobj._id),
auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_true(isinstance(res.json['data'], dict))
assert_equal(res.content_type, 'application/vnd.api+json')
assert_equal(res.json['data']['attributes']['kind'], 'file')
assert_equal(res.json['data']['attributes']['name'], 'NewFile')
def test_returns_folder_data(self):
fobj = self.project.get_addon('osfstorage').get_root().append_folder(
'NewFolder')
fobj.save()
res = self.app.get('{}osfstorage/{}/'.format(self.private_url,
fobj._id),
auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 0)
assert_equal(res.content_type, 'application/vnd.api+json')
def test_returns_private_files_logged_out(self):
res = self.app.get(self.private_url, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0])
def test_returns_private_files_logged_in_contributor(self):
res = self.app.get(self.private_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
assert_equal(len(res.json['data']), 1)
assert_equal(res.json['data'][0]['attributes']['provider'],
'osfstorage')
def test_returns_private_files_logged_in_non_contributor(self):
res = self.app.get(self.private_url,
auth=self.user_two.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
def test_returns_addon_folders(self):
user_auth = Auth(self.user)
res = self.app.get(self.private_url, auth=self.user.auth)
assert_equal(len(res.json['data']), 1)
assert_equal(res.json['data'][0]['attributes']['provider'],
'osfstorage')
self.project.add_addon('github', auth=user_auth)
addon = self.project.get_addon('github')
addon.repo = 'something'
addon.user = '******'
oauth_settings = GitHubAccountFactory()
oauth_settings.save()
self.user.add_addon('github')
self.user.external_accounts.append(oauth_settings)
self.user.save()
addon.user_settings = self.user.get_addon('github')
addon.save()
self.project.save()
res = self.app.get(self.private_url, auth=self.user.auth)
data = res.json['data']
providers = [item['attributes']['provider'] for item in data]
assert_equal(len(data), 2)
assert_in('github', providers)
assert_in('osfstorage', providers)
def test_returns_node_files_list(self):
self._prepare_mock_wb_response(provider='github',
files=[{
'name': 'NewFile'
}])
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.json['data'][0]['attributes']['name'], 'NewFile')
assert_equal(res.json['data'][0]['attributes']['provider'], 'github')
def test_returns_node_file(self):
self._prepare_mock_wb_response(provider='github',
files=[{
'name': 'NewFile'
}],
folder=False,
path='/file')
url = '/{}nodes/{}/files/github/file'.format(API_BASE,
self.project._id)
res = self.app.get(
url,
auth=self.user.auth,
headers={
'COOKIE': 'foo=bar;' # Webtests doesnt support cookies?
})
assert_equal(res.status_code, 200)
assert_equal(res.json['data']['attributes']['name'], 'NewFile')
assert_equal(res.json['data']['attributes']['provider'], 'github')
def test_notfound_node_file_returns_folder(self):
self._prepare_mock_wb_response(provider='github',
files=[{
'name': 'NewFile'
}],
path='/file')
url = '/{}nodes/{}/files/github/file'.format(API_BASE,
self.project._id)
res = self.app.get(
url,
auth=self.user.auth,
expect_errors=True,
headers={
'COOKIE': 'foo=bar;' # Webtests doesnt support cookies?
})
assert_equal(res.status_code, 404)
def test_notfound_node_folder_returns_file(self):
self._prepare_mock_wb_response(provider='github',
files=[{
'name': 'NewFile'
}],
folder=False,
path='/')
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(
url,
auth=self.user.auth,
expect_errors=True,
headers={
'COOKIE': 'foo=bar;' # Webtests doesnt support cookies?
})
assert_equal(res.status_code, 404)
def test_waterbutler_server_error_returns_503(self):
self._prepare_mock_wb_response(status_code=500)
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(
url,
auth=self.user.auth,
expect_errors=True,
headers={
'COOKIE': 'foo=bar;' # Webtests doesnt support cookies?
})
assert_equal(res.status_code, 503)
def test_waterbutler_invalid_data_returns_503(self):
wb_url = waterbutler_api_url_for(self.project._id,
provider='github',
path='/',
meta=True)
httpretty.register_uri(httpretty.GET,
wb_url,
body=json.dumps({}),
status=400)
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 503)
def test_handles_unauthenticated_waterbutler_request(self):
self._prepare_mock_wb_response(status_code=401)
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
def test_handles_notfound_waterbutler_request(self):
invalid_provider = 'gilkjadsflhub'
self._prepare_mock_wb_response(status_code=404,
provider=invalid_provider)
url = '/{}nodes/{}/files/{}/'.format(API_BASE, self.project._id,
invalid_provider)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
assert_in('detail', res.json['errors'][0])
def test_handles_bad_waterbutler_request(self):
wb_url = waterbutler_api_url_for(self.project._id,
provider='github',
path='/',
meta=True)
httpretty.register_uri(httpretty.GET,
wb_url,
body=json.dumps({}),
status=418)
url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 503)
assert_in('detail', res.json['errors'][0])
def test_files_list_contains_relationships_object(self):
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert 'relationships' in res.json['data'][0]
class TestGoogleDriveAuthViews(OsfTestCase):
def setUp(self):
super(TestGoogleDriveAuthViews, self).setUp()
self.user = AuthUserFactory()
self.user.add_addon('googledrive')
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('googledrive', Auth(self.user))
self.node_settings = self.project.get_addon('googledrive')
self.user_settings = self.user.get_addon('googledrive')
oauth_settings = GoogleDriveOAuthSettingsFactory()
self.user_settings.oauth_settings = oauth_settings
self.node_settings.user_settings = self.user_settings
# Log user in
self.app.authenticate(*self.user.auth)
self.flow = mock.Mock()
self.credentials = mock.Mock()
# Class variables(self) are usually used to mark mock variables. Can be removed later.
@mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.start')
def test_googledrive_oauth_start(self, mock_auth_client_start):
url = api_url_for('googledrive_oauth_start_user', Auth(self.user))
authorization_url = 'https://fake.domain/'
state = 'secure state'
mock_auth_client_start.return_value = (authorization_url, state)
res = self.app.post(url)
assert_true(res.json['url'], authorization_url)
@mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.userinfo')
@mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.finish')
@mock.patch('website.addons.googledrive.views.auth.session')
def test_googledrive_oauth_finish(self, mock_session, mock_auth_client_finish, mock_auth_client_userinfo):
user_no_addon = AuthUserFactory()
nid = self.project._primary_key
state = '1234'
mock_session.data = {
'googledrive_auth_nid': nid,
'googledrive_auth_state': state,
}
mock_auth_client_finish.return_value = {
'access_token': '1111',
'refresh_token': '2222',
'expires_at': time.time() + 3600,
}
mock_auth_client_userinfo.return_value = {
'sub': 'unique id',
'name': 'test-user',
}
url = api_url_for('googledrive_oauth_finish', user_no_addon.auth, nid=self.project._primary_key, code='1234', state=state)
res = self.app.get(url)
assert_is_redirect(res)
@mock.patch('website.addons.googledrive.views.auth.flash')
def test_googledrive_oauth_finish_cancelled(self, mock_flash):
user_no_addon = AuthUserFactory()
url = api_url_for(
'googledrive_oauth_finish',
user_no_addon.auth,
nid=self.project._primary_key,
code='1234',
state='3322',
error='User declined!'
)
res = self.app.get(url)
assert_is_redirect(res)
mock_flash.assert_called_once()
@mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.userinfo')
@mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.finish')
@mock.patch('website.addons.googledrive.views.auth.session')
def test_googledrive_oauth_finish_user_only(self, mock_session, mock_auth_client_finish, mock_auth_client_userinfo):
user_no_addon = AuthUserFactory()
state = '1234'
mock_session.data = {
'googledrive_auth_state': state,
}
mock_auth_client_finish.return_value = {
'access_token': '1111',
'refresh_token': '2222',
'expires_at': time.time() + 3600,
}
mock_auth_client_userinfo.return_value = {
'sub': 'unique id',
'name': 'test-user',
}
url = api_url_for('googledrive_oauth_finish', user_no_addon.auth, code='1234', state=state)
res = self.app.get(url)
assert_is_redirect(res)
@mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.revoke')
def test_googledrive_oauth_delete_user(self, mock_auth_client_revoke):
self.user_settings.access_token = 'abc123'
self.user_settings.save()
assert_true(self.user_settings.has_auth)
self.user.save()
url = api_url_for('googledrive_oauth_delete_user')
self.app.delete(url)
self.user_settings.reload()
mock_auth_client_revoke.assert_called_once()
assert_false(self.user_settings.has_auth)
def test_googledrive_deauthorize(self):
self.node_settings.folder_id = 'foobar'
self.node_settings.folder_path = 'My folder'
self.node_settings.save()
url = self.project.api_url_for('googledrive_deauthorize')
self.app.delete(url)
self.project.reload()
self.node_settings.reload()
assert_false(self.node_settings.has_auth)
assert_is(self.node_settings.folder_id, None)
assert_is(self.node_settings.folder_path, None)
assert_is(self.node_settings.user_settings, None)
class TestAddonLogs(OsfTestCase):
def setUp(self):
super(TestAddonLogs, self).setUp()
self.flask_app = SetEnvironMiddleware(self.app.app, REMOTE_ADDR='127.0.0.1')
self.test_app = webtest.TestApp(self.flask_app)
self.user = AuthUserFactory()
self.auth_obj = Auth(user=self.user)
self.node = ProjectFactory(creator=self.user)
self.session = Session(data={'auth_user_id': self.user._id})
self.session.save()
self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id)
self.configure_addon()
def configure_addon(self):
self.user.add_addon('github')
self.user_addon = self.user.get_addon('github')
self.oauth_settings = AddonGitHubOauthSettings(github_user_id='john')
self.oauth_settings.save()
self.user_addon.oauth_settings = self.oauth_settings
self.user_addon.oauth_access_token = 'secret'
self.user_addon.save()
self.node.add_addon('github', self.auth_obj)
self.node_addon = self.node.get_addon('github')
self.node_addon.user = '******'
self.node_addon.repo = 'youre-my-best-friend'
self.node_addon.user_settings = self.user_addon
self.node_addon.save()
def build_payload(self, metadata, **kwargs):
options = dict(
auth={'id': self.user._id},
action='create',
provider=self.node_addon.config.short_name,
metadata=metadata,
time=time.time() + 1000,
)
options.update(kwargs)
options = {
key: value
for key, value in options.iteritems()
if value is not None
}
message, signature = signing.default_signer.sign_payload(options)
return {
'payload': message,
'signature': signature,
}
def test_add_log(self):
path = 'pizza'
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path})
nlogs = len(self.node.logs)
self.test_app.put_json(url, payload, headers={'Content-Type': 'application/json'})
self.node.reload()
assert_equal(len(self.node.logs), nlogs + 1)
def test_add_log_missing_args(self):
path = 'pizza'
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path}, auth=None)
nlogs = len(self.node.logs)
res = self.test_app.put_json(
url,
payload,
headers={'Content-Type': 'application/json'},
expect_errors=True,
)
assert_equal(res.status_code, 400)
self.node.reload()
assert_equal(len(self.node.logs), nlogs)
def test_add_log_no_user(self):
path = 'pizza'
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path}, auth={'id': None})
nlogs = len(self.node.logs)
res = self.test_app.put_json(
url,
payload,
headers={'Content-Type': 'application/json'},
expect_errors=True,
)
assert_equal(res.status_code, 400)
self.node.reload()
assert_equal(len(self.node.logs), nlogs)
def test_add_log_no_addon(self):
path = 'pizza'
node = ProjectFactory(creator=self.user)
url = node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path})
nlogs = len(node.logs)
res = self.test_app.put_json(
url,
payload,
headers={'Content-Type': 'application/json'},
expect_errors=True,
)
assert_equal(res.status_code, 400)
self.node.reload()
assert_equal(len(node.logs), nlogs)
def test_add_log_bad_action(self):
path = 'pizza'
url = self.node.api_url_for('create_waterbutler_log')
payload = self.build_payload(metadata={'path': path}, action='dance')
nlogs = len(self.node.logs)
res = self.test_app.put_json(
url,
payload,
headers={'Content-Type': 'application/json'},
expect_errors=True,
)
assert_equal(res.status_code, 400)
self.node.reload()
assert_equal(len(self.node.logs), nlogs)
class TestAddonFileViews(OsfTestCase):
def setUp(self):
super(TestAddonFileViews, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.user.add_addon('github')
self.project.add_addon('github', auth=Auth(self.user))
self.user_addon = self.user.get_addon('github')
self.node_addon = self.project.get_addon('github')
self.oauth = AddonGitHubOauthSettings(
github_user_id='denbarell',
oauth_access_token='Truthy'
)
self.oauth.save()
self.user_addon.oauth_settings = self.oauth
self.user_addon.save()
self.node_addon.user_settings = self.user_addon
self.node_addon.save()
# self.node_addon.user_settings = 'Truthy'
# setattr(self.node_addon, 'has_auth', True)
def get_mako_return(self):
ret = serialize_node(self.project, Auth(self.user), primary=True)
ret.update({
'extra': '',
'provider': '',
'rendered': '',
'file_path': '',
'files_url': '',
'file_name': '',
'render_url': '',
})
ret.update(rubeus.collect_addon_assets(self.project))
return ret
def test_redirects_to_guid(self):
path = 'bigdata'
guid, _ = self.node_addon.find_or_create_file_guid('/' + path)
resp = self.app.get(
self.project.web_url_for(
'addon_view_or_download_file',
path=path,
provider='github'
),
auth=self.user.auth
)
assert_equals(resp.status_code, 302)
assert_equals(resp.headers['Location'], 'http://*****:*****@mock.patch('website.addons.base.request')
def test_public_download_url_includes_view_only(self, mock_request):
view_only = 'justworkplease'
mock_request.args = {
'view_only': view_only
}
path = 'cloudfiles'
guid, _ = self.node_addon.find_or_create_file_guid('/' + path)
assert_in('view_only={}'.format(view_only), guid.public_download_url)
@mock.patch('website.addons.base.views.addon_view_file')
def test_action_view_calls_view_file(self, mock_view_file):
self.user.reload()
self.project.reload()
path = 'cloudfiles'
mock_view_file.return_value = self.get_mako_return()
guid, _ = self.node_addon.find_or_create_file_guid('/' + path)
self.app.get(guid.guid_url + '?action=view', auth=self.user.auth)
args, kwargs = mock_view_file.call_args
assert_equals(kwargs, {})
assert_equals(args[-1], {'action': 'view'})
assert_equals(args[1], self.project)
assert_equals(args[0].user, self.user)
assert_equals(args[2], self.node_addon)
@mock.patch('website.addons.base.views.addon_view_file')
def test_no_action_calls_view_file(self, mock_view_file):
self.user.reload()
self.project.reload()
path = 'cloudfiles'
mock_view_file.return_value = self.get_mako_return()
guid, _ = self.node_addon.find_or_create_file_guid('/' + path)
self.app.get(guid.guid_url, auth=self.user.auth)
args, kwargs = mock_view_file.call_args
assert_equals(kwargs, {})
assert_equals(args[-1], {})
assert_equals(args[1], self.project)
assert_equals(args[0].user, self.user)
assert_equals(args[2], self.node_addon)
def test_download_create_guid(self):
path = 'cloudfiles'
self.app.get(
self.project.web_url_for(
'addon_view_or_download_file',
path=path,
provider='github',
action='download'
),
auth=self.user.auth
)
guid, created = self.node_addon.find_or_create_file_guid('/' + path)
assert_true(guid)
assert_false(created)
assert_equals(guid.waterbutler_path, '/' + path)
def test_unauthorized_addons_raise(self):
path = 'cloudfiles'
self.node_addon.user_settings = None
self.node_addon.save()
resp = self.app.get(
self.project.web_url_for(
'addon_view_or_download_file',
path=path,
provider='github',
action='download'
),
auth=self.user.auth,
expect_errors=True
)
assert_equals(resp.status_code, 403)
def test_head_returns_url(self):
path = 'the little engine that couldnt'
guid, _ = self.node_addon.find_or_create_file_guid('/' + path)
download_url = furl.furl(guid.download_url)
download_url.args['accept_url'] = 'false'
resp = self.app.head(guid.guid_url, auth=self.user.auth)
assert_urls_equal(resp.headers['Location'], download_url.url)
def test_nonexistent_addons_raise(self):
path = 'cloudfiles'
self.project.delete_addon('github', Auth(self.user))
self.project.save()
resp = self.app.get(
self.project.api_url_for(
'addon_render_file',
path=path,
provider='github',
action='download'
),
auth=self.user.auth,
expect_errors=True
)
assert_equals(resp.status_code, 400)
def test_unauth_addons_raise(self):
path = 'cloudfiles'
self.node_addon.user_settings = None
self.node_addon.save()
resp = self.app.get(
self.project.api_url_for(
'addon_render_file',
path=path,
provider='github',
action='download'
),
auth=self.user.auth,
expect_errors=True
)
assert_equals(resp.status_code, 401)
def test_unconfigured_addons_raise(self):
path = 'cloudfiles'
self.node_addon.repo = None
self.node_addon.save()
resp = self.app.get(
self.project.api_url_for(
'addon_render_file',
path=path,
provider='github',
action='download'
),
auth=self.user.auth,
expect_errors=True
)
assert_equals(resp.status_code, 400)
